The Ironies of the EO 12333 Sharing Expansion for Obama and Trump

In one of his first acts as leader of the Democratic party in 2008, Barack Obama flipped his position on telecom immunity under FISA Amendments Act, which cleared the way for its passage. That was a key step in the legalization of the Stellar Wind dragnet illegally launched by George Bush in 2001, the normalization of turnkey surveillance of the rest of the world, surveillance that has also exposed countless Americans to warrantless surveillance.

Bookends of the Constitutional law president’s tenure: codifying and expanding Stellar Wind

So it is ironic that, with one of his final acts as President, Obama completed the process of normalizing and expanding Stellar Wind with the expansion of EO 12333 information sharing.

As I laid out some weeks ago, on January 3, Loretta Lynch signed procedures that permit the NSA to share its data with any of America’s other 16 intelligence agencies. This gives CIA direct access to NSA data, including on Americans. It gives all agencies who jump through some hoops that ability to access US person metadata available overseas for the kind of analysis allegedly shut down under USA Freedom Act, with far fewer limits in place than existed under the old Section 215 dragnet exposed by Edward Snowden.

And it did so just as an obvious authoritarian took over the White House.

I’ve was at a privacy conference in Europe this week (which is my partial explanation for being AWOL all week), and no one there, American or European, could understand why the Obama Administration would give Trump such powerful tools.

About the only one who has tried to explain it is former NSA lawyer Susan Hennessey in this Atlantic interview.

12333 is not constrained by statute; it’s constrained by executive order. In theory, a president could change an executive order—that’s within his constitutional power. It’s not as easy as just a pen stroke, but it’s theoretically possible.

[snip]

When they were in rewrites, they were sort of vulnerable. There was the possibility that an incoming administration would say, “Hey! While you’re in the process of rewriting, let’s go ahead and adjust some of the domestic protections.” And I think a reasonable observer might assume that while the protections the Obama administration was interested in putting into place increased privacy protections—or at the very least did not reduce them—that the incoming administration has indicated that they are less inclined to be less protective of privacy and civil liberties. So I think it is a good sign that these procedures have been finalized, in part because it’s so hard to change procedures once they’re finalized.

[snip]

I think the bottom line is that it’s comforting to a large national-security community that these are procedures that are signed off by Director of National Intelligence James Clapper and Attorney General Loretta Lynch, and not by the DNI and attorney general that will ultimately be confirmed under the Trump Administration.

Hennessey’s assurances ring hollow. That’s true, first of all, because it is actually easier to change an EO — and EO 12333 specifically — than “a pen stroke.” We know that because John Yoo did just that, in authorizing Stellar Wind, when he eliminated restrictions on SIGINT sharing without amending EO 12333 at all. “An executive order cannot limit a President,” Yoo wrote in the 2001 memo authorizing Stellar Wind. “There is no constitutional requirement for a President to issue a new executive order whenever he wishes to depart from the terms of a previous executive order. Rather than violate an executive order, the President has instead modified or waived it.” And so it was that the NSA shared Stellar Wind data with CIA, in violation of the plain language of EO 12333 Section 2.3, until that sharing was constrained in 2004.

Yes, in 2008, the Bush Administration finally changed the language of 2.3 to reflect the SIGINT sharing it had started to resume in 2007-2008. Yes, this year the Obama Administration finally made public these guidelines that govern that sharing. But recent history shows that no one should take comfort that EOs can bind a president. They cannot. The Executive has never formally retracted that part of the 2001 opinion, which in any case relies on a 1986 OLC opinion on Iran-Contra arguing largely the same thing.

No statutorily independent oversight over vastly expanded information sharing

Which brings us to whether the EO sharing procedures, as released, might bind Trump anymore than EO 12333 bound Bush in 2001.

In general, the sharing procedures are not even as stringent as other surveillance documents from the Obama Administration. The utter lack of any reasonable oversight is best embodied, in my opinion, by the oversight built into the procedures. A key cog in that oversight is the Department of National Intelligence’s Privacy and Civil Liberties Officer — long inhabited by a guy, Alex Joel, who had no problem with Stellar Wind. That role will lead reviews of the implementation of this data sharing. In addition to DNI’s PCLO, NSA’s PCLO will have a review role, along with the General Counsels of the agencies in question, and in some limited areas (such as Attorney Client communications), so will DOJ’s National Security Division head.

What the oversight of these new sharing procedures does not include is any statutorily independent position, someone independently confirmed by the Senate who can decide what to investigate on her own. Notably, there is not a single reference to Inspectors General in these procedures, even where other surveillance programs rely heavily on IGs for oversight.

There is abundant reason to believe that the PATRIOT Act phone and Internet dragnets violated the restrictions imposed by the FISA Court for years in part because NSA’s IG’s suggestions were ignored, and it wasn’t until, in 2009, the FISC mandated NSA’s IG review the Internet dragnet that NSA’s GC “discovered” that every single record ingested under the program violated FISC’s rules after having not discovered that fact in 25 previous spot checks. In the past, then, internal oversight of surveillance has primarily come when IGs had the independence to actually review the programs.

Of course, there won’t be any FISC review here, so it’s not even clear whether explicit IG oversight of the sharing would be enough, but it would be far more than what the procedures require.

I’d add that the Privacy and Civil Liberties Oversight Board, which provided key insight into the Section 215 and 702 programs, also has no role — except that PCLOB is for all intents and purposes defunct at this point, and there’s no reason to believe it’ll become operational under Trump.

