Stellar Wind IG Report, Working Thread

Charlie Savage has liberated the Stellar Wind IG Report completed on July 10, 2009. He wrote it up here. This will be a working thread. [Note page numbers here are off by 1]

(PDF 13) The report reveals that OPR had not yet finished its review of John Yoo’s hackery in authorizing the illegal wiretap program.

(PDF 13) The report was scoped only to include communications, so the financial and other collections would not be included.

(PDF 16/17) Discussion of USP metadata being masked.

(PDF 14) Wolfowitz, Card, Addington, Cheney, Ashcroft, Yoo, and Tenet refused to cooperate with the IG Report.

(PDF 15) IG Report says policy is only to disseminate foreign SIGINT. But actually that policy was changed in EO 12333 the previous year (almost certainly reflected the status quo before).

(PDF 17) DOJ redacted why Hayden didn’t think he could approve a law for this spying.

(PDF 16/17) Hayden talking about value of access metadata with one end in US.

(New PDF 18) Redaction with something before “international terrorism” in targeting permission.

(New PDF 18) Discussion of new dissemination permissions.

(PDF 19/20) They changed the title of the scary memo from one focused on OBL to a more general one in June 2002.

(PDF 25) Redaction of discussion of Fourth Amendment OLC memo.

(PDF 31) NSA decided only going out 2 hops useful.

(PDF 30/31) There were 3 metadata violations reported.

(PDF 32) The fact that the program released content analysis was not included in the unredacted IG Report. But this report still redacts at least one kind of reporting — which may be way the data feeds back into other analysis (they would redact that because it would create ongoing poison tree problems).

(PDF 33) “She noted Hayden took personal responsibility for the program and managed it carefully.”

(PDF 33) The description of the delegation hides a much more strained process as described in the NSA IG Report.

(PDF 34/35) Among the tasked selectors were “international terrorist threats” not tied to al Qaeda (and at a time before Somalia or AQAP would have been considered separately).

(New 35) Note the overcollection until 2004, “discovered” in late 2008, treated in IOB in 2009 (check). That may reflect the selectors against whom there was no RAS.

(PDF 36) The discussion of IOB records is cynically inadequate, for the reasons I lay out here.

(PDF36) Note the reference to collection continuing to 2004. This may be related to the hospital confrontation. Is this the Iraq-related collection?

(PDF 39) The tippers originally came in through TAU. Which means they likely got mixed up with exigent letters. The resulting ECs would come with instructions that they be used for lead purposes only and not be used in proceedings. That system likely still exists intact!

(PDF 40-41) Describes how tippers led to threat assessments (which Savage described in his article). On top of what this says about investigative process, realize it means that if your number gets tipped you also get a back door search of any communications.

(PDF 43) The discussion of the threat assessments neglects to mention that they used info derived from torture.

(PDF 44) Colleen KK had James Baker take info out of applications, but tell her if it made applications weaker so she could know there was more.

(PDF 46) Note DOJ continued to redact all additional discussion of the problems Stellar Wind presented for discovery.

(PDF 48) Most discussion of why Yoo’s failure to deal with the 15-day FISA exemption is redacted. See this post for why it matters.

(PDF 50) Can it really be right that Comey wasn’t read in until March 12, 2004?

(PDF 52) Note Mueller saying he couldn’t continue to participate in PSP.

(PDF 55) Cheney read Ted Olson into SW over the phone, before he went with Comey to the White House on March 10.

(PDF 64) Report makes no mention of Paul Wolfowitz and Hayden lying to KK.

(PDF 65) Really interesting redaction after mention of the first Risen-Lichtblau article (possibly of the response by telecoms?).

(PDF 66) DOJ got a heads up on the USA Today article about phone records.

(PDF 66) NSA’s estimate of how many phone records they’d get was off, possible.

(PDF 67) No mention of the request to dump the 215 data in with all the other data.

(PDF 68) The explanation of how FAA is broader than Stellar Wind is redacted.

(PDF 71) The claim that PAA “superseded” Vinson’s orders is incorrect: they relied on his approval for certain identifiers even under PAA.

