On Thursday, the Inspectors General of the Intelligence Community, DOJ, CIA, and DHS (but not NSA) released their report on the Marathon Bombing. While the public release was just a very condensed summary, included the redaction of both classified and “sensitive” information, and made no attempt to reconstruct data government agencies had or could have had on Dzhokhar Tsarnaev, the report did show that the NSA had data on Tamerlan Tsarnaev and that the FBI found information on his computers that NSA might have gotten via other means.
On Friday, prosecutors in the case against Dzhokhar refused to tell him what they collected under FISA.
Before I get into the government’s refusal on FISA notice — some of which has repercussions for other cases — let’s go over what electronic communications the government did have or could have had.
First, the IG Report (which did not specifically involve NSA’s IG and did not include Dzhokhar in its scope) nevertheless points to information NSA collected in 2012 that was not turned over to FBI until after the attack.
The report also points to communications dating to January 2011, which is entirely redacted. This probably refers to communications the Russians intercepted, not the NSA (indeed, the report discusses NSA data, above, later in the same section, which indicates the earlier redaction doesn’t pertain to NSA). Though there’s no indication whether the NSA received notice of these communications, including the non-US person interlocutor located overseas involved in them, who would have been a legal NSA target.
The report also describes FISA-related information that FBI did not consult in its 2011 assessment of Tamerlan, though it claims it would not have found all that much.
Additionally, the DOJ OIG determined that the CT Agent did not use every relevant search term known or available at the time to query the FBI systems, including certain telephone databases and databases that include information collected under authority of the Foreign Intelligence Surveillance Act (FISA). However, searches of FBI databases conducted at the direction of the DOJ OIG during this review produced little information beyond that identified by the CT Agent during the assessment, with the exception of additional travel-related data for Zubeidat Tsarnaeva.
It’s unclear, however, whether that is true for Dzhokhar (whom they didn’t check) or whether searches on these databases would be similarly unproductive if run in 2013, before the attacks. Keep in mind, especially, that the FBI has admitted to collecting data on explosive precursor purchases under PATRIOT authorities, including Section 215, though it’s not clear that either pressure cookers or low level fireworks had been included before the Boston attack.
Then there are GMail and YouTube communications. The report notes that FBI learned about Tamerlan’s YouTube and the jihadi material he posted to it from “an other government agency,” which presumably means NSA (as they could ID DHS, which also does this kind of thing, directly in a report pertaining to DHS).
The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.”
The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.
Then the report describes what FBI found via forensic analysis of computers used by Tamerlan (again, it’s not clear whether Dzhokhar used these same computers or had his own, but they seem to imply only Tamerlan’s computers are included in this description).
An FBI analysis of electronic media showed that the computers used by Tsarnaev contained a substantial amount of jihadist articles and videos, including material written by or associated with U.S.-born radical Islamic cleric Anwar al-Aulaqi. On one such computer, the FBI found at least seven issues of Inspire, an on-line English language magazine created by al-Aulaqi. One issue of this magazine contained an article entitled, “Make a Bomb in the Kitchen of your Mom,” which included instructions for building the explosive devices used in the Boston Marathon bombings.
Information learned through the exploitation of the Tsarnaev’s computers was obtained through a method that may only be used in the course of a full investigation, which the FBI did not open until after the bombings.
Now, both of these sections, pitched as they are in terms of what FBI could do via open source investigation, don’t account for the technical and analytical capabilities of NSA. Obviously NSA could have accessed Tamerlan’s YouTube, the question is just whether or not they could have IDed the YouTube as his even when he posted under a pseudonym and whether they had other means, aside from accessing the memory of the Tsarnaevs’ devices, to find out what they had downloaded.
We have every reason to believe they not only could have — identifying pseudonyms is a key purpose of the dragnet — but numerous counterterrorism cases suggest they actually do do so. Indeed, even Dzhokhar’s online profile almost exactly matched that of Adel Daoud at the time when FBI threw 3 undercover officers at the latter to catch him in a sting, and with Tamerlan there was the Russian warning in addition.
I strongly suspect the NSA tracks Inspire off of the encryption codes attached to it via upstream search (at a conference last week, Raj De said NSA doesn’t track Inspire off its URL, which is not the allegation and would be a stupid way of doing it; he made that comment at the same time as bullshitting on another upstream collection issue, so I believe both were non-denial confirmations as is so common from these people). We know NSA obtains metadata from upstream collection that it uses to task further collection. And we know NSA uses metadata to map identities precisely to do things like find the pseudonymous YouTube account of someone of interest. And while the NSA could not task the brothers’ emails without a warrant (though by that point they would have had the Inspire downloads, the Russian warnings, and the 2012 collection), they surely could have tracked their public postings to YouTube, which would have shown both men posting the kind of jihadist propaganda that Tarek Mehanna got sent to prison for in the very same judicial District during this very same period.
In short, it appears the NSA, though not the FBI, could have collected enough data to target the brothers. By scoping this investigation to exclude more thorough review of NSA’s role, the government suppressed that fact.
In any case, however, NSA’s access to at least some information on Tamerlan may be why the report emphasizes the importance of FBI and NSA’s Memorandum of Understanding on how their jobs overlap.
