Today’s SSCI public hearing was remarkably useful, in spite of Chairman Burr’s interrupting a chain of serious questions to ask a clown question of National Counterterrorism Center head Nick Rasmussen. Roy Blunt, Marco Rubio, and Angus King all asked questions about Authorizations to Use Military Force that will be useful in the upcoming debate.
The highlight, however, came when Dianne Feinstein asked Rasmussen whether the claims of great harm — provided to her just before she released the Torture Report in December — had proven to be correct.
Feinstein: And I have one other question to ask the Director. Um, Mr. Director, days before the public release of our report on CIA detention and interrogation, we received an intelligence assessment predicting violence throughout the world and significant damage to United States relationships. NCTC participated in that assessment. Do you believe that assessment proved correct?
Rasmussen: I can speak particularly to the threat portion of that rather than the partnership aspect of that because I would say that’s the part NCTC would have the most direct purchase on, and I can’t say that I can disaggregate the level of terrorism and violence we’ve seen in the period since the report was issued, disaggregate that level from what we might have seen otherwise because, as you know, the turmoil roiling in those parts of the world, not that part of the world, those parts of the world, the Middle East, Africa, South Asia, there’s a number of factors that go on creating the difficult threat environment we face.
So the assessment we made at the time as a community was that we would increase or add to the threat picture in those places. I don’t know that looking backwards now, I can say it did by X% or it didn’t by X%. We were also, I think, clear in saying that there’s parts of the impact that we will not know until we have the benefit of time to see how it would play out in different locations around the world.
Feinstein: Oh boy do I disagree with you. But that’s what makes this arena I guess. The fact in my mind was that the threat assessment was not correct.
Note, Ron Wyden used his one question to get Rasumussen to admit that he had only read the Torture Report summary in enough detail to conduct the threat assessment. Wyden informed Rasmussen there were other parts in the still-classified sections that he should be aware of as NCTC head.
As noted, Ron Wyden used Eric Holder’s imminent departure as an opportunity to point to some secrets that he believes should be told. One of those pertains to what the 2003 OLC opinion on common commercial service agreements refers to.
Second, I have written to you on multiple occasions about a particular legal opinion from the Justice Department’s Office of Legal Counsel (OLC) interpreting common commercial service agreements. As I have said, I believe that opinion is inconsistent with the public’s understanding of the law, and should be withdrawn. I also believe that this opinion should be declassified and released to the public, so that anyone who is party to one of these agreements can consider whether their agreement should be revised or modified.
In her December 2013 confirmation hearing to be General Counsel of the CIA, the deputy head of the OLC stated that she would not rely on this opinion today. While I appreciate her restraint, I believe the wisest course of action would be for you to withdraw and declassify this opinion, so that other government officials are not tempted to rely on it in the future. I urge you to take these actions as soon as practicable, since I believe it will be difficult for Congress to have a fully informed debate on cybersecurity legislation if it does not understand how these agreements have been interpreted by the Executive Branch.
As I laid out in October 2013, Wyden has been trying to liberate this memo since before summer 2012, and he has (as he now is doing) renewed his request every time cybersecurity bills come up (and then some).
Some time last summer, Ron Wyden wrote Attorney General Holder, asking him (for the second time) to declassify and revoke an OLC opinion pertaining to common commercial service agreements. He said at the time the opinion “ha[d] direct relevance to ongoing congressional debates regarding cybersecurity legislation.”
That request would presumably have been made after President Obama’s April 25, 2012 veto threat of CISPA, but at a time when several proposed Cybersecurity bills, with different information sharing structures, were floating around Congress.
Wyden asked for the declassification and withdrawal of the memo again this January as part of his laundry list of requests in advance of John Brennan’s confirmation. Then, after having been silent about this request for 8 months (at least in public), Wyden asked againon September 26.
Since then, we’ve learned that the memo dates to 2003, and was a matter of first impression when it was written.
I’ve been writing about this memo since 2013, but I don’t have the legal support to FOIA something DOJ is obviously pretty embarrassed about.
But why hasn’t big tech? Why haven’t other companies that sign common commercial service agreements? Why hasn’t some lawyered up company — or lawyered up trade group — sued for this thing, as it clearly may affect their businesses?
Or would they just rather prefer not to know?
