John Bates

1 2 3 9

No One Benefits from a One (Wo)Man FISC Court

Over at Just Security, Steve Vladeck takes issue with yet another proposal for a Drone Court.

A new chapter by Professors Amos Guiora and Jeffrey Brand–“Establishment of a Drone Court: A Necessary Restraint on Executive Power“–has been receiving a fair amount ofmedia and blog attention. The chapter differs from some prior calls for a “drone court” in seeing the Foreign Intelligence Surveillance Court (FISC) not as a model, but rather as a lesson in what not to do–a “non-starter,” in the authors’ words. Nevertheless, the chapter argues, we need a special “Operational Security Court” (OSC) comprised of already sitting Article III district and circuit judges (selected through a far different process from FISC judges) to strike the right balance between the government’s need to protect operational (and national) security and the rights of those targeted for drone operations to contest their targeting (through security cleared lawyers) ex ante.

My take on the proposal is slightly different from Vladeck’s. I take it as a proposal for a Sparkle Pony. The proper response to such a proposal is to point out all the reasons why we can’t have Sparkle Ponies. But I would end up largely where Valdeck is, looking at all the reasons FISC is failing its task, especially now that it has been blown up beyond proportion in the wake of President Bush’s illegal spy program. And Vladeck’s solution — to ensure people can sue after the fact — is a reasonable start.

That said, Vladeck asks an important question.

Finally, there’s the question of why an entire new court(the “OSC”) is needed at all. What’s wrong with giving the U.S. District Court for the District of Columbia exclusive original jurisdiction over these proceedings–as the Supreme Court has effectively provided in the secrecy-laden Guantánamo habeas cases? Even if one believes that ex ante judicial review of drone strikes is constitutionally and pragmatically feasible, why reinvent the wheel when there are perfectly good judges sitting in a perfectly good courthouse replete with experience in highly classified proceedings? 

In my insistence it’s time to get rid of FISC, I’ve been thinking the same thing: why can’t we just have all the DC District judges rule on these cases?

The biggest drawback I see in this is that it would mean the judges presiding over national security criminal cases — not even Espionage cases, which are more likely to be charged in EDVA — are not the same who preside over the National Security Court decisions. Just as an example, I think it important that a bunch of judges in Portland, OR are presiding over some of the more interesting national security cases. And for that reason I’m fascinated that Michael Mosman, who is presiding over the case of Reaz Qadir Khan, is also a FISC judge. While I don’t think Mosman brings a neutral approach to the Khan case, I do think he may be learning things about how the FISC programs work in practice.

But both sides of this debate, both the government and reformers, could point to Vladeck’s proposal as a vast improvement. That’s because it gets us out of what has become a series of one person courts.

Partly for logistical reasons (and potentially even for security reasons), rather than a court of 11 judges presiding over these expanding counterterrorism programs, we’ve actually had a series of single judges: Colleen Kollar-Kotelly, who presided over at least the Internet dragnet, some other important Pen Register rulings, and several initial Protect America Act reviews, then mostly Reggie Walton presiding over the Yahoo challenge and then the phone and Internet dragnet fixes, then John Bates presiding over the upstream fix (as well as reauthorizing and expanding the Internet dragnet). Presumably, presiding judge Thomas Hogan has assumed the role of one person court (though I suspect Rosemary Collyer, who is next in line to be presiding in any case, takes on some of this work).

And while I’d find great fault with some of Kollar-Kotelly and Bates’ rulings (and even some of Walton’s), I suspect the NatSec establishment was thrilled to see the end of  Walton on the court, because he dared to consider questions thoughtfully and occasionally impose limits on the intelligence programs.

No one benefits from having what works out to be primarily one judge review such massive programs. But that’s what we’ve effectively got now, and because it operates in secret, there’s no apparent check on really boneheaded decisions by these individual judges.

There are a lot of reasons to replace the FISC with review by normal judges, and one of them is that the current system tends to concentrate the review of massive spying programs in the hands of one or two judges alone.

The Congressional PRTT Reports

Screen Shot 2014-11-28 at 11.29.07 AM

In addition to liberating the document dump pertaining to the Internet dragnet program. (See my working threads: onetwothreefourfive.), EPIC has been fighting several other parts of the FOIA for the PRTT documentation to Congress. I’m going to have three more posts on these materials. This post will comment on the reports to Congress, all of which (except the December 2006 one, which I’ll ask them to fix) are available here.

Here’s a summary of the changes from report to report.