The federal agencies that handled information concerning relevant individuals and events prior to the bombings frequently have intersecting and sometimes overlapping responsibilities in conducting counterterrorism activities. The relationships between and among these agencies are governed by memoranda of understanding (MOU). Of particular relevance to this review are the relationships between the FBI, CIA, and DHS, as well as the relationship between the FBI and the NSA, and the NCTC’s relationships throughout the Intelligence Community.
Meanwhile, there’s one other thing the IG Report excludes from its review. To substantiate their claim that they couldn’t have found Tamerlan’s YouTube because he used a pseudonym, FBI shared a highly-redacted excerpt from an unclassified Electronic Communication on Tamerlan’s Google accounts.
In a response to a DOJ OIG request for information supporting [the statement that Tamerlan used a pseudonym on YouTube], the FBI produced a heavily redacted 3-page excerpt from an unclassified March 19, 2014, EC analyzing information that included information about Tsarnaev’s YouTube account. The unredacted portion of the EC stated that YouTube e-mail messages sent to Tsarnaev’s Google e-mail account were addressed to “muazseyfullah” prior to February 12, 2013, and to “Tamerlan Tsarnaev” beginning on February 14, 2013. The FBI redacted other information in the EC about Tsarnaev’s YouTube and Google e-mail accounts.
That is, FBI was hiding unclassified information about Tamerlan’s Google accounts from DOJ’s Inspector General, which is the kind of ID information that NSA tracks. (Note, two hearings in recent weeks have revealed that DOJ holds up IG Michael Horowitz on grand jury issues, particularly on investigations that won’t flatter DOJ; while those hearings didn’t reference this case, it may be one reason Horowitz raised his concerns.)
And the kind of information that might come up in a FISA search.
In short, there is clearly information NSA collected in 2012 relevant to Dzhokhar, though it may well have been collected under 12333 authorities. And it’s possible there was more.
But, if prosecutors have their way, Dzhokhar’s not going to get FISA content related information unless the government introduces it at the trial. And he’s not going to get Section 215 data (remember, this may include explosive precursor information) at all.
The last bit is thoroughly unsurprising but important for all Americans. The government maintains it has no discovery obligation in the least for Section 215 information.
Tsarnaev’s further request that this Court order the government to provide notice of its intent to use information regarding the “. . . collection and examination of telephone and computer records pursuant to Section 215 . . .” that he speculates was obtained pursuant to FISA should also be rejected. Section 215 of Pub. L. 107-56, conventionally known as the USA PATRIOT Act of 2001, is codified in 50 U.S.C. § 1861, and controls the acquisition of certain business records by the government for foreign intelligence and international terrorism investigations. It does not contain a provision that requires notice to a defendant of the use of information obtained pursuant to that section or derived therefrom. Nor do the notice provisions of 50 U.S.C. §§ 1806(c), 1825(d), and 1881e apply to 50 U.S.C § 1861. Therefore, even assuming for the sake of argument that the government possesses such evidence and intends to use it at trial, Tsarnaev is not entitled to receive the notice he requests.
If this is correct — and it is indeed the way the statute is drawn — the government maintains it can and will use data collected under an outrageously broad definition of “relevance” but avoid any scrutiny for having done so.
Similarly, the government points to FISA language to insist it only needs to disclose FISA-derived information if it uses it in trial and if Dzhokhar is the aggrieved person, which he might not be if collection captured his brother’s communications.
The government’s notice obligations regarding its use of FISA information under §§ 1806, 1825, and 1881e apply only if the government: (1) “intends to enter into evidence or otherwise use or disclose” (2) “against an aggrieved person” (3) in a “trial, hearing or other proceeding in or before any court, department, officer, agency, regulatory body, or other authority of the United States” (4) any “information obtained or derived from” (5) an “electronic surveillance [or physical search] of that aggrieved person.” 50 U.S.C. §§ 1806(c), 1881e(a); see also 50 U.S.C. § 1825(d). Where all five criteria are met, the government will notify the defense and the court (or other authority) in which the information is to be disclosed or used that the United States intends to use or disclose such information.
Both of these statements defy claims DOJ has made — including to the FISA Court — about searching such material for exonerating information, but I am unsurprised by the claims.
Finally, the government argues that a local Massachusetts rule mandating discovery of any electronic surveillance (as defined under ECPA) does not affect FISA collected electronic communications.
The government is similarly aware of the requirements of Local Rule 116.1(c)(1)(C) as it relates to the interception of wire, oral, or electronic communications, as defined in 18 U.S.C. § 2510, and Local Rule 116.1(c)(1)(B) as it relates to the disclosure of search materials. At the outset, these rules should not be interpreted to expand or alter the carefully designed statutory scheme regarding notice and discovery that is outlined in FISA with respect to foreign intelligence surveillance and searches.
Mind you, the government will likely win the argument in all these cases — though their claim about Section 215 ought to generate some close attention.
But it is worth noting that the government clearly has NSA-collected data pertaining at least to Tamerlan. It probably has a lot more it might have had, if NSA had looked.
But DOJ doesn’t want us to learn that at any trial Dzhokhar might have.
Given how carefully the National Security establishment scoped the NSA out of all the reviews on how the government missed the Tsarnaev brothers, I wonder whether they’re refusing these issues solely for prosecutorial advantage, or whether they’re hiding the government’s own failure to prevent the attack?