Steven Bradbury

1 2 3 8

How to Avoid Rubber-Stamping another Drone Execution: Leave

NPR’s Carrie Johnson reports that OLC head Virginia Seitz quietly left OLC before Christmas.

Virginia Seitz, who won Senate confirmation after an earlier candidate under president Obama foundered, resigned from federal service after two-and-a-half years on the job. The timing is unusual because her unit plays a critical role in drawing the legal boundaries of executive branch action —at a time when President Obama says he will do more to bypass a divided Congress and do more governing by way of executive order.

And while DOJ’s official line is that Seitz left entirely for personal reasons, two sources told Johnson the ongoing discussions about whether to drone kill another American were another factor.

Two other sources suggested that aside from the tough work, another issue weighed heavily on her mind over the last several months: the question of whether and when the US can target its own citizens overseas with a weaponized drone or missile attack. American officials are considering such a strike against at least one citizen linked to al Qaeda, the sources said.

While a “law enforcement” source (but wait! the entire point of drone assassinations is they replace law enforcement with intelligence entirely!) suggests the decision has not yet been made.

A law enforcement source told NPR the controversy over the use of drones against Americans in foreign lands did not play a major role in Seitz’s decision to leave government, since the OLC is continuing to do legal analysis on the issue and there was no firm conclusion to which she may have objected or disagreed.

Which is sort of funny, because Kimberly Dozier’s report on the American in question says DOD, at least, has made its decision.

But one U.S. official said the Defense Department was divided over whether the man is dangerous enough to merit the potential domestic fallout of killing an American without charging him with a crime or trying him, and the potential international fallout of such an operation in a country that has been resistant to U.S. action.

Another of the U.S. officials said the Pentagon did ultimately decide to recommend lethal action.

And remember, as I’ve pointed out, this potential drone execution target is differently situated from Anwar al-Awlaki, in that there appears to be no claim this one is targeting civilians in the US.

But let’s take a step back and consider some other interesting details of timing.

First, on November 29 of last year, Ron Wyden, Mark Udall, and Martin Heinrich released a letter they sent to Eric Holder asking for more clarity on when the President could kill an American.

[W]e have concluded that the limits and boundaries of the President’s power to authorize the deliberate killing of Americans need to be laid out with much greater specificity. It is extremely important for both Congress and the public to have a fully understanding of what the executive branch thinks the President’s authorities are, so that lawmakers and the American people can decide whether these authorities are subject to adequate limits and safeguards.

Retrospectively, it seems this letter may have pertained to this new execution target, particularly given the different circumstances regarding his alleged attacks against the US. I might even imagine this serving as a public demand that DOJ not simply rely on the existing Awlaki drone assassination memo, creating the need to do a new one.

Now consider how (currently acting OLC head) Caroline Krass’ confirmation hearing plays in. On December 17, Wyden asked her who had the authority to withdraw an OLC opinion (the opinion in question pertains to common commercial services in some way related to cybersecurity, but I find it interesting in retrospect).

Wyden: But I want to make sure nobody else ever relies on that particular opinion and I’m concerned that a different attorney could take a different view and argue that the opinion is still legally valid because it’s not been withdrawn. Now, we have tried to get Attorney General Holder to withdraw it, and I’m trying to figure out — he has not answered our letters — who at the Justice Department has the authority to withdraw the opinion. Do you currently have the authority to withdraw the opinion?

Krass: No I do not currently have that authority.

Wyden: Okay. Who does, at the Justice Department?

Krass: Well, for an OLC opinion to be withdrawn, on OLC’s own initiative or on the initiative of the Attorney General would be extremely unusual.

She said she did not “currently have that authority.” Was she about to get that authority in days or hours?

Then finally there are the implications for Krass’ confirmation. The leaks about this current drone execution target almost certainly came from Mike Rogers’ immediate vicinity. He’s torqued because Obama’s efforts to impose some limits on the drone war have allegedly made it more difficult to execute this American with no due process.

And while Rogers doesn’t get a vote over Krass’ confirmation to be CIA General Counsel, Dianne Feinstein and Saxby Chambliss do. And their efforts to keep CIA in the drone business may well have an impact on — and may have been motivated by — our ability to assassinate Americans.

I don’t recall Krass getting questions that directly addressed drone killing, though she did get some that hinted at the edges of such questions, such as this one:

Are there circumstances in which a use of force, or other action, by the U.S. government that would be unlawful if carried out overtly is lawful when carried out covertly? Please explain.

ANSWER: As a matter of domestic law, I cannot think of any circumstances in which a use of force or other action by the U.S. government that would be unlawful if carried out overtly would be lawful when carried out covertly, but I have not studied this question.

This seems to be a question she would have had to consider if she had any involvement in OLC’s consideration of a new drone execution memo.

All that said, she hasn’t yet gotten her vote (though any delay may arise from holds relating to the Senate Torture Report).

It just seems likely that — as we did in May 2005 when Steven Bradbury reapproved torture in anticipation of a promotion to head OLC — we’re faced yet again with a lawyer waiting for a promotion being asked to give legal sanction to legally suspect activity. My impression is that Krass has far more integrity than Bradbury (remember, she’s the one who originally imposed limits on the Libya campaign), so I’m only raising this because of the circumstances, not any reason to doubt her character.

It just seems like if you need lawyers to rubber stamp legally suspect activities, there ought to be more transparency about what promotions and resignations are going on.

SPCMA: The Other NSA Dragnet Sucking In Americans

Screen Shot 2014-02-16 at 10.42.09 PMIn December, I wrote a post noting that NSA personnel performing analysis on PATRIOT-authorized metadata (both phone or Internet) can choose to contact chain on just that US-collected data, or — in what’s call a “federated query” — on foreign collected data, collected under Executive Order 12333, as well. It also appears (though I’m less certain of this) that analysts can do contact chains that mix phone and Internet data, which presumably is made easier by the rise of smart phones.