(PDF 72) “Hayden told us that the program helped to determine that terrorist cells were not embedded within the United States to the extent that had been feared.

(PDF 73) This is the assessment part. Note the second period, from 2004 to 2006, FBI had zero results from Stellar Wind.

(PDF 74) “Mueller added that, as a general matter, it is very difficult to quantify the effectiveness of an intelligence program without ‘tagging’ the leads that are produced in order to evaluate the role the program information play in any investigation.”

(PDF 92) OSD also signed the threat assessment memo.

(PDF 92) IG Report doesn’t note that Wolfowitz lied in his second declaration to FISC–though that became more clear later in 2009.

(PDF 104) It’s interesting CIA says they weren’t consulted for the OLC memo.

(PDF 117) “CIA officials, including DCIA Hayden, told us that PSP reporting was used in conjunction with reporting from other intelligence sources; consequently, it is difficult to attribute the success of particular counterterrorism operations exclusively to PSP.”

(PDF 118) Note CIA briefed 3 times in March about efficacy of PSP.

(PDF 125) Odd that they don’t talk about Brennan in management discussions.

(PDF 137) In the joint report, the number of briefings — 49 — is unredacted. So why is it redacted here?

(PDF 137) All Stellar Wind products were sent to CIA, FBI.

(144) Note the language about SIGINT focus before 2001 is an addition from the March draft. So I assume it’s not true.

(PDF 145ff) Fascinating redaction. This stuff is not redacted in the draft IG Report. It seems to be redacted here bc 1) the stuff in the draft IG report make it even more clear that NSA was using the 15-day window of FISA and therefore acknowledging it and 2) there seems to be different stuff in the final version (including footnotes).

(PDF 153) Note the definition of metadata is redacted. Any bet it matches what they ultimately got John Bates to adopt in 2010 after breaking the law for 5 years?

(PDF 153) The description of changed authorizations is different from what is in the Snowden version (and they redact all mention of Iraq). This suggests the definition of terrorism is far looser than has been made out.

The authorizations changed over time, first eliminating the possibility that the Authority could be interpreted to permit collection of communications with both ends in the United States and adding an additional qualification that metadata could be collected for communications related to international terrorism or activities in preparation for international terrorism.

[snip]

When these two clarifications were added to the 11 March 2004 and subsequent authorizations, an accompanying statement added that these clarifications had been previously understood and implemented by NSA and that they applied to past and future activities. Al-Qa’ida (also spelled al-Qaeda) was specified as a target for content collection

(PDF 155) When asked if he thought the program was legal, Hayden said “the periodic renewal of the Authorization would ensure that the threat continued to justify the Program.”

(PDF 156) This is craziness:

According to the General Counsel, he had not yet been authorized to tell the Associate General Counsel about the PSP, so he “talked around” it and did not divulge details. The Associate General Counsel was given enough information to assess the lawfulness of the concept described, but records show he was not officially cleared for the PSP until 11 October 2001. On Tuesday, 9 October, he told Mr. Dietz that he believed the Authorization was lawful and he began planning for its implementation.

(PDF 163) NSA tried to get FISC to buy off on this in September 2002.

(PDF 172) NSA could rely on claims in the public record to deem someone to be an agent of Al Qaeda.

(PDF 182) The last date for a Stellar Wind report was December 2008, suggesting the data became stale after a year?

(PDF 184) Here’s the language on not using Tippers in subpoenas.

(PDF 186) Hayden claimed a decrease in success stories was due to closer integration of intelligence.

(PDF 223) The treatment of the glossary is very suspect. Some unclassified terms are redacted, and the description of Tippers is redacted.

(PDF 240) One of the things that appears to be redacted from the timeline is an OLC memo to Jim Haynes at DOD. That’s not included at all in the DOD IG Report either. I’m guessing that means the DOD activities were actually somehow out of scope as defined here.

(PDF 240) For some reason the briefings noted in the timeline do not match precisely with what are showing in this list.

