Patrick Leahy

1 2 3 5

Sheldon Whitehouse: We Can’t Unilaterally Disarm, Even to Keep America Competitive

I have to say, the Senate Judiciary Committee hearing on the dragnet was a bust.

Pat Leahy was fired up — and even blew off a Keith Alexander attempt to liken the Internet to a library with stories of the library card he got when he was 4. While generally favoring the dragnet, Chuck Grassley at least asked decent questions. But because of a conflict with a briefing on the Iran deal, Al Franken was the only other Senator to show up for the first panel. And the government witnesses — Keith Alexander, Robert Litt, and James Cole — focused on the phone dragnet disclosed over 6 months ago, rather than newer disclosures like back door searches and the Internet dragnet, which moved overseas. Litt even suggested — in response to a question from Leahy — that they might still be able to conduct the dragnet if they could bamboozle the FISA Court on relevance, again (see Spencer on that). As a result, no one discussed the systemic legal abuses of the Internet dragnet or NSA’s seeming attempt to evade oversight and data sharing limits by moving their dragnet overseas.

Things went downhill when Leahy left for the Iran briefing and Sheldon Whitehouse presided over the second panel, with the Computer & Communications Industry Association’s Edward Black, CATO’s Julian Sanchez, and Georgetown professor (and former DOJ official) Carrie Cordero. Sanchez hit some key points on the why Internet metadata is not actually like phone pen registers. Cordero acknowledged that metadata was very powerful but then asserted that the metadata of the phone-based relationships of every American was not.

And Black tried to make the case that the spying is killing America.

Or, more specifically, his industry’s little but significant corner of America, the Internet. While only some of this was in his opening statement, Black made the case that the Internet plays a critical role in America’s competitiveness.

While these are critical issues, it is important that the Committee also concern itself with the fact that the behavior of the NSA, combined with the global environment in which this summer’s revelations were released, may well pose an existential threat to the Internet as we know it today, and, consequently, to many vital U.S. interests, including the U.S. economy.

[snip]

The U.S. government has even taken notice. A recent comprehensive re- port from the U.S. International Trade Commission (ITC) noted, “digital trade continues to grow both in the U.S. economy and globally” and that a “further increase in digital trade is probable, with the U.S. in the lead.” In fact, the re- port also shows, U.S. digital exports have exceeded imports and that surplus has continually widened since 2007.

[snip]

As a result, the economic security risks posed by NSA surveillance, and the international political reaction to it, should not be subjugated to traditional national security arguments, as our global competitiveness is essential to long-term American security. It is no accident that the official National Security Strategy of the United States includes increasing exports as a major component of our national defense strategy.

Then he laid out all the ways that NSA’s spying has damaged that vital part of the American economy: by damaging trust, especially among non-American users not granted to the protections Americans purportedly get, and by raising suspicion of encryption.

Black then talked about the importance of the Internet to soft power. He spoke about this generally, but also focused on the way that NSA spying was threatening America’s dominant position in Internet governance, which (for better and worse, IMO) has made the Internet the medium of exchange it is.

The U.S. government position of supporting the multi-stakeholder model of Internet governance has been compromised. We have heard increased calls for the ITU or the United Nations in general to seize Internet governance functions from organizations that are perceived to be too closely associated with the U.S. government, such as the Internet Corporation for Assigned Names and Numbers (ICANN).

And he pointed to proposals to alter the architecture of the Internet to minimize the preferential access the US currently has.

Let’s be honest, Black is a lobbyist, and he’s pitching his industry best as he can. I get that. Yet even still, he’s not admitting that these governance and architecture issues really don’t provide neutrality — though US stewardship may be the least-worst option, it provides the US a big advantage.

What Black hinted at (but couldn’t say without freaking out foreign users even more) is that our stewardship of the Internet is not just one of the few bright spots in our economy, but also a keystone to our power internationally. And it gives us huge spying advantages (not everyone trying to erode our control of the Internet’s international governance is being cynical — Edward Snowden has made it clear we have abused our position).

