April 20, 2016 / by emptywheel


Last July, NSA and CIA Decided They Didn’t Have to Follow Minimization Procedures, and Judge Hogan Is Cool with That

Yesterday, I Con the Record released three FISA Court opinions from last year. This November 6, 2015 opinion, authorizing last year’s Section 702 certifications, has attracted the most attention, both for its list of violations (including the NSA’s 3rd known instance of illegal surveillance) and for the court’s rejection of amicus Amy Jeffress’ argument that FBI’s back door searches are not constitutional. I’ll return to both issues.

I’m surprised, however, that this passage hasn’t generated more attention.

The NSA and CIA Minimization Procedures included as part of the July 15, 2015 Submission each contain new language stating that “[n]othing in these procedures shall prohibit the retention, processing, or dissemination of information reasonably necessary to comply with specific constitutional, judicial, or legislative mandates.” See NSA Minimization Procedures at 1; CIA Minimization Procedures at 4-5. These provisions were not included in the draft procedures that were submitted to the Court in June 2015, but appear to have been added by the government thereafter. They are not discussed in the July 15, 2015 Memorandum.

So basically, NSA and CIA just slipped in language suggesting that they can blow off minimization procedures mandated by Congress, without prior explanation (which is highly unusual in FISA process). The language reminds me of the language NSA used in Intelligence Oversight Board reports to cover up for Stellar Wind. Or the language John Yoo used in his letter to Colleen Kollar-Kotelly saying that FISC couldn’t bind the President.

Thomas Hogan was, to some degree, suitably shocked by this. After laying out how much detail goes into minimization procedures, he said,

A provision that would allow the NSA and CIA to deviate from any of these restrictions based un unspecified “mandates” could undermine the Court’s ability to find the procedures satisfy the above-described statutory requirement.

Ya think?!?!

Hogan then went on to suggest — based on what evidence, he doesn’t say — that the NSA and CIA will only use this language sparingly because the NCTC, which apparently has similar language in their minimization procedures, claimed they’d only use it sparingly.

It appears, however, that the government does not intend to apply these provisions as broadly as their language would arguably permit. In 2012, the government proposed a similar provision as part of minimization procedures to be applied by NCTC in handling certain unminimized terrorism-related information acquired by FBI pursuant to other provisions of FISA. In requesting approval of a provision that would allow NCTC personnel to deviate from other requirements of its minimization procedures when “reasonably necessary to comply with specific constitutional, judicial, or legislative mandates,” the government asserted that “Executive Branch orders or directives will not trigger this provision, nor will general Congressional directives that are not specific to information NCTC receives pursuant to this motion. [citation removed] The Court approved the NCTC minimization procedures with the understanding that this provision would be applied sparingly.The Court described the provision as permitting NCTC personnel to “retain, process or disseminate information when reasonably necessary to fulfill specific legal requirements” and compared it to a more narrowly-drafted provision of separate procedures that permits CIA to retain or disseminate information that is “required by law to be retained or disseminated.”

This language, which if I’m counting correctly, is now in everyone’s minimization procedures but FBI’s, is alarming enough in the NCTC context, which will only get counterterrorism information and that only via FBI.

But CIA and NSA get raw data. Shit-tons of it. Which makes the scale of such language pretty damned alarming.

Having thus assumed the NCTC example is decent precedent for the NSA and CIA adoption, Hogan then does something else amazing. He relies on “informal communications.”

The Court understands based on informal communications between Court staff and attorneys for the government that NSA and CIA intend to apply the similar provisions at issue here in the same narrow manner. In any case, to avoid a deficiency under the above-described definition of “minimization procedures” the Court must construe the phrase “specific constitutional, judicial, or legislative mandates” to include only those mandates containing language that clearly and specifically requires action in contravention of an otherwise-applicable provision of the requirement of the minimization procedures. Such clear and specific language, for instance, might be found in a court order requiring the government to preserve a particular target’s communications beyond the date when they would otherwise be subject to age-off under the minimization procedures. On the other hand, these provisions should not be interpreted as permitting an otherwise prohibited retention or use of information simply because that retention of use could assist the government in complying with a general statutory requirement, such as those stated at 50 U.S.C. § 1881a(b).

This is batshit insane! The court has for years, fought, often unsuccessfully, to keep NSA within the scope of the law as interpreted in minimization procedures. The government slipped in a provision basically saying, if we decide we don’t have to follow minimization procedures mandated by law, we won’t. And Hogan hasn’t required written explanation for why the agencies need this?!?!?!

Hogan does it again in a footnote suggesting the government “may” use this provision to share data with Congress.

The Court understands that the government may have added these new provisions to clarify that information acquired under Section 702 may be shared with Members of Congress or Congressional committees in connection with Congressional oversight of the program. If so, the Court would urge the government to consider replacing these broadly-worded provisions with language that is narrowly tailored to that purpose.

Hey Judge Hogan? The law requiring you approve these minimization procedures and NSA follow them? That law comes from Congress. If Congress needs NSA to start sharing raw data with it (!!!!), then it can change the law. At the very least, don’t you owe your independent branch of government — and the American people — more certainty than that this may explain this alarming provision?

But no. Hogan required nothing in writing. He did require reporting on how NSA and CIA use it. I’m not sure how that’ll be effective when President Trump decides he can pass an Executive Order requiring NSA to keep all the US person data it collects but not tell FISC about it, because the order they report on this to him is part of the minimization procedures they say they can blow off.

And note this is not one of the two areas that Hogan asked amicus Amy Jeffress to weigh in on. Apparently this is either not a “novel or significant interpretation of the law” requiring amicus review or Hogan didn’t include it because it didn’t get included in the June draft, which is when he decided this should have amicus review.

There’s a lot that’s troubling in this opinion. But the most troubling is that the presiding Judge of the FISC court just rubber-stamped NSA and CIA blowing off entirely the minimization procedures that are the core of the FISC’s leverage over the government.

Copyright © 2016 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2016/04/20/last-july-nsa-and-cia-decided-they-didnt-have-to-follow-minimization-procedures-and-judge-hogan-is-cool-with-that/