Section 215 is just a small part of the dragnet

This is one reason I keep complaining that journalists reporting the claim that NSA only collects 20-30% of US phone data need to specify they’re talking about just Section 215 collection. Because we know, in part because Richard Clarke said this explicitly at a Senate Judiciary Committee hearing last month, that Section “215 produces a small percentage of the overall data that’s collected.” At the very least, the EO 12333 data will include the domestic end of any foreign-to-domestic calls it collects, whether made via land line or cell. And that doesn’t account for any metadata acquired from GCHQ, which might include far more US person data.

The Section 215 phone dragnet is just a small part of a larger largely-integrated global dragnet, and even the records of US person calls and emails in that dragnet may derive from multiple different authorities, in addition to the PATRIOT Act ones.

SPCMA provided NSA a second way to contact chain on US person identifiers

With that background, I want to look at one part of that dragnet: “SPCMA,” which stands for “Special Procedures Governing Communications Metadata Analysis,” and which (the screen capture above shows) is one way to access the dragnet of US-collected (“1st person”) data. SPCMA provides a way for NSA to include US person data in its analysis of foreign-collected intelligence.

According to what is currently in the public record, SPCMA dates to Ken Wainstein and Steven Bradbury’s efforts in 2007 to end some limits on NSA’s non-PATRIOT authority metadata analysis involving US persons. (They don’t call it SPCMA, but the name of their special procedures match the name used in later years; the word, “governing,” is for some reason not included in the acronym)

Wainstein and Bradbury were effectively adding a second way to contact chain on US person data.

They were proposing this change 3 years after Collen Kollar-Kotelly permitted the collection and analysis of domestic Internet metadata and 1 year after Malcolm Howard permitted the collection and analysis of domestic phone metadata under PATRIOT authorities, both with some restrictions, By that point, the NSA’s FISC-authorized Internet metadata program had already violated — indeed, was still in violation — of Kollar-Kotelly’s category restrictions on Internet metadata collection; in fact, the program never came into compliance until it was restarted in 2010.

By treating data as already-collected, SPCMA got around legal problems with Internet metadata

Against that background, Wainstein and Bradbury requested newly confirmed Attorney General Michael Mukasey to approve a change in how NSA treated metadata collected under a range of other authorities (Defense Secretary Bob Gates had already approved the change). They argued the change would serve to make available foreign intelligence information that had been unavailable because of what they described as an “over-identification” of US persons in the data set.

NSA’s present practice is to “stop” when a chain hits a telephone number or address believed to be used by a United States person. NSA believes that it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person, will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States. It is not clear, however, whether NSA’s current procedures permit chaining through a United States telephone number, IP address or e-mail address.

They also argued making the change would pave the way for sharing more metadata analysis with CIA and other parts of DOD.

The proposal appears to have aimed to do two things. First, to permit the same kind of contact chaining — including US person data — authorized under the phone and Internet dragnets, but using data collected under other authorities (in 2007, Wainstein and Bradbury said some of the data would be collected under traditional FISA). But also to do so without the dissemination restrictions imposed by FISC on those PATRIOT-authorized dragnets.

In addition (whether this was one of the goals or not), SPCMA defined metadata in a way that almost certainly permitted contact chaining on metadata not permitted under Kollar-Kotelly’s order.

“Metadata” also means (1) information about the Internet-protocol (IP) address of the computer from which an e-mail or other electronic communication was sent and, depending on the circumstances, the IP address of routers and servers on the Internet that have handled the communication during transmission; (2) the exchange of an IP address and e-mail address that occurs when a user logs into a web-based e-mail service; and (3) for certain logins to web-based e-mail accounts, inbox metadata that is transmitted to the user upon accessing the account.

Some of this information — such as the web-based email exchange — almost certainly would have been excluded from Kollar-Kotelly’s permitted categories because it would constitute content, not metadata, to the telecoms collecting it under PATRIOT Authorities.

Wainstein and Bradbury appear to have gotten around that legal problem — which was almost certainly the legal problem behind the 2004 hospital confrontation — by just assuming the data was already collected, giving it a sort of legal virgin birth.

Doing so allowed them to distinguish this data from Pen Register data (ironically, precisely the authority Kollar-Kotelly relied on to authorize PATRIOT-authorized Internet metadata collection) because it was no longer in motion.

First, for the purpose of these provisions, “pen register” is defined as “a device or process which records or decodes dialing, routing, addressing or signaling information.” 18 U.S.C. § 3127(3); 50 U.S.C. § 1841 (2). When NSA will conduct the analysis it proposes, however, the dialing and other information will have been already recorded and decoded. Second, a “trap and trace device” is defined as “a device or process which captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing and signaling information.” 18 U.S.C. § 3127(4); 50 U.S.C. § 1841(2). Again, those impulses will already have been captured at the point that NSA conducts chaining. Thus, NSA’s communications metadata analysis falls outside the coverage of these provisions.

And it allowed them to distinguish it from “electronic surveillance.”

The fourth definition of electronic surveillance involves “the acquisition by an electronic, mechanical, or other surveillance device of the contents of any wire communication …. ” 50 U.S.C. § 1802(f)(2). “Wire communication” is, in turn, defined as “any communication while it is being carried by a wire, cable, or other like com1ection furnished or operated by any person engaged as a common carrier …. ” !d. § 1801 (1). The data that the NSA wishes to analyze already resides in its databases. The proposed analysis thus does not involve the acquisition of a communication “while it is being carried” by a connection furnished or operated by a common carrier.

This legal argument, it seems, provided them a way to carve out metadata analysis under DOD’s secret rules on electronic surveillance, distinguishing the treatment of this data from “interception” and “selection.”

For purposes of Procedure 5 of DoD Regulation 5240.1-R and the Classified Annex thereto, contact chaining and other metadata analysis don’t qualify as the “interception” or “selection” of communications, nor do they qualify as “us[ing] a selection term,” including using a selection term “intended to intercept a communication on the basis of … [some] aspect of the content of the communication.”

