Having been badly outmaneuvered on USA Freedumber — what was sold as reform but is in my opinion an expansion of spying in several ways — in the House, civil liberties groups are promising a real fight in the Senate.
“This is going to be the fight of the summer,” vowed Gabe Rottman, legislative counsel with the American Civil Liberties Union.
If advocates are able to change the House bill’s language to prohibit NSA agents from collecting large quantities of data, “then that’s a win,” he added.
“The bill still is not ideal even with those changes, but that would be an improvement,” Rottman said.
“We were of course very disappointed at the weakening of the bill,” said Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute. “Right now we really are turning our attention to the Senate to make sure that doesn’t happen again.”
One factor working in the reformers’ favor is the strong support of Senate Judiciary Chairman Patrick Leahy (D-Vt.).
Unlike House Judiciary Chairman Bob Goodlatte (R-Va.), who only came to support the bill after negotiations to produce a manager’s amendment, Leahy was the lead Senate sponsor of the USA Freedom Act.
The fact that Leahy controls the committee gavel means he should be able to guide the bill through when it comes up for discussion next month, advocates said.
“The fact that he is the chairman and it’s his bill and this is an issue that he has been passionate about for many years” is comforting, Greene said.
I hope they prove me wrong. But claims this will get better in the Senate seem to ignore the recent history of the Senate Judiciary Committee’s involvement in surveillance bills, not to mention the likely vote counts.
It is true Pat Leahy wants real reform. And he has a few allies on SJC. But in recent years, every surveillance-related bill that came through SJC has been watered down when Dianne Feinstein offered an alternative (which Leahy sometimes adopted as a manager’s amendment, perhaps realizing he didn’t have the votes). After DiFi offered reform, Sheldon Whitehouse (who a number of less sophisticated SJC members look to as a guide on these issues) enthusiastically embraced it, and everyone fell into line. Often, a Republican comes in and offers a “bipartisan reform” (meaning conservative Republicans joining with the Deep State) that further guts the bill.
This is how the Administration (shacking up with Jeff Sessions) defeated an effort to rein in Section 215 and Pen Registers in 2009.
This is how DiFi defeated an effort to close the backdoor loophole in 2012.
As this was happening in 2009, Russ Feingold called out SJC for acting as if it were the “Prosecutors Committee,” rather than the Judiciary Committee.
(Note, in both of those cases as well as on the original passage of Section 702, I understood fairly clearly what the efforts to stymie reform would do, up to 4 years before those programs were publicly revealed; I’ve got a pretty good record on this front!)
And if you don’t believe this is going to happen again, tell me why this whip count is wrong:
If my read here is right, the best case scenario — short of convincing Sheldon Whitehouse some of what the government wants to do is unconstitutional, which John Bates has already ruled that it is – is relying on people like Ted Cruz (whose posturing on civil liberties is often no more than that) and Jeff Flake (who was great on these issues in the House but has been silent and absent throughout this entire debate). And that’s all to reach a 9-9 tie in SJC.
Which shouldn’t be surprising. Had Leahy had the votes to move USA Freedom Act through SJC, he would have done so in October.
That was the entire point of starting in the House: because there was such a large number of people (albeit, for the most part without gavels) supporting real reform in the House. But because reformers (starting with John Conyers and Jerry Nadler) uncritically accepted a bad compromise and then let it be gutted, that leverage was squandered.
Right now, we’re looking at a bill that outsources an expanded phone dragnet to the telecoms (with some advantages and some drawbacks), but along the way resets other programs to what they were before the FISC reined them in from 2009 to 2011. That’s the starting point. With a vote count that leaves us susceptible to further corruption of the bill along the way.
Edward Snowden risked his freedom to try to rein in the dragnet, and instead, as of right now it looks like Congress will expand it.
Update: I’ve moved Richard Blumenthal into the “pro reform” category based on this statement after the passage of USA Freedumber. Thanks to Katherine Hawkins for alerting me to the statement.