Which is why Whitehouse’s response was so disingenuous. He badgered Black, interrupting him consistently. He asked him to compare our spying with that of totalitarian governments, which Black responded was an unfair comparison. And Whitehouse didn’t let Black point out that American advantages actually do mean we spy more than others, because we can.

Basically, Whitehouse suggested that, in the era of Big Data,  if we didn’t do as much spying as we could — and to hell with what it did to our preferential position on the Internet — it would amount to unilaterally disarming in the face of Chinese and Russian challenges.

If we were to pass law that prevented us from operating in Big Data, would be unilaterally disarming.

Whitehouse followed this hubris up with several questions that Sanchez might have gladly answered but Black might have had less leeway to answer, such as whether a court had ever found these programs to be unconstitutional. (The answer is yes, John Bates found upstream collection to be unconstitutional, he found the Internet dragnet as conducted for 5 years to be illegal wiretapping, and in the Yahoo litigation in 2007, Yahoo never learned what the minimization procedures were, and therefore never had the opportunity to make the case.) Black suggested, correctly, I think, that Whitehouse’s position meant we were just in an arms race to be the Biggest Brother.

I get it. Whitehouse is one of those who believelike Keith Alexander (whose firing Whitehouse has bizarrely not demanded, given his stated concerns about the failure to protect our data during Alexander’s tenure) that the Chinese are plundering the US like a colony.

Not only does this stance seem to evince no awareness of how America used data theft to build itself as a country (and how America’s hardline IP stance will kill people, making America more enemies). But it ignores the role of the Internet in jobs and competition and trade in ideas and goods.

Sheldon Whitehouse, from a state suffering economically almost as much as Michigan, seems anxious to piss away what competitive advantages non-defense America has to conduct spying that hasn’t really produced results (and has made our networks less secure as a result — precisely the problem Whitehouse claims to be so concerned about). That’s an ugly kind of American hubris that doesn’t serve this country, even if you adopt the most jingoistic nationalism imaginable.

He should know better than this. But in today’s hearing, he seemed intent on silencing the Internet industry so he didn’t learn better.

Update: Fixed the Black quotation.

Update: Jack Goldsmith pushes back against the American double standards on spying and stealing here.

If the Executive Had Followed Clear Minimization Requirements of PATRIOT, Dragnet Abuses Might Have Been Avoided

For 4 years, it has been clear that DOJ Inspector General Glenn Fine used his 2008 report on the FBI’s use of Section 215 to address how it had been used for what was then a secret program. For that reason, I want to look more closely at what he had to say about minimization.

Glenn Fine reveals how FBI minimization procedures are self-referential nonsense

As I noted, as part of a congressionally-mandated review completed in March 2008, DOJ’s Inspector General Glenn Fine reviewed whether DOJ had complied with PATRIOT Reauthorization’s requirement that the Attorney General craft minimization procedures to use with Section 215 collection.

He described how, in advance of a September 5, 2006 deadline, two parts of DOJ squabbled over what the minimization procedures should be.

Several months after enactment of the Reauthorization Act, the Office of Intelligence Policy and Review (OIPR) and the FBI — both of whom had been developing minimization procedures related to Section 215 orders — exchanged draft procedures. The drafts differed in fundamental respects, ranging from definitions to the scope of the procedures.

The fight seems to have been significantly fought between OIPR’s Counsel James Baker (who had a record of trying to get DOJ to follow the law) and FBI’s General Counsel Valerie Caproni (who got confirmed as a Federal Judge for NY this year literally at the same moment the Administration started releasing the most damning details on the dragnet).

Unresolved issues included the time period for retention of information, definitional issues of “U.S. person identifying information,” and whether to include procedures for addressing material received in response to, but beyond the scope of, the FISA Court order; uploading information into FBI databases; and handling large or sensitive data collections.

A couple of months would put this debate squarely in the time period when the first dragnet order would be signed (two months would be May 9; the first order was signed May 24).