This approach reversed an earlier interpretation made by then Counsel of DOJ’s Office of Intelligence and Policy Review James A Baker.

Baker may play an interesting role in the timing of SPCMA. He had just left in 2007 when Bradbury and Wainstein proposed the change. After a stint in academics, Baker served as Verizon’s Assistant General Counsel for National Security (!) until 2009, when he returned to DOJ as an Associate Deputy Attorney General. Baker, incidentally, got named FBI General Counsel last month.

NSA implemented SPCMA as a pilot in 2009 and more broadly in 2011

It wasn’t until 2009, amid NSA’s long investigation into NSA’s phone and Internet dragnet violations that NSA first started rolling out this new contact chaining approach. I’ve noted that the rollout of this new contact-chaining approach occurred in that time frame.

Comparing the name …

SIGINT Management Directive 424 (“SIGINT Development-Communications Metadata Analysis”) provides guidance on the NSA/ CSS implementation of the “Department of Defense Supplemental Procedures Governing Communications Metadata Analysis” (SPCMA), as approved by the U.S. Attorney General and the Secretary of Defense. [my emphasis]

And the description of the change …

Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.) [emphasis origina]

,,, Make it clear it is the same program.

NSA appears to have made a few changes in the interim. Continue reading

The Dead-Enders Insist Their Illegal Dragnet Was and Is Not One

As I noted in my last post, seven Bush dead-enders plus KS Representative and House Intelligence member Mike Pompeo wrote a letter to … someone … pushing back against the RNC condemnation of the NSA dragnet. As I noted in that post, along with waggling their collective national security experience, the dead-enders used the same old stale tricks to deny that the dragnet surveils US person content.

The stale tricks, by now, are uninteresting. I find the list of the dead-enders (Eli Lake fleshed it out here) more so.

Here’s the list of the dead-enders:

  • Michael Hayden (NSA Director until 2005, DDNI 2005-2006, CIA Director 2006-2009)
  • Mike Mukasey (AG 2007-2008)
  • Michael Chertoff (DOJ Criminal AAG 2001-2003, DHS Secretary 2005-2009)
  • Stewart Baker (Assistant DHS Secretary 2005-2009)
  • Steven Bradbury (Acting OLC head 2005-2009)
  • Eric Edelman (National Security lackey in OVP 2001-2003, Undersecretary of Defense for Policy 2005-2009)
  • Ken Wainstein (AAG for National Security 2006-2008, White House CT Czar 2008-2009)

Some of these we expect. Michael Hayden and Stewart Baker have been two of the main cheerleaders for NSA since the start of Snowden’s leaks, and Michael Chertoff’s firm (at which Hayden works) seems to be working under some kind of incentive to have as many of its top people defend the dragnet as well. Further, both Bradbury and Wainstein have testified to various entities along the way.

So in some senses, it’s the usual gang of dead-enders.

But I find the collection of Michael Mukasey, Bradbury, and Wainstein, to be particularly interesting.

After all, they’re the 3 names (and in Mukasey’s case, authorizing signature) on this memo, which on January 3, 2008 authorized NSA to contact chain Internet (and phone) “metadata” of Americans collected via a variety of means, including FISA, broadly defined, which would include Protect America Act, and EO 12333 and potentially other means — but let’s just assume it was collected legally, Bradbury and Wainstein say twice in the memo.

They implemented this change, in part, to make it easier to share “United States communications metadata” outside of the NSA, including with CIA, by name (though CIA made that request in 2004, before Hayden had moved over to CIA).

When implementing the change, they defined Internet “metadata” this way:

b) For electronic communications, “metadata” includes the information appearing on the “to,” “from,” “cc,” and “bcc” lines of a standard e-mail or other electronic communication. For e-mail communications, the “from” line contains the e-mail address of the sender, and the “to,” “cc,” and “bcc” lines contain the e-mail addresses of the recipients. “Metadata” also means (1) information about the Internet-protocol (IP) address of the computer from which an e-mail or other electronic communication was sent and, depending on the circumstances, the IP address of routers and servers on the Internet that have handled the communication during transmission; (2) the exchange of an IP address and e-mail address that occurs when a user logs into a web-based e-mail service; and (3) for certain logins to web-based e-mail accounts, inbox metadata that is transmitted to the user upon accessing the account. “Metadata” associated with electronic communications does not include information from the “subject” or “re” line of an e-mail or information from the body of an e-mail.

It includes IP (both sender and recipient, as well as interim), email address, inbox metadata which has reported to include content as well.

But let’s take a step back and remember some timing.

In 2004 DOJ tried to clean up NSA’s Internet metadata problem which legally implicated Michael Hayden directly (because he personally continued it after such time as DOJ said it was not legal). The solution was to get Colleen Kollar-Kotelly sign an opinion (dated July 14, 2004) approving the Internet collection as a Pen Register/Trap and Trace order. But she limited what categories of “metadata” could be collected, almost certainly to ensure the metadata in question was actually metadata to the telecoms collecting it.

Before the very first order expired — so before October 12, 2004 — the NSA already started breaking those rules. When they disclosed that violation, they provided some of the same excuses as when they disclosed the phone dragnet violations in 2009: that the people who knew the rules didn’t communicate them adequately to the people implementing the rules (see page 10ff of this order). As part of those disclosures, however, they falsely represented to the FISC that they had only collected the categories of “metadata” Kollar-Kotelly had approved.

The Court had specifically directed the government to explain whether this unauthorized collection involved the acquisition of information other than the approved Categories [redacted] Order at 7. In response, the Deputy Secretary of Defense [Paul Wolfowitz] stated that the “Director of NSA [Michael Hayden] has informed me that at no time did NSA collect any category of information … other than the [redacted] categories of meta data” approved in the [redacted] Opinion, but also note that NSA’s Inspector General [Joel Brenner] had not completed his assessment of this issue. [redacted] Decl. at 21.13 As discussed below, this assurance turned out to be untrue.