Both the ACLU’s Jameel Jaffer and EFF have reviews of the government’s latest claims about Section 702. In response to challenges by two defendants, Mohamed Osman Mohamud and Jamshid Muhtorov, to the use of 702-collected information, the government claims our international communications have no Fourth Amendment protection.
Here’s how Jaffer summarizes it:
It’s hardly surprising that the government believes the 2008 law is constitutional – government officials advocated for its passage six years ago, and they have been vigorously defending the law ever since. Documents made public over the last eleven-and-a-half months by the Guardian and others show that the NSA has been using the law aggressively.
What’s surprising – even remarkable – is what the government says on the way to its conclusion. It says, in essence, that the Constitution is utterly indifferent to the NSA’s large-scale surveillance of Americans’ international telephone calls and emails:
The privacy rights of US persons in international communications are significantly diminished, if not completely eliminated, when those communications have been transmitted to or obtained from non-US persons located outside the United States.
That phrase – “if not completely eliminated” – is unusually revealing. Think of it as the Justice Department’s twin to the NSA’s “collect it all”.
In support of the law, the government contends that Americans who make phone calls or sends emails to people abroad have a diminished expectation of privacy because the people with whom they are communicating – non-Americans abroad, that is – are not protected by the Constitution.
The government also argues that Americans’ privacy rights are further diminished in this context because the NSA has a “paramount” interest in examining information that crosses international borders.
And, apparently contemplating a kind of race to the bottom in global privacy rights, the government even argues that Americans can’t reasonably expect that their international communications will be private from the NSA when the intelligence services of so many other countries – the government doesn’t name them – might be monitoring those communications, too.
The government’s argument is not simply that the NSA has broad authority to monitor Americans’ international communications. The US government is arguing that the NSA’s authority is unlimited in this respect. If the government is right, nothing in the Constitution bars the NSA from monitoring a phone call between a journalist in New York City and his source in London. For that matter, nothing bars the NSA from monitoring every call and email between Americans in the United States and their non-American friends, relatives, and colleagues overseas.
I tracked Feingold’s warnings about Section 702 closely in 2008. That’s where I first figured out the risk of what we now call back door searches, for example. But I thought his comment here was a bit alarmist.
As I’ve learned to never doubt Ron Wyden’s claims about surveillance, I long ago learned never to doubt Feingold’s.
I’m at a great conference on national security and civil liberties. Unfortunately, speakers have repeatedly claimed that NSA fully informs Congress on its programs.
Even setting aside Dianne Feinstein’s admission that the intelligence committees exercise less oversight over programs conducted under EO 12333, there are a number of public documents that show the Executive failing to fully inform Congress:
April 27, 2005: Alberto Gonzales and Robert Mueller brief SSCI on PATRIOT Authorities in advance of reauthorization. They make no mention of the use of PR/TT to gather Internet metadata, much less the violations of Colleen Kollar-Kotelly limits on the kind of data collected during the first period of its use.
October 21, 2009: A Michael Leiter and NSA Associate Deputy Director briefing to the House Intelligence Committee pointed to the September 3, 2009 phone dragnet reauthorization as proof that NSA had regained FISC’s confidence, without mentioning further violations on September 21 and 23 — violations that NSA did not inform FISC about.
August 16, 2010: DOJ did not provide the Intelligence and Judiciary Committees with some of the pre-July 10, 2008 FISC rulings providing significant constructions of FISA pertaining to — at a minimum — Section 215 until after the first PATRIOT Reauthorization.
February 2, 2011: House Intelligence Chair Mike Rogers did not invite members of Congress to read the 2011 notice about the phone and Internet dragnets. Approximately 86 freshmen members — 65 of whom voted to reauthorize the PATRIOT Act, a sufficient number to tip the vote — had no opportunity to read that notice.
May 13, 2011: In a briefing by Robert Mueller and Valerie Caproni designed to substitute for the Executive’s notice to Congressmen about the phone and Internet dragnets, the following exchange took place.
Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?
A — To the FBI’s knowledge, those authorities have not been abused.