And you can see how these issues would go squarely to the heart of whether or not the government could use Section 215 to authorize the dragnet. The dragnet introduces immediate retention issues, given that it authorizes collection on data not yet in existence; imagine if OIPR mandated an immediate search, with all non-responsive numbers to be destroyed. NSA itself treated phone numbers as “identifiers,” and yet this entire program fails to meet the most basic dissemination limits if you treat them as identifiers here. We know NSA had recurrent problem with receiving data that was beyond the scope, including credit card numbers and international data. Unloading this into the FBI database presents immense problems, given that the foreign intelligence value of a query is based on a algorithm, not more concrete evidence. And of course, Fine’s mention of the debate over “handling large or sensitive data collections” must implicate the dragnet, which is the quintessential large and sensitive data collection.

Almost the entirety of the detailed discussion of these issues is redacted.

Continue reading

Leahy-Sensenbrenner Would Shut the Section 702 Cybersecurity Loophole

Section 702 Reporting HighlightI’m going to have a few posts on the Leahy-Sensenbrenner bill, which is the most likely way we’ll be able to rein in NSA spying. In addition to several sections stopping bulk collection, it has a section on collection of US person data under FISA Amendments Act (I’ll return to the back-door loophole later).

But I’m particularly interested in what it does with upstream collection. It basically adds a paragraph to section d of Section 702 that limits upstream collection to two uses: international terrorism or WMD proliferation.

(C) limit the acquisition of the contents of any communication to those communications—

(i) to which any party is a target of  the acquisition; or

(ii) that contain an account identifier of a target of an acquisition, only if such communications are acquired to protect against international terrorism or the international proliferation of weapons of mass destruction.;

And adds a definition for “account identifier” limiting it to identifiers of people.

(1) ACCOUNT IDENTIFIER.—The term ‘account identifier’ means a telephone or instrument number, other subscriber number, email address, or  username used to uniquely identify an account.

I believe the effect of this is to prevent NSA from using Section 702 to conduct cyberdefense in the US.

As I have noted, there are reasons to believe that NSA uses Section 702 for just 3 kinds of targets:

  • International terrorism
  • WMD proliferation
  • Cybersecurity

There are many reasons to believe one primary use of Section 702 for cybersecurity involves upstream collection targeted on actual pieces of code (that is, the identifier for a cyberattack, rather than the identifier of a user). As an example, the slide above, which I discuss in more detail here, explains that one of the biggest Section 702 successes involves preventing an attacker from exfiltrating 150 Gigs of data from a defense contractor. The success involved both PRISM and STORMBREW, the latter of which is upstream collection in the US.

In other words, the government has been conducting upstream collection within the US to search for malicious code (I’m not sure how they determine whether the code originated in a foreign country though given that they refuse to count domestic communications collected via upstream collection, I doubt they care).

So what these two sections of Leahy-Sensenbrenner would do is 1) limit the use of upstream collection to terrorists and proliferators, thereby prohibiting its use for cybersecurity, and 2) define “account identifier” to exclude something like malicious code.

There’s one more interesting aspect of this fix. Unlike many other sections of the bill, it doesn’t go into effect right away.

EFFECTIVE DATE.—The amendments made by subsections (a) and (b) shall take effect on the date that is 180 days after the date of the enactment of this Act.

The bill gives the Executive 6 months to find an alternative to this use of Section 702 — presumably, to pass a cybersecurity bill explicitly labeled as such.

Keith Alexander and others have long talked about the need to scan domestic traffic to protect against cyberattacks. But it appears — especially given the 6 month effective date on these changes — they’re already doing that, all in the name of foreign intelligence.

Charles McCullough Too Busy Investigating Leakers to Investigate the Dragnet

As I noted back in September, Patrick Leahy and a bunch of other Senators asked the Intelligence Community Inspector General Charles McCullough to investigate the dragnet.

In particular, we urge you to review for calendar years 2010 through 2013:

  • the use and implementation of Section 215 and Section 702 authorities, including the manner in which information – and in particular, information about U.S. persons – is collected, retained, analyzed and disseminated;
  • applicable minimization procedures and other relevant procedures and guidelines, including whether they are consistent across agencies and the extent to which they protect the privacy rights of U.S. persons;
  • any improper or illegal use of the authorities or information collected pursuant to them; and
  • an examination of the effectiveness of the authorities as investigative and intelligence tools.

