Posts

FISC Opinions as Legal Cover

/7 Comments/in /by

WSJ has a story on how the FISA Court came to render the phrase “related to” — which has been used for 7 years to collect the phone records of almost all Americans — entirely meaningless.

The history of the word “relevant” is key to understanding that passage. The Supreme Court in 1991 said things are “relevant” if there is a “reasonable possibility” that they will produce information related to the subject of the investigation. In criminal cases, courts previously have found that very large sets of information didn’t meet the relevance standard because significant portions—innocent people’s information—wouldn’t be pertinent.

But the Foreign Intelligence Surveillance Court, FISC, has developed separate precedents, centered on the idea that investigations to prevent national-security threats are different from ordinary criminal cases. The court’s rulings on such matters are classified and almost impossible to challenge because of the secret nature of the proceedings. According to the court, the special nature of national-security and terrorism-prevention cases means “relevant” can have a broader meaning for those investigations, say people familiar with the rulings.

The story specifically says FISC issued the decision authorizing the use of Section 215 to collect phone records in May 2006, in the wake of the exposure of Dick Cheney’s illegal dragnet (and after Congress had included the “relevant to” language in the PATRIOT Act reauthorization).

But in May 2006, the secret court agreed that, even with the addition of the word “relevant,” bulk phone records could also be collected under the law.

The legal interpretations required to make this change were “aggressive,” says Timothy Edgar, a former top privacy lawyer at the Office of the Director of National Intelligence and the National Security Council in the Bush and Obama administrations. Still, considering that the program previously had less congressional or court oversight, many lawmakers saw this as a step forward, he says.

“It wasn’t seen that we’re pushing the boundaries of surveillance law here,” Mr. Edgar says. “It was the very opposite. You’re starting from a huge amount of unilateral surveillance and putting it on a much sounder legal basis.”

Indeed, the way Edgar justifies this crazy distortion of the term “relevant” is by pointing to Cheney’s illegal program, as if that made it right.

But WSJ also describes this May 2006 decision as one in a series of decisions starting in “mid-2000s.”

In classified orders starting in the mid-2000s, the court accepted that “relevant” could be broadened to permit an entire database of records on millions of people, in contrast to a more conservative interpretation widely applied in criminal cases, in which only some of those records would likely be allowed, according to people familiar with the ruling.

The timing is significant. Remember, FBI hadn’t used Section 215 in the post-9/11 era until the period Jack Goldsmith and Jim Comey started challenging the illegal program’s legality; FBI got their first Section 215 order approved — MIRACLES! — on May 21, 2004. FBI at least temporarily sidestepped DOJ’s Office of Intelligence Policy and Review to employ this standard.

On March 23, 2004 at noon, less than two weeks after the dramatic hospital confrontation and threats to quit reportedly got the Administration to agree to stop data mining Americans, FBI Director Robert Mueller had a meeting with Dick Cheney, at the Vice President’s request, in the Vice President’s office. In his notes, Mueller doesn’t describe what the VIce President wanted, nor am I aware that it has even been reported in the press.

The next day, the Chief Division Counsel of some Division of the FBI wrote a memo to the FBI General Counsel noting that FBI was using a “new standard” with Section 215 of the PATRIOT Act and indicating that a “recent decision” had been made to bypass the review of the Office of Intelligence Policy and Review on Section 215 applications.

In part, the apparent decision to bypass OIPR, which had rejected the premise of the previous Section 215 orders FBI had submitted in the past, reflected no more than a concerted effort on FBI’s part to make sure it could start using all the PATRIOT authorities it had been granted in 2001 in anticipation of renewal discussions that would take place the following year. Yet the timing of this change is particularly curious, given that we now know Section 215 has been used to collect data that could be used for data mining Americans, precisely the problem that had caused the hospital confrontation 12 days earlier.

At the very least, however, it shows that sometime around the same time as Jim Comey and others at DOJ tried to stop the data mining of Americans under NSA’s illegal program, FBI claimed to have eliminated one review step for Section 215 orders and changed the standard used for them. That reference notwithstanding, DOJ Inspector General at least reported that OIPR continued to have a role. (Note, the office that got cut out of the process, OIPR, is where one of the key whistleblowers on the illegal program, Thomas Tamm worked, though I have asked him if he knew whether they used Section 215 to accomplish the same program and he didn’t know anything about it.)

On May 21, 2004, just as the the confrontation was settling down, FBI got its first Section 215 order approved. MIRACLES! the memo subject line read. “We got our first business record order signed today. It only took two and a half years.”

And consider the other odd thing about all this. There is a part of FISA specifically designed to return phone records, the Pen Register/Trap & Trace procedure (the one used starting in 2004 for Internet metadata). So why didn’t they use that?