While the balance of the briefing remains redacted, this seems to suggest the FBI did not brief House Republicans about the dragnet violations.
September 1, 2011: NSA did not provide notice to the House Judiciary Committee about its testing of geolocation data under Section 215 until after the reauthorization of PATRIOT Act, in spite of the fact that it had been conducting such tests throughout the 2010 and 2011 debates on the PATRIOT Act.
As the top Intelligence Community lawyers have made clear, the IC maintains it can search US person data incidentally collected under Section 702 without any suspicion, as well as for the purposes of making algorithms, cracking encryption, and to protect property.
The Leahy-Sensenbrenner bill tries to rein in this problem. And its fix is far better than what we’ve got now. But it almost certainly won’t fix the underlying problem.
Here’s what the law would do to the “Limitations” section of Section 702. The underlined language is new.
(1) IN GENERAL.—An acquisition
(A) may not intentionally target any person known at the time of acquisition to be located in the United States;
(B) may not intentionally target a person reasonably believed to be located outside the United States if a significant purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States;
(C) may not intentionally target a United States person reasonably believed to be located outside the United States;
(D) may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States; and
(E) shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.
(2) CLARIFICATION ON PROHIBITION ON SEARCHING OF COLLECTIONS OF COMMUNICATIONS OF UNITED STATES PERSONS.—
(A) IN GENERAL.—Except as provided in subparagraph (B), no officer or employee of the United States may conduct a search of a collection of communications acquired under this section in an effort to find communications of a particular United States person (other than a corporation).
In 2011, when John Bates declared the existing upstream collection illegal, he didn’t stop the practice. Instead, he imposed new minimization procedures on part of the collection (just that part that included transactions including communications that were completely unrelated to the search terms used). He required that collection be segregated. And he wrung assurances from NSA they wouldn’t do things — like search on data collected via upstream collection — that they could do with data collected under PRISM.
In short, it was actually a pretty permissive ruling, allowing the NSA to continue to collecting upstream data, at least for the terms and purposes they had claimed they were using it for.
So why go to the trouble of stealing data from Google and Yahoo links overseas instead of through PRISM — a question The Switch asks here – and upstream collection here?
Obviously, one of the problem is encryption. The graphic above makes it very clear NSA/GCHQ are trying to avoid Google’s default and Yahoo’s available SSL protection. Which mean they can’t do the same kind of upstream collection on encrypted content.
Now it’s clear from the aftermath of the 2011 ruling — in the way Google and Yahoo had to invest a lot to keep responding to new orders — that PRISM collection in the US is tied in some way to that upstream collection. Julian Sanchez suggests Google and Yahoo may now be unwilling to do keyword (actually key-selector, since some of these would be code) searches. And that may be the case (though it’s hard to see how they could refuse an order requiring that, given that the telecoms were responding to similar orders).
There are a few other possibilities, though.
First, remember that NSA wanted to continue its collection practice as it existed, with no changes. It considered appealing Bates’ decision. And it resisted his demands they clean up existing illegally collected data.
So it may be they simply continued doing what they were doing by stealing this data overseas. But that would only make sense if MUSCULAR dates to 2012, when Bates imposed new restrictions.
It’s also possible some of the restrictions he imposed wouldn’t allow NSA to accomplish what it wanted to. Two possibilities are his requirement that NSA segregate this collection. Another is his refusal to let NSA search “incidentally” collected data.
A third possibility is that other FISC restrictions — such as limits on how many contact chains one could do on Internet metadata (WaPo makes it clear this collection includes metadata) — provided reason to evade FISC as well.
Finally, I wonder whether the types of targets they’re pursuing have anything to do with this. For a variety of reasons, I’ve come to suspect NSA only uses Section 702 for three kinds of targets.
- Arms proliferators
- Hackers and other cyber-attackers
According to the plain letter of Section 702 there shouldn’t be this limitation; Section 702 should be available for any foreign intelligence purpose. But it’s possible that some of the FISC rulings — perhaps even the 2007-8 one pertaining to Yahoo (which the government is in the process of declassifying as we speak) — rely on a special needs exception to the Fourth Amendment tied to these three types of threats (with the assumption being that other foreign intelligence targets don’t infiltrate the US like these do).