McCullough just answered.

No.

“At present, we are not resourced to conduct the requested review within the requested timeframe,” wrote McCullough, before adding he and other agency inspectors general are weighing now whether they can combine forces on a larger probe.

Leahy had asked McCullough to finish in what was then 15 months, December 2014, which would make it available for the PATRIOT Reauthorization due the next year.

Note, McCullough gave the same answer he and NSA’s IG gave when Ron Wyden asked how many Americans get caught up in the dragnet.

Not enough resources.

Mind you, he apparently has enough resources to do this:

Finally, we began to implement a program to lead IC-wide administrative investigations into unauthorized disclosures of classified information (i.e., “leak”) matters.

[snip]

The Investigations Division reviewed hundreds of closed cases from across the IC. Going forward, the division will engage in gap mitigation for those cases where an agency does not have the authority to investigate (multiple agencies or programs) or where DOJ declined criminal prosecution. The division will conduct administrative investigations with IG Investigators from affected IC elements to maximize efficiencies, expedite investigations, and enhance partnerships.

[snip]

The Investigations Division is reviewing 375 unauthorized disclosure case files.

But not enough resources to review a massive dragnet affecting every American in time to have results before the dragnet gets reauthorized.

Update: And apparently the Senate Intelligence Committee just told ODNI to investigate more leaks and pre-leaks.

  • Empowering the Director of National Intelligence to improve the government’s process to investigate (and reinvestigate) individuals with security clearances to access classified information;

“Folksy and Firm” Flummoxes Fancy NYT Journalists

Less than 10 days ago, Keith Alexander admitted to Patrick Leahy that the single solitary case in which the phone dragnet proved critical was that of Basaaly Moalin. But that was not an attack. Rather, it was an effort to send money to al-Shabaab (and others) because they were protecting Somalia against a US backed Ethiopian invasion.

And yet two crack “journalists” used this as the lead of their “interview” with Alexander with not a hint of pushback.

The director of the National Security Agency, Gen. Keith B. Alexander, said in an interview that to prevent terrorist attacks he saw no effective alternative to the N.S.A.’s bulk collection of telephone and other electronic metadata from Americans.

The phone dragnet has never — never! — been more than one tool in preventing any attack, and yet Alexander gets to imply, unchallenged, it is critical going forward.

Instead of actual reporting, we get platitudes like this.

General Alexander was by turns folksy and firm in the interview. But he was unapologetic about the agency’s strict culture of secrecy and unabashed in describing its importance to defending the nation.

That culture is embodied by two installations that greet visitors to Fort Meade. One is a wall to honor N.S.A. personnel killed on overseas missions. The other is a tribute to the Enigma program, the code-breaking success that helped speed the end of World War II and led to the creation of the N.S.A. The intelligence community kept Enigma secret for three decades.

The only thing remotely resembling a challenge came when these “reporters” note Alexander’s claim to have willingly shut down the Internet metadata program (which the NSA has largely kept secret, in spite of having been disclosed) ignores NSA claims it (like the phone dragnet now, purportedly) was critical.

But he said the agency had not told its story well. As an example, he said, the agency itself killed a program in 2011 that collected the metadata of about 1 percent of all of the e-mails sent in the United States. “We terminated it,” he said. “It was not operationally relevant to what we needed.”

However, until it was killed, the N.S.A. had repeatedly defended that program as vital in reports to Congress.

The rest consists of more of the same kind of rebuttal by redefinition. The claim that NSA shares data with Israel is wrong, this “journalism” says, because “the probability of American content in the shared data was extremely small” (which of course says nothing about the way it would violate minimization procedures in any case). The claim that NSA launched 200 offensive cyberattacks in 2011 is wrong because many of those were actually other “electronic missions.” Besides, Alexander claims,

“I see no reason to use offensive tools unless you’re defending the country or in a state of war, or you want to achieve some really important thing for the good of the nation and others,” he said. [my link, for shits and giggles]

We are not now nor were we in 2006 when StuxNet started “in a state of war” with Iran, so how credible are any of these claims?