In any case, this increasingly appears to be the end result of an effort on the part of FISC to remain relevant by distorting law in secret, in the hopes that an unconstitutional expansion of the law in secret was better than actually stopping an illegal program conducted by bypassing the court altogether.

The reason the law is so twisted is because no one wanted to — or believed they had the ability to –rein in gross violations of law conducted by Dick Cheney.

Tasers with Wings

/12 Comments/in /by

I’ve been focusing on Edward Snowden’s NSA revelations, but I didn’t want this tidbit of news to go unnoticed. Among the other documents EFF has gotten in its FOIA on drones in the United States is a planning document for Customs and Border Patrol’s use of the  Predator drone. In it, there’s one line that suggests future upgrades (the report dates to 2010) might include non-lethal immobilization technology.

Customs & Border Protection (CPB) report, released in response to EFF’s Freedom of Information Act lawsuit against the agency, shows CBP has considered adding weapons to its domestic Predator drones.

The report, titled “Concept of Operations for CBP’s Predator B Unmanned Aircraft System” and submitted to Congress on June 29, 2010 shows that, not only is the agency planning to sharply increase the number of Predator drones it flies and the amount of surveillance it conducts by 2016 (detailed further in a separate blog post tomorrow), but it has considered equipping its Predators with “non-lethal weapons designed to immobilize” targets of interest. (p. 63).

And remember: CBP loans out its drones to other Federal agencies. I suspect when Robert Mueller testified recently that FBI had used drones he had CBP ones in mind.

So the next time LAPD uses loaner drones in a manhunt across Southern California, that drone may well be armed with industrial sized tasers.

 

How David Addington Hid the Document Implicating George Bush in Illegal Wiretapping

/24 Comments/in /by

On December 16 and December 20, 2005, respectively — just days after the NYT revealed its existence — EPIC and ACLU FOIAed DOJ for documents relating to George Bush’s (really, Dick Cheney’s) illegal wiretap program (National Security Archive also FOIAed, though more narrowly). Among other documents, they requested, “any presidential order(s) authorizing the NSA to engage in warrantless electronic surveillance.” Yet in spite of the fact that the ACLU was eventually able to get DOJ to cough up some of the OLC memos that provided a legal rationale for the program, no presidential order was ever turned over. I don’t believe (though could be mistaken) it was even disclosed in declarations submitted by Steven Bradbury in the suit.

There’s a very good (and, sadly, legal) reason for that. According to the 2009 NSC draft IG report the Guardian released yesterday, it’s not clear DOJ ever had the Authorization. The White House is exempt from FOIA, and it’s likely that NSA could have withheld the contents of the Director’s safe from any FOIA, which is where the hard copy of the Authorization was kept.

It’s worth looking more closely at how David Addington guarded the Authorization, because it provides a lesson in how a President can evade all accountability for unleashing vast powers against Americans, and how the National Security establishment will willingly participate in such a scheme without ensuring what they’re doing is really legal.

The IG report describes the initial Authorization this way:

On 4 October 2001, President George W. Bush issued a memorandum entitled “AUTHORIZATION FOR SPECIFIED ELECTRONIC ACTIVITIES DURING A LIMITED PERIOD TO DETECT AND PREVENT ACTS OF TERRORISM WITHIN THE UNITED STATES.” The memorandum was based on the President’s determination that after the 11 September 2001 terrorist attacks in the United States, an extraordinary emergency existed for national defense purposes.

[snip]

The authorization specified that the NSA could acquire the content and associated metadata of telephony and Internet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one communicant was engaged in or preparing for acts of international terrorism. In addition, NSA was authorized to acquire telephone and Internet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority.

And while the NSA IG report doesn’t say it, the Joint IG Report on the program (into which this NSA report was integrated) reveals these details:

Each of the Presidential Authorizations included a finding to the effect that an extraordinary emergency continued to exist, and that the circumstances “constitute an urgent and compelling governmental interest” justifying the activities being authorized without a court order.

Each Presidential authorization also included a requirement to maintain the secrecy of the activities carried out under the program.

David Addington’s illegal program

While the Joint report obscures all these details, the NSA IG report makes clear that Dick Cheney and David Addington were the braintrust behind the program.

The Counsel to the Vice President used [a description of SIGINT collection gaps provided by Michael Hayden] to draft the Presidential authorization that established the PSP.

Neither President Bush nor White House Counsel Alberto Gonzales wrote this Authorization. David Addington did. Read more

James Clapper Throws a Concentrated Nugget of Orwellian Turd-Splat

/22 Comments/in , /by

Hooboy.