Which would make this passage one of the most revealing of the WaPo piece.
One weekly report on MUSCULAR says the British operators of the site allow the NSA to contribute 100,000 “selectors,” or search terms. That is more than twice the number in use in the PRISM program, but even 100,000 cannot easily account for the millions of records that are said to be sent back to Fort Meade each day.
Given that NSA is using twice as many selectors, it is likely the NSA is searching on content outside whatever parameters that FISC sets for it, perhaps on completely unrelated topics altogether. This may well be foreign intelligence, but it may not be content the FISC has deemed worthy of this kind of intrusive search.
That’s just a wildarsedguess. But I do think it possible FISC has already told the NSA — whether it be in the 2011 opinion, opinions tied to the Internet dragnet problems (which themselves may have imposed limits on just this kind of behavior), or on the original PAA/FAA opinions themselves — that this collection violated the Fourth Amendment.
In which case the prediction Russ Feingold made back in 2007 — “So in other words, if they don’t like what we [or the FISA Court] come up with, they can just go back to Article II” — would prove, as so many Feingold comments have, prescient.
Some time last summer, Ron Wyden wrote Attorney General Holder, asking him (for the second time) to declassify and revoke an OLC opinion pertaining to common commercial service agreements. He said at the time the opinion “ha[d] direct relevance to ongoing congressional debates regarding cybersecurity legislation.”
That request would presumably have been made after President Obama’s April 25, 2012 veto threat of CISPA, but at a time when several proposed Cybersecurity bills, with different information sharing structures, were floating around Congress.
Wyden asked for the declassification and withdrawal of the memo again this January as part of his laundry list of requests in advance of John Brennan’s confirmation. Then, after having been silent about this request for 8 months (at least in public), Wyden asked again on September 26.
It appears that Wyden had intended to ask the question of one of the witnesses at an open Senate Intelligence Committee hearing (perhaps Deputy Attorney General James Cole), but — having had warning of his questions (because he sent them to the witnesses in advance) — Dianne Feinstein and Susan Collins ensured there would not be a second round of questions.
As it happens, Wyden made the request for the memo two days after DiFi told The Hill she was preparing to advance her version of CISPA, and the day after Keith Alexander started calling for cybersecurity legislation again.
In a brief interview with The Hill in the U.S. Capitol on Tuesday, Feinstein said she has prepared a draft bill and plans to move it forward.
The legislation would be the Senate’s counterpart to the Cyber Intelligence Sharing and Protection Act, known as CISPA, which cleared the House in April.
CISPA would remove legal barriers that prevent companies from sharing information with each other and the government about cyber attacks. It would also allow the government to share more information with the private sector.
Since then, Alexander has pitched new cybersecurity legislation in an “interview” with the NYT, admitting he needs to be more open about his places for cybersecurity.
Now, the Executive Branch’s unwillingness to actually share the law as it interprets it with us mere citizens prevents us from understanding precisely what relationship this OLC memo has with proposed cybersecurity legislation — but Wyden made it clear in January that it does have one. But here are some things we might surmise about the memo:
Let’s use the lesson we learned during the FISA Amendments Act where the telecoms were clambering for the legislation and the retroactive immunity, but the Internet companies were grateful for “clarity,” but explicitly opposed to retroactive immunity. When we learned the telecoms had been turning over the Internet companies metadata and content, this all made more sense. The Internet Companies wanted the telecoms to be punished for stealing their data.
In this case, in the first round of CISPA (which had broad immunity protections), Facebook and Microsoft were supporters. But in this go-around (which has still generous but somewhat more limited immunity), the big supporters consist of:
Now, who knows with which of these entities the government is already relying on this common commercial services memo, which of our providers we believe have made some assurances to us but in fact they’ve made entirely different ones.