  • April 2001 (covering July 2000 to December 2000): US persons described in sketches provided at request of SSCI, some applications filed in 1999, numbers not broken out by USP,  CIA not included, PRTT explicitly only FBI
  • December 2001 (covering first half 2001): signed by Jay Bybee as Acting, US persons described in sketches provided at request of SSCI,  PRTT explicitly only FBI
  • April 2002 (covering second half 2001): signed by Larry Thompson as Acting, 7 applications filed after PATRIOT, includes descriptions of the investigations as well as of USPs,  CIA not included, PRTT explicitly only FBI
  • December 2002 (covering first half 2002): signed by Ted Olson as Acting,  CIA not included, PRTT explicitly only FBI
  • September 2003 (covering second half of 2002): stop providing sketch of each American targeted; signed by John Ashcroft,  CIA not included, PRTT explicitly only FBI
  • December 2003 (covering first half of 2003): signed by John Ashcroft. mostly-redacted delayed PRTT approval for one target, CIA not included, PRTT explicitly only FBI
  • September 2004 (covering second half 2003): transmittal letters not included, not mentioned, CIA not included, PRTT explicitly only FBI
  • December 2004 (covering first half 2004): transmittal letters signed by AAG, first modifications, CIA not included, PRTT explicitly FBI and NSA
  • June 2005 (covering second half 2004): transmittal letters not included, not mentioned, modifications, the following report says that this report described combined orders, but that part is redacted (there is one footnote with a 7E exemption), CIA not included, PRTT not explicitly FBI and NSA
  • December 2005 (covering first half 2005): transmittal by AAG, definition of aggregate to include corporation etc, “at least” aggregate number, combined orders, modifications, CIA not included, PRTT not explicitly FBI and NSA
  • July 2006 (covering second half 2005) transmittal by AAG, definition of aggregate, delay from flood, “at least” aggregate number, more explicit description of combined with anticipation of end per PATRIOT, language on “scope of FISC jurisdiction,” modifications, CIA not included, PRTT not explicitly FBI and NSA
  • December 2006 (covering first half 2006): transmittal by Acting AAG, definition of aggregate, “at least” aggregate number, more explicit break out of combined, modifications, CIA not included, PRTT not explicitly FBI and NSA
  • June 2007 (covering second half 2006): transmittal letters not included, language on modifications and explanation for rise in number, reorganization of OIPR, footnote on some people listed (probably under trad FISA) may be targets of PRTT, no USP numbers broken out, include all 3 agencies with NSA and FBI PRTT numbers combined, modifications
  • December 2007 (covering first half 2007): transmittal letters not included, “at least” number, modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2008 (covering second half 2007): transmittal letters not included, “at least” number, modifications, include all three agencies, with FBI and NSA combined for PRTT
  • December 2008 (covering first half 2008): transmittal letters not included, “at least” number, last modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2009 (covering second half 2008): transmittal letters not included, no more “at least” number, no modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • December 2009 (covering first half 2009): transmittal letters not included, supplemental order, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2010 (covering second half 2009): transmittal letters not included, adjust targeted number for previous period (perhaps without explanation), include all 3 agencies with FBI and NSA combined for PRTT
  • December 2010 (covering first half 2010): transmittal letters not included, note one not considered util following period, break out FBI application, no NSA application to FISC
  • June 2011 (covering second half 2010): transmittal letters not included, introduction of “named US persons” category, one NSA denied in part (probably July Bates opinion), one approved, mention of compliances meetings with telecoms
  • December 2011 (covering first half 2011): transmittal letters not included, redaction of number and “named” in US persons targeted in narrative section, 4 approved outside reporting period, 3 NSA PRTT approved
  •  June 2012 (covering second half 2011): transmittal letters not included, redaction of number and “named” in US persons targeted in narrative section, and numerical breakout, 4 earlier FBI applications approved, 1 NSA PRTT approved (somewhere something in 2011 must have been withdrawn, given the approved numbers)
  • December 2012 (covering first half 2012): transmittal letters not included, number and “named” unredacted (including for previous period), no NSA application submitted
  • June 2013 (covering second half 2012 and submitted after first Snowden leaks): transmittal letters not included, number and “named” unredacted, no NSA application submitted

Here’s an explanation of what I make of these details:

How you count US persons

Throughout this reporting requirement, DOJ has been obligated to include the number of US persons targeted. How it has done so has varied by period. Here’s how it breaks out by reporting period (I’m doing it this way so we can match it up to known techniques).

July 2000 through December 2001: US person subjects of investigation described by sketch but not broken out by number

January 2002 through June 2002: US person targets identified by number and sketch

July 2002 through December 2004: US person targets identified by number “who were targeted”; sketches replaced by general language about First Amendment review

January 2005 through June 2006: Orders include a definition of aggregate that includes corporations and other non-individual legal persons, these orders provided an “at least” aggregate number (with a footnote explaining why that is redacted). This method covers most of the reports during the “combined” period. Update: The DOJ IG Report on Section 215 use in 2006 may explain some of this: for 215 orders in this period, FBI did not count the requested records of non-subjects, which would likely apply to combined orders.

July 2006 through December 2006: This report includes no discernible US person breakout.

January 2007 through June 2008: These reports used an “at least” number to count US persons.

July 2008 through June 2010:This period included exact numbers for USP targets, and also no longer includes modifications (which often are minimization procedures).

July 2010 through December 2012: This period uses “named US persons” as a reporting category, and to the extent it’s relevant, breaks out the NSA orders.

Note, some of the differential reporting (such as the “aggregate” language for the period before Congress got briefed on the bulk PRTT) to be get around informing Congress of certain collections. Some–such as the apparently still-current “named USP” suggests there’s a lot of incidental collection the government doesn’t count (which would be likely in the use of stingrays, though the prior use of target could be done there too).

The Agencies

Note the variation in agencies named, with PRTT being listed as FBI only, then being listed as NSA and FBI, then all government, then both again, and finally, broken out by agency. This likely stems most significantly from efforts to hide that they were using PRTT for the dragnet, then incorporation of NSA into the FBI dragnet numbers.

The NSA numbers first get broken out for the December 2010 report, with a statement there were no NSA applications in the first half of 2010. That accords with the understanding that the Internet dragnet got shut down around October 30, 2009, then Bates approved it again in July 2010 (which would be the partial declination marked).

Who signs the transmittals

I was interested that John Ashcroft didn’t a bunch of reports during a period when DOJ provided narratives of the Americans targeted. Also, for the first few periods of Stellar Wind, the signee was not read into Stellar Wind. I’ve increasingly noticed AGs having someone else sign something as a workaround, and that may have been true here, too (remember that the government was obtaining Internet metadata even before Stellar Wind).

But then, to the extent we still got transmittal letters (they stopped entirely in June 2007), they were signed by the Congressional Liaison.

White House Supports USA Freedom Act, with Bates-Clapper Caveats about Amicus

The White House has come out with an enthusiastic statement supporting USA Freedom Act.