I was going to leave the whole CNET thing well enough alone after Jerry Nadler issued a statement retracting his sort-of suggestion that the NSA could wiretap Americans without a warrant (more on that below).

But I can’t remember seeing a more concentrated piece of Orwellian turd-splat than this statement addressing the issue from James Clapper.

The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress. Members have been briefed on the implementation of Section 702, that it targets foreigners located overseas for a valid foreign intelligence purpose, and that it cannot be used to target Americans anywhere in the world.

The claim that NSA doesn’t wittingly “collect” data on millions of Americans was just an opening act for James Clapper, it seems. I know it won’t work this way for those who trust this program, but Clapper’s statement should raise more questions whether the thrust of what Nadler said, rather than four words taken out of context, are in fact true.

Let’s take this slowly.

I’ve put my transcription of the exchange between Jerry Nadler and Robert Mueller below for your reference. But one thing to keep in mind as you read Clapper’s turd-splat is that Nadler first described “getting the contents of the [American] phone” identified using the metadata database and, in repeating the question he had earlier asked a briefer who actually knows about how these programs are used, “getting specific information from that telephone.” It is true that in response to Mueller, he spoke of “listening to the phone,” the four words taken out of context, and his walk-back describes “listening to the content.” But the range of Nadler’s language suggests the distinct possibility the briefer discussed a different kind of collection, and Nadler never once explicitly described setting a dedicated wiretap on the phone of an American identified from conversations with suspected terrorists (which is what CNET blew it up as).

With that in mind, I offer you turd-splat:

The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization and was not briefed to Congress.

Clapper has set up a straw man that differs in at least three key ways from what Nadler asked about. First, he is addressing only eavesdropping, monitoring a phone in real time going forward, not accessing historic collections (though one thing these two programs in conjunction do is collapse historic and ongoing communications). I’m especially amused by this move, because it replicates a mistake that many have made when discussing these programs (especially the metadata one) as wiretapping. Clapper is only addressing the most inflammatory language Nadler used, not the language he used first and last in this exchange.

Then Clapper introduces the idea of domestic communications. This has no source in Nadler’s comment whatsoever, at least so long as you believe the only way NSA uses the metadata database is to see which Americans are talking to suspected foreign terrorist phone numbers. Given the government’s improbable claim they’re only making 300 queries a year, we may well be talking about domestic communications, but that’s not what Nadler addressed, which was about the American participant in a call with a suspected foreign terrorist phone number.

Nadler asked about an analyst deciding, on the basis of metadata analysis, that a US phone number looks suspicious, to “get the content” from that number. He implies that he has been told an analyst has that authority. Clapper addresses only whether an analyst without proper legal authorization can get US person content. That is, in response to Nadler’s question whether an analyst does have the legal authority to get content based on suspicion, Clapper says an analyst can’t get content without the proper legal authority. Nadler’s entire (implied) question was whether an analyst would have the legal authority to do so. Clapper doesn’t answer it.

So in other words, Clapper alters Nadler’s comment in three fundamental ways, changing its entire meaning, and then asserts Clapper’s now only tangentially related distortion of Nadler’s comment was not briefed to Congress.

No. Of course not. And Nadler hadn’t said it was, either.

And then Clapper describes what (he claims) members were briefed. Splat!

Members have been briefed on the implementation of Section 702, that it targets foreigners located overseas for a valid foreign intelligence purpose, and that it cannot be used to target Americans anywhere in the world.

Whoa! Do you see what Clapper did there? Nadler asked a question about how an analyst would move from metadata analysis — the Section 215 program — and then use it to access content, via whatever means. Nadler mentioned Section 215 specifically. Yet Clapper claims this is all about the implementation of Section 702. (Note, I find this interesting in part because Mueller suggests Nadler might be talking about another program entirely, which remains a possibility.)

I have pointed out on several times how desperate the Administration is to have you believe that Section 215 metadata collection and Section 702 content collection are unrelated, even if surrogates can’t keep them straight themselves. Clapper’s ploy is more of the same.

As is his emphasis that Section 702 targets foreigners located overseas for a valid foreign intelligence purpose. Now, just to make clear, the government has always held that any collection of information on what foreigners are doing is a valid foreign intelligence purpose. While Clapper doesn’t engage in suggesting this as directly as he and others have in past weeks, for Section 702 there is clearly no limitation of this authority to terrorism or counterintelligence or proliferation or hacking (the Administration and surrogates have suggested there is a terrorism limit for the Section 215 dragnet, but if there is, it comes from court-ordered minimization, not the law). But the real cherry here is the word “target,” which has become almost as stripped of common meaning as “collect” in this context.