Via Ali Watkins’ story on Dianne Feinstein’s vindication by the Senate parliamentarian, Ron Wyden has written Eric Holder a letter listing all the unfinished business he’d like the Attorney General to finish before going off to his sinecure defending banks (my assessment, not Wyden’s).
Three of the requests are familiar:
But a fourth is, as far as I know, new:
I have asked repeatedly over the past several years for the Department of Justice’s opinion on the lawfulness of particular conduct that involved an Executive Branch agency. I finally received a response to these inquiries in June 2014; however the response simply stated that the Department of Justice was not statutorily obligated to respond to my question. I suppose there my not be a particular law that requires the Department to answer this question, but this response is nonetheless clearly troubling. My question was not hypothetical, and I did not ask to see any pre-decisional legal advice — I simply asked whether the Justice Department believed that the specific actions taken in this case were legal. It would be reasonable for the Department to say “Yes, this conduct was lawful” and explain why, or to say “No, this appears to have been unlawful” and take appropriate follow-up action. Refusing to answer at all is highly problematic and clearly undermines effective oversight of government agencies, especially since the actions in question were carried out in secret. For these reasons, I renew my request for an answer to the question, and I hope that you can help provide one.
Uh, with all due respect, Senator, I believe Holder has given you an answer: While I don’t know what the actions in question are, it seems the answer is, “Yes, those actions were illegal, but since we’re not going to do anything about it, we’re not going to tell you that.”
Or perhaps, “Yes, those actions were illegal. But if the President orders them, we don’t consider them illegal.”
Wyden has apparently been asking this for “several years.” While that doesn’t entirely rule out CIA spying on SSCI (which, after all, DOJ has answered by not prosecuting), it seems it is some other action he learned about under Obama’s tenure.
So is DOJ refusing to prosecute some clearly illegal action that happened under Obama?
Tomorrow is dragnet day, the next 90-day reauthorization for the dragnet.
In advance of that date, Pat Leahy just called on President Obama to simply let the dragnet end.
The President can end the NSA’s dragnet collection of Americans’ phone records once and for all by not seeking reauthorization of this program by the FISA Court, and once again, I urge him to do just that. Doing so would not be a substitute for comprehensive surveillance reform legislation – but it would be an important first step.
Leahy joins 4 other Democrats who have already called for the President to unilaterally stop the dragnet.
At a hearing last month, Adam Schiff suggested to DIRNSA Mike Rogers that they move forward without waiting for a new law.
“There’s nothing in statute that requires the government to gather bulk data, so you could move forward on your own with making the technological changes,” Schiff said. “You don’t have to wait for the USA Freedom Act.”
There’s no reason for the NSA to wait for congressional approval to put additional limits on the program “if you think this is the correct policy,” Schiff added. “Why continue to gather the bulk metadata if [Obama administration officials] don’t think this is the best approach?”
And back in June, Senators Wyden, Udall, and Heinrich not only made a similar suggestion in a letter to the President, but laid out how Obama could achieve what he says he wants to without waiting for legislation.
But the President is not going to end the dragnet. Heck, for all we know, FISC has already signed the reauthorization.
Mind you, it may be that President Obama can’t start the new-and-improved dragnet without offering providers immunity and compensation. But if Obama can’t simply end the dragnet without offering telecoms and second level contractors broad immunity, then he’s obviously planning on something more exotic than just regular phone contact chaining.
Kim Zetter has an interview with Ron Wyden that goes over a number of things I have already reported. She describes him hedging when asked when he first learned of the phone dragnet; as I have shown the government did not brief the Internet dragnet to the Intelligence Committees, not even during the PATRIOT reauthorization in 2005. Wyden describes the months — “literally months” –during which he tried to get the Intelligence Community to correct what Keith Alexander had said to DefCon before he asked James Clapper the question he is now so famous for; I laid that out here and here. Wyden describes how — “incredible as it sounds” — the Bush Administration shut down NSA’s back door search authorities., which I noted here. Zetter and Wyden also discuss how to manage zero day exploits.
But the most important detail in the interview, in my opinion, comes where Wyden makes clear he doesn’t know enough about what the government does under EO 12333.
But no one, not even lawmakers on Capitol Hill, have a full grasp of how EO 12333 is being used.
Wyden says, “I’m not sure we’re at the bottom or close to it” when it comes to understanding how it’s being used.” Wyden is suspicious that the White House and intelligence community have agreed to halt the phone records collection program, in the wake of intense criticism, only because the spy agency has other tricks to get the same data, possibly through EO 12333.