The Administration strongly supports Senate passage of S. 2685, the USA FREEDOM Act. In January, the President called on Congress to enact important changes to the Foreign Intelligence Surveillance Act (FISA) that would keep our Nation safe, while enhancing privacy and better safeguarding our civil liberties. This past spring, a broad bipartisan majority of the House passed a bill that answered the President’s call. S. 2685 carefully builds on the good work done in the House and has won the support of privacy and civil liberties advocates and the private sector, including significant members of the technology community. As the Attorney General and the Director of National Intelligence stated in a letter dated September 2, 2014, the bill is a reasonable compromise that enhances privacy and civil liberties and increases transparency.

The bill strengthens the FISA’s privacy and civil liberties protections, while preserving essential authorities that our intelligence and law enforcement professionals need.

It says the bill ends bulk collection which might be a useful record if the President used a definition besides “without any discriminator,” but that is what he is on the record as meaning by “bulk.”

The bill would prohibit bulk collection through the use of Section 215, FISA pen registers, and National Security Letters while maintaining critical authorities to conduct more targeted collection. The Attorney General and the Director of National Intelligence have indicated that the bill will retain the essential operational capabilities of the existing bulk telephone metadata program while eliminating bulk collection, based on communications providers’ existing practices.

Perhaps the most troubling part of Obama’s statement, however, is its endorsement of John Bates’ language about the amicus as echoed by James Clapper and Eric Holder, which among other things said that the amicus could not be required to represent the interests of civil liberties and privacy.

The bill also authorizes an independent voice in significant cases before the Foreign Intelligence Surveillance Court (FISC) — the Administration is aware of the concerns with regard to this issue, as outlined in the letter from the Attorney General and the Director of National Intelligence, and the Administration anticipates that Congress will address those concerns. Finally, the bill will enhance transparency by expanding the amount of information providers can disclose and increasing public reporting requirements.

In sum, this legislation will help strengthen Americans’ confidence in the Government’s use of these important national security authorities. Without passage of this bill, critical authorities that are appropriately reformed in this legislation could expire next summer. The Administration urges Congress to take action on this legislation now, since delay may subject these important national security authorities to brinksmanship and uncertainty. The Administration urges the Senate to pass the USA FREEDOM Act and for the House to act expeditiously so that the President can sign legislation into law this year. [my emphasis]

As I said here, the designed impotence of the amicus is not a reason to oppose the bill; it’s just a reason to expect to have to wait 9 years before it becomes functional, as happened with PCLOB. Still, it is very very troubling that given all the evidence that the Executive has been abusing the process of the FISC for a decade, the Executive is moving to ensure they’ll still be able to do so.

How to Fix the FISA Court … Or Not

The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26)

That line, from the FISCR opinion finding the Protect America Act constitutional, gets to the core problem with the FISA Court scheme. Even in 2009, when the line was first made public, it was pretty clear the government had made a false claim to the FISA Court of Review.

Now that we know that FBI had already been given authority to keep PAA-collected content in databases that they could search at what is now called the assessment stage of investigations – warrantless searches of the content of Americans against whom the FBI has no evidence of wrong-doing — the claim remains one of the signature moments where the government got approval for a program by being less than candid to the court (the government has been caught doing so in both Title III courts and at FISC, and continues to do so).

That’s also why I find Greg McNeal’s paper on Reforming the FISC, while very important, ultimately unconvincing.

McNeal’s paper is invaluable for the way he assesses the decision — in May 2006 — to authorize the collection of all phone records under Section 215. Not only does the paper largely agree with the Democratic appointees on PCLOB that the program is not authorized by the Section 215 statute, McNeal conducts his own assessment of the government’s application to use Section 215 for that purpose.

The application does not fare well.

Moreover, the government recognized that not all records would be relevant to an investigation, but justified relevance on what could best be described as usefulness or necessity to enable the government’s metadata analysis, stating:

The Application fully satisfies all requirements of title V of FISA. In particular, the Application seeks the production of tangible things “for” an international terrorism investigation. 50 U.S.C. § 1861(a)(1). In addition, the Application includes a statement of facts demonstrating that there are reasonable grounds to believe that the business records sought are “relevant” to an authorized investigation. Id.  § 1861(b)(2). Although the call detail records of the [redacted] contain large volumes of metadata, the vast majority of which will not be terrorist-related, the scope of the business records request presents no infirmity under title V. All of the business records to be collected here are relevant to FBI investigations into [redacted] because the NSA can effectively conduct metadata analysis only if it has the data in bulk.49

The government went even further, arguing that if the FISC found that the records were not relevant, that the FISC should read relevance out of the statute by tailoring its analysis in a way that would balance the government’s request to collect metadata in bulk against the degree of intrusion into privacy interests. Disregarding the fact that the balancing of these interests was likely already engaged in by Congress when writing section 215, the government wrote:

In addition, even if the metadata from non-terrorist communications were deemed not relevant, nothing in title V of FISA demands that a request for the production of “any tangible things” under that provision collect only information that is strictly relevant to the international terrorism investigation at hand. Were the Court to require some tailoring to fit the information that will actually be terrorist-related, the business records request detailed in the Application would meet any proper test for reasonable tailoring. Any tailoring standard must be informed by a balancing of the government interest at stake against the degree of intrusion into any protected privacy interests. Here, the Government’s interest is the most compelling imaginable: the defense of the Nation in wartime from attacks that may take thousands of lives. On the other side of the balance, the intrusion is minimal. As the Supreme Court has held, there is no constitutionally protected interest in metadata, such as numbers dialed on a telephone.50

Thus, what the government asked the court to disregard the judgment of the Congress as to the limitations and privacy interests at stake in the collection of business records. Specifically, the government asked the FISC to disregard Congress’s imposition of a statutory requirement that business records be relevant, and in disregarding that statutory requirement rely on the fact that there was no constitutionally protected privacy interest in business records. The government’s argument flipped the statute on its head, as the purpose of enhancing protections under section 215 was to supplement the constitutional baseline protections for privacy that were deemed inadequate by Congress.

McNeal is no hippie. That he largely agrees and goes beyond PCLOB’s conclusion that this decision was not authorized by the statute is significant.

But as I said, I disagree with his remedy — and also with his assessment of the single source of this dysfunction.

McNeal’s remedy is laudable. He suggests all FISC decisions should be presumptively declassified and any significant FISC decision should get automatic appellate review, done by FISCR. That’s not dissimilar to a measure in Pat Leahy’s USA Freedom Act, which I’ve written about here. With my cautions about that scheme noted, I think McNeal’s remedy may have value.

The reason it won’t be enough stems from two things.

First, the government has proven it cannot be trusted with ex parte proceedings in the FISC. That may seem harsh, but the Yahoo challenge — which is the most complete view we’ve ever had of how the court works, even with a weak adversary — really damns the government’s conduct. In addition to the seemingly false claim to FISCR about whether the government held databases of incidentally collected data, over the course of the Yahoo challenge, the government,

  • Entirely restructured the program — bringing the FBI into a central role of the process — without telling Reggie Walton about these major changes to the program the challenge he was presiding over evaluated; this would be the first of 4 known times in Walton’s 7-year tenure where he had to deal with the government withholding materially significant information from the court
  • Provided outdated versions of documents, effectively hiding metadata that would have shown EO 12333, which was a key issue being litigated, was more fluid than presented to the court
  •  Apparently did not notice either FISC or FISCR about an OLC opinion — language from which was declassified right in the middle of the challenge — authorizing the President to pixie dust EO 12333 at any time without noting that publicly
  • Apparently did not provide the underlying documents explaining another significant change they made during the course of the challenge, which would have revealed how easily Americans could be reverse targeted under a program prohibiting it; these procedures were critical to FISCR’s conclusion the program was legal

In short, the materials withheld or misrepresented over the course of the Yahoo challenge may have made the difference in FISCR’s judgment that the program was legal (even ignoring all the things withheld from Yahoo, especially regarding the revised role of FBI in the process). (Note, in his paper, McNeal rightly argues Congress and the public could have had a clear idea of what Section 702 does; I’d limit that by noting that almost no one besides me imagined they were doing back door searches before that was revealed by the Snowden leaks).

One problem with McNeal’s suggestion, then, is that the government simply can’t be trusted to engage in ex parte proceedings before the FISC or FISCR. Every major program we’ve seen authorized by the court has featured significant misrepresentations about what the program really entailed. Every one! Until we eliminate that problem, the value of these courts will be limited.

But then there is the other problem, my own assessment of the source of the problem with FISC. McNeal thinks it is that Congress wants to pawn its authority off onto the FISC.

The underlying disease is that Congress wants things to operate the way that they do; Congress wants the FISC and has incentives to maintain the status quo.

Why does Congress want the FISC? Because it allows them to push accountability off to someone else. If members ofCongress are responsible for conducting oversight of secretoperations, their reputations are on the line if the operations gotoo far toward violating civil liberties, or not far enoughtoward protecting national security. However, with the FISC conducting operations, Congress has the ability to dodge accountability by claiming they have empowered a court to conduct oversight.

I don’t, in general, disagree with this sentiment in the least. The last thing Congress wants to do is make a decision that might later be tied to an intelligence failure, a terrorist attack, a botched operation. Heck, I’d add that the last thing most members of Congress serving on the Intelligence Committees would want to do is piss off the contractors whose donations provide one of the perks of the seat.

But the dysfunction of the FISC stems, in significant part, from something else.

In his paper on the phone dragnet (which partly incorporates the Internet dragnet), David Kris suggests the original decision to bring the dragnets under the FISC (in the paper he was limited by DOJ review about what he could say of the Internet dragnet, so it is not entirely clear whether he means the Colleen Kollar-Kotelly opinion that paved the way for the flawed Malcolm Howard one McNeal critiques, or the Howard one) was erroneous. Continue reading

The FBI’s Black Hole of Devised Ignorance Surrounding Americans Subject to Section 215

Over at VICE, I’ve got a long piece summarizing all the ways (well, probably just some of them) FBI refuses to count its intelligence surveillance, meaning there’s a black hole about what FBI does with some of its most intrusive surveillance.

Among other things in the piece, it includes this explanation of why FBI doesn’t want to count how many Americans get sucked up in Section 215 collection under USA Freedom Act (though the FBI improbably depicted that as a independent decision of Congress).

The bill also exempts the FBI from counting how many US persons get swept up in its use of another authority, Section 215 of the Patriot Act, the statute currently used to collect some significant subset of all Americans’ phone records. In addition to those phone records, FBI also uses Section 215 for other “tangible things,” which it can collect in significant bulk. The FBI says it won’t start counting the Section 215 records obtained because the records it collects (which include email metadata, hotel records, and sales transactions, in addition to phone records) “typically do not indicate the location of the sender or recipient at the time of communication or collection.” So learning the location would “require the FBI to scrutinize certain communications or take additional investigative steps to determine the location of the communicants.” Basically, FBI says tracking what it is doing would, by itself, be a privacy invasion.

The FBI’s comments on why it should not track how many Americans get sucked up in Section 215 collection is worth further focus, however.