In the 702 context, “target” refers to the node of communication at which collection is focused, not to all communications associated with that collection. So a directive to Verizon might ask for all communications that the original suspected terrorist phone number engages in (including its surfing and texting and pictures and email). But at a minimum that would include everyone the suspected terrorist communicates via his Verizon service, and there’s very good reason to believe it includes at least one and probably more degrees of separation out, if Verizon has it.

So when Clapper says 702 cannot be used to target Americans anywhere in the world, he means Americans cannot be the communication node on which collection is focused unless you have a FISA warrant (which is the practice Marc Ambinder, who is far more impressed with Clapper’s turd-splat than I am, addresses in this piece).

But what has never been answered — except perhaps in an off-hand comment in a debate defeating language that would actually prevent what everyone says is already prevented — is whether the government can, um, “collect” the content of Americans who communicate with those who are, um, “targeted.”

I’m not saying I have the answer to that question — though it is a concern that has been raised for years by the very same people who have been vindicated in their warnings about Section 215. But let’s be very clear what Clapper did here. He completely redefined Nadler’s comment, then divorced that redefined comment from the context of Section 215, and then threw the Orwellian term “target” at it to make it go away.

He could have denied Nadler’s more general assertions. That, he did not do.   Read more

The CNET “Bombshell” and the Four Surveillance Programs

/40 Comments/in , /by

CNET is getting a lot of attention for its report that NSA, “has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.”

In general, I’m just going to outsource my analysis of what the exchange means to Julian Sanchez (I hope he doesn’t charge me as much as Mike McConnell’s Booz Allen Hamilton for outsourced analysis).

What seems more likely is that Nadler is saying analysts sifting through metadata have the discretion to determine (on the basis of what they’re seeing in the metadata) that a particular phone number or e-mail account satisfies the conditions of one of the broad authorizations for electronic surveillance under §702 of the FISA Amendments Act.

[snip]

The analyst must believe that one end of the communication is outside the United States, and flag that account or phone line for collection. Note that even if the real target is the domestic phone number, an analyst working from the metadatabase wouldn’t have a name, just a number.  That means there’s no “particular, known US person,” which ensures that the §702 ban on “reverse targeting” is, pretty much by definition, not violated.

None of that would be too surprising in principle: That’s the whole point of §702!

That is, what Nadler may have learned that the same analysts who have access to the phone metadata may also have authority to issue directives to companies for phone content collection. If so, it would be entirely feasible for the same analyst to learn, via the metadata database, that a suspect phone number is in contact with the US and for her to submit a request for actual content to the providers, without having to first get a FISA order covering the US person callers directly. Since she was still “targeting” the original overseas phone number, she would be able to get the US person content without a specific order.

Screen shot 2013-06-16 at 11.50.59 AMI just want to point to a part of this exchange that everyone is ignoring (but that I pointed out while live tweeting this).

Mueller: I’m not certain it’s the same–I’m not certain it’s an answer to the same question.

Mueller didn’t deny the NSA can get access to US person phone content without a warrant. He just suggested that Nadler might be conflating two different programs or questions.

And that’s one of the things to remember about this discussion. Among many other methods of shielding parts of the programs, the government is thus far discussing primarily the two programs identified by the Guardian: the phone metadata collection (which the WaPo reports is called MAINWAY) and the Internet content access (PRISM).

Read more

What Does NCTC Do with NSA and FBI’s Newly Disclosed Databases?

/22 Comments/in , , /by

The discussion about the various “NSA” programs we’ve seen so far have discussed only how NSA works with FBI. FBI requests the dragnet phone information and hands it over to NSA. NSA negotiates direct access to internet companies that allow FBI to make direct queries.

We’ve heard from Keith Alexander about what NSA does — its only use of Section 215, he said, was the phone records.

We heard from Robert Mueller who gave less clear answers about what FBI does and does not do.

But we have yet to have direct testimony from James “least untruthful too cute by half” James Clapper. Mind you, we’ve gotten several fact sheets and Clapper’s hilarious interview with Andrea Mitchell. Just no specific public testimony.

And curiously, in the DNI’s own fact sheets, he doesn’t specify who does what, aside from describing the statutory role his position and the Attorney General play in authorizing FAA 702 orders. He doesn’t say what FBI does, what NSA does … or what his own organization does.

That’s important, because in addition to overseeing all intelligence, Clapper’s office also includes the National Counterterrorism Center. And the NCTC is the entity in charge sharing data. Indeed, it is statutorily required to have access to everything.

[The National Security Act] provides that “[u]nless otherwise directed by the President, the Director of National Intelligence shall have access to all national intelligence and intelligence related to the national security which is collected by any federal department, agency, or other entity, except as otherwise provided by law, or as appropriate, under guidelines agreed upon by the Attorney General and the Director of National Intelligence.