“The intelligence community is endorsing eliminating bulk-collection of phone records, and it makes me wonder what are the authorities under 12333 [through which they might do the same thing]?” he asks. “You can get a bill passed and everybody says, ‘Hey we banned bulk collection.’… [Then] we see the government go off in another direction. I will tell you that I don’t know today the full ramifications of 12333 on bulk collection. But I’m going to be spending a lot of time digging into it.”
I had pointed to Wyden’s concern about this issue when he raised it at the turn of the year and noted that the Administration made public its belief it can engage in the phone and Internet dragnet without any Congressional authorization just as the USA Freedom Act debate resumed.
But Wyden’s confirmation that he doesn’t know what the government does overseas raises questions about, first, whether he knows what the government did with the Internet dragnet when he and Udall convinced the government to end the domestic collection of it in 2011. But it also underscores just how empty are the promises that there is adequate oversight of the NSA’s work.
If someone on the Intelligence Committees (a critic, admittedly, but he is one of the legal overseers of the Agency) doesn’t know, and doesn’t think he’d necessarily know, if the government replaced a congressionally limited program with the same program overseas, that means there’s no way the Intel Committees could ensure that the government had stopped practices Congress told it to stop.
Of course, given that Wyden got legislation passed in 2004 defunding any data mining of Americans only to have the Bush authorized dragnet continue, that must be a familiar position for the Senator.
In an editorial calling on Congress to pass the USA Freedom Act, the USA Today makes this claim.
Obama’s proposal last January — to leave the data with phone companies, instead of with the government — can’t happen without a new law. And, as in so many other areas, the deeply divided Congress has failed to produce one.
I don’t know whether that is or is not the case.
I do know 3 Senate Intelligence Committee members say it is not the case.
Ron Wyden, Mark Udall, and Martin Heinrich wrote Obama a letter making just this point in June. They argued that Obama could accomplish most, if not all, of what he claimed he wanted without legislation, largely with a combination of Section 215 Orders to get hops and Pen Registers to get prospective collection.
[W]e believe that, in the meantime, the government already has sufficient authorities today to implement most, if not all, of the Section 215 reforms laid out in your proposal without delay in a way that does not harm our national security. More comprehensive congressional action is vital, but the executive branch need not wait for Congress to end the dragnet collection of millions of Americans’ phone records for a number of reasons.
First, we believe that the Foreign Intelligence Surveillance Court’s (FISC) expansive interpretation of the USA PATRIOT Act to allow the collection of millions of Americans’ phone records makes it likely that the FISC would also agree to a more narrowly-drawn interpretation of the law, without requiring further congressional action. Certainly, it seems likely that the FISC would permit the executive branch to use its current authorities to obtain phone records up to two “hops” from a suspicious phone number or to compel technical assistance by and compensation for recipients of court orders. Unless the FISC has already rejected such a request from the government, it does not seem necessary for the executive branch to wait for Congress before taking action.
Second, we believe that the FISC would likely approve the defined and limited prospective searches for records envisioned under your proposal pursuant to current USA PATRIOT Act Section 214 pen register authorities, given how broadly it has previous interpreted these authorities. Again, we believe it is vital for Congress to enact reforms, but we also believe that the government has sufficient authorities today under the USA PATRIOT Act to conduct these targeted prospective searches in the interim.
Finally, although we have seen no evidence that the government has needed the bulk phone records collection program to attain any time-sensitive objectives, we agree that new legislation should provide clear emergency authorities to allow the government to obtain court approval of individual queries after the fact under specific circumstances. The law currently allows prospective emergency acquisitions of call records under Section 403 of the Foreign Intelligence Surveillance Act (FISA), and the acquisition of past records without judicial review under national security letter authorities. While utilizing a patchwork of authorities is not ideal, it could be done on an interim basis, while Congress works to pass legislation.
Just weeks before they sent this, Deputy Attorney General James Cole had seemed to say they could (if not already were) getting hybrid orders, in that case mixing phone and location. So it seems like DOJ is confident they could use such hybrid orders, using Section 215 for the hops and Pen Registers for the prospective collection (though, given that they’re already using Section 215 for prospective collection, I’m not sure why they’d need to use hybrids to get anything but emergency orders).