Mostly though, this appears to be an attempt, four months after highlighting the importance of PRISM against cyberattacks but then going utterly silent about that function, to reassert the importance of NSA’s hacking to prevent hacking.

Even there, though, Alexander presented dubious claims that got no challenge.

General Alexander said that confronting what he called the two biggest threats facing the United States — terrorism and cyberattacks — would require the application of expanded computer monitoring. In both cases, he said, he was open to much of that work being done by private industry, which he said could be more efficient than government.

In fact, he said, a direct government role in filtering Internet traffic into the United States, in an effort to stop destructive attacks on Wall Street, American banks and the theft of intellectual property, would be inefficient and ineffective.

“I think it leads people to the wrong conclusion, that we’re reading their e-mails and trying to listen to their phone calls,” he said.

The NSA already is filtering Internet traffic into the United States (and also searching on and reading incidentally collected Internet traffic without a warrant) under Section 702 certificates supporting counterterrorism, counterproliferation and … cyberattacks.

But nosiree, Alexander can’t envision doing what he’s already doing — and had been doing in a way that violated statute and the Fourth Amendment for three years already by 2011 — in the name of protecting the banksters who’ve gutted our economy. Only all of that — including the retention of US person data in the name of protecting property (presumably including intellectual property) is baked right into the NSA’s minimization procedures.

And that bit about violating Section 702 and the Fourth Amendment for over three years with a practice that was also baked into NSA’s minimization procedures? Here’s the claim the NYT’s crack journalists allow Alexander to end this charade with.

“We followed the law, we follow our policies, we self-report, we identify problems, we fix them,” he said. “And I think we do a great job, and we do, I think, more to protect people’s civil liberties and privacy than they’ll ever know.”

The Scandal of Lying about “Thwarted” “Plots” Started 4 Years Ago

As predicted, one big takeaway from yesterday’s NSA hearing (the other being the obviously partial disclosure about location tracking) is Keith Alexander’s admission that rather than 54 “plots” “thwarted” in the US thanks to the dragnet, only one or maybe two were. Here are some examples.

But they’re missing this real scandal about the government’s lies about the central importance of Section 215.

That scandal started 4 years ago, when an example the FBI now admits had limited import played a critical role in the reauthorization of Section 215 without limits on the dragnet authority.

First, note that even while Leahy got Alexander to back off his “54 plots” claim, the General still tried to insist Section 215 had been critical in two plots, not just one.

SEN. LEAHY: Let’s go into that discussion, because both of you have raised concerns that the media reports about the government surveillance programs have been incomplete, inaccurate, misleading or some combination of that. But I’m worried that we’re still getting inaccurate and incomplete statements from the administration.

For example, we have heard over and over again the assertion that 54 terrorist plots were thwarted by the use of Section 215 and/or Section 702 authorities. That’s plainly wrong, but we still get it in letters to members of Congress; we get it in statements. These weren’t all plots, and they weren’t all thwarted. The American people are getting left with an inaccurate impression of the effectiveness of NSA programs.

Would you agree that the 54 cases that keep getting cited by the administration were not all plots, and out of the 54, only 13 had some nexus to the U.S. Would you agree with that, yes or no?

DIR. ALEXANDER: Yes.

SEN. LEAHY: OK. In our last hearing, Deputy Director Inglis’ testimony stated that there’s only really one example of a case where, but for the use of Section 215, bulk phone records collection, terrorist activity was stopped. Is Mr. Inglis right?

DIR. ALEXANDER: He’s right. I believe he said two, Chairman; I may have that wrong, but I think he said two, and I would like to point out that it could only have applied in 13 cases because of the 54 terrorist plots or events, only 13 occurred in the U.S. Business Record FISA was only used in (12 of them ?).