That means, presumably, that NCTC is doing a lot of the work that NSA and FBI are making narrow denials about.

But it also means that NCTC can play with these databases — the dragnet and the access via PRISM to 702 data — as well as any other data in the Federal government, including databases that John Brennan gave it the ability to go get.

So here’s the thing. When Keith Alexander gives you pat reassurances about how limited NSA’s access to Americans’ call data is, that may disclose a whole lot more intrusive data mining over at James Clapper’s shop.

Remember, here is what James Clapper was initially asked.

Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Clapper: No, sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.” [my emphasis]

His first attempt to walk back that lie went like this:

What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. [my emphasis]

His second attempt to walk it back went like this:

ANDREA MITCHELL: Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said that there was not data collection on millions of Americans?

JAMES CLAPPER: First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

And again, to go back to my metaphor. What I was thinking of is looking at the Dewey Decimal numbers– of those books in that metaphorical library– to me, collection of U.S. persons’ data would mean taking the book off the shelf and opening it up and reading it.

ANDREA MITCHELL: Taking the contents?

JAMES CLAPPER: Exactly. That’s what I meant. Now–

ANDREA MITCHELL: You did not mean archiving the telephone numbers?

All of those efforts were, by context at least, limited exclusively to NSA. They don’t address, at all, what NCTC might do with this data (or, for that matter, FBI).

So what does the NCTC do with the data that NSA and FBI have issued careful denials about?

Update: I’m going to replicate a big chunk of this post on the oversight over NCTC’s use of other agencies data, complete with the bit about how the guy in charge of it thought Cheney’s illegal program was the shit.

Back when John Negroponte appointed him to be the Director of National Intelligence’s Civil Liberties Protection Officer, Alexander Joel admitted he had no problem with Cheney’s illegal domestic wiretap program.

Read more

Robert Mueller’s Claims to Be Ignorant about Geolocation Probably Bullshit

/13 Comments/in , /by

As I laid out in this Guardian column on today’s House Judiciary Committee hearing, after citing Smith v. Maryland a bunch of times to justify getting all Americans’ phone records, FBI Director Robert Mueller went on to pretend not to know whether those records include geolocation.

New York Representative Jerry Nadler wasn’t convinced Mueller’s excuse was good enough. He noted that metadata includes so much more information than it did in 1979, and that that earlier ruling might not stand in this case. Utah’s Jason Chaffetz got much more specific about the difference between phones in 1979 and now: location.

Landlines include location information. But with cell phones, the same location information necessary to route a call effectively provides a rough idea of where a person is even as they move from place to place (map functions on smart phones, as well as a lot of applications, rely on this data). Thus, the geolocation available as part of cell phone metadata provides a much better idea of where a person goes and what they do than location data for a landline tied to a person’s address.

Chaffetz posed several questions that, he revealed, he had sent Mueller Wednesday so that he would be prepared to answer, starting with whether or not geolocation is part of this metadata collection. In spite of Chaffetz’s prior warning, Mueller said he did not know whether it was included.

Note that the order to Verizon the Guardian publishedspecifically includes routing information in its description of metadata, which gets to geolocation. It’s clear this collection includes geolocation.

Mueller was also unprepared to answer whether or not a different supreme court case from last year, US v Jones, which determined that installing a GPS tracking device on a suspect’s car constituted a search, meant that the geolocation provided by the GPS function on cell phones did not qualify as metadata. Mueller was also unprepared to answer whether tracking someone’s location by using their phone constituted metadata.

In fact, Mueller admitted his staffers had told him he’d be asked these questions – yet still hadn’t prepared. It seemed almost as if his inability to answer this question in public was intentional.

As I suggested, Mueller’s feigned ignorance was probably intentional.

Moreover, his professed ignorance about whether the phone records include location is probably bullshit. That’s true, as I noted, because the order in question includes routing information, which in the case of cell phones, includes tower location which is location.

And remember, according to Tom Coburn, the FBI Director’s role in approving this process is so central, Coburn was worried that legal challenges to Mueller’s two-year extension might put the entire dragnet program at risk. So it’s hard to believe all this time Mueller has been personally vouching for orders like the one to Verizon that ask explicitly for routing information without knowing he was asking for routing information.

Here’s the other reason I think Mueller is telling a least untruth that is too cute by half when he claims ignorance.

Shortly after the US v. Jones ruling, Ron Wyden asked Director of National Intelligence James Clapper to what degree Jones affected the intelligence community. He even invoked “secret law,” the way he always has done when referring to this dragnet program(s).