But I will say the presence of the telecoms, again, angling for immunity for information sharing, along with their analogues the broadband providers does raise questions. Especially considering Verizon Exec’s trash talking about consumer-centric Internet companies that don’t prioritize national security.
Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”
“This is a more important issue than that which is generated in a press release. This is a matter of national security.”
After all, the telecoms have a history of willingly cooperating with the government, even if it bypassed the protections offered by Internet companies, even if it violated the law. Have they been joined by big broadband?
Well, DOJ could clear all this up by revoking and releasing the memo. Until they do, though, my wildarsed guess is that those operating the Toobz in the country — the telecom and broadband companies — have already started sharing consumers’ data that a plain reading of the law seemingly wouldn’t permit them to do.
I’m reading a very old SSCI hearing on FISA today — from May 1, 2007, when then Director of National Intelligence Mike McConnell initiated the push for the Protect America Act.
Given recent revelations that NSA continues to conduct some collection under EO 12333 — including the address books of people all over the world, including Americans — I thought this part of the hearing might amuse some of you.
SEN. FEINGOLD: I thank the witnesses for testifying today. Can each of you assure the American people that there is not — and this relates to what — the subject Senator Wyden was just discussing — that there is not and will not be any more surveillance in which the FISA process is side-stepped based on arguments that the president has independent authority under Article II or the authorization of the use of military force?
MR. McCONNELL: Sir, the president’s authority under Article II is – - are in the Constitution. So if the president chose to exercise Article II authority, that would be the president’s call. What we’re attempting to do here with this legislation is to put the process under appropriate law so that it’s conducted appropriately to do two things — protect privacy of Americans on one hand, and conduct foreign surveillance on the other.
SEN. FEINGOLD: My understanding of your answer to Senator Wyden’s last question was that there is no such activity going on at this point. In other words, whatever is happening is being done within the context of the FISA statute.
MR. McCONNELL: That’s correct.
SEN. FEINGOLD: Are there any plans to do any surveillance independent of the FISA statute relating to this subject?
MR. McCONNELL: None that — none that we are formulating or thinking about currently. But I’d just highlight, Article II is Article II, so in a different circumstance, I can’t speak for the president what he might decide.
SEN. FEINGOLD: Well, Mr. Director, Article II is Article II, and that’s all it is. Continue reading
As fundraising week comes to a close, please support this site.
In a piece bemoaning the possibility that the dragnet programs created in secret might be scaled back now that citizens know what they entail, Ben Wittes lets his imagination run wild.
Imagine you were a high-level decision-maker in a clandestine intelligence agency. Imagine that you had played by the rules Congress had laid out for you, worked with oversight mechanisms to fix errors when they happened, and erected strict compliance regimes to minimize mistakes in a mind-bogglingly complex system of signals intelligence collection. Imagine further that when the programs became public, there was a firestorm anyway. Imagine that nearly half of the House of Representatives, pretending it had no idea what you had been doing, voted to end key collection activity. Imagine that in response to the firestorm, the President of the United States—after initially defending the intelligence community—said that what was really needed was more transparency and described the debate as healthy. Imagine that journalists construed every fact they learned in light of the need to keep feeding at the trough of a source who had stolen a huge volume of highly classified materials and taken it to China and Russia. [my emphasis]
Now, Ben sets up a few straw men here: journalists may have gotten some details wrong, but they’re probably doing better on accuracy than the Agencies that have all the information at hand, which continue to tell easily demonstrable lies. He suggests Obama is interested in debate, abundant evidence to the contrary. He excuses the NSA’s compliance problems because of complexity, when they introduced that complexity to make programs do what they legally weren’t supposed to (for example, allowing illegal access via 3 other systems and by 3 other agencies and inventing a pre-archive archive to skirt the rules in the case of the phone dragnet program). He suggests the NSA played by Congress’ rules, when in fact the FISC sets rules, and it says the government has repeatedly violated those rules and “misrepresented” claims about doing so.
But those straw men are nothing compared to the claim that those in the House who voted to defund the phone dragnet were “pretending it had no idea what you had been doing.”
