March 14, 2014 / by emptywheel


John Brennan’s Parallel “Investigative, Protective, or Intelligence Activity”

Yesterday, Jack Goldsmith defended CIA lawyer Robert Eatinger for referring Senate Intelligence Committee staffers for criminal investigation. Eatinger had no choice but to refer his Agency’s overseers, you see, because EO 12333 required it.

I knew Eatinger a bit when I was at OLC a decade ago, and based on that experience I agree with John Rizzo that “[h]e doesn’t have a political bone in his body” and “[i]f he made this referral, it’s because he felt it was the right and necessary thing to do.”

It might be useful to articulate the standard for the “right and necessary thing to do,” because I think that standard is at the bottom of this corner of the controversy.  The standard comes from Section 6.1(b) of E.O. 12,333, which imposes a duty on the CIA Director to:

Report to the Attorney General possible violations of Federal criminal laws by employees and of specified Federal criminal laws by any other person as provided in procedures agreed upon by the Attorney General and the head of the department, agency, or establishment concerned, in a manner consistent with the protection of intelligence sources and methods, as specified in those procedures;

I believe that the CIA Director delegates this duty to the CIA General Counsel.

Note how low the bar is for the referral—possible violations of federal law.  Think about what that low standard means.  It means that CIA often has a duty to refer a matter to DOJ that it is reasonably confident does not violate federal law, simply because the matter possibly violates federal law.  As John Radsan noted in his study of the CIA General Counsel’s Office, the low standard results in CIA making “several referrals to the Justice Department in a typical month.”  It might seem that these frequent referrals are signs of lawlessness, but in fact they are a mechanism of accountability. The very soft trigger of “possible” as opposed to “likely” or “actual” violations promotes significant over-reporting and allows another Agency, DOJ, to decide the appropriate action in the first instance.” [my emphasis]

Nice try.

But there’s a significant problem with that. In response to Ron Wyden’s question about whether CIA is subject to the Computer Fraud and Abuse Act — a polite way of suggesting CIA hacked the Committee server — John Brennan told Wyden,

The statute does apply. The Act, however, expressly “does not prohibit any lawfully authorized investigative, protective, or intelligence activity … of an intelligence agency of the United States.” 18 U.S.C. § 1030(f).

In other words, Brennan implicitly asserts the CIA snooping on SSCI was legal because CIA was engaged in lawfully authorized “investigative, protective, or intelligence activity.”

Side note: what are the chances that Brennan, who likes to remind that he’s not a lawyer when he gets legally dangerous questions, consulted with CIA’s Acting General Counsel Robert Eatinger in crafting this response to Wyden?

But let’s look at when and how Brennan chose to engage in what he claims is either “investigative, protective, or intelligence activity” and when and how Eatinger found SSCI’s oversight of CIA reached the “low bar” that merited referral.

According to Dianne Feinstein, in 2010, before Brennan was Director and Eatinger Acting General Counsel, a slew of documents disappeared from the server CIA made available for SSCI. Feinstein makes no mention of CIA engaging in “investigative, protective, or intelligence activity” in response. Instead, CIA just made shit up.

In May of 2010, the committee staff noticed that [certain] documents that had been provided for the committee’s review were no longer accessible. Staff approached the CIA personnel at the offsite location, who initially denied that documents had been removed. CIA personnel then blamed information technology personnel, who were almost all contractors, for removing the documents themselves without direction or authority. And then the CIA stated that the removal of the documents was ordered by the White House. When the committee approached the White House, the White House denied giving the CIA any such order.

After a series of meetings, I learned that on two occasions, CIA personnel electronically removed committee access to CIA documents after providing them to the committee. This included roughly 870 documents or pages of documents that were removed in February 2010, and secondly roughly another 50 were removed in mid-May 2010.

Only after denying it, then blaming first the IT contractors, and then the White House (who I believe may well have been to blame), did the CIA admit they had removed the documents. All this occurred, presumably, without launching a security review of the kind so urgent now (though if a security review were done, let’s hear about it, because it would suggest only certain factions were behind the removal of these documents).

Shortly after this incident — again, according to Feinstein — the Panetta Review documents also started disappearing from the servers (SSCI either had printed out copies already or did so in response).

In December, Mark Udall and others started invoking the Panetta review and asking for a complete copy of it.

In response, according to a letter (which for a variety of reasons I’m certain was designed to be released) Brennan later sent Dianne Feinstein on January 27, CIA started its “investigative, protective, or intelligence activity.”

Because we were concerned that there may be a breach or vulnerability in the system for housing highly classified documents, CIA conducted a limited review to determine whether these files were located on the SSCI side of the CIA network and reviewed audit data to determine whether anyone had accessed the files, which would have been unauthorized. The technical personnel conducting the audit review were asked to undertake it only if it could be done without searching audit data relating to other files on the SSCI side of CIA’s network. That review by IT personnel determined that the documents that you and Senator Udall were requesting appeared to already be on the SSCI staff side of CIA’s local area network and had been accessed by staff. Only completion of the security review will answer how SSCI staff came into possession of the documents.

Only on January 15, after CIA had completed some of that “investigative, protective, or intelligence activity” and determined, according to them, that SSCI shouldn’t have had the document, did Brennan call an “emergency meeting” to inform Feinstein and Saxby Chambliss of those activities.

I made clear during our meeting that I wanted to conduct this security review with our consent and, furthermore, that I welcomed the participation of the Committee’s Security Director in this effort.