(PDF 257) The White House had NSA IG redact the report on PRTT violations. They also reassigned the Program Manager and the chain of command. Also there were LONG delays before Congress got it — HPSCI didn’t get it until January 2, 2008.

(PDF 259) IG said StellarWind had poor security on September 13, 2004.

(PDF 250) May 31, 2006 IG reported that two of the activities under Stellar Wind could not be tracked.

(PDF 262) On July 11, 2006 (after SSCI had gotten a redacted copy of last report), NSA said all content tasking included corroboration beyond just metadata chaining.

(PDF 264) Sometime between December 2006 and July 5, 2007, IG determined PRTT needed better processes to monitor queries.

(PDF 265) June 30, 2008, IG determined they’d be able to move StellarWind data out of compartment. The report was not shared with Congress.

(PDF 312) Negroponte’s method of determining legality — to see if anyone in briefings complains — maybe be why he has had such troubles staying on right side of law in his life.

(PDF 340) It’s not actually clear WHO interviewed John Brennan for his role in this, which was significant, because he never gets listed except in Joint report. I assume it was CIA, but they don’t say that.

(PDF 345) Did they redact that FAA basically is Stellar Wind, or that it’s worse?

(PDF 350) This description of EO 12333 is really good.

(PDF 353) Findings had references to Congressional/FISC briefings…?

(PDF 355) They wanted the authorizations as well for IG Review?

(PDF 357) Fine gets more direct about what happened: Hayden changed the collection, and then Cheney pushed it.

(PDF 367) Addington just pushed the Authorization in front of Ashcroft and told him to sign it.

(PDF 374) Yoo left out metadata.

(PDF 381) They also segregated off the metadata from content collection under Stellar Wind.

(PDF 390) NSA claims to have detasked users if they were arrested.

(PDF 391) Here, they’re claiming they need a third hop for phone, whereas elsewhere they said they only needed 2.

(PDF 393) They appear to have redacted the language that says the tipper can’t be used in anything.

(PDF 398) Note the long redaction about FBI’s help in this (maybe on TAU?). That’s what led to the Mueller opinion that is redacted from this discussion.

(PDF 400) Spike Bowman is the guy calling Cheney an amateur. He would have been ousted from his CI job just when this was written. He disagreed with the close hold bc that made it look more illegal.

(PDF 400) Team 10 (redacted here but not in the main report) had the job of laundering the Tippers. Come back to this description of the searches they would do. This would currently include back door searches.

(PDF 403) Very weird “for show” TDY at NSA.

(PDF 405) “Circular reporting.”

(PDF 406) An analyst thought the telephone analysis of Tippers was like that done with drugs, and so used that subfile number.

(PDF 408) Baker resigned from DOJ in October 2007, precisely when Bradbury et al resuscitated the SPCMA program.

(PDF 413-14) Baker didn’t think FBI record keeping was up to keeping parallel construction.

(PDF 417) The NSA data of course wasn’t tagged yet (Walton imposed that in 2009) so Baker had to call back to NSA to find out what was SW derived.

(PDF 419) Kris knew of the program but did not know the content and told them to stop sending SW stuff to Thompson.

(PDF423) The fact that Ashcroft would sign apps w/o reading them and that he signed the Authorizations show that he, at least, wasn’t really performing the function required by FISA.

(PDF 425) Note that KK was reviewing 2-digit percentage of files, which suggests at least 10% of SW files fed into FISA.

(PDF 430) Really dubious that Mueller has forgotten a series of calls to field offices.

(PDF 438) Bybee notes the Deputy OLC roles are political but not Senate confirmed.

(PDF 440) Addington told Philbin not to talk to Baker about it.

(PDF 442) Yoo approved the April 22, 2003 Authorization on April 18, 2003, the only Authorization he approved. I’m not sure but I think this is when they started spying on Iraq.

(PDF 444) I wonder if this addresses defunding TSA?

(PDF 448) Addington bit Potenza and Brenner’s heads off when they asked to see the authorization.

(PDF 455) The language on ignoring an act of Congress could apply as easily to TSA defunding as FISA.