The record shows that the 2011 PATRIOT Act extension was passed with the support of 65 people – enough to make the difference in the vote – who had had no opportunity to learn about the Section 215 dragnet except at hearings that didn’t provide notice of what they would present. Moreover, the record shows that when someone at one of (the only one of?) those hearings asked a question specifically designed to learn about problems with the dragnet, here’s what happened.
Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?
A — To the FBI’s knowledge, those authorities have not been abused.
Then FBI Director Robert Mueller and then-General Counsel Valerie Caproni (the Administration waited to release the dragnet materials Monday almost until the second Caproni got confirmed to lifetime tenure as a judge) gave that answer in spite of the fact that Mueller had to submit a declaration to Judge Reggie Walton to explain why the program was important enough to keep in spite of the many abuses. Walton ordered that declaration, in part, because the government’s explanations about their gross violations “strain credulity,” according to Walton. And one of the abuses involved FBI getting access to this data directly.
But FBI knows nothing, Colonel Klink.
And even in what notice the government made somewhat available to Congress (but which Mike Rogers did not pass on), it provided just a one paragraph description of the abuses that would take a page to lay out in skeleton bullet form.
In other words, the record shows that many of those who voted against the dragnet in fact had no idea what the government had been doing, both about the dragnet itself, and about the abuses of the dragnet program.
And note, when almost half the House voted to defund the dragnet, they still hadn’t been informed of the full extent of these abuses (because the Administration was withholding the relevant opinions).
Congress is moving to rein in a program that the Executive Branch operated illegally for 5 years, then operated with FISC sanction for 7 years while abusing the terms of that sanction for at least 3 years. In Wittes imagination, that’s a bad thing.
Update: Also note Valerie Caproni got briefed on these abuses January 23, 2009.
Back in 2009 when the government released what we now know is a FISA Court of Review decision ordering Yahoo to cooperate in PRISM, I questioned a passage of the decision that relied on the government’s claim that it doesn’t keep a database of incidentally collected conversations involving US persons.
In this post, I just want to point to a passage that deserves more scrutiny:
The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26)
To translate, if the government collects information from a US citizen (here or abroad), a legal permanent US resident, a predominantly US organization, or a US corporation in the course of collecting information on someone it is specifically targeting, it it claims it does not keep that in a database (I’ll come back and parse this in a second). In other words, if the government has a tap on your local falafel joint because suspected terrorists live off their falafels, and you happen to call in a take out order, it does not that have in a database.
There are reasons to doubt this claim.
In the rest of the post, I showed how a response from Michaels Mukasey and McConnell to Russ Feingold’s efforts to protect US person incidental collection during the FISA Amendments Act had made it clear having access to this incidentally collected data was part of the point, meaning the government’s reassurances to the FISCR must have been delicate dodges in one way or another. (Feingold’s Amendments would have prevented 3 years of Fourth Amendment violative collection, by the way.)
Did the court ask only about a database consisting entirely of incidentally collected information? Did they ask whether the government keeps incidentally collected information in its existing databases (that is, it doesn’t have a database devoted solely to incidental data, but neither does it pull the incidental data out of its existing database)? Or, as bmaz reminds me below but that I originally omitted, is the government having one or more contractors maintain such a database? Or is the government, rather, using an expansive definition of targeting, suggesting that anyone who buys falafels from the same place that suspected terrorist does then, in turn, becomes targeted?
McConnell and Mukasey’s objections to Feingold’s amendments make sense only in a situation in which all this information gets dumped into a database that is exposed to data mining. So it’s hard to resolve their objections with this claim–as described by the FISA Appeals Court.
Which is part of the reason I’m so intrigued by this passage of John Bates’ October 3, 2011 decision ruling some of NSA’s collection and retention practices violated the Fourth Amendment. In a footnote amending a passage explaining why the retention of entirely US person communications with the permissive minimization procedures the government had proposed is a problem, Bates points back to that earlier comment.