Continue reading

The Senate Torture Report and CIA’s Lies about Hassan Ghul’s 2004 Torture

Screen shot 2014-01-09 at 10.36.56 AM

In my last post, I noted that in his report that Hassan Ghul served as a double agent before we offed him with a drone, Aram Roston stated, without confirming via sources, that Ghul is the person whose name was not entirely redacted on the bottom of page 7 in the May 2005 Convention Against Torture (CAT) torture memo. I noted that if Ghul is the detainee (and I do think he is, contrary to what sources told AP when the CIA was hunting Ghul down with drones in 2011), then we’re going to be hearing about him — and arguing about his treatment — quite a bit more in the coming weeks.

That’s because, according to information released by Mark Udall, the detainee named in the CAT memo is one of the detainees about whose treatment the CIA lied most egregiously to DOJ. This is apparently one of the key findings from the Senate Intelligence Committee Torture Report that CIA is fighting so hard to suppress.

Mark Udall’s list of torture lies

Back in August, Mark Udall posed a set of follow-up questions to then CIA and now DOD General Counsel Stephen Preston. Udall was trying to get Preston to endorse findings that appeared in the Torture Report that hadn’t appeared elsewhere (in his first set of responses about CIA’s lies to DOJ, Preston had focused on CIA’s lies about the number of waterboardings, which the CIA IG Report had first revealed). Udall noted that that lie (“discrepancy”) was known prior to the Torture Report, and asked Preston to review the “Representations” section of the Torture Report again to see whether he thought the lies (“discrepancies”) described there — and not described elsewhere — would have been material to OLC’s judgements on torture.

Udall gave Preston this list of OLC judgements that might have been different had CIA not lied to DOJ. (links added)

The 2002 memo is the original Abu Zubaydah memo, the lies in which (pertaining to who AZ was, what the torture consisted of, what had already been done to him, and whether it worked) I’ve explicated in depth elsewhere. The 2006 memo authorizes torture in the name of keeping order in confinement and the 2007 memo authorizes torture (especially sleep deprivation); both of these later memos not only rely on the 2005 memos, but on the false claims about efficacy CIA made in 2005 in their support. The lies in them pertain largely to the purpose CIA wanted to use the techniques for.

Which leaves the claims behind the 2004 letters and the 2005 memos as the key lies CIA told DOJ that remain unexplored.

The 2004 and 2005 lies to reauthorize and expand torture

I’m going to save some of these details for a post on what I think the lies told to DOJ might be, but there are two pieces of evidence showing that the 2005 memos were written to retrospectively codify authorizations given in 2004, many of them in the 2004 letters cited by Udall.

We know the 2005 memos served to retroactively authorize the treatment given to what are described as two detainees in 2004, purportedly in the months after July 2004 (though this may be part of the lie, in Ghul’s case) when DOJ and CIA were trying to draw new lines on torture in the wake of the completion of the CIA IG Report and Jack Goldsmith’s withdrawal of the Bybee Memo.

We know the May 10 Combined Memo was retroactive because Jim Comey made that clear in emails raising alarm about it.

I just finished a long call from Ted Ullyot. He said he was calling to tell me that “circumstances” were likely to require that the second opinion “be sent over tomorrow.” He said Pat had shared my concerns, which he understood to be concerns about the prospective nature of the opinion and its focus on “prototypical” interrogation.

[snip]

He mentioned at one point that OLC didn’t feel like it could accede to my request to make the opinion focused on one person because they don’t give retrospective advice. I said I understood that, but that the treatment of that person had been the subject of oral advice, which OLC would simply be confirming in writing, something they do quite often.

This memo probably, though not definitely, refers to a detainee captured in August 2004 in anticipation of what the Administration claimed (almost certainly falsely) were election-related plots in the US.

And we know the May 10 Techniques and May 30 CAT memos are retroactive because we can trace back the citations about the treatment of one detainee, the detainee who appears to be Ghul, to the earlier letters from 2004.

Just as an example, the August 26 letter cited in Udall’s list relies on the August 25 CIA letter that is also cited in the CAT Memo using the name Gul (the July 22 and August 6 letters are also references, at least in part, to the same detainee).

So we know the 2005 memos served to codify the authorizations for torture that had happened in 2004, during a volatile time for the torture program.

The description of Hassan Ghul in the lying memo

There are still some very funky things about these memos’ tie to Hassan Ghul (again, that’s going to be in a later post), notably that Bush figures referred to the Ghul of the August letters as Janat Gul, including in a Principals meeting discussing his torture on July 2, 2004; sources told the AP after OBL’s killing that this Janat was different than Hassan and different than the very skinny Janat Gul who had been a Gitmo detainee.

But this description — the timing of the initial references and the description of his mission to reestablish contact with Abu Musab al-Zarqawi — should allay any doubts that Ghul is one of two detainees referenced in the CAT memo.

Intelligence indicated that prior to his capture, [redacted] “perform[ed] critical facilitation and finance activities for al-Qa’ida,” including “transporting people, funds, and documents.” Fax for Jack Goldsmith, III, Assistant Attorney General, Office of Legal Counsel, from [redacted] Assistant General Counsel, Central Intelligence Agency (March 12, 2004). The CIA also suspected [redacted] played an active part in planning attacks against United States forces [redacted] had extensive contacts with key members of al Qaeda, including, prior to their captures, Khalid Sheikh Mohammed (“KSM”) and Abu Zubaydah. See id. [redacted] was captured while on a mission from [redacted] to reestablish contact with al-Zarqawi. See CIA Directorate of Intelligence, US Efforts Grinding Down al-Qa’ida 2 (Feb 21, 2004).