And it makes sense. After all, the public claims about what the Call Detail Record provision would do, at least, describe it as a kind of Pen Register on steroids, 2-degrees of Pen Register. As the Senators suggest, FBI already gets two-degree information of historical records with mere NSLs, so it’d be surprising if they couldn’t get 2 degrees prospectively with a court order.
So at least according to three members of the Senate Intelligence Committee, USA Today is simply wrong.
Mind you, I’m not entirely convinced they’re right.
That’s because I suspect the new CDR provision is more than a Pen Register on steroids, is instead something far more intrusive, one that gets far beyond mere call records. I suspect the government will ask the telecoms to chain on location, address books, and more — as they do overseas — which would require far more than a prospective Pen Register and likely would require super immunity, as the bill provides.
I suspect the Senators are wrong, but if they are, it’s because Obama (or his Intelligence Community) wants something that is far more invasive then they’ve made out.
Still, for USAF supporters, there seems no question. If all Obama wants to replace the phone dragnet is prospective 2-degree call (not connection) chaining on RAS targets, he almost certainly has that authority.
But if he needs more authority, then chances are very good he’s asking for something far more than he has let on.
Update: Note, USAT makes at least one other clear error in this piece, as where it suggests the “the program” — the phone dragnet — imposes costs on cloud companies like Microsoft and Google.
The very first thing I remarked on when I read the Yahoo FISCR opinion when it was first released in 2009 was this passage.
The petitioner’s concern with incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions do not render those acquisitions unlawful.9 See, e.g., United States v. Kahn, 415 U.S. 143, 157-58 (1974); United States v. Schwartz, 535 F.2d 160, 164 (2d Cir. 1976). The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26 in original release; 30 in current release)
The government claimed to FISCR that it did not maintain a database of incidentally collected information from non-targeted US persons.
Barring some kind of neat parse, I didn’t buy the claim, not even in 2009.
Since then, we’ve found out that — barring some kind of neat parse — I was absolutely right. In fact, they are doing back door searches on this data, especially at FBI.
What I’m particularly intrigued by, now, is the timing.
FISCR said that in an opinion dated August 22, 2008 — over a month after the July 10, 2008 passage of the FISA Amendments Act. I have not yet found evidence of when the government said that to FISCR. It doesn’t appear in the unredacted part of their Jun 5, 2008 Merits brief (which cites Kahn but not Schwartz; see 49-50), though it might appear behind the redaction on 41. Of note, the April 25, 2008 FISC opinion doesn’t even mention the issue in its incidental collection discussion (starting at 95), though it does discuss amended certifications filed in February 2008.
So I’m guessing the government made that representation at the hearing in June, 2008.
We know, from John Bates’ rationale for authorizing NSA and CIA back door searches, such back door searches were first added to FBI minimization procedures in 2008.
When Bates approved back door searches in his October 3, 2011 opinion, he pointed to FBI’s earlier (and broader) authorities to justify approving it for NSA and CIA. While the mention of FBI is redacted here, at that point it was the only other agency whose minimization procedures had to be approved by FISC, and FBI is the agency that applies for traditional FISA warrants.
[redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted]. In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definitions of minimization procedures at 50 U.S.C. §§ 1801(h) and 1821(4). It follows that the substantially-similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.
So since 2008, FBI has had the ability to do back door searches on all the FISA-authorized data they get, including taps targeting US persons.
The FBI Minimization procedures submitted with the case all date to the 1990s, though a 2006 amendment changing how they logged the identities of US persons collected (note, in 2011, John Bates was bitching at FBI for having ignored an order to reissue all its minimization procedures with updates; I can see why he complained).
As described in the Government’s response of June 16, 2006, identities of U.S. persons that have not been logged are often maintained in FBI databases that contain unminimized information. The procedures now simply refer to “the identities” of U.S. persons, acknowledging that the FBI may not have previously logged such identities.
But there’s reason to believe the FBI minimization procedures — and this logging process — was changed in 2008, because a government document submitted in the Basaaly Moalin case — we know Moalin was wiretapped from December 2007 to April 2008, so during precisely the period of the Yahoo challenge, though he was not indicted until much later – referenced two sets of minimization procedures, seeming to reflect a change in minimization during the period of his surveillance (or perhaps during the period of surveillance of Aden Ayro, which is how Moalin is believed to have been identified).
That is, it all seems to have been happening in 2008.
The most charitable guess would be that explicit authorization for back door searches happened with the FAA, so before the FISCR ruling, but after the briefing.
Except in a letter to Russ Feingold during early debates on the FAA, Mike Mukasey and Mike McConnell (the latter of whom was involved in this Yahoo fight) strongly shot down a Feingold amendment that would have required the government to segregate all communications not related to terrorism (and a few other things), and requiring a FISA warrant to access them.
The Mukasey-McConnell attack on segregation is most telling. They complain that the amendment makes a distinction between different kinds of foreign intelligence (one exception to the segregation requirement in the amendment is for “concerns international terrorist activities directed against the United States, or activities in preparation therefor”), even while they claim it would “diminish our ability swiftly to monitor a communication from a foreign terrorist overseas to a person in the United States.” In other words, the complain that one of the only exceptions is for communications relating terrorism, but then say this will prevent them from getting communications pertaining to terrorism.
Then it launches into a tirade that lacks any specifics:
It would have a devastating impact on foreign intelligence surveillance operations; it is unsound as a matter of policy; its provisions would be inordinately difficult to implement; and thus it is unacceptable.
As Feingold already pointed out, the government has segregated the information they collected under PAA–they’re already doing this. But to justify keeping US person information lumped in with foreign person information, they offer no affirmative reason to do so, but only say it’s too difficult and so they refuse to do it.
Even 5 years ago, the language about the “devastating impact” segregating non-terrorism data might have strongly suggested the entire point of this collection was to provide for back door searches.
But that letter was dated February 5, 2008, before the FISCR challenge had even begun. While not definitive, this seems to strongly suggest, at least, that the government planned — even if it hadn’t amended the FBI minimization procedures yet — to retain a database of incidentally data to search on, before the government told FISCR they did not.
Update: I forgot a very important detail. In a hearing this year, Ron Wyden revealed that NSA’s authority to do back door searches had been closed some time during the Bush Administration, before it was reopened by John “Bates stamp” Bates.
Let me start by talking about the fact that the House bill does not ban warrantless searches for Americans’ emails. And here, particularly, I want to get into this with you, Mr. Ledgett if I might. We’re talking of course about the backdoor search loophole, section 702 of the FISA statute. This allows NSA in effect to look through this giant pile of communications that are collected under 702 and deliberately conduct warrantless searches for the communications of individual Americans. This loophole was closed during the Bush Administration, but it was reopened in 2011, and a few months ago the Director of National Intelligence acknowledged in a letter to me that the searches are ongoing today. [my emphasis]
When I noted that Wyden had said this, I guessed that the government had shut down back door searches in the transition from PAA to FAA, but that seems less likely, having begun to review these Yahoo documents, then that it got shut down in response to the hospital confrontation.
But it shows that more extensive back door searches had been in place before the government implied to the FISCR that they weren’t doing back door searches that they clearly were at least contemplating at that point. I’d really like to understand how the government believes they didn’t lie to the FISCR in that comment (though it wouldn’t be the last time they lied to courts about their databases of Americans).
The National Journal reports that Leahy’s USA Freedom Act probably won’t move until after the election, if not next year.
A bill that would curtail the government’s broad surveillance authority is unlikely to earn a vote in Congress before the November midterms, and it might not even get a vote during the postelection lame-duck session.
The inaction amounts to another stinging setback for reform advocates, who have been agitating for legislation that would rein in the National Security Agency ever since Edward Snowden’s leaks surfaced last summer. It also deflates a sudden surge in pressure on Congress to pass the USA Freedom Act, which scored a stunning endorsement from Director of National Intelligence James Clapper last week.
Of course, contrary to what the NJ keeps reporting, that letter is not a stunning endorsement. On the contrary, it’s a signal James Clapper would change — at a minimum — the FISA Advocate position, and probably the Call Detail Record provision as well.
And even while the story suggests timing is the problem, further down the story suggests the bill doesn’t have the votes.
But beyond the calendar squeeze and geopolitical tensions, the Freedom Act has never had a clear path forward. It was not embraced by defense hawks such as Senate Intelligence Committee Chairwoman Dianne Feinstein or Sens. Ron Wyden and Mark Udall, who have become icons of the surveillance-reform movement. The two Democrats said they wanted to strengthen the bill to require warrants for “backdoor” searches of Americans’ Internet data that can be incidentally collected during foreign surveillance hauls. Sources indicated that their support for the Freedom Act remains a bridge too far.
“We were told to go after Republicans,” one industry said.
Wyden and Udall’s reticence to publicly back Leahy’s bill may stem from a conviction that they can get a better deal next Congress, with Section 215 of the USA Patriot Act—the legal underpinning for the NSA’s phone-records collection—due to expire on June 1, 2015.
Without the left flank of the Senate, this wasn’t going to pass. But so long as this bill endorsed warrantless back door searches of Americans at the assessment stage, it wasn’t going to get those votes.
The story ends with a solitary quote purportedly representing the voices of “many” people.
But many see an NSA reform debate that rolls into next year as no sure bet, regardless of what party holds control of the Senate.
“If the USA Freedom Act is not passed this Congress, we are really in uncharted territory, and the process has to start all over again,” said Harley Geiger, senior counsel at the Center for Democracy & Technology, a pro-reform group. “All the elements for reform are in place now, but it just happens that we don’t have much time.”
Geiger is the same purpose mis-reading Clapper’s letter as a complete endorsement of the bill.
Note what doesn’t get mentioned in any of this, though?
Last we heard from the 2nd Circuit, it sounded very very skeptical that it was constitutional to, “collect everything there is to know about everybody and have it all in one big government cloud.” And while SCOTUS was happy to reverse precisely this court in Section 702, both ACLU’s standing and the details of the program are much clearer this time. Had Congress legislated quickly, it likely would moot this and several other challenges to this dragnet.
This way, at least, the courts will be forced to determine whether it is actually legal for the government to conduct dossiers of every American and store them on a cloud.
I wanted to explain why I think it’s such a big deal that James Clapper specifically highlighted the carve out for transparency reporting on FBI’s back door searches in Leahy’s version of Freedom Act’s in his letter supporting the bill.
As I described, the bill requires reporting on back door searches, but then exempts the FBI from that reporting.
But that’s not the part of the bill that disturbs me the most. It’s this language:
‘(3) FEDERAL BUREAU OF INVESTIGATION.—
Subparagraphs (B)(iv), (B)(v), (D)(iii), (E)(iii), and (E)(iv) of paragraph (1) of subsection (b) shall not apply to information or records held by, or queries conducted by, the Federal Bureau of Investigation.
The language refers, in part, to requirements that the government report to Congress:
(B) the total number of orders issued pursuant to section 702 and a good faith estimate of—
(iv) the number of search terms that included information concerning a United States person that were used to query any database of the contents of electronic communications or wire communications obtained through the use of an order issued pursuant to section 702; and
(v) the number of search queries initiated by an officer, employee, or agent of the United States whose search terms included information concerning a United States person in any database of noncontents information relating to electronic communications or wire communications that were obtained through the use of an order issued pursuant to section 702;
These are back door searches on US person identifiers of Section 702 collected data — both content (iv) and metadata (v).
In other words, after having required the government to report how many back door searches of US person data it conducts, the bill then exempts the FBI.
In his letter, Clapper says,
[W]e are comfortable with the transparency provisions in this bill because, among other things, they recognize the technical limitations on our ability to report certain types of information.
FBI back door searches are the most obvious limit on transparency guidelines, and FBI told PCLOB they couldn’t count them for technical reasons.
So effectively, Clapper is suggesting that Congress has recognized that FBI is incapable — for technical reasons — of counting how often it conducts back door searches.
That technical claim is almost certainly bullshit.
As a reminder, here’s what the government told PCLOB about FBI’s back door searches.
Because they are not identified as such in FBI systems, the FBI does not track the number of queries using U.S. person identifiers. The number of such queries, however, is substantial for two reasons.
First, the FBI stores electronic data obtained from traditional FISA electronic surveillance and physical searches, which often target U.S. persons, in the same repositories as the FBI stores Section 702–acquired data, which cannot be acquired through the intentional targeting of U.S. persons. As such, FBI agents and analysts who query data using the identifiers of their U.S. person traditional FISA targets will also simultaneously query Section 702–acquired data.
Second, whenever the FBI opens a new national security investigation or assessment, FBI personnel will query previously acquired information from a variety of sources, including Section 702, for information relevant to the investigation or assessment. With some frequency, FBI personnel will also query this data, including Section 702–acquired information, in the course of criminal investigations and assessments that are unrelated to national security efforts. In the case of an assessment, an assessment may be initiated “to detect, obtain information about, or prevent or protect against federal crimes or threats to the national security or to collect foreign intelligence information.”254 If the agent or analyst conducting these queries has had the training required for access to unminimized Section 702–acquired data, any results from the Section 702 data would be returned in these queries. If an agent or analyst does not have access to unminimized Section 702–acquired data — typically because this agent or analyst is assigned to non-national security criminal matters only — the agent or analyst would not be able to view the unminimized data, but would be notified that data responsive to the query exists and could request that an agent or analyst with the proper training and access to review the unminimized Section 702–acquired data.
As I pointed out the other day, the CIA IG Report on spying on the Senate Intelligence Committee appears to say the egregious spying happened after John Brennan told Dianne Feinstein and Saxby Chambliss on January 15 CIA had been spying on SSCI.
Agency Access to Files on the SSCI RDINet:
Five Agency employees, two attorneys and three information technology (IT) staff members, improperly accessed or caused access to the SSCI Majority staff shared drives on the RDINet.
Agency Crimes Report on Alleged Misconduct by SSCI Staff:
The Agency filed a crimes report with the DOJ, as required by Executive Order 12333 and the 1995 Crimes Reporting Memorandum between the DOJ and the Intelligence Community, reporting that SSCI staff members may have improperly accessed Agency information on the RDINet. However, the factual basis for the referral was not supported, as the author of the referral had been provided inaccurate information on which the letter was based. After review, the DOJ declined to open a criminal investigation of the matter alleged in the crimes report.
Office of Security Review of SSCI Staff Activity:
Subsequent to directive by the D/CIA to halt the Agency review of SSCI staff access to the RDINet, and unaware of the D/CIA’s direction, the Office of Security conducted a limited investigation of SSCI activities on the RDINet. That effort included a keyword search of all and a review of some of the emails of SSCI Majority staff members on the RDINet system.
With respect to your second question about monitoring of Members of Congress and Legislative Branch employees, in general those individuals will not be subject to [User Activity Monitoring] because their classified networks are not included in the definition of national security systems (NSS) for which monitoring is required.
Because no internally owned or operated Legislative branch network qualifies as a national security system, UAM by the Executive Branch is accordingly neither required nor conducted. To be clear, however, when Legislative Branch personnel access a national security system used or operated by the Executive Branch, they are of course subject to UAM on that particular system.
CIA’s spying on SSCI took place on CIA’s RDI network, not on the SSCI one. SSCI had originally demanded they be given the documents pertaining to the torture program, but ultimately Leon Panetta required them to work on a CIA network, as Dianne Feinstein explained earlier this year.
The committee’s preference was for the CIA to turn over all responsive documents to the committee’s office, as had been done in previous committee investigations.
Director Panetta proposed an alternative arrangement: to provide literally millions of pages of operational cables, internal emails, memos, and other documents pursuant to the committee’s document requests at a secure location in Northern Virginia. We agreed, but insisted on several conditions and protections to ensure the integrity of this congressional investigation.
Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director Panetta, and I agreed in an exchange of letters that the CIA was to provide a “stand-alone computer system” with a “network drive” “segregated from CIA networks” for the committee that would only be accessed by information technology personnel at the CIA—who would “not be permitted to” “share information from the system with other [CIA] personnel, except as otherwise authorized by the committee.”
It was this computer network that, notwithstanding our agreement with Director Panetta, was searched by the CIA this past January,
Presumably, those limits on access should have prevented CIA’s IT guys from sharing information about what SSCI was doing on the network. But it’s not clear they would override Clapper’s UAM.
Remember, too, when Brennan first explained how this spying didn’t qualify as a violation of the Computer Fraud and Abuse Act, he said CIA could conduct “lawfully authorized … protective … activity” in the US. Presumably like UAM.
I have no idea whether this explains why CIA’s IG retracted what Feinstein said had been his own criminal referral or not. But I do wonder whether the CIA has self-excused some of its spying on SSCI in the interest of continuous user monitoring?
If so, it would be the height of irony, as UAM did not discover either Chelsea Manning’s or Edward Snowden’s leaks. Imagine if the only leakers the Intelligence Community ever found were their own overseers?