The types of business records collected under a Section 215 order rarely contain information sufficient to determine the location of the person(s) referenced in the records.  The FBI collects a variety of information from FISA business records orders, from hotel records to sales transactions to e-mail metadata – many of which provide little or no information regarding the location of those referenced in the records.  The majority of communications collected by business records are related to e-mail metadata.  This information is only provided in a to-from format and does not include subscriber information for the communicants.  In addition, the records typically do not indicate the location of the sender or recipient at the time of communication or collection.  Imposing a reporting requirement to track the number persons located in the U.S. whose information had been collected under Section 215 would thus require the FBI to scrutinize certain communications or take additional investigative steps to determine the location of the communicants.  In many instances, the FBI would otherwise have elected not to scrutinize these communicants or take additional investigative steps.  The imposition of a reporting requirement, therefore, could actually result in a greater intrusion of privacy on certain communicants.  It simply does not make sense for a reporting requirement designed to monitor privacy impact on U.S. persons to result in further scrutiny or investigative activity that may not otherwise be pursued.

First, because FBI confirms how it is using Section 215 (though much of this has been made public, much of it covered here first).

  • Email metadata
  • Hotel records
  • Sales transactions (which would include explosives precursors like acetone, hydrogen peroxide, fertilizer, and pressure cookers)

(Note the silence about money transfers; but maybe FBI just disavows that program, which is a CIA focus.)

Given many things the government has said in legal filings, I would understand “email metadata” very broadly to include “Internet communications metadata.”

The rest of the statement expands on arguments (that are implicit in USAF’s refusal to count a US-based IP address as US location) about why the Intelligence Community can’t count how many Americans are subject to Section 215 surveillance: Because it professes to be unable to track whether email participants are in the US.

So they argue that their devised helplessness in determining where email takes place makes it counterproductive for them to give any sense of how many Americans’ email they’re surveilling.

Of course, there’s another side to this devised ignorance.

John Bates has twice told the Intelligence Community that illegal wiretapping of email in the US is only illegal if the government knows that the emails in question are domestic. So by refusing to find some solution to their devised ignorance, the FBI also ensures that it can never be held to account if it happens to start collecting things — like content as metadata — that it should not legally be able to obtain without a warrant.

It’s a brilliant scheme, this black hole of FBI surveillance. Not only doesn’t it have to alert Americans to how many Americans the FBI is surveilling. But unlike every American the FBI might target, it can claim that ignorance is a defense.

John Bates Gets Slapped Down for Speaking Out of Turn, Again

A few weeks back, I pointed to 9th Circuit Chief Judge Alex Kozinski’s criticism of John Bates’ presumption to speak for the judiciary in his August 5 letter complaining about some aspects of USA Freedom Act. Kozinski was pretty obviously pissed.

But compared to the op-ed from retired District Court Judge Nancy Gertner – who effectively scolds Bates, as the Administrative staff, speaking out of turn — Kozinski was reserved.

[W]hatever the merits of Bates’ concerns—and other judges have dissented from it—he most assuredly does not speak for the Third Branch.

[snip]

Bates has been appointed by Chief Justice John Roberts to serve as director of the Administrative Office of the U.S. Courts, the body that administers the federal courts. It was created in 1939 to take the administration of the judiciary out of the Department of Justice. Its principal tasks were data collection and the creation of budgets and, while its duties have grown over the years, they remain administrative (dealing with such things as court reporters, interpreters, judicial pay, maintenance of judicial buildings, staffing etc.).

When members of Congress solicit the “judiciary’s” opinion they may write to the office’s director, but he has no authority to make policy for the federal judiciary. It is the Judicial Conference of the United States Courts, to which the AO director is only the “secretary,” that has that responsibility.

I’m very supportive of Gertner’s defense of judicial independence and her concern about the operation of the FISA Court.

But her critique goes off the rails when she points to DOJ’s purported support of USA Freedom Act as a better indication of the Executive’s views than Bates’ comments.

Moreover, a great deal of Bates’ letter focuses on the Senate proposals’ impact on the executive branch and the intelligence community. The Senate bill would burden the executive with more work and even delay the FISA court’s proceedings, he suggests. Worse yet, the executive may be reluctant to share information with an independent advocate—a troubling claim.

Bates’ concerns are belied by the support voiced by the Department of Justice and the president for the Senate proposal. Surely, the executive branch understands its own needs better than does Bates. Surely, the executive branch has confidence in the procedures that the FISA court would have in place for dealing with classified information, just as the courts that have dealt with other national security issues have had.

And surely, the executive would abide by what the law requires, notwithstanding Bates’ predictions about its “reluctance” to share information with a special advocate.

DOJ’s “support” of the bill was expressed when Eric Holder co-signed a letter (which Gertner tellingly doesn’t mention, much less link) from James Clapper which, when read with attention, clearly indicated the Executive would interpret the bill to be fairly permissive on most of the issues on which the Senate bill would otherwise improve on the House one. Holder’s “support” of the bill strongly indicates that DOJ, with ODNI, plans to use the classification and privilege “protections” in the bill to refuse to share information with the special advocate.

And that’s precisely the part of the letter where Holder and Clapper invoke Bates.

Continue reading

USA Freedom Act’s So-Called “Transparency” Provisions Enable Illegal Domestic Surveillance

I regret that I am only now taking a close look at the “transparency” provisions in Patrick Leahy’s version of USA Freedom Act. They are actually designed not to provide “transparency,” but to give a very misleading picture of how much spying is going on. They are also designed to permit the government to continue not knowing how much content it collects domestically under upstream and pen register orders, which is handy, because John Bates told them if they didn’t know it was domestic then collecting domestic isn’t illegal.

In this post, I’ve laid out the section of the bill that mandates reporting from ODNI, with my comments interspersed along with what the “transparency” report Clapper did this year showed.

(b) MANDATORY REPORTING BY DIRECTOR OF NATIONAL INTELLIGENCE.—

(1) IN GENERAL.—Except as provided in subsection (e), the Director of National Intelligence shall annually make publicly available on an Internet Web site a report that identifies, for the preceding 12-month period—

This language basically requires the DNI to post a report on I Con the Record every year. But subsection (e) provides a number of outs.