Ghul was captured by Kurds around January 23, 2004, carrying a letter from Zarqawi to Osama bin Laden.

So while there are a lot of details that the Senate Torture Report presumably sorts out in detail, it seems fairly clear that Ghul is the subject of some of the documents in question, and that, therefore, there are aspects of the treatment he endured at CIA’s hands that CIA felt the need to lie to DOJ about.

We’ve known for years that CIA lied to DOJ about what they had done and planned to do with Abu Zubaydah. But a great deal of evidence suggests that CIA lied to DOJ about what they did to Hassan Ghul, a detainee (the Senate Report also shows) who provided the key clue to finding Osama bin Laden before he was tortured.

If that’s the case, then I find the release of a story that, after that treatment, he turned double agent either directly or indirectly in our service to be awfully curious timing given the increasing chance we’re about to learn more about these lies and this treatment with any release of the Torture Report.

The Two OLC Still-Secret Memos Behind the Cross-Border Keyword Searches?

Last week, Charlie Savage explained what this paragraph from the NSA’s targeting document means.

In addition, in those cases where NSA seeks to acquire communications about the target that are not to or from the target, SNA will either employ an Internet Protocol filter to ensure that the person from whom it seeks to obtain foreign intelligence information is located overseas, or it will target Internet links that terminate in a foreign country. In either event, NSA will direct surveillance at a party to the communication reasonably believed to be outside the United States.

Savage explained that it refers to the way the US snoops through almost all cross-border traffic for certain keywords.

To conduct the surveillance, the N.S.A. is temporarily copying and then sifting through the contents of what is apparently most e-mails and other text-based communications that cross the border. The senior intelligence official, who, like other former and current government officials, spoke on condition of anonymity because of the sensitivity of the topic, said the N.S.A. makes a “clone of selected communication links” to gather the communications, but declined to specify details, like the volume of the data that passes through them.

[snip]

The official said that a computer searches the data for the identifying keywords or other “selectors” and stores those that match so that human analysts could later examine them. The remaining communications, the official said, are deleted; the entire process takes “a small number of seconds,” and the system has no ability to perform “retrospective searching.”

The official said the keyword and other terms were “very precise” to minimize the number of innocent American communications that were flagged by the program. At the same time, the official acknowledged that there had been times when changes by telecommunications providers or in the technology had led to inadvertent overcollection. The N.S.A. monitors for these problems, fixes them and reports such incidents to its overseers in the government, the official said.

In his post on Savage’s story (which I think misreads what Savage describes), Ben Wittes focused closely on the last paragraphs of the story.

But that leaves a big oddity with respect to the story. The end of Savage’s story reads as follows:

There has been no public disclosure of any ruling by the Foreign Intelligence Surveillance Court explaining its legal analysis of the 2008 FISA law and the Fourth Amendment as allowing “about the target” searches of Americans’ cross-border communications. But in 2009, the Justice Department’s Office of Legal Counsel signed off on a similar process for searching federal employees’ communications without a warrant to make sure none contain malicious computer code.

That opinion, by Steven G. Bradbury, who led the office in the Bush administration, may echo the still-secret legal analysis. He wrote that because that system, called EINSTEIN 2.0, scanned communications traffic “only for particular malicious computer code” and there was no authorization to acquire the content for unrelated purposes, it “imposes, at worst, a minimal burden upon legitimate privacy rights.”

The Bradbury opinion was echoed by a later Obama-era opinion by David Barron, and Bradbury later wrote an article about the issue. But here’s the thing: If my read is right and the rule Savage cites permits only acquisition of communications “about” potential targets only from folks reasonably believed themselves to be overseas, these opinions are of questionable relevance. Indeed, if my reading is correct, why is there a Fourth Amendment issue here at all? The Fourth Amendment, after all, does not generally have extraterritorial application. This may be a reason to suspect that the issue is more complicated than I’m suggesting here. It may also merely suggest that someone cited to Savage a memo that is of questionable relevance to the issue at hand.

In his letter to John Brennan in January asking for a slew of things, Ron Wyden mentioned two opinions that may be the still-secret legal analysis mentioned by Savage.

Third, over two years ago, Senator Feingold and I wrote to the Attorney General regarding two classified opinions from the Justice Department’s Office of Legal Counsel, including an opinion that interprets common commercial service agreements. We asked the Attorney General to declassify both of these opinions, and to revoke the opinion pertaining to commercial service agreements. Last summer, I repeated the request, and noted that the opinion regarding commercial service agreements has direct relevance to ongoing congressional debates regarding cybersecurity legislation. The Justice Department still has not responded to these letters.

The opinions would have to pre-date January 14, 2011, because Feingold and Wyden requested the opinions before that date.

The reason I think the service agreements one may be relevant is because the opinions Ben cites focus on whether government users have given consent for EINSTEIN surveillance; in his article on it Bradbury focuses on whether the government could accomplish something similar with critical infrastructure networks.

Remember, we do know of one OLC memo — dated January 8, 2010 — that pertains to the government obtaining international communications willingly from service providers. We learned about it in the context of the Exigent Letters IG Report, which first led observers to believe it pertained to phone records.

But we’ve subsequently learned this is the passage of ECPA the OLC interpreted creatively in secret.

(f) Nothing contained in this chapter or chapter 121 or 206 of this title, or section 705 of the Communications Act of 1934, shall be deemed to affect the acquisition by the United States Government of foreign intelligence information from international or foreign communications, or foreign intelligence activities conducted in accordance with otherwise applicable Federal law involving a foreign electronic communications system, utilizing a means other than electronic surveillance as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, and procedures in this chapter or chapter 121 and the Foreign Intelligence Surveillance Act of 1978 shall be the exclusive means by which electronic surveillance, as defined in section 101 of such Act, and the interception of domestic wire, oral, and electronic communications may be conducted.

Savage’s reference to the Bradbury opinion suggests all this happens at the packet stage, which may be one (arguably indefensible) way around the electronic communications dodge.