(PDF 456) The arguments about approving stuff already in the works are specious. And also, applied over and over again in 2004, especially on torture.

(PDF 462) Gonzales had both his own counsel and Emmet Flood with him when he met with DOJ IG (he would also have been under investigation for leaking information).

(PDF 472) “Things may get a little weird”

(PDF 478) Olson didn’t take the lead on reviewing documents; Clement did. But there are disputing versions of what Clement thought of OLC’s analysis, with Bradbury contesting it.

(PDF 479) Goldsmith made 3 conditions to reauth the program. Were those tied to 3 modifications?

(PDF 479) They dug the fax showing White House had been informed out of the trash can. Then a day later White House admitted they had received it. But they also made another argument about whether they had been informed or not.

(PDF 480) IG was unable to find Goldsmith’s letter to the White House explaining why Comey had been in charge.

(PDF 483) Flood claimed Exec over the fix Addington wrote to cover (probably) Internet metadata.

(PDF 485) Gonzales refused to answer any Qs abt the March 11 Authorization. But he did so on advice of Flood, not Terwilliger.

(PDF 485) Comey said he thought Addington’s changes were an attempt to fix the record, which may be different from attempting to fix the program.

(PDF 486) On March 11, Gonzales told Goldsmith to decline to have CIA’s Muller to review the draft analysis. Note that would suggest Muller was more worried than NSA, which would in turn suggest they had a big part of this.

(PDF 486) Gonzales told OLC to refrain from calling into question the White House analysis.

(PDF 489) List of people who Comey believed would resign.

(PDF 491) Strong arm the guy on morphine.

(PDF 491) Caproni primarily concerned with rule of law.

(PDF 492) Curiously, there’s no mention of the Madrid bombing in the discussion so far.

(PDF 492) Comey said there were problems with each “basket,” which would include the phone dragnet. Note also that Comey said Mueller was going to resign—he was holding off on that until Ashcroft got better.

(PDF 505) Description of Gonzales’ regret may suggest he acted different when at DOJ.

(PDF 507) The March modifications consisted of two changes going forward and one retroactive to cover all the authorizations. The April 2 modification dealt with the data that had been shut down (Iraq? CIPA?).

(PDF 514) Clearly a big part of the issue is the use of information directly or indirectly from the program. It seems possible that Goldsmith’s analysis here may impact the use of 702 information.

(PDF 516) The April 2 modification looks like it may address the standard for wiretapping. Perhaps this is where they shut down the Iraqi collection? The FBI discussion in following pages seems to address only AQ related targets. (CF 518 where the discussion of auditing ties to terrorism makes this clear.)

(PDF 520) Is the discussion of 15-days unredacted in Goldsmith memo?

LOST SOME

(PDF 547) Just two admin accounts?

(PDF 550) This discussion of minimization procedures seems to miss some K-K imposed. It’s also interesting considering this description in light of changes DOJ made just after the report came out, even during PRTT’s most troubles time.

(PDF 553) Comey called PRTT program “mother of all pen registers.”

(PDF 554) The dates on the DOD authorization coincide remarkably with the torture dates for Janat Gul.

(PDF 555) Wow. On Levin’s last day he authorized further use of PRTT data. This appears to be retroactive authorization of the August 9, 2004 extrajudicial use of the data. Note this memo does not appear in Vaughn index done by Bradbury.

(PDF 556) IG Report makes clear that both the earlier violations came in the first orders. This report makes it clear how importantly delaying the “discovery” of the ongoing violation was, given the claim that the category violations were accidental.

(PDF 561) K-K demanded more briefing on efficacy, but it looks like NSA blew her off, and continued just the monthly reporting.

(PDF 569) The description of initial attempts to fix the phone dragnet has additional detail on top of what got released in orders/E2E.

(PDF 571) Did we get the March 5 order?

(PDF 574) Note AGAG moved to put content under FISA just after Levin gone.

(PDF 575) NSA didn’t want to go under FISC bc of the paperwork involved.

(PDF 576) They made sure FISC knew they’d go it alone if they didn’t have FISC approval.