SEN. LEAHY: I understand that, but what I worry about is that some of these statements that all is — all is well, and we have these overstatements of what’s going on — we’re talking about massive, massive, massive collection. We’re told we have to do that to protect us, and then statistics are rolled out that are not accurate. It doesn’t help with the credibility here in the Congress; doesn’t help with the credibility with us, Chairman, and it doesn’t help with the credibility with the — with the country. [my emphasis]

Here’s the transcript at I Con the Record from the previous hearing, where Inglis in fact testified that Section 215 was only critical in the Basaaly Moalin case (which was not a plot against the US but rather funding to defeat a US backed invasion of Somalia).

MR. INGLIS: There is an example amongst those 13 that comes close to a but-for example and that’s the case of Basaaly Moalin.

 

That is, in fact, Inglis said it had been critical in just one “plot.”

After he did, FBI Deputy Director Sean Joyce piped in to note the phone dragnet also “played a role” by identifying a new phone number of a suspect we already knew about in the Najibullah Zazi case.

MR. JOYCE: I just want to relate to the homeland plots. So in Najibullah Zazi and the plot to bomb the New York subway system, Business Record 215 played a role; it identified specifically a number we did not previously know of a —

SEN. LEAHY: It was a — it was a critical role?

MR. JOYCE: What I’m saying — what it plays a

SEN. LEAHY: (And was there ?) some undercover work that was — took place in there?

MR. JOYCE: Yes, there was some undercover work.

SEN. LEAHY: Yeah —

MR. JOYCE: What I’m saying is each tool plays a different role, Mr. Chairman. I’m not saying that it is the most important tool —

SEN. LEAHY: Wasn’t the FBI — wasn’t the FBI already aware of the individual in contact with Zazi?

MR. JOYCE: Yes, we were, but we were not aware of that specific telephone number, which NSA provided us. [my emphasis]

So, when pressed, Joyce admitted that Section 215 wasn’t critical to finding Adis Medunjanin, one of Zazi’s conspirators. (And if you read Matt Apuzzo and Adam Goldman’s Enemies Within, you see just how minor a role it played.)

That’s important, because the Administration’s use of Section 215 in the Zazi case was crucially important to the defeat of two efforts to rein in the dragnet in 2009.

Continue reading

Another Reason David Barron Should Not Get a Lifetime Appointment without Further Disclosure

The other day I noted that President Obama had nominated David Barron to a lifetime appointment on the First Circuit even while his government was stonewalling the release  under FOIA of Barron’s OLC memo authorizing the due process-free execution of an American citizen.

While I presume Patrick Leahy will rush Barron’s confirmation through the Senate Judiciary Committee anyway, he shouldn’t, not until Americans have a better sense of Barron’s fairly outrageous claims (including, that courts couldn’t review such executions) in that memo.

Here’s another thing Leahy should insist we see before Barron gets to be a Circuit Judge.

If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.

One 2011 memo, for example, said that after a court ruling narrowed the scope of the agency’s collection, the data in question was “being buffered for possible ingest” later. A year earlier, an internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and retain raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”

Now, Barron left during the summer of 2010, so it’s not at all clear he wrote the OLC briefing paper (which presumably means “memo that is called something else to make it harder to FOIA”) authorizing retention of US person data, including content (presumably collected off the switches, but who knows?), for up to 15 years.

And it may well be that this is not as outrageous as an argument as those deployed to authorize the Anwar al-Awlaki killing. Perhaps this mem — um, briefing paper — doesn’t address the legality of the underlying collection at all and only addresses reasonable (!) retention policies under the Privacy Act or some other statute. Probably this memo invests the same blind faith in minimization — the argument that collecting and holding US person data is no big deal so long as there are procedures purportedly limiting the distribution of it, even if those procedures allow the Intelligence Community to operate with great discretion in secret –as the rest of NSA’s programs do.

So I’m not asserting that I know this mem– um, briefing paper — is problematic. I’m suggesting it may be.

I’m suggesting that we ought to know whether David Barron has green-lighted pretty broad abuses of US person privacy before he takes up an appellate position for the rest of his life.