The FBI had not relied on the opinion as of 2010, when we first learned about it. But we also know that since then, the government stopped collecting Internet metadata using a Pen Regsiter/Trap and Trace order.

We know that Feingold and Wyden, with Dick Durbin, asked for a copy of the opinion themselves shortly after the IG Report revealed it. It’s possible that the former two asked for it to be declassified.

This is, frankly, all a wildarsed guess. But Wyden certainly thinks there are two problematic OLC memos out there pertaining to cybersecurity. And Savage seems to think this process parallels the means the government is using for cybersecurity. So it may be these are the opinions.

PCLOB: An Exercise in False Oversight

As you may have seen from the reporting or my live-tweeting of yesterday’s Privacy and Civil Liberties Oversight Board hearing on the government’s surveillance program, there were a few interesting bits of news, starting with former FISC judge James Robertson’s assertion that what FISC has done since it started approving bulk collection amounts to “approval” not “adjudication” and puts the court in an inappropriate policy making role. Robertson also said FISC needs an adversarial role it doesn’t currently have. Robertson also raised the possibility Section 215 could be used to create a gun registry not otherwise authorized by law, a point ignored by the former government officials on his panel.

I also thought James Baker’s testimony was interesting. In his prepared statements, Baker seemed to suggest the entire hearing was a wasted exercise, because the program had plenty of oversight. (Remember, Baker was in a key role at DOJ working with FISC through 2007, and got stuck trying to keep intelligence gathered under the illegal program out of traditional FISA applications.) But just before the end of the hearing Baker said before all the bulk collection, FISA worked. He repeated it, FISA worked. Baker may have come to accept these bulk programs, but he sure seemed to think they weren’t necessary.

But the most telling part of the hearing, in my opinion, is the presence of Steven Bradbury and Ken Wainstein on the panel.

There were plenty of other former government officials on the panels, representing all branches. But these two were in far more central positions in the roll out of both the legal and illegal programs. One of the key documents released by the Guardian, showing Wainstein and Bradbury recommending that newly confirmed Attorney General Michael Mukasey resume the contact chaining of Internet metadata, shows them expanding one of the most legally questionable aspects of this surveillance.

The ground rules of the hearing made it worse. The hearing followed the inane rules the Obama Administration adopts in the face of large leaks, pretending these public documents aren’t public. The Chair of PCLOB, David Medine, said no one could confirm anything that hadn’t already been declassified by the government.

Which not only put that document outside the scope of the discussion. But meant neither Bradbury nor Wainstein disclosed this clear conflict.

At one point in the hearing, the moderator even suggested that every time ACLU’s Jameel Jaffer said something, either Bradbury or Wainstein should have an opportunity to rebut what Jaffer said.

Yes, there were a number of interesting revelations at the hearing, along with the typical inanity from Wainstein and, especially, Bradbury. But it was set up with all the conflicts of a Presidential Commission meant to dispel controversy, not a real champion for privacy or civil liberties.

And its treatment of these two former government shills is just representative of that.

The Torture That Underlies FISA Court’s “Special Needs” Decisions

At the core of the expanding dragnet approved in secret by the FISA Court, Eric Lichtblau explained, is the application of “special needs” to “track” terrorists.

In one of the court’s most important decisions, the judges have expanded the use in terrorism cases of a legal principle known as the “special needs” doctrine and carved out an exception to the Fourth Amendment’s requirement of a warrant for searches and seizures, the officials said.

The special needs doctrine was originally established in 1989 by the Supreme Court in a ruling allowing the drug testing of railway workers, finding that a minimal intrusion on privacy was justified by the government’s need to combat an overriding public danger. Applying that concept more broadly, the FISA judges have ruled that the N.S.A.’s collection and examination of Americans’ communications data to track possible terrorists does not run afoul of the Fourth Amendment, the officials said.

That legal interpretation is significant, several outside legal experts said, because it uses a relatively narrow area of the law — used to justify airport screenings, for instance, or drunken-driving checkpoints — and applies it much more broadly, in secret, to the wholesale collection of communications in pursuit of terrorism suspects. “It seems like a legal stretch,” William C. Banks, a national security law expert at Syracuse University, said in response to a description of the decision. [my emphasis]

That’s actually not entirely secret. We see the beginnings of the process in the 2002 In Re Sealed Case decision by the FISC Court of Review, which thwarted FISA Court Chief Judge Royce Lamberth’s attempt to limit how much FISA information got shared for criminal prosecutions. In approving the “significant purpose” language passed in the PATRIOT Act which made it far easier for the government to use FISA information to justify criminal investigations, the decision pointed to the post-9/11 threat of terrorism to justify FISA as a special needs program (though as I lay out in this post, they also pointed to the judicial review and specificity of FISA to deem it constitutional, which should have presented problems for the dragnet programs that followed).

FISA’s general programmatic purpose, to protect the nation against terrorists and espionage threats directed by foreign powers, has from its outset been distinguishable from “ordinary crime control.” After the events of September 11, 2001, though, it is hard to imagine greater emergencies facing Americans than those experienced on that date.

We acknowledge, however, that the constitutional question presented by this case–whether Congress’s disapproval of the primary purpose test is consistent with the Fourth Amendment–has no definitive jurisprudential answer. The Supreme Court’s special needs cases involve random stops (seizures) not electronic searches. In one sense, they can be thought of as a greater encroachment into personal privacy because they are not based on any particular suspicion. On the other hand, wiretapping is a good deal more intrusive than an automobile stop accompanied by questioning.