Wyden: Director Clapper, as you know the Supreme Court ruled last week that it was unconstitutional for federal agents to attach a GPS tracking device to an individual’s car and monitor their movements 24/7 without a warrant. Because the Chair was being very gracious, I want to do this briefly. Can you tell me as of now what you believe this means for the intelligence community, number 1, and 2, would you be willing to commit this morning to giving me an unclassified response with respect to what you believe the law authorizes. This goes to the point that you and I have talked, Sir, about in the past, the question of secret law, I strongly feel that the laws and their interpretations must be public. Read more

Is Robert Mueller, a Purported Hero of the Hospital Confrontation, Responsible for Section 215 Use?

/7 Comments/in , /by

On March 23, 2004 at noon, less than two weeks after the dramatic hospital confrontation and threats to quit reportedly got the Administration to agree to stop data mining Americans, FBI Director Robert Mueller had a meeting with Dick Cheney, at the Vice President’s request, in the Vice President’s office. In his notes, Mueller doesn’t describe what the VIce President wanted, nor am I aware that it has even been reported in the press.

The next day, the Chief Division Counsel of some Division of the FBI wrote a memo to the FBI General Counsel noting that FBI was using a “new standard” with Section 215 of the PATRIOT Act and indicating that a “recent decision” had been made to bypass the review of the Office of Intelligence Policy and Review on Section 215 applications.

In part, the apparent decision to bypass OIPR, which had rejected the premise of the previous Section 215 orders FBI had submitted in the past, reflected no more than a concerted effort on FBI’s part to make sure it could start using all the PATRIOT authorities it had been granted in 2001 in anticipation of renewal discussions that would take place the following year. Yet the timing of this change is particularly curious, given that we now know Section 215 has been used to collect data that could be used for data mining Americans, precisely the problem that had caused the hospital confrontation 12 days earlier.

At the very least, however, it shows that sometime around the same time as Jim Comey and others at DOJ tried to stop the data mining of Americans under NSA’s illegal program, FBI claimed to have eliminated one review step for Section 215 orders and changed the standard used for them. That reference notwithstanding, DOJ Inspector General at least reported that OIPR continued to have a role. (Note, the office that got cut out of the process, OIPR, is where one of the key whistleblowers on the illegal program, Thomas Tamm worked, though I have asked him if he knew whether they used Section 215 to accomplish the same program and he didn’t know anything about it.)

On May 21, 2004, just as the the confrontation was settling down, FBI got its first Section 215 order approved. MIRACLES! the memo subject line read. “We got our first business record order signed today. It only took two and a half years.”

Now, at least some of the people commenting publicly on the confirmation that Section 215 has been used to compile a database recording details on all calls Americans make say Section 215 has supported that purpose only since 2006. Dianne Feinstein, for example, says the practice has gone on for 7 years.

As far as I know, this is the exact three month renewal of what has been the case for the past seven years. This renewal is carried out by the FISA Court under the business records section of the Patriot Act. Therefore, it is lawful.

Seven years would put its start almost exactly at the March 9, 2006 renewal of the PATRIOT Act, which added new language on Section 215 in the wake of the December 15, 2005 exposure of Bush’s illegal wiretap program. In discussions of this collection program since last week, it has generally been accepted that’s when it all started.

Curiously (particularly given his insistence that PRISM only started in 2008, slides to the contrary notwithstanding), James Clapper made no claims about precisely when this practice started.

The Patriot Act was signed into law in October 2001 and included authority to compel production of business records and other tangible things relevant to an authorized national security investigation with the approval of the FISC. This provision has subsequently been reauthorized over the course of two Administrations – in 2006 and in 2011. It has been an important investigative tool that has been used over the course of two Administrations, with the authorization and oversight of the FISC and the Congress.

It is possible that this program was conducted under a different PATRIOT provision (such as the Pen Register ones) prior to 2006; in fact, Clapper never mentions the term “Section 215” in his purported clarification of the program.

Now, consider one more detail. In a statement before the 2009 debate on PATRIOT Act reauthorization focusing closely on Section 215, Russ Feingold suggested that the debate over reauthorization in 2005, which led to purported initial use of Section 215 to conduct this dragnet, had been stymied by classification of how the PATRIOT had been implemented.

I remain concerned that critical information about the implementation of the Patriot Act has not been made public – information that I believe would have a significant impact on the debate. During the debate on the Protect America Act and the FISA Amendments Acts in 2007 and 2008, critical legal and factual information remained unknown to the public and to most members of Congress – information that was certainly relevant to the debate and might even have made a difference in votes. And during the last Patriot Act reauthorization debate in 2005, a great deal of implementation information remained classified.

[snip]

But there also is information about the use of Section 215 orders that I believe Congress and the American people deserve to know. I do not underestimate the importance of protecting our national security secrets. But before we decide whether and in what form to extend these authorities, Congress and the American people deserve to know at least basic information about how they have been used. So I hope that the administration will consider seriously making public some additional basic information, particularly with respect to the use of Section 215 orders.

There can be no question that statutory changes to our surveillance laws are necessary. Since the Patriot Act was first passed in 2001, we have learned important lessons, and perhaps the most important of all is that Congress cannot grant the government overly broad authorities and just keep its fingers crossed that they won’t be misused, or interpreted by aggressive executive branch lawyers in as broad a way as possible. [my emphasis]

This suggests the plan to use Section 215 may have been explicit in those classified debates.

Read more

Putin: You Show Me Yours and … I Might Show You Mine

/4 Comments/in /by

AG-meeting1-300x199It’s not until the 17th and 18th paragraph of this Moscow Times article on Russian Interior Minister Vladimir Alexandrovich Kolokoltsev’s discussion with Attorney General Eric Holder about sharing more law enforcement information that it reminds readers that just three days before the Boston Marathon attack, Russia and the US were exchanging blacklists of people prohibited from travel to their respective country.

The Interior Ministry won a court ruling to authorize Browder’s arrest and place him on an international arrest warrant shortly after the U.S. released its so-called Magnitsky list of 18 Russians banned from entry into the country. Among those on the list are Artyom Kuznetsov and Pavel Karpov, Interior Ministry investigators who put Magnitsky behind bars.

The blacklist, published April 12, provoked a storm of protest from Moscow and a tit-for-tat release of a blacklist of U.S. officials. But the Boston bombing occurred just three days later, causing the two sides to tone down their rhetoric and take a second look at relations.

The Russian blacklist not only includes torturers like John Yoo, but people involved in Viktor Bout’s prosecution.

And it makes no mention of the complaints that Russia has been slow to share information since.

Details on tensions surrounding Magnitsky come long after the details on information sharing in the article: Robert Mueller promises to open up some FBI files to the Russians in anticipation of the 2014 Winter Olympics, and we’ve exchanged 827 documents this year.

FBI director Robert Mueller promised Kolokoltsev in Washington late last week to open some FBI data to the Russians, saying, “Such resources could be useful to Russian law enforcement agencies in view of the Sochi Olympics,” the Interior Ministry said in a statement.

About 15,000 U.S. citizens could attend the Sochi Olympics, according to Mueller.

Mueller also thanked the Russian side for the help it provided in investigating the Boston Marathon bombing, which U.S. investigators believe was masterminded and carried out by brothers Tamerlan and Dzhokhar Tsarnaev, who have mixed Chechen-Dagestani origin.

[snip]

Kolokoltsev also met with U.S. Attorney General Eric Holder and suggested that the Interior Ministry sign a legal cooperation agreement with the U.S. Justice Department.

“Since the beginning of this year, we have exchanged 827 documents with U.S. law enforcement agencies,” Kolokoltsev told reporters, noting that the U.S. is one of top five countries with which Russia cooperates within the framework of the Interpol.

So if you’re planning on attending the Olympics in Russia next year, don’t piss off the FBI before then!

Then there’s the bit Russian Times doesn’t mention, which happens to be one of the very few things included in the US Department of Justice statement on this meeting. The US plans to share not just counterterrorism information, but also transnational crime organization.

They also discussed law enforcement cooperation between the two countries in areas including counterterrorism, transnational organized crime and child pornography.

Recall, Russian mobsters are among the four organizations the Obama Administration listed among the Transnational Criminal Organizations we would use terrorism-like tactics to hunt down; we’ve focused on Central Asian mobsters in our specific sanctions. It’s not clear that Russia has been particularly forthcoming with cooperation on this front in the past.

Let’s see whether this buzz about information sharing changes that.

The Laughable Currently Operative AP Pushback Story

/37 Comments/in , , /by

It has taken several days for the government — apparently, almost exclusively DOJ — to try to spin its secret seizure of AP call records. The new version of the government’s ever-evolving story is that the reason the AP story was so damaging was because it prevented CIA from using the mole to locate Ibrahim al-Asiri, AQAP’s bomb-maker.

Here’s how the guy who headed DOJ’s Office of Legal Policy until last year explained this on Friday.

About a year ago, someone within the government who had access to highly classified information about an intelligence operation in Yemen involving a double agent saw fit to talk about it with the Associated Press. When senior government officials learned that the Associated Press had this story and intended to publish it, those officials realized that the agent’s cover had been blown. Anxious for his safety, the officials prevailed on the AP to delay publication so that first the agent’s family and then the agent himself could be extracted to safety. The AP then published its story, which focused on thwarting a plot to use a new and improved underwear bomb to blow up an airplane bound for the United States.