(PDF 600) Note they only mention one of 3 certificates.

(PDF 602) I don’t think the IG report states how 703/4 work (though they couldn’t know that then).

(PDF 605) The comment that 215 had First Amendment review makes me believe the government misled IG on the 2009 violations.

(PDF 606) Note they’re redacting how important moving to FAA was for giving FBI full access.

(PDF 610) Another description of their parallel processing, in which they claimed it was a highly reliable source.

(PDf 612) Records don’t indicate disposition of RFIs.

(PDF 612) Wow. FBI was getting high volume numbers until Team 10 came along.

(PDF 613) FBI kept reporting things in the SW compartment even after the authorities moved to FISC. They moved in 2008, just when everything else was being cleaned up.

(PDF 636) Note some of the ties were through pre-paid phone service (that is, they caught entirely innocent people).

(PDF 637) Info on threat assessments was reported and uploaded into databases.

(PDF 637) Note NSA complained about not getting useful feedback from FBI.

(PDF 647) “Hayden also observed that the enemy may not have been as embedded in the United States as much as feared but said that he believes Stellar Wind helped determine this.”

(PDF 666-7/329-330)

Another consequence of the Stellar Wind program and the FBI’s approach to assigning leads was that many threat assessments were conducted on individuals located in the United States, including U.S. persons, who were determined not to have any nexus to terrorism or represent a threat to national security.402 These assessments also caused the FBI to collect and retain a significant amount of personal identification about the users of tipped telephone numbers and e-mail addresses. In addition to an individual’s name and home address, such information could include where the person worked, records of foreign travel, and the identity of family members. The results of these threat assessments and the information that was collected generally were reported in communications to FBI Headquarters and uploaded into FBI databases.

The FBI’s collection of U.S. person information in this manner is ongoing under the NSA’s FISA-authorized bulk metadata collection. To the extent leads derived from this program generate results similar to those under Stellar Wind, the FBI will continue to collect and retain a significant amount of information about individuals in the United States, including U.S. persons, that do not have a nexus to terrorism or represent a threat to national security.

We recommend that as part of the [redacted] project, the Justice Department’s National Security Division (NSD), working with the FBI, should collect addresses disseminated to FBI field offices that are assigned as Action leads and that require offices to conduct threat assessments. The information compiled should include whether individuals identified in threat assessments are U.S. or non-U.S. persons and whether the threat assessments led to the opening of preliminary or full national security investigations. With respect to threat assessments that conclude that users of tipped telephone numbers or e-mail addresses are not involved in terrorism and are not threats to national security, the Justice Department should take steps to track the quantity and nature of U.S. person information collected and how the FBI retains and utilizes this information. This will enable the Justice Department and entities with oversight responsibilities, including the OIG and congressional committees, to assess the impact this intelligence program has on the privacy interests of U.S. persons and to consider whether, and for how long, such information should be retained.

(PDF 678) Christopher Wray and Patrick Rowan were the first to review SW for discovery. That probably placed the review at 2004 (Wray went back to private practice in 2005, Rowan moved to NSD in 2006 where he had a key role in PAA).

(PDF 681) Dion also notes DOJ does a search to see if defendants “have a relationship” with an Intel agency.

(PDF 683) Bradbury declined to do more research on discovery problems with SW data. Note, too, the irony that John Eisenberg was working on this not long before (early 2005) Jon Eisenberg was representing al Haramain on it.

(PDF 685) DOJ was only deleting info from Stellar Wind, not providing substitution under CIPA.

(PDF 695) Rowan was read in in July 2004.

(PDF 702) Confirmation they invented TSP for public consumption. Also note on PDF 703 where NewsMax and RedState used TSP before the Administration did.

(PDF 711) Gonzales even claimed need to speak in classified session when in closed session.

(PDF 720) This seems to suggest the content collection came after October 2001, which is not right.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

1 reply
  1. galljdaj says:

    And the backdoor searches never stop! the last one against me was yesterday! And thats going on ~15 years!

Comments are closed.