Although the Court in City of Indianapolis cautioned that the threat to society is not dispositive in determining whether a search or seizure is reasonable, it certainly remains a crucial factor. Our case may well involve the most serious threat our country faces. Even without taking into account the President’s inherent constitutional authority to conduct warrantless foreign intelligence surveillance, we think the procedures and government showings required under FISA, if they do not meet the minimum Fourth Amendment warrant standards, certainly come close. We, therefore, believe firmly, applying the balancing test drawn from Keith, that FISA as amended is constitutional because the surveillances it authorizes are reasonable. [my emphasis]

Even in one of the only two FISA opinions (this from the Court of Review) that we’ve seen, then, the courts used the urgent threat of terrorism post-9/11 to justify searches that they found to be very close constitutional questions.

Terrorism was “the most serious threat” our country faces, the argument went, so this seeming violation of the Fourth Amendment was nevertheless reasonable.

Or at least close, a per curium panel including longtime FISA foe Laurence Silberman argued.

And in fact, this argument has always been built into the larger dragnet programs. Jack Goldsmith’s 2004 memo on the illegal program describes how it is premised on intelligence — gathered largely from interrogations of al Qaeda operatives — showing al Qaeda wants to attack in the United States.

As explained in more detail below, since the inception of [the program] intelligence from various sources (particularly from interrogations of detained al Qaeda operatives) has provided a continuing flow of information indicating that al Qaeda has had, and continues to have, multiple redundant plans for executing further attacks within the United States. Continue reading

Metadata Oversight: “A Banner”!!!!!

The Guardian has their next big NSA scoop, and it is meatier than the earlier ones. The headline is that President Obama continued a 2-degrees of separation analysis of Internet metadata under Section 702 for two years after he came into office. The practice morphed into something else in 2011, making it highly likely the October 3, 2011 FISC opinion finding FAA 702 activities violated the Fourth Amendment pertained to this practice.

Along with their story, the released two documents, one of which has two appendices. Altogether they’ve released:

I’ll have far, far more to say going forward.

But I wanted to point to language that reinforces my fears about how they’re controlling the still extant database of US person telephone metadata.

The documents describe the great oversight of the Internet metadata twice. First in the November 20, 2007 letter itself:

When logging into the electronic data system users will view a banner that re-emphasizes key points regarding use of the data, chaining tools, and proper dissemination of results. NSA will also create an audit trail of every query made in each database containing U.S. communications metadata, and a network of auditors will spot-check activities in the database to ensure compliance with all procedures. In addition, the NSA Oversight and Compliance Office will conduct periodic super audits to verify that activities remain properly controlled. Finally, NSA will report any misuse of the information to the NSA’s Inspector General and Office of GEneral Counsel for inclusion in existing or future reporting mechanisms related to NSA’s signals intelligence activities.

And in the September 28, 2006 Amendment:

5. Before accessing the data, users will view a banner, displayed upon login and positively acknowledged by the user, that re-emphasizes the key points regarding use of the data and chaining tools, and proper dissemination of any results obtained.

6. NSA creates audit trails of every query made in each database containing U.S. communications metadata, and has a network of auditors who will be responsible for spot-checking activities in the database to ensure that activities remain compliant with the procedures described for the data’s use. The Oversight and Compliance Office conducts periodic super audits to verify that activities remain properly controlled.

7. NSA will report any misuse of the information to NSA’s Inspector General and Office of General Counsel for inclusion in existing or future reporting mechanisms relating to NSA’s signals intelligence activities.

These descriptions are consistent with what we’ve been told still exists with the telephone metadata, so it is likely (though not certain) the process remains the same.

There are two big problems, as I see it. First, note that the Oversight and Compliance Office appears to be within NSA’s operational division, not part of the Inspector General’s Office. This means it reports up through the normal chain of command. And, presumably, its actions are not required to be shared with Congress. The IG, by contrast, has some statutory independence. And its activities get briefed to Congress.

In other words, this initial check on the metadata usage appears to be subject to managerial control.

But my other worry is even bigger. See where the descriptions talk about the fancy banner? The description says nothing about how that log-in process relates to the audit trail created for these searches. Indeed, in both of these documents, “the NSA” “creates” the audit trails. They don’t appear to be generated automatically, as they easily could be and should be.

That is, it appears (and this is something that has always been left vague in these descriptions) that these are manual audit trails, not automatic ones. (Though I hope they go back and compare them with keystrokes.)

When FBI had this kind of access to similar data, they simply didn’t record a lot of what they were doing, which means we have almost no way of knowing whether there’s improper usage.

This may have changed. These “audit trails” may have been automatically generated at this time (though that’s not what the process describes). Though the NSA IG’s inability to come up with a number of how many US person records are access suggests there’s nothing automated about it.

And if that’s true, still true, then the telephone metadata still in place is an invitation for abuse.

With Bradbury’s Appendix M Opinion and 7th Circuit Vance Decision, the Government Can Torture Any of Us

Three years ago, I showed how Steven Bradbury wrote an OLC memo that approved in advance whatever techniques DOD wanted to put into the sometimes classified Appendix M of the Army Field Manual. At the time, DOJ implied to me that this memo was rescinded along with the rest of Bradbury and John Yoo’s torture memos.

In a really important post yesterday, Jeff Kaye explained that the memo, in fact, remains operative.

LTC Breasseale explained in an email response to my query last year:

Executive Order (EO) 13491 did not withdraw “‘All executive directives, orders, and regulations… from September 11, 2001, to January 20, 2009, concerning detention or the interrogation of detained individuals.’” It revoked all executive directives, orders, and regulations that were inconsistent with EO 13491, as determined by the Attorney General…. [bold emphasis added]

One last point – you seem suggest below that EO 13491 somehow cancelled Steven Bradbury’s legal review of the FM. EO 13491 did not cancel Mr. Bradbury’s legal review of the FM.”

When I then asked the Department of Justice to confirm what Breasseale had said for a story on the Bradbury memo, spokesman Dean Boyd wrote to tell me, “We have no comment for your story.” The fact Boyd did not object to Breasseale’s statement seems to validate the DoD spokesman’s statement.