What went completely without mention in the initial coverage was the fact that thwarting this plot was not the objective of the ongoing undercover operation. Its true objective was to gain enough intelligence to locate and neutralize the master bomb builder, Ibrahim Hassan al-Ashiri, who works with an Al-Qaeda affiliate, Al-Qaeda in the Arabian Peninsula (AQAP). Penetrating AQAP is incredibly difficult. This double agent provided a rare opportunity to gain critical, life-saving information. Whoever disclosed the information obtained by the AP had not only put the agent’s life and his family’s life in danger. He also killed a golden opportunity to save untold more lives that now remain at risk due to al-Ashiri remaining at large.

Here’s how three former high-ranking DOJ officials explained it in an op-ed today.

The United States and its allies were trying to locate a master bomb builder affiliated with Al Qaeda in the Arabian Peninsula, a group that was extremely difficult to penetrate. After considerable effort and danger, an agent was inserted inside the group. Although that agent succeeded in foiling one serious bombing plot against the United States, he was rendered ineffective once his existence was disclosed.

And here’s how Walter Pincus reported it today.

Whoever provided the initial leak to the Associated Press in April 2012 not only broke the law but caused the abrupt end to a secret, joint U.S./Saudi/British operation in Yemen that offered valuable intelligence against al-Qaeda in the Arabian Peninsula.

One goal was to get AQAP’s operational head, Fahd Mohammed Ahmed al-Quso. That happened one day before the AP story appeared.

A second goal was to find and possibly kill AQAP bombmaker Ibrahim Hassan al-Asiri, whose first underwear device almost killed Prince Mohammed bin Nayef, Saudi Arabia’s anti-terrorism chief.

[snip]

Hitting targets in the United States is one of AQAP’s goals. In association with Saudi intelligence, the CIA inserted a Saudi who convinced AQAP that he wanted to be a suicide bomber. Eventually he was outfitted with Asiri’s newest device, which he was to use on a U.S. aircraft. After the device was delivered to U.S. officials, someone or several people leaked the information to the AP. [my emphasis]

Now, Pincus’ story is generally balanced. Unlike the other two, he admits that Fahd al-Quso got killed while the AP held their story and that, in killing Quso, the government accomplished at least one objective of the mole’s mission and did so thanks to AP’s willingness to cede to government requests about this story. He also admits that before the AP ever came to the government with the story, the mole’s UndieBomb had already been delivered to the US.

That chronology is important. And it is one backed by the government’s official timeline (not to mention the CNN report that said the mole had turned over the bomb around April 20 and the report that Robert Mueller traveled to Yemen for an unscheduled 45 minute meeting on April 24). The day after the AP story, Jay Carney said that Obama had been informed about the plot in “early April.”

Q Do you expect that he’ll address at all — I know we got statements yesterday, but the Yemeni al Qaeda plot, do you think he will address that at all in his remarks today?

MR. CARNEY: I don’t expect him to address that issue in his remarks. I mean, I will say that he’s certainly pleased with the success of our intelligence and counterterrorism officials in foiling the attempt by al Qaeda to use this explosive device. It is indicative of the kind of work that our intelligence and counterterrorism services are performing regularly to counter the threat posed by al Qaeda in general, and AQAP in particular.

So he was regularly — as you know, he was made aware of this development in early April and he was regularly briefed on it by John Brennan. [my emphasis]

The NSC’s official statement on that day also said Obama had been informed of the plot in April.

So the government rolled up the plot in April — almost certainly by April 24 — and then the AP came to the CIA and White House with their story about a foiled plot on May 2.

It’s that timing that undermines the claim that the government still hoped to use the mole to get at Ibrahim al-Asiri. Because to maintain that claim, you’d have to explain how an AQAP operative who had been entrusted with the latest version of Ibrahim al-Asiri’s UndieBomb sometime in early April, had left (at least as far as Sanaa), had not apparently succeeded in his mission (which was, after all, meant to be a suicide bombing), could return to AQAP without the UndieBomb and infiltrate even further than he had the first time.

“Oh, hi, AQAP gatekeeper” — their story must imagine the mole saying as he returned to AQAP — “I’ve both failed in my mission and somehow lost the bomb you gave me, but based on that would you be willing to let me spend some quality time with even higher-ranking AQAP operatives?”

The government must believe AQAP has far worse counterintelligence than Asiri’s longevity would seem to suggest. Alternately, they’re just inventing stories right now to justify their seizure.

Read more