On May 7, the very same day the Second Circuit ruled that Congress has to say specifically what a surveillance bill means for the bill to mean that thing, Richard Burr engaged in a staged colloquy on the Senate floor where he claimed that the Section 215 bulk collection program collects IP addresses. After Andrew Blake alerted me to that and I wrote it up, Burr stuffed the claim into the memory hole and claimed, dubiously, to have made a misstatement in a planned colloquy.
Then, after Mitch McConnell created a crisis by missing the first Section 215 reauthorization deadlines, Burr submitted a bill that would immediately permit the bulk collection of IP addresses, plus a whole lot more, falsely telling reporters this was a “compromise” bill that would ensure a smooth transition between the current (phone) dragnet and its replacement system.
Which strongly suggests Burr’s initial “misstatement” was simply an attempt to create a legislative record approving a vast expansion of the current dragnet that, when he got caught, led Burr to submit a bill that actually would implement that in fact.
This has convinced me we’re going to need to watch these authoritarians like hawks, to prevent them from creating the appearance of authorizing vast surveillance systems without general knowledge that’s what’s happening.
So I reviewed the speech Mitch made on Friday (this appears after 4:30 to 15:00; unlike Burr’s speech, the congressional record does reflect what Mitch actually said; h/t Steve Aftergood for Congressional Record transcript). And amid misleading claims about what the “compromise” bill Burr was working on, Mitch suggested something remarkable: among the data he’s demanding be retained are documents, not just call data.
I’ve placed the key part of Mitch’s comments below the rule, with my interspersed comments. As I show, one thing Mitch does is accuse providers of an unwillingness to provide data when in fact what he means is far more extensive cooperation. But I’m particularly interested in what he says about data retention:
The problem, of course, is that the providers have made it abundantly clear that they will not commit to retaining the data for any period of time as contemplated by the House-passed bill unless they are legally required to do so. There is no such requirement in the bill. For example, one provider said the following: “[We are] not prepared to commit to voluntarily retain documents for any particular period of time pursuant to the proposed USA FREEDOM Act if not otherwise required by law.”
Now, one credulous journalist told me the other day that telecoms were refusing to speak to the Administration at all, which he presumably parroted from sources like Mitch. That’s funny, because not only did the telecom key to making the program work — Verizon — provide testimony to Congress (which is worth reviewing, because Verizon Associate General Counsel — and former FBI lawyer — Michael Woods pointed to precisely what the dragnet would encompass under Burr’s bill, including VOIP, peer-to-peer, and IP collection), but Senator Feinstein has repeatedly made clear the telecoms have agreed with the President to keep data for two years.
Furthermore, McConnell’s quotation of this line from a (surely highly classified letter) cannot be relied on. Verizon at first refused to retain data before it made its data handshake with the President. So when did this provider send this letter, and does their stance remain the same? Mitch doesn’t say, and given how many other misleading comments he made in his speech, it’s unwise to trust him on this point.
Most curiously, though, look at what they’re refusing to keep. Not phone data! But documents.
Both USA F-ReDux and Burr’s bill only protect messaging contents, not other kinds of content (and Burr’s excludes anything that might be Dialing, Routing Addressing and Signaling data from his definition of content, which is the definition John Bates adopted in 2010 to be able to permit NSA to resume collecting Internet metadata in bulk). Both include remote computing services (cloud services) among the providers envisioned to be included not just under the bill, but under the “Call Detail Record” provision.
Perhaps there’s some other connotation for this use of the word “documents.” Remember, I think the major target of data retention mandates is Apple, because Jim Comey wants iMessage data that would only be available from their cloud.
But documents? What the hell kind of “Call Detail Records” is Mitch planning on here?
One more thing is remarkable about this. Mitch is suggesting it will take longer for providers to comply with this system than it took them to comply with Protect America Act. Yahoo, for example, challenged its orders and immediately refused to comply on November 8, 2007. Yet, even in spite of challenging that order and appealing, Yahoo started complying with it on May 5, 2008, that same 180-time frame envisioned here. And virtually all of the major providers already have some kind of compliance mechanism in place, either through PRISM (Apple, Google, and Microsoft) or upstream 702 compliance (AT&T and Verizon).
Last week, the Obama administration briefed Senators on the current bulk data program under section 215. Senators were impressed with the safeguards built into the current program, and they were impressed that there had not been one incident–not one–of abuse of the program. There’s an irony here: This was, in part, an FBI briefing, and in 2011 FBI officials told Members of Congress there had been no abuses of Section 215, willful or not, which of course was false. But many Senators were disturbed by the administration’s inability to answer basic, yet critical, questions about the alternate bulk data system that would be set up at some point–at some point–under the legislation the administration now supports. The administration could not guarantee whether a new system would work as well as the current system, and the administration could not guarantee whether there would be much, if any, data available to be analyzed under a new system given the lack of a data-retention requirement in the legislation. Note Mitch discusses having data available to be analyzed; that echoes earlier Bob Litt comments that they need data retention to do analysis, not to get historical coverage.
Despite what the administration told us just last week about its inability to guarantee that this nonexistent system could even be built in time, it did an about-face earlier this week–sort of. The administration had the Director of NSA write that the nonexistent system could be built in time if–if–the providers cooperated in building it. And, of course, they are not required to. This is misleading. Providers are required to provide data in the form the government wants it and provide assistance under USA F-ReDux. We know from Burr’s bill what they want is a sort of CALEA on steroids, with the kind of equipment facilitation of CALEA.
The problem, of course, is that the providers have made it abundantly clear that they will not commit to retaining the data for any period of time as contemplated by the House-passed bill unless they are legally required to do so. There is no such requirement in the bill. For example, one provider said the following: “[We are] not prepared to commit to voluntarily retain documents for any particular period of time pursuant to the proposed USA FREEDOM Act if not otherwise required by law.”
Far from addressing the concerns many have had about the USA FREEDOM Act, the administration in its letter only underscored the problem. It said the only way this nonexistent system could even be built in time is if the providers cooperate. But the providers have made it abundantly clear they will not cooperate, and there is nothing–absolutely nothing–in the bill that would require them to do so. Again, by cooperate, Mitch means far more than just providing data.
This is just as cynical as the letter from the Attorney General and the Director of National Intelligence that assured us they would let us know about any problems after the current program was replaced with a nonexistent system. Let me say that again. This is just as cynical as the letter from the Attorney General and the Director of National Intelligence that assured us they would let us know about any problems after the current program was replaced with a nonexistent system. Boy, that is reassuring.
This is beyond troubling. We should not establish an alternate system that contains a glaring hole in its ability to function–namely, the complete absence of any requirement for data retention.
I have begun the legislative process to advance a 60-day extension of section 215 and the other two authorities that will expire soon. This extension will allow for the Intelligence Committee to continue its efforts to produce a compromise bill we can send to the House that does not destroy an important counterterrorism tool that is needed to protect American lives. Two lies in this sentence: First, Burr’s is no compromise bill; it’s an astonishing power grab. Also, Burr’s system is not a counterterrorism one; rather, it would permit the government to obtain data domestically based on no more than a foreign intelligence purpose.