As I noted at our meeting, this is a very serious matter, and it is important that both the CIA and the Committee get to the bottom of what happened.

In response, according to Feinstein, she sent Brennan two letters, one, on January 17, objecting to CIA’s “investigative, protective, or intelligence activity,” and the second, on January 23, asking specific questions about what CIA had done.

Two days after the meeting, on January 17, I wrote a letter to Director Brennan objecting to any further CIA investigation due to the separation of powers constitutional issues that the search raised. I followed this with a second letter on January 23 to the director, asking 12 specific questions about the CIA’s actions—questions that the CIA has refused to answer.

Some of the questions in my letter related to the full scope of the CIA’s search of our computer network. Other questions related to who had authorized and conducted the search, and what legal basis the CIA claimed gave it authority to conduct the search. Again, the CIA has not provided answers to any of my questions.

My letter also laid out my concern about the legal and constitutional implications of the CIA’s actions. Based on what Director Brennan has informed us, I have grave concerns that the CIA’s search may well have violated the separation of powers principles embodied in the United States Constitution, including the Speech and Debate clause. It may have undermined the constitutional framework essential to effective congressional oversight of intelligence activities or any other government function.

The letter Brennan has released (which, as I have said, seems designed for release) did not answer these questions or even acknowledge they had been asked. Instead, Brennan insisted that CIA’s “investigative, protective, or intelligence activity” continue, though invited another, independent inquiry with Committee involvement.

I would welcome an independent review that explores CIA’s actions and how these documents came to reside on the Committee’s side of the CIA facility network. If you are amenable, I will have my Acting General Counsel reach out to the Committee’s Majority and Minority Counsel to discuss options for such an independent review.

However we proceed, the security review must be completed in a timely manner. It is imperative to learn whether or not a breach or vulnerability exists on this network and was exploited. I trust that you share my concerns and that we can work together to carry out a security review that answers these important questions while respecting the important separation of powers concerns of both.

According to both accounts, there had been no mention of involving DOJ up to that point.

Meanwhile, CIA’s Inspector General David Buckley started an investigation and ultimately referred it to DOJ, and then in response, Robert Eatinger referred the SSCI to DOJ.

Days after the meeting with Director Brennan, the CIA inspector general, David Buckley, learned of the CIA search and began an investigation into CIA’s activities. I have been informed that Mr. Buckley has referred the matter to the Department of Justice given the possibility of a criminal violation by CIA personnel.

Let me note: because the CIA has refused to answer the questions in my January 23 letter, and the CIA inspector general review is ongoing, I have limited information about exactly what the CIA did in conducting its search.

Weeks later, I was also told that after the inspector general referred the CIA’s activities to the Department of Justice, the acting general counsel of the CIA filed a crimes report with the Department of Justice concerning the committee staff’s actions. I have not been provided the specifics of these allegations or been told whether the department has initiated a criminal investigation based on the allegations of the CIA’s acting general counsel.

In other words, Eatinger didn’t refer this case when CIA first started worrying about possible violations of Federal law (nor, as far as we know, did Stephen Preston make a referral in 2010 when documents started disappearing from the server). He didn’t refer the case after CIA’s initial “investigative, protective, or intelligence activity” — at that point, Brennan still wanted CIA to continue its “investigative, protective, or intelligence activity” itself.

It was only after CIA got referred for its “investigative, protective, or intelligence activity” that Eatinger decided the matter had reached what Goldsmith claims is a very low bar for referral.

Now, I might entertain the possibility that after things started spinning out of control, Eatinger got the brilliant idea that it was not a good idea for CIA to conduct “investigative, protective, or intelligence activity” targeted at their overseers. It’s possible, too, that Brennan envisioned the “independent investigation” mentioned in his letter to Feinstein would be conducted by DOJ, though he didn’t say that in his letter that I believe was designed to be publicly released.

But certainly, Eatinger let things get far beyond the “low bar” before he referred the issue to DOJ. He certainly didn’t let another Agency “decide the appropriate action in the first instance.” CIA got to decide that.

Which brings me to the even more troubling aspect of this.

Given Brennan’s response to Wyden (which may or may not have been written after consultation with Eatinger), the CIA Director believes the limits on EO 12333 do not prevent the CIA from conducting its own parallel “investigative, protective, or intelligence activity” outside the realm of normal law enforcement, not even if CIA was directly involved.

Say, did you notice that Brennan didn’t specify for Wyden whether he believed CIA had been engaged in “investigative” or “protective” or “intelligence” activity?

CIA’s not supposed to be in charge of intelligence activities targeted at Americans — FBI is, the same investigative agency only now being involved in this, in spite of the “low bar” on referrals under EO 12333.

Suffice it to say it might have behooved Brennan, given that he edited the citation from 18 U.S.C. § 1030(f), to specify what kind of authorized activity CIA was engaged in when it snooped on its overseers.

Because the impression I get from all this is that the Director of the CIA thinks it’s perfectly okay for CIA to conduct its own “investigative, protective, or intelligence activity” in parallel with more appropriate means of investigating events involving CIA. (Think, for example, of the potentially parallel investigation it might conduct of Gitmo detainees and their lawyers as they discuss torture using bugs in the smoke alarms and a kill switch on the white noise machine?) And this was targeted at its overseers! Imagine the extent of “investigative, protective, or intelligence activity” CIA might engage in if it was someone without the purported protections of Separation of Powers.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @