I wanted to turn to the two IG Reports Glenn Fine did on the PATRIOT Act’s Section 215, the section that allows investigators to get business records and other tangible items. (2007 report covering 2002 to 2005; 2008 report covering 2006) The reports show an expansion of the way DOJ used the authority that parallels the known history of Bush’s illegal domestic surveillance program.
For the first two years after passage of the PATRIOT Act, not one 215 order was issued. Some were applied for, but all either were withdrawn because of legal ambiguities (could they be used to get school records?), legal reviews, and/or inattention. Then in October 2003, someone in DOJ focused effort on pushing some through, and one of the orders submitted in that month was approved in May 2004–though we’re not allowed to know the date (see page 17 of the 2007 report). Now, it appears the May timing may be coincidental; the order came out of efforts in October 2003 to start using this authority, not as a response to the hospital confrontation concerning Bush’s illegal domestic surveillance program in March 2004. But nevertheless, the first 215 order was authorized just as DOJ issued a new opinion authorizing parts of Bush’s domestic surveillance program on May 6, 2004, at a time when the data mining aspect of the illegal program had (reportedly) been halted by Jim Comey and Jack Goldsmith.
Later, for a year and a half, 215 orders started to serve a function with pen register/trap and trace orders. This was necessary for a period until the PATRIOT revision in 2006 because FISA pen registers didn’t give investigators all the information they wanted.
A "combo" application is a term used by OIPR to refer to a Section 215 request that was added to or combined with a FISA application for pen register/trap and trace orders. The use of the combination request evolved from OIPR’s determination that FISA pen register/trap and trace orders did not require providers to turn over subscriber information associated with telephone numbers obtained through the orders. Unlike criminal investigation pen register/trap and trace orders, which routinely included a clause requiring the provision of subscriber information, FISA pen register/trap and trace orders did not contain such provisions. Thus, while the FBI could obtain the numbers dialed to and from the target number through FISA orders, FBIA agents had to employ other investigative tools, such as national security letters, to obtain the subscriber information. (2007 report, 16)
Here’s what I understand this to mean (the lawyers in the crowd should feel free to correct this). The report explains there was a difference between trap and trace orders on phone numbers (and email accounts, presumably) in the criminal and FISA setting. In the criminal setting, you automatically got the names, as well as the numbers, that the target had contacted. You got to know right away that Rudy the street dealer had contact with Carlos the big time dealer. But with FISA, you just got numbers. You might learn that Mohammed the suspected terrorist had called 555-1362, but you didn’t automatically know whose number that was. Of course, there’s a reason for this–FISA is supposed to protect the identity of other US persons. But as time went on (and as you’ll see, the timing of this is mighty interesting), they incorporated getting the name of the guy at 555-1362, at least if the number was from the same carrier, routinely.
If I understand the report correctly, this first happened in 2004 (though they won’t tell us what month) in what was called a "pure" 215 order.
One of the 18 unique requests was for telephone subscriber information. With respect to this request, the field office had prepared an application for a FISA pen register/trap and trace order and wanted to obtain the subscriber information without using national security letters. The field office supervisor dealt directly with OIPR’s Counsel for Intelligence Policy, and they discussed the case with a FISA Court judge in person. As a result of these discussions, OIPR submitted an application for a Section 215 order for the subscriber information. The FISA Court approved two orders–one for the pen register and trap and trace devices and a Section 215 order for the related subscriber information. This order was signed on [date redacted], 2004. Thereafter, OIPR began sending requests for Section 215 orders for subscriber information to FISA pen register/trap and trace applications. (2007 report, 18)
Now, this might actually have been a response to a decision on NSLs in Doe v. Ashcroft on September 28, 2004, which struck down NSLs partly on separation of powers grounds. DOJ had been using (and continued to use for some time) NSLs to get this subscriber information. By using Section 215 orders instead, DOJ would be submitting to the court review that NSLs lacked (and also would be able to get this information more directly by going to just one provider).
In 2005, this process became automatic and the "combo" 215 order was born.
In order to streamline the process for obtaining subscriber information, beginning in early 2005 OIPR began to append a request for Section 215 orders to applications for FISA pen register/trap and trace authority. The result was that information obtained in a FISA pen register/trap and trace order was equivalent to the information obtained in a criminal pen register/trap and trace order. (2007 report, 16-17)
And, as both IG Reports explain several times, in the 2006 reauthorization (not the 2005 one), Congress added language to the statute including subscriber information for pen register/trap and trace orders.
Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber informatoin to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary.
But something else funky seems to have happened with combo orders in the first few months of 2006. First, as the 2008 IG Report reveals, DOJ started using combo 215s for some other purpose. After explaining how they were used to get subscriber information, the report explains,
The use of the combination request evolved from OIPR’s determination that FISA pen register/trap and trace orders did not require providers to turn over subscriber information associated with telephone numbers obtained through those orders. As a result, Section 215 requests were added to pen register/trap and trace orders to seek subscriber information. OIPR also used combination orders in 2005 and 2006 to obtain [two lines and footnote redacted]. (20)
There’s another line redacted to explain that this use was no longer necessary after the 2006 reauthorization. And then to explain why it became unnecessary, the report explained,
In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [redacted] from the FISA Court. Therefore, OIPR decided not to request [redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court. (21)
It goes on in a footnote,
OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act. [two lines redacted]
Now, it’s not entirely clear that all of this is related, though it appears to adhere to a parallel structure in which all the discussions of this additional authority appear in the same place vis a vis the discussion of the trap and trace connection (that is, that they refer to the same authority). If so, it appears they started using 215s for this authority in 2005–not 2006. Yet they didn’t brief it to the FISA Court until February 2006–a month and change after Bush’s illegal domestic program was exposed. And then, they were reluctant to continue to do so after the March 2006 PATRIOT reauthorization.
In other words, it appears they may have started using Section 215s for something they had been using the illegal program for. And it appears that the March 2006 PATRIOT reauthorization, which was partly an add-on to the 2005 reauthorization in 2005 designed to overcome the filibuster that had started in response to the revelation of the program in December 2005, found ways to put some of the things they were doing into other parts of PATRIOT. Combo orders, for example, became regular parts of trap and trace devices.
All of which is a very vague way to say we probably ought to be thinking of four programs–Bush’s illegal domestic surveillance program and the PAA/FAA program that replaced it, NSLs, Section 215 orders, and trap and trace devices–as one whole. As the authorities of one program got shut down by exposure or court rulings or internal dissent, it would migrate to another program. That might explain, for example, why Senators who opposed fishing expeditions in 2005 would come to embrace broadened use of Section 215 orders in 2009.
Now, all of this is just preliminary background discussion to talk about the expansion of 215 authorities to cover one or two programs together, something that happened in 2006 (and therefore, potentially in response to the exposure of Bush’s illegal program). I’ll treat that in a later thread.