The Court of Review plaining limited its holding regarding incidental collection to the facts before it. See In re Directives at 30 (“On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.” (emphasis added). The dispute in In re Directives involved the acquisition by NSA of discrete to/from communications from an Internet Service Provider, not NSA’s upstream collection of Internet transactions. Accordingly, the Court of Review had occasion to consider NSA’s acquisition of MCTs (or even “about” communications, for that matter). Furthermore, the Court of Review noted that “[t]he government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary.” Id. Here, however, the government proposes measures that will allow NSA to retain non-target United States person information in its databases for at least five years.
Ultimately, Bates’ approval for the government to query on US person identifiers on existing incidentally collected Section 702 material (see pages 22-23) show that he hasn’t really thought through what happens to US person incidental collection; he actually has a shocking (arguably mis-) understanding of how permissive the existing minimization rules are, and therefore how invasive his authorization for searching on incidentally collected information will actually be.
But his complaint with the proposed minimization procedures shows what he believes they should be.
The measures proposed by the government for MCTs, however, largely dispense with the requirement of prompt disposition upon initial review by an analyst. Rather than attempting to identify and segregate information “not relevant to the authorized purpose of the acquisition” or to destroy such information promptly following acquisition, NSA’s proposed handling of MCTs tends to maximize the retention of such information, including information of or concerning United States persons with no direct connection to any target.
As Bates tells it, so long as he’s paying close attention to an issue, the government should ideally destroy any US person data it collects that is not relevant to the authorized purpose of the acquisition. (His suggestion to segregate it actually endorses Russ Feingold’s fix from 2008.)
But the minimization rules clearly allow the government to keep such data (after this opinion, they made an exception only for the multiple communication transactions in question, but not even for the other search identifiers involving entirely domestic communication so long as that’s the only communication in the packet).
All the government has to do, for the vast majority of the data it collects, is say it might have a foreign intelligence or crime or encryption or technical data or threat to property purpose, and it keeps it for 5 years.
In a database.
Back when the FISCR used this language, it allowed the government the dodge that, so long as it didn’t have a database dedicated to solely US person communications incidentally, it was all good. But the language Bates used should make all the US person information sitting in databases for 5 year periods (which Bates seems not to understand) problematic.
Not least, the phone dragnet database, which — after all — includes the records of 310 million people even while only 12 people’s data has proved useful in thwarting terrorist plots.
Update: Fixed the last sentence to describe what the Section 215 dragnet has yielded so far.
Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?
A — To the FBI’s knowledge, those authorities have not been abused.
That exchange is, according to DOJ’s Congressional Affairs Office, the level of detail offered up at a May 13, 2011 briefing of the House Republican Caucus regarding the PATRIOT Act provisions the House would vote to reauthorize less than two weeks later.
The questioner — who is not identified — may have been talking about comments Russ Feingold made way back on October 1, 2009, as part of the previous reauthorization of the PATRIOT Act (remember, by this point, Feingold was no longer in the Senate). Here are the things Feingold said about Section 215 in that Senate Judiciary Committee markup.
I remain concerned that critical information about the implementation of the Patriot Act remains classified. Information that I believe, would have a significant impact on the debate….. There is also information about the use of Section 215 orders that I believe Congress and the American People deserve to know. It is unfortunate that we cannot discuss this information today.
Mr Chairman, I am also a member of the intelligence Committee. I recall during the debate in 2005 that proponents of Section 215 argued that these authorities had never been misused. They cannot make that statement now. They have been misused. I cannot elaborate here. But I recommend that my colleagues seek more information in a classified setting.
I want to specifically disagree with Senator Kyle’s [sic] statement that just the fact that there haven’t been abuses of the other provisions which are Sunsetted. That is not my view of Section 215. I believe section 215 has been misused as well.
Given the context, it is unclear whether Feingold referred to use of Section 215 for things they shouldn’t have, use of it to authorize bulk collection generally, or in the compliance issues identified in 2009 on which the Administration had recently briefed the Intelligence Committee. But his suggestion that the Senate Judiciary Committee was getting less detailed briefings than the Senate Intelligence Committee at that point is consistent with DOJ’s 2009 notice to Congress on the dragnet, which said, “The [compliance] incidents, and the Court’s responses, were also reported to the Intelligence Committees in great detail,” with no mention of similarly detailed briefings to SJC (the 2011 letter indicates that by that point SJC was getting detailed briefings as well). This, in turn, suggests he was referring to dragnet-related violations.