Individual US Person FISA Orders

(A) the total number of orders issued pursuant to titles I and III and sections 703 and 704 and a good faith estimate of the number of targets of such orders;

This language requires DNI to describe, in bulk, how many individual US persons are targeted in a given year (there were 1,767 orders and 1,144 estimated targets last year). But it only requires DNI to give a “good faith estimate” of these numbers (and that’s what they’re listed as in ODNI’s report from last year)! If there’s one thing DNI should be able to give a rock-solid number for, it’s individual USP targets. But … apparently that’s not the case.

Screen Shot 2014-09-10 at 10.29.15 AM

Section 702 Orders

(B) the total number of orders issued pursuant to section 702 and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders;

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language requires DNI to provide an estimate of the number of targets of Section 702 which includes both upstream and PRISM production. Last year, this was one order (ODNI doesn’t tell us, but there were at least 3 certificates –Counterterrorism, Counterproliferation, and Foreign Government) affecting 89,138 targets.

Screen Shot 2014-09-10 at 10.23.26 AM

The new reporting requires the government to come up with some estimate of how many communications are collected, as well as how many are located inside the US.

Except DNI is permitted to issue a certification saying that there are operational reasons why he can’t provide that last bit — how many are in the US. Thus, 4 years after refusing to tell John Bates how many Americans’ communications NSA was sucking up in upstream collection, Clapper is now getting the right to continue to refuse to provide that ratified by Congress. And remember — Bates also said that if the government didn’t know it was collecting that content domestically, then it wasn’t really in violation of 50 USC 1809(a). So by ensuring that it doesn’t have to count this, Clapper is ensuring that he can continue to conduct illegal domestic surveillance.

Don’t worry though. The bill includes language that says, even though this provision permits the government to continue conducting illegal domestic collection, “Nothing in this section affects the lawfulness or unlawfulness of any government surveillance activities described herein. ”

Back Door Searches

(iv) the number of search terms that included information concerning a United States person that were used to query any database of the contents of electronic communications or wire communications obtained through the use of an order issued pursuant to section 702; and

(v) the number of search queries initiated by an officer, employee, or agent of the United States whose search terms included information concerning a United States person in any database of noncontents information relating to electronic communications or wire communications that were obtained through the use of an order issued pursuant to section 702;

This language counts back door searches.

But later in the bill, the FBI — which we know does the bulk of these back door searches — is exempted from all of this reporting. As I noted in this post, effectively the Senate is saying it’s no big deal of FBI doesn’t track how many warrantless searches of US person content it does, even of people against whom the FBI has no evidence of wrongdoing.

In addition, note that odd limit to (v). DNI only has to report metadata searches “initiated by an officer, employee, or agent” of the United States. That would seem to exempt any back door metadata searches by foreign governments (it might also exempt contractors, but they should be included as “agents” of the US). Which, given that CIA doesn’t currently count its metadata searches, and given that CIA conducts a bunch of metadata searches on behalf of other entities, leads me to suspect that CIA may be doing metadata searches “initiated” by foreign governments. But that’s a guess. One way or another, though, this clause was written to not count some of these metadata searches. [Update: On reflection, that language may be designed to avoid counting automated processes as searches -- if they're initiated by a robot rather than an employee they're not counted!]

Pen Register Orders

C) the total number of orders issued pursuant to title IV and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language counts how many Pen Register orders the government obtains, how many individuals get sucked up, and how many are in the US, both of which are additions on what ODNI reported this year.

Screen Shot 2014-09-10 at 10.50.08 AM

But that last bit — counting people in the US — is again a permissible exemption under the bill. Which is, as you’ll recall, the other way NSA has been known to engage in illegal domestic content collection. The only known bulk pen register is currently run by FBI, but in any case, the exemption has the same effect, of permitting the government from ever having to admit that it is breaking the law.

Traditional Section 215 Collection

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This requires DNI to report on traditional Section 215 orders, but the entire requirement is a joke on two counts.

Screen Shot 2014-09-10 at 11.09.02 AM

First, note that, for a reporting requirement for a law permitting the government to collect “tangible things,” it only requires individualized reporting for “communications.” “Individuals whose communications were collected” are specifically defined as only involving phone calls and electronic communications.

So this “transparency” bill will not count how many individuals have their financial records, beauty supply purchases, gun purchases, pressure cooker purchases, medical records, money transfers, or other things sucked up, much of which we know to be done under this bill. And this is particularly important, because the law still permits bulk collection of these things. Thus, this “transparency” report creates the illusion that far less collection is done under Section 215 than actually is, it creates the illusion that bulk collection is not going on when it is.

But it gets worse!

Continue reading

James Clapper, Bates-Stamp, and Gutting the FISA Advocate

As I noted the other day, in his letter purportedly “supporting” Patrick Leahy’s USA Freedom Act, James Clapper had this to say about the special advocate amicus curiae position laid out by the law.

We note that, consistent with the President’s request, the bill estsablishes a process for the appointment of an amicus curiae to assist the FISA Court and FISA Court of Review in matters that present a novel or significant interpretation of the law. We believe that the appointment of an amicus in selected cases, as appropriate, need not interfere with important aspects of the FISA process, including the process of ex parte consultation between the Court and the government. We are also aware of the concerns that the Administrative Offices of the U.S. Courts expressed in a recent letter, and we look forward to working with you and your colleagues to address these concerns.

Clapper stretches the actual terms of all four provisions of the bill he discusses — he admits he’ll use selection terms outside those enumerated by the statute, he discusses collecting “metadata” rather than the much more limited “call detail records” laid out in the bill, and he facetiously claims FBI won’t count its back door searches because of technical rather than policy choices.

But I think Clapper’s comments about the FISC amicus curiae deserve particular attention, because the letter suggests strongly that Clapper will ignore the law on one of the key improvements in the bill.

Clapper claims, first of all, that Obama has called for the appointment of an amicus curiae.

