Raj De and the Back-Door Loophole
As I already noted, NSA General Counsel lied in today’s PCLOB hearing when he said the use of Section 215 to conduct a phone dragnet had the indicia of legitimacy because Congress twice reauthorized the PATRIOT after the executive had given it full information.
We know that the 2010 freshman class — with the exception of the 7 members who served on the Judiciary or Intelligence Committees — did not have opportunity to learn the most important details about the phone dragnet before reauthorizing PATRIOT in 2011. And it appears DOJ withheld from the Judiciary and Intelligence the original phone dragnet opinion — and they clearly withheld significant FISC materials on it — until August 2010, after PATRIOT had been reauthorized the first time. I trust Ben Wittes, who wants to prevent Jim Sensenbrenner from commenting on NSA’s secrecy because he’s dishonest about his own role, applies a similar standard to Raj De.
But I was even more interested in the way De answered Center for Democracy and Technology’s Jim Dempsey’s question about the back-door loophole in which NSA searches on incidentally collected US person data (starting at 2:09:00). Dempsey asked whether NSA needed something like the Reasonably Articulable Suspicion before it searched incidental US person data. De treated the question as nonsensical, given that when you collect on a particular phone number in the criminal context you don’t need to ignore what you find.
In other words, the NSA has a lower standard for access this content than they do for accessing the metadata of our phone calls.
Curiously, though, De tried to tout the minimization of both 702 and EO 12333 collection to present this as reasonable.
By minimization, Dempsey asked, you mean you keep it.
De insisted that no, there’s minimization at each step of the process.
I get how he was trying to use this blatant dodge. I get that the NSA assumes they can take everything so long as they’re careful about how they sent it around.
But make no mistake. NSA searches on the data before it gets minimized.
Here’s how this year’s Semiannual Compliance Review, submitted by the Attorney General and Director of National Intelligence, describes this practice.
NSA’s querying of unminimized Section 702-acquired communications using United States person identifiers (page 7)
Here’s how John Bates referred to the practice, based on a submission the NSA had made itself (though before De was writing the documents), in his October 3, 2011 opinion.
The government has broadened Section 3(b)(5) to allow NSA to query the vast majority of its Section 702 collection using United States-Person identifiers, subject to approval pursuant to internal NSA procedures and oversight by the Department of Justice. Like all other NSA queries of the Section 702 collection, queries using United States-person identifiers would be limited to those reasonably likely to yield foreign intelligence information. (page 22-23)
Bates justifies this practice by pointing to another agency’s (almost certainly FBI) use of the practice, which he describes as,
an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information.
The NSA has restrictions about circumstances in which they can share this data (which arguably will be expanded under Dianne Feinstein’s FakeFISAFix). But they allow the NSA to share this data if it is “foreign intelligence,” evidence of a crime, and evidence of a threat to life-which-to-NSA-means-property.
They can sweep up entire countries worth of Internet traffic. They can sweep up entire mailboxes overseas. And then go in, without a warrant, and “discover” evidence of crime.