Regardless of what Feingold meant, though, he tied misuse very closely to the secret use of Section 215 to conduct dragnet collection of all Americans’ phone records. Feingold’s other public statements about Section 215 focus even more closely on the secret dragnet application of it.
In other words, this appears to have been a question attempting to get at the secret application of the PATRIOT Act that Feingold, along with Ron Wyden and people like Jerry Nadler, had been warning about. This appears to have been an attempt to learn about a topic that — in 2009, at least — DOJ had “agree[d] that it is important that all Members of Congress have access to information about this program” (DOJ didn’t include such blather in its 2011 notice).
Exactly 100 days before the briefing at which this question was asked, DOJ had sent House Intelligence Chair Mike Rogers (who appears to have convened this briefing) a letter noting, “In 2009, a number of technical compliance problems and human implementation errors in these two bulk collection programs were discovered as a result of Department of Justice (DOJ) reviews and internal NSA oversight.”
Yet in response to a query clearly designed to elicit both the existence of the dragnet program and details on problems associated with it, FBI Director Robert Mueller and then-General Counsel Valerie Caproni (and/or whatever staffers were with them) said, to the Bureau’s knowledge, there had been no abuses. Perhaps, then, as now, they’re relying on the claim that none of these compliance issues were willful — the letter said they weren’t intentional or bad-faith — to avoid telling members of Congress about problems with the program.
Remember, this is one of the (and may have been the only) briefings that Mike Rogers now claims provided adequate substitute for letting House members know about the letter describing the dragnet and the compliance problems associated with it. Rogers’ House Intelligence spokesperson, Susan Phalen, has claimed those briefings “not only covered all of the material in the letter but also provided much more detail.” (As far as I’ve been able to tell from the FOIA production to the ACLU, there was no similar briefing for the Democratic caucus, though FOIA production tends to be incomplete; one Democratic Congressman, Hansen Clarke, attended the Republican briefing.)
And DOJ’s own records of the briefing make it clear that when someone tried, however inartfully, to learn about the program, Mueller and Caproni obfuscated about the compliance issues and possibly the existence of the dragnet itself.
This is a concrete example of what both Justin Amash and Ron Wyden have described as a game of 20 questions briefers play in these briefings. The questioner raised one of the few public hints about the dragnet program to ask the FBI about it, and the FBI responded in a manner very similar to the way James Clapper did in March, when he lied to the SSCI.
Now, we don’t know what remains behind the redactions in the briefing, but there is one other piece of evidence that this briefing, at least, didn’t even touch on the dragnet. If you look at all 5 closed briefings turned over in production to ACLU, two — a February 28, 2011 briefing for SJC and a March 17, 2011 briefing for the House Intelligence Committee — were deemed classified “per OGA letter dated 4/26/2012.” The acronym “Other Government Agency” is usually used to refer to CIA, but in this context, where we now know NSA played a central role but revealing that role last year would have disclosed significant new details about the secret application of Section 215, it may well refer to NSA. Those briefings also redacted the identities of some briefers which, again, may be classified to hide the NSA’s role in this program.
If all this speculation is correct, then it means there was no mention of the NSA in the briefing for the Republican caucus. If there was no mention of NSA, then they really couldn’t have explained the program (both the 2009 and 2011 notices make extensive reference to the NSA).
In any case, what remains unredacted is quite clear. Someone at that briefing — the briefing that Mike Rogers’ staffer claims offered more information than had been provided in the DOJ letter — tried to learn about problems with the secret program. And they got stonewalled in response.
Was the person who asked this question and got an incomplete answer one of the 65 people who would go on to reauthorize the PATRIOT Act having had no way of learning about the program and its compliance problems?