That’s false.

Obama actually called for fully-independent advocates.

To ensure that the Court hears a broader range of privacy perspectives, I am calling on Congress to authorize the establishment of a panel of advocates from outside government to provide an independent voice in significant cases before the Foreign Intelligence Surveillance Court.

That may seem like semantics. But in his letter, Clapper signals he will make the amicus curiae something different. First, he emphasized this amicus will not interfere with ex parte communications between the court and the government. That may violate this passage of Leahy’s bill, which guarantees the special advocate have access to anything that is “relevant” to her duties.

(A) IN GENERAL.—If a court established under subsection (a) or (b) designates a special advocate to participate as an amicus curiae in a proceeding, the special advocate—

[snip]

(ii) shall have access to all relevant legal precedent, and any application, certification, petition, motion, or such other materials as are relevant to the duties of the special advocate;

Given that in other parts of 50 USC 1861, “relevant” has come to mean “all,” it’s pretty amazing that Clapper says the advocate won’t have access to all communication between the government and the court.

There are just two bases on which the advocate can be denied access to documents she would need.

(i) IN GENERAL.—A special advocate, experts appointed to assist a special advocate, or any other amicus or technical expert appointed by the court may have access to classified documents, information, and other materials or proceedings only if that individual is eligible for access to classified information and to the extent consistent with the national security of the United States.

(ii) RULE OF CONSTRUCTION.— Nothing in this section shall be construed to require the Government to provide information to a special advocate, other amicus, or technical expert that is privileged from disclosure.

If we could believe that Clapper were operating on good faith, this language would be fairly innocuous. But given that Clapper has made it very explicit he wants to continue to conduct ex parte communication, and given that the Director of National Intelligence has a significant role in both need to know determinations and privilege claims, this language — and Clapper’s commitment to retain ex parte communications — is a pretty good indication he plans to deny access based on these two clauses.

And all that’s before Clapper says he plans to continue to work with Leahy to address some of John Bates purported concerns.

As a reminder, in Bates’ most recent letter, he claimed to be speaking “on behalf of the Judiciary” and used the royal “we” throughout. In response to the letter, Steve Vladeck raised real questions what basis Bates had to use that royal “we.”

Judge Bates’s latest missive … raises the question of why Judge Bates believes he’s entitled to speak “on behalf of the Judiciary”–especially when at least two former FISA judges have expressly endorsed reforms far more aggressive than those envisaged by the Senate bill, and when the substance of Judge Bates’s objections go principally to burdens on the Executive Branch, not the courts.

Then Senior 9th Circuit Chief Judge Alex Kozinski weighed in. While he professed not to have studied the matter, he made it quite clear that he

was not aware of Director Bates’s letter before it was sent, nor did [he] receive a copy afterwards.

[snip]

having given the matter little consideration, and having had no opportunity to deliberate with the other members of the Judicial Conference, I have serious doubts about the views expressed by Judge Bates. Insofar as Judge Bates’s August 5th letter may be understood as reflecting my views, I advise the Committee that this is not so.

In other words, Bates decided to speak for the Judiciary without consulting them.

And, as Vladeck correctly notes, what he said seemed to represent the views of the Executive, not the Judiciary. I think that conclusion is all the more compelling when you consider the 3 big opinions we know Bates wrote while serving on FISC:

  • Around July 2010: After noting that the Executive had violated the PRTT orders from 2004 until 2009 when it was shut down, including not disclosing that virtually every record collected included unauthorized collection, he reauthorized and expanded the program 11- to 24-fold, expanding both the types of data permitted and the breadth of the collection. Bates did prevent the government from using some of what it had illegally collected in the past, but told them if they didn’t know it was illegal they could use it.
  • October 3, 2011: The year after he had reauthorized PRTT in spite of the years of violation, the government informed him they had been illegally collecting US person content for 3 years. Bates authorized some of this collection prospectively (though more assertively required them to get rid of the past illegal collection). At the same time, Bates permitted NSA and CIA to conduct back door searches of US person PRISM content.
  • February 19, 2013: Bates unilaterally redefined the PATRIOT Act to permit the government to collect on US persons solely for their First Amendment activities, so long as the activities of their associates were not protected by the First Amendment.

In short, even though Bates knew better than anyone but perhaps Reggie Walton of the Executive’s persistent violations of FISA orders, he repeatedly expanded these programs in dangerous ways even as he found out about new violations.

That’s they guy lecturing Leahy on how the FISC needs to work, invoking the royal “we” he hasn’t gotten permission to use.

And consider the things Bates asked for in his most recent letter – which, by invocation, Clapper is suggesting he’ll demand from Leahy.

  • The advocate should not be mandated to speak for privacy and civil liberties.
  • The advocate should not be adversarial because that might lead the government to stop sharing information it is required to share.
  • The advocate should not be required to be consulted on all novel issues [I wonder now if Bates considers the First Amendment application a novel issue?] because that might take too long.

Basically, Bates says Leahy should replace his language with the House language.

In our view, the greater flexibility and control that the FISA courts would have under the amicus provision in H.R. 3361 make it a better fit for FISA court proceedings than the special advocate provision of S. 2685. As discussed above, the House bill would give the FISA courts substantial flexibility not only in deciding when to appoint an amicus in the first place, but also in tailoring the nature and scope of the assistance provided to the circumstances of a particular matter.

So the guy who Bates-stamped so many dangerous decisions wants FISC to retain the authority to continue doing so.

Again, Clapper is absolutely wrong when he claims this kind of thing — a role the FISC can sharply limit what advice it gets and the DNI can sustain ex parte proceedings by claiming privilege or need to know — is what President Obama endorsed 8 months ago.

Which raises the question: is the President going to tell his DNI to implement his own policy choices? Or is he going to let James Clapper and Bob Litt muddle up a democratic bill again?