Breasseale also described DoD’s view that both the current AFM and Appendix M were “not inconsistent with EO 13491,” which “expressly prohibits subjecting any individual in the custody of the U.S. Government to any interrogation technique or approach, or any treatment related to interrogation, that is not authorized by and listed in the FM. In addition, the Detainee Treatment Act of 2005 expressly prohibits subjecting any individual in the custody of the U.S. Department of Defense to any treatment or technique of interrogation that is not authorized by and listed in the FM. In short, both the President and the Congress have determined that the interrogation techniques listed in the FM are lawful,” Breasseale said.

In his post, Kaye provides a lot of details for why the continued applicability of the memo, authorizing separation, is deeply troubling. I’d add that the particular structure of the memo, which of course allows the insertion of physical torture techniques previously abandoned under cover of classification, adds to the concern.

But there is a pending legal reason why it is important, too.

A few years ago, two contractors, Donald Vance and Nathan Ertel, sued Donald Rumsfeld and others for the torture they were subjected to at Camp Cropper after whistleblowing about Iraqi and US corruption.

The torture was, in large part, the “separation” permitted in Appendix M. As part of their case implicated Rummy personally, they described how, immediately after Congress passed the Detainee Treatment Act, Rummy invented Appendix M as a way to evade the law. Continue reading

Yes, the Government Does Believe the Military Can Use Military Force in the US

I made an error.

In this post, I suggested that debates about whether the 2001 Authorization to Use Military Force constituted an exception to the Posse Comitatus Act ignore that for 7 years — from the time John Yoo wrote a memo on whether the Fourth Amendment inhibited military deployment in the US  in 2001 until the time Steven Bradbury “withdrew” the memo in 2008 — the official position of the Executive Branch was that PCA had been suspended under the AUMF.

Armando Llorens and Adam Serwer have debated — specifically in the context of whether the President could kill Americans within the US – whether PCA applies in this war. And while they’re staging an interesting argument (I think both are engaging the AUMF fallacy and therefore not discussing how a President would most likely kill Americans in the US), what the Yoo memo shows, at the least, is that the folks running the Executive Branch believed, for 7 years, the PCA did not apply.

To be clear, this memo was withdrawn in October 2008 (though not without some pressure from Congress). While the PCA aspect of the opinion is one of the less controversial aspects in the memo, as far as we know it has not been replaced by similar language in another memo. So while this shows that PCA was, for all intents and purposes, suspended for 7 years (as witnessed by NSA’s wiretapping of Americans), it doesn’t mean PCA remains suspended.

My error was in suggesting Bradbury “withdrew” the memo.

He did not.

Instead, Bradbury directed that “caution should be exercised” before relying on it.

The purpose of this memorandum is to advise that caution should be exercised before relying in any respect on the Memorandum for Alberto R. Gonzales, Counsel to the President, and William J. Haynes II, General Counsel, Department of Defense, from John C. Yoo, Deputy Assistant Attorney General, and Robert J. Delahunty, Special Counsel, Office of Legal Counsel, Re: Authority for Use of Military Force to Combat Terrorist Activities Within the United States (Oct. 23, 2001) (“10/23/01 Memorandum”) as a precedent of the Office of Legal Counsel, and that certain propositions stated in the 10/23/01 Memorandum, as described below, should not be treated as authoritative for any purpose.

As noted, he said that five propositions in the Yoo memo should not be treated as authoritative for any purpose.

We also judge it necessary to point out that the 10/23/01 Memorandum states several specific propositions that are either incorrect or highly questionable. The memorandum’s treatment of the following propositions is not satisfactory and should not be treated as authoritative for any purpose:

But then, in a series of bullet points laying out the problems with those five propositions, Bradbury doesn’t always dismiss the outcomes Yoo’s analysis supported, but in several cases accepts the outcomes but simply provides a different basis for supporting them. Continue reading

1 2 3 8

Emptywheel Twitterverse
bmaz @JimWhiteGNV @emptywheel Perp. Fee. Trainers. Broken. What, did this transmorph into an Afghanistan discussion??
35mreplyretweetfavorite
bmaz @emptywheel @JimWhiteGNV Hey Okra lady, where you come in? Clearly yer not focused on mane attraction. Brennan sez don't be easily impressed
36mreplyretweetfavorite
JimWhiteGNV @emptywheel That prep cost is included in the overall fee to trainers for showing, so we don't see it broken out, thankfully. @bmaz
38mreplyretweetfavorite
emptywheel @JimWhiteGNV And Gomer's up-do is even more expensive than $60, I was under the impression. @bmaz
39mreplyretweetfavorite
bmaz @JimWhiteGNV No self respecting old man dances away from a hose.
40mreplyretweetfavorite
emptywheel @nlanc Yeah, there were a number of computer-driven machine people at the show.
42mreplyretweetfavorite
JimWhiteGNV @bmaz Heh. Gomer is the most finicky of all. Dances away from the hose when getting bathed and keeps his poo in a neat pile in stall corner.
42mreplyretweetfavorite
bmaz @JimWhiteGNV this ain't Gomer, as hard as it is to believe, I tend to grow rather finicky girlz. #Schadenfreude
46mreplyretweetfavorite
JimWhiteGNV @bmaz Hey, just use a rake and a leaf blower for free. Nobody will ever know the difference...
49mreplyretweetfavorite
bmaz Sasquatch is in the pool. That is good for her, but a $60 grooming for me. #WattaYouGonnaDo
50mreplyretweetfavorite
JimWhiteGNV RT @carolrosenberg: Just in: #Guantanamo nurse who refused to force-feed prisoners sent home. http://t.co/z6vrh2dsZN @MiamiHerald http://t…
1hreplyretweetfavorite
emptywheel @walterwkatz Been waiting to see what you had to say all week--looking forward to it.
1hreplyretweetfavorite
August 2014
S M T W T F S
« Jul    
 12
3456789
10111213141516
17181920212223
24252627282930
31