1,186 Days into IG Report Covering Dragnet, Leahy Calls for Another

As I’ve been tracking, DOJ’s Inspector General Office — now led by Michael Horowitz — has been working on a report on the use of Section 215 and Pen Register/Trap and Trace authorities up through 2009 for 1,186 days, well over 3 years. We have yet to see that outsider review of all the problems the NSA admitted in 2009, 4 years ago, and so NSA’s incredible claim it was too stupid to know what it was doing has been accepted unquestioningly.

On Monday, Patrick Leahy and several other Senate Judiciary Committee Senators called on the Intelligence Committee Inspector General, Charles McCullough, to conduct a similar inquiry for the period since 2009.

Recently declassified documents appear to reveal numerous violations of law and policy in the implementation of these authorities, including what the FISA Court characterized as three “substantial misrepresentation[s]” to the Court.  These declassified documents also demonstrate that the implementation of these authorities involves several components of the Intelligence Community (IC), including the National Security Agency, Department of Justice, Federal Bureau of Investigation, Central Intelligence Agency, and the Office of the Director of National Intelligence, among others.

We urge you to conduct comprehensive reviews of these authorities and provide a full accounting of how these authorities are being implemented across the Intelligence Community.  The IC Inspector General was created in 2010 for this very purpose.  Comprehensive and independent reviews by your office of the implementation of Sections 215 and 702 will fulfill a critical oversight role.  Providing a publicly available summary of the findings and conclusions of these reviews will help promote greater oversight, transparency, and public accountability.

In conducting such reviews, we encourage you to draw on the excellent work already done by the Inspectors General of several agencies, including the Department of Justice, in reviewing these authorities.  But only your office can bring to bear an IC-wide perspective that is critical to effective oversight of these programs.  The reviews previously conducted have been more narrowly focused – as might be expected – on a specific agency.

In particular, we urge you to review for calendar years 2010 through 2013:

  • the use and implementation of Section 215 and Section 702 authorities, including the manner in which information – and in particular, information about U.S. persons – is collected, retained, analyzed and disseminated;
  • applicable minimization procedures and other relevant procedures and guidelines, including whether they are consistent across agencies and the extent to which they protect the privacy rights of U.S. persons;
  • any improper or illegal use of the authorities or information collected pursuant to them; and
  • an examination of the effectiveness of the authorities as investigative and intelligence tools.

We’ll see how McCullough responds to this. My impression thus far has been that he is too close to the IC Agencies. Plus, he’s very busy conducting insider leak investigations.

But even though we’ve been waiting forever for the IG Report covering the earlier period, apparently Leahy has learned one thing from it. He gave McCullough a deadline this time.

Please proceed to administratively perform reviews of the implementation of Section 215 of the USA PATRIOT Act and Section 702 of FISA, and submit the reports no later than December 31, 2014.

If all goes well, this should provide a quasi-independent review of the programs before they get extended again in 2015.

If by “New” IG Investigation You Mean 1,155 Days Old

Shane Harris reads the DOJ IG Report on its civil liberties related work and reports that it is investigating the use of Section 215 of the PATRIOT Act.

The Department of Justice Inspector General, which has issued several critical reports over the years about FBI surveillance, is again looking into the bureau’s use of powerful and secretive orders for information about Americans.

A new review is examining “any improper or illegal uses” of the FBI’s surveillance authorities under Section 215 of the Patriot Act. That’s the portion of the law that allows the government to collect Americans’ phone records en masse. And in what appears to be a first review of its kind, the IG will also look at the FBI’s use of pen register and trap-and-trace authority under the Foreign Intelligence Surveillance Act. These are the authorities that allow the bureau to track the metadata of communications made to and from phone numbers and email accounts.

Only this is not a new review. Now-retired DOJ IG Glenn Fine first laid out his plans for the investigation on June 15, 2010 in a letter to Pat Leahy. I reported on the April update on that investigation and the related back story here, 6 weeks ago.

By my math, that means this IG Investigation of abuses we know occurred in 2009 has been going on  1,155 days. And the investigation remains focused on abuses that happened 2 PATRIOT Act extensions ago, rather than what is going on with the program now.