John “Bates Stamp” Lives Up to the Name

On February 19, 2013, John Bates approved a Section 215 order targeting an alleged American citizen terrorist. He hesitated over the approval because the target’s actions consisted of protected First Amendment speech.

A more difficult question is whether the application shows reasonable grounds to believe that the investigation of [redacted] is not being conducted solely upon the basis of activities protected by the first amendment. None of the conduct of speech that the application attributes to [4 lines redacted] appears to fall outside the ambit of the first amendment. Even [redacted] — in particular, his statement that [redacted] — seems to fall well short of the sort of incitement to imminent violence or “true threat” that would take it outside the protection of the first amendment. Indeed, the government’s own assessment of [redacted] points to the conclusion that it is protected speech. [redacted] Under the circumstances, the Court is doubtful that the facts regarding [redacted] own words and conduct alone establish reasonable grounds to believe that the investigation is not being conducted solely on the basis of first amendment.

He alleviated his concerns by apparently relying on the activities of others to authorize the order.

The Court is satisfied, however, that Section 1861 also permits consideration of the related conduct of [redacted] in determining whether the first amendment requirement is satisfied. The text of Section 1861 does not restrict the Court to considering only the activities of the subject of the investigation in determining whether the investigation is “not conducted solely on the basis of activities protected by the first amendment.” Rather, the pertinent statutory text focuses on the character (protected by the first amendment or not) of the “activities” that are the “basis” of the investigation.

Later in the opinion, Bates made it clear these are activities of someone besides the US citizen target of this order, because the activities in question were not being done by US persons.

Such activities, of course, would not be protected by the first amendment even if they were carried out by a United States person.

If I’m right that behind the redactions Bates is saying the activities of associates were enough to get beyond the First Amendment bar for someone only expressing support, then it would seem to require Association analysis. But then, Bates, the big fan of not having any help on his FISC opinions, wouldn’t consider that because the government never does.

Ah well. At least we can finally clarify about whether or not the FISC is a rubber stamp for Administration spying. No. It’s a Bates stamp — in which judges engage in flaccid legal analysis in secret before approving fairly troubling applications. Which is just as pathetic.

NSA’s Lawyers Missed “Virtually Every Record” over 25 Reviews

As I’ve written before, the Internet dragnet did not get through the its first 90 day Primary Order before it violated the rules laid out by the FISA Court. In an effort to convince Judge Kollar-Kotelly they could conduct the dragnet according to her orders, NSA’s Office of General Counsel agreed to do spot checks of the data twice every 90-day authorization. That requirement stayed in place for the rest of the dragnet.

Which means between 2004 and 2009, OGC should have conducted over 25 spot checks of the data NSA obtained under the program.

And yet, in that entire time, OGC somehow never noticed that “virtually every record” NSA was taking in included data that it was not authorized to collect.

That’s one of the two crazy things about the Internet dragnet that this month’s document dump made clear. I explain them in this piece at The Week. The other is that, in an end-to-end report conducted from roughly March through September of 2009, NSA also didn’t find that virtually every record they had collected had broken the law.

Exhibit A is a comprehensive end-to-end report that the NSA conducted in late summer or early fall of 2009, which focused on the work the agency did in metadata collection and analysis to try and identify people emailing terrorist suspects.

The report described a number of violations that the NSA had cleaned up since the beginning of that year — including using automatic alerts that had not been authorized and giving the FBI and CIA direct access to a database of query results. It concluded the internet dragnet was in pretty good shape. “NSA has taken significant steps designed to eliminate the possibility of any future compliance issues,” the last line of the report read, “and to ensure that mechanisms are in place to detect and respond quickly if any were to occur.”

But just weeks later, the Department of Justice informed the FISA Court, which oversees the NSA program, that the NSA had been collecting impermissible categories of data — potentially including content — for all five years of the program’s existence.

[snip]

Judge John Bates, then head of FISC, emphasized that the NSA had missed the unauthorized data in its comprehensive report. He noted “the extraordinary fact that NSA’s end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired.” Bates went on, “[I]t must be added that those responsible for conducting oversight at NSA failed to do so effectively.”

Nevertheless, Bates went on to vastly expand the program.

No wonder James Clapper’s office made those documents so hard to read. There is no way to read them and believe the NSA can be trusted to stay within the law.

1 2 3 9
Emptywheel Twitterverse
emptywheel Kittes got a huge gift no call there, Bears fans.
7mreplyretweetfavorite
emptywheel @attackerman Glad you're willing to take the blame. Cause Stafford would be too easy.
21mreplyretweetfavorite
emptywheel @TedLott No no. I lived down the street from Joe Lombardi as a kid, who was 3 whole years younger than me and therefore the snot-nosed kid.
23mreplyretweetfavorite
emptywheel @TedLott I foolishly am holding out hope that the snot-nosed kid from down the street can bring some Lombardi magic for us.
25mreplyretweetfavorite
bmaz RT @aitchfair: @bmaz Steelers version w/ cheese slicer. http://t.co/zxjsg03ADs
26mreplyretweetfavorite
bmaz @aitchfair NOOOOOOO!!!
26mreplyretweetfavorite
bmaz What kind of clown puts the Bears on national TV? Maybe Bobby Matchsticks can investigate that travesty.
27mreplyretweetfavorite
emptywheel @TedLott We better step up to "not--easy" or next week is gonna be ugly.
28mreplyretweetfavorite
emptywheel @TedLott Fatty and the O-Line seem to be channeling the last several seasons.
30mreplyretweetfavorite
JimWhiteGNV It's a cheesehead kind of Christmas for @bmaz http://t.co/92z0TBrPyZ
38mreplyretweetfavorite
December 2014
S M T W T F S
« Nov    
 123456
78910111213
14151617181920
21222324252627
28293031