Obama vastly expanded information sharing with these procedures without implementing the most obvious and necessary oversight over that sharing, statutorily independent oversight.

Limits on using the dragnet to affect political processes

There is just one limit in the new procedures that I think will have any effect whatsoever — but I think Trump may have already moved to undercut it.

The procedures explicitly prohibit what everyone should be terrified about under Trump — that he’ll use this dragnet to persecute his political enemies. Here’s that that prohibition looks like.

Any IC element that obtains access to raw SIGINT under these Procedures will:

[snip]

Political process in the United States. Not engage in any intelligence activity authorized by these Procedures, including disseminations to the White House, for the purpose of affecting the political process in the United States. The IC element will comply with the guidance applicable to NSA regarding the application of this prohibition. Questions about whether a particular activity falls within this prohibition will be resolved in consultation with the element’s legal counsel and the General Counsel of the Office of the Director of National Intelligence (ODNI) (and the DoD’s Office of the General Counsel in the case of a DoD IC element).

If you need to say the IC should not share data with the White House for purposes of affecting the political process, maybe your info sharing procedures are too dangerous?

Anyway, among the long list of things the IC is not supposed to do, this is the only one that I think is so clear that it would likely elicit leaks if it were violated (though obviously that sharing would have to be discovered by someone inclined to leak).

All that said, note who is in charge of determining whether something constitutes affecting political processes? The IC agency’s and ODNI’s General Counsel (the latter position is vacant right now). Given that the Director of National Intelligence is one of the positions that just got excluded from de facto participation in Trump’s National Security Council (in any case, Republican Senator Dan Coats has been picked for that position, which isn’t exactly someone you can trust to protect Democratic or even democratic interests), it would be fairly easy to hide even more significant persecution of political opponents.

FBI and CIA’s expanded access to Russian counterintelligence information

There is, however, one aspect of these sharing guidelines that may have work to limit Trump’s power.

In the procedures, the conditions on page 7 and 8 under which an American can be spied on under EO 12333 are partially redacted. But the language on page 11 (and in some other parallel regulations) make it clear one purpose under which such surveillance would be acceptable, as in this passage.

Communications solely between U.S. persons inadvertently retrieved during the selection of foreign communications will be destroyed upon recognition, except:

When the communication contains significant foreign intelligence or counterintelligence, the head of the recipient IC element may waive the destruction requirement and subsequently notify the DIRNSA and NSA’s OGC;

Under these procedures generally, communications between an American and a foreigner can be read. But communications between Americans must be destroyed except if there is significant foreign intelligence or counterintelligence focus. This EO 12333 sharing will be used not just to spy on foreigners, but also to identify counterintelligence threats (which would presumably include leaks but especially would focus on Americans serving as spies for foreign governments) within the US.

Understand: On January 3, 2017, amid heated discussions of the Russian hack of the DNC and public reporting that at least four of Trump’s close associates may have had inappropriate conversations with Russia, conversations that may be inaccessible under FISA’s probable cause standard, Loretta Lynch signed an order permitting the bulk sharing of data to (in part) find counterintelligence threats in the US.

This makes at least five years of information collected on Russian targets available, with few limits, to both the CIA and FBI. So long as the CIA or FBI were to tell DIRNSA or NSA’s OGC they were doing so, they could even keep conversations between Americans identified “incidentally” in this data.

I still don’t think giving the CIA and FBI (and 14 other agencies) access to NSA’s bulk SIGINT data with so little oversight is prudent.

But one of the only beneficial aspects of such sharing might be if, before Trump inevitably uses bulk SIGINT data to persecute his political enemies, CIA and FBI use such bulk data to chase down any Russian spies that may have had a role in defeating Hillary Clinton.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

8 replies
  1. trevanion says:

    Someone needs to do a timeline on the Great Retreat of the American judicial branch of government.

    We are left with a pipsqueak that has become so irrelevant on the big questions of the day that it can be openly ignored by sworn officers carrying guns, as we saw over the weekend.

     

  2. Bob In Portland says:

    No irony. After an incident of mechanical failure on an Obama campaign flight and the failure of the Secret Service to turn on a metal detector at a campaign rally in D-A-L-L-A-S, Obama flipped on the FISA bill of 2008. Why should anyone be surprised?

    And it’s not ironic that Obama would hand more power over to Trump and the intelligence community (although the relationship between Trump himself and the intelligence community is questionable). What Democratic President tried to limit the power of the Presidency or prosecute the crimes of the preceding Republican regime?

    By the way, has any proof about Russian “hacking” the US election been released yet?

  3. SpaceLifeForm says:

    “I still don’t think giving the CIA and FBI (and 14 other agencies) access to NSA’s bulk SIGINT data with so little oversight is prudent.”

    Nor do I from the legal angle.

    But, from the angle that you (EW) know I am coming from, maybe it will prove fruitful.

    However, the big question:

     

    How will the other 16 TLAs really know they are actually getting a full uncensored SIGINT feed?

     

    I suspect (but can not prove) that there is no way the other 16 TLAs can or will ever know if what they see is actually SIGINT reality.

     

    And even if there is no forged SIGINT, what is to prevent filtering of legit SIGINT that the other 16 TLAs may actually need for an investigation?

     

    When you are a card deck manufacturer, you can make the cards look however you wish.

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

  4. greengiant says:

    “When the communication contains significant foreign intelligence or counterintelligence” One can imagine that all communications to a foreign party or discussing a foreign party will be significant.
    Another reminder that every DNS query, every web page