DOJ’s IG, at least under Fine, was very good at rooting out problems with intelligence programs. But we have yet to hear much from his replacement, Michael Horowitz (who has been on the job for 16 months after a long delay in both nominating and confirming him), to indicate one way or another whether he’ll be as good as Fine.

We do know he’s taking his sweet time reviewing problems that happened 4 years ago.

James Cole: “Of Course We’d Like Records of People Buying” Pressure Cookers

Now that the Suffolk cops have revealed they investigated Michele Catalano’s family because of a tip from her husband’s former employer about his Google searches and not FBI or NSA analysis of Google data themselves, a lot of people are suggesting it would be crazy to imagine that the Feds might have found Catalano via online searches.

Which is funny. Because just a day before this story broke, this exchange happened in the Senate between Senate Judiciary Chair Patrick Leahy and Deputy Attorney General James Cole. (after 1:45, though just before this exchange Leahy asks whether DOJ could use Section 215 to obtain URLs and bookmarks, among other records, which Cole didn’t deny)

Leahy: But if our phone records are relevant, why wouldn’t our credit card records? Wouldn’t you like to know if somebody’s buying, um, what is the fertilizer used in bombs?

Cole: I may not need to collect everybody’s credit card records in order to do that.

[snip]

If somebody’s buying things that could be used to make bombs of course we would like to know that but we may not need to do it in this fashion.

This is not a surprise. It comes two years after Robert Mueller confirmed they use Section 215 to collect “records relating to the purchase of hydrogen peroxide,” a TATP precursor.

So while we may not know how the government currently collects records relating to the purchase of fertilizer, acetone, hydrogen peroxide or — yes, after Boston, probably also pressure cookers and maybe even fireworks — and we don’t know just how broadly it collects such records, we do know that “of course” DOJ “would like to know … if somebody’s buying things that could be used to make bombs.”

So just one day ago, Cole didn’t deny they could use Section 215 to get search URLs, he affirmed they would want to get records of bomb-making materials.

He just didn’t tell us how they might do those things.

1 2 3 5

Emptywheel Twitterverse
JimWhiteGNV RT @GatorZoneBB: Who's ready for doubleheader action at McKethan Stadium today? #Gators and Bulldogs start at 3 p.m.
27mreplyretweetfavorite
emptywheel Know what official website's privacy policy I'd like to see? http://t.co/KgvdEeK3OL I Con the Record.
2hreplyretweetfavorite
emptywheel Utterly scathing -- and apt -- quote from Eugene Fidell on Gitmo: http://t.co/DsxpxdVcIZ "Courtroom w/3 benches."
2hreplyretweetfavorite
emptywheel @phillipanderson Must be just as old cause McC and I just got back from our hour walk too. And it's an early 8 here than it is there!
2hreplyretweetfavorite
emptywheel @CasparBowden Suspect it's more like, "we fucked up and don't want to tell you" or "you're safe but have bad friends" @glynmoody
3hreplyretweetfavorite
bmaz @JasonLeopold Is there a detention facility at Coachella? Also, new drone stoke in Yemen tonight. 18 dead. @carwinb @chrisjwoods @lohphat
5hreplyretweetfavorite
bmaz RT @ionacraig: Up to 18 dead in apparent US #drone strike in al-Baydah, #Yemen. Reports of civilians amongst the dead.
6hreplyretweetfavorite
bmaz @banditelli Pretty fucking awesome.
6hreplyretweetfavorite
bmaz Don't worry, they will again very soon because Ken Kendrick sucks RT @DidDbacksLose No @erinscafe
6hreplyretweetfavorite
bmaz RT @AP: http://t.co/36AvJ2kcCB users told to change passwords due to vulnerability to #Heartbleed security bug: http://t.co/3DArbCgNck
6hreplyretweetfavorite
bmaz Whoa did Nico Rosberg screw Alonso's last hot lap by that shunt in the last corner in Q3?
8hreplyretweetfavorite
April 2014
S M T W T F S
« Mar    
 12345
6789101112
13141516171819
20212223242526
27282930