Shorter Devin Nunes: There Are Privacy-Violating Covert Counter-Terrorism Programs We’re Hiding

I want to return to a detail I pointed out in the Intelligence Authorization yesterday: This language, which would affirmatively clarify that the Privacy and Civil Liberties Oversight does not get access to information on covert operations.

ACCESS.—Nothing in this section shall be construed to authorize the Board, or any agent thereof, to gain access to information regarding an activity covered by section 503(a) of the National Security Act of 1947 (50 U.S.C. 3093(a)).

Some or several intelligence agencies are demanding this, presumably, at a time when PCLOB is working on a review of two EO 12333 authorized counterterrorism programs conducted by CIA or NSA that affect US persons.

During the next stage of its inquiry, the Board will select two counterterrorism-related activities governed by E.O. 12333, and will then conduct focused, in-depth examinations of those activities. The Board plans to concentrate on activities of the CIA and NSA, and to select activities that involve one or more of the following: (1) bulk collection involving a significant chance of acquiring U.S. person information; (2) use of incidentally collected U.S. person information; (3) targeting of U.S. persons; and (4) collection that occurs within the United States or from U.S. companies. Both reviews will involve assessing how the need for the activity in question is balanced with the need to protect privacy and civil liberties. The reviews will result in written reports and, if appropriate, recommendations for the enhancement of civil liberties and privacy.

It may be that the IC demanded this out of some generalized fear, of the sort Rachel Brand raised when she objected to PCLOB’s plan to conduct this EO 12333 (though none of what she says addresses the covert nature of any program, but only their classification). Indeed, given that PCLOB planned to finish the review in question by end of year 2015, it is unlikely that the two programs PCLOB pursued were covert operations. Furthermore, there is nothing in Ron Wyden’s statement opposing this language (which I’ve replicated in full below) that seems to indicate the specificity of concern as he had, for example, with location data or secret law or the OLC opinion affecting cybersecurity. Indeed, he specifically says, “this Board’s oversight activities to date have not focused on covert action.”

So there’s nothing in the public record to make me believe PCLOB has already butted up against a covert operation.

That said, I have in recent weeks become increasingly certain there are programs being run under the guise of counterterrorism, off the official books (and/or were, even after Stellar Wind was “shut down”), and probably in ways the affect the privacy of Americans, potentially a great many Americans.

I say that because there are places where the numbers in the public record don’t add up, where official sources are providing obviously bullshit explanations. I say that, too, because it is clear some places where you’d be able to manage such programs (via personnel labeled as “techs,” for example, and therefore not subject to the oversight of the publicly admitted programs) have been affirmatively preserved over the course of years. I say that because certain authorizations were pushed through with far too much urgency given their publicly described roll out over years. I also say that because it’s increasingly clear CIA, at least, views its surveillance mandate to extend to protecting itself, which in this era of inflamed counterintelligence concerns, might (and has in the past for DOD) extend to spying on its perceived enemies (indeed, one of the programs that I think might be such a covert action would be entirely about protecting the CIA).

I have a pretty good sense what at least a few of these programs are doing and where. I don’t know if they are formally covert operations or not — that’s a confusing question given how covert structure has increasingly been used to preserve deniability from US courts rather than foreign countries. But I do know that the IC’s demand that PCLOB be affirmatively disallowed access to such information suggests it knows such programs would not pass the muster of civil liberties review.

In any case, thanks to House Intelligence Chair Devin Nunes for making that so clear.


Wyden’s statement

This afternoon the House of Representatives passed a new version of the Intelligence Authorization bill for fiscal year 2016. I am concerned that section 305 of this bill would undermine independent oversight of US intelligence agencies, and if this language remains in the bill I will oppose any request to pass it by unanimous consent.

Section 305 would limit the authority of the watchdog body known as the Privacy and Civil Liberties Oversight Board. In my judgment, curtailing the authority of an independent oversight body like this Board would be a clearly unwise decision. Most Americans who I talk to want intelligence agencies to work to protect them from foreign threats, and they also want those agencies to be subject to strong, independent oversight. And this provision would undermine some of that oversight.

Section 305 states that the Privacy and Civil Liberties Board shall not have the authority to investigate any covert action program. This is problematic for two reasons. First, while this Board’s oversight activities to date have not focused on covert action, it is reasonably easy to envision a covert action program that could have a significant impact on Americans’ privacy and civil liberties – for example, if it included a significant surveillance component.

An even bigger concern is that the CIA in particular could attempt to take advantage of this language, and could refuse to cooperate with investigations of its surveillance activities by arguing that those activities were somehow connected to a covert action program. I recognize that this may not be the intent of this provision, but in my fifteen years on the Intelligence Committee I have repeatedly seen senior CIA officials go to striking lengths to resist external oversight of their activities. In my judgment Congress should be making it harder, not easier, for intelligence officials to stymie independent oversight.

For these reasons, it is my intention to object to any unanimous consent request to pass this bill in its current form. I look forward to working with my colleagues to modify or remove this provision

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. orionATL says:

    and that, laddie, is how the anaconda named Cia slowly swallowed the government of the country.

    what do you think? quite a tail, isn’t it?

  2. orionATL says:

    “… For these reasons, it is my intention to object to any unanimous consent request to pass this bill in its current form. I look forward to working with my colleagues to modify or remove this provision..”

    just one senator with his finger in the dike.

  3. orionATL says:

    I certainly don’t have any pertinent info to add, but if I had to go searching, I think i’d send my bloodhounds sniffing around fbi first.

    since, except for interagency jealousie, the two organizations function as one, whatever was deemed needed domestically would be done by the fbi/Dea (and maybe treasury).

  4. Philip Paul says:

    Marcy got a well deserved shout out from Fortune magazine for her position saying that the NSA might be able to continue with their phone record collection due to previous authority.

    But the framework has changed.

    At 11:59 P.M. on Saturday night, the U.S. National Security Agency supposedly yanked the cord on its bulk telephone records collection, thereby ending an expansive surveillance program that the nation’s intelligence community put in place in the wake of the September 11, 2001 terror attacks.

    “There will be no analytic access to the collected metadata after this time,” the Office of the Director of National Intelligence (ODNI) said in a statement.

    The public learned of the agency’s spying program after Edward Snowden—ex-NSA contractor and whistleblower extraordinaire—leaked information about it to news outlets in 2013. That revelation provoked an uproar among privacy advocates, and Congress eventually reacted by replacing parts of the U.S.A. Patriot Act, which authorized the privacy-invasive program, with a seemingly-less-intrusive piece of legislation, the U.S.A. Freedom Act, over the summer.

    It would be wrong to conclude, however, that this moment signaled the demise of the agency’s surveillance powers. Rather, the NSA has transitioned to a new system. The reformed scheme addresses the most controversial aspects of the collection program, but questions remain about its implementation. Here’s everything you need to know about the change.

    What happened at midnight on Saturday?

    When the clock struck midnight, a 6-month-long “orderly transition” period for the NSA expired. After the Freedom Act became law in early June, the agency was granted a 180-day grace period to get its affairs in order before putting an end to the bulk phone metadata collection program authorized by a particular portion—Section 215—of the Patriot Act. Under the new guidelines, the NSA no longer may directly collect and hold data about the domestic phone records of U.S. citizens.

    Instead, telecom companies will retain and access the data on their customers. The NSA may then seek warrants from the secretive courts created by the Foreign Intelligence Surveillance Act (FISA) in order to compel these companies to hand over pertinent information on terrorism suspects and affiliates. The requests are not done in bulk, but rather require “specific selectors” such as the phone number of an individual. The NSA then has up to 180-days to query the telecom companies for more data—on socially connected persons of interest, so-called one-to-two degree “hops” on their networks—before seeking a renewed authority from a FISA court.

    There are exceptions to these items though.

    What kinds of exceptions?

    Notably, the NSA’s bulk collection database still exists. The agency has requested permission to keep its records for the past five years intact through Feb. 29, 2016. This will ostensibly allow the agency to make sure nothing has gone awry during the transition. Access will be “limited to technical personnel and solely for the purpose of verifying that the new targeted production mechanism authorized by the USA FREEDOM Act is working as intended,” ODNI said in a statement. The database is “hands off” for analysts. Additionally, it’s worth noting that the NSA must retain these records until all lawsuits regarding the original program are resolved.

    What’s inside the database?

    As mentioned, the database contains metadata. It includes information on phone calls such as who, when, and how long—for instance, the identity of the sender and recipient, the duration, and the time and date. Metadata does not include the content of conversations. However, that doesn’t make it any less of a treasure trove for dot-connecting investigators.

    Why did the NSA need such broad powers to begin with?

    The agency argued that it needed quick insight about possible terrorists’ networks in case another attack struck. That way the NSA could find out vital intel in emergency situations at the drop of a hat.

    On the face of it, that capability might seem reasonable. The argument gains support in the wake of the recent terror attacks in Paris as well as other places around the world. An investigation into the success of the program, however, revealed no evidence that the program ever helped in any case. “We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation,” concluded a privacy and civil liberties board set up by the president last year, which reviewed the program’s efficacy (or lack thereof).

    Plus, privacy advocates have been quick to note the potential for abuse and lack of checks and balances for whomever has access to the database.

    Will any parts of the old program continue?

    In addition to the technical extension of the database until Feb. 29, 2016, as mentioned above, there is another quandary. An overlooked clause in a note accompanying the Patriot Act seems to authorize bulk collection indefinitely for “ongoing investigations.” There’s some debate about what this means exactly, as the New York Times has reported. For instance, does the authority of that supplementary note supersede the Freedom Act? The answer is not immediately clear. Also, do campaigns against al-Qaeda and ISIS qualify as ongoing investigations? And if so, if they drag on—does this then give intelligence agencies carte blanche to continue collecting phone metadata in bulk? Also unclear.

    Are there any other potential legal loopholes?

    In fact, yes. An executive order—number 12333—signed originally by Ronald Reagan—could be interpreted to authorize the continuance of bulk collection, so long as it is “incidentally collected in the course of a lawful foreign intelligence investigation,” as the Washington Post explains. Given the global nature of the world’s telecommunications infrastructure, that capability could easily allow the agency to continue its snooping on just about anyone. The national security blogger Marcy Wheeler recently raised this point on her site Empty Wheel, suggesting that the agency’s phone metadata dragnet could potentially continue unabated under the earlier authority. By justifying the program through other means, the NSA could find a functional workaround just as it did for its seemingly retired email metadata bulk collection program, Stellarwind.

    http://fortune.com/2015/12/01/nsa-phone-bulk-collection-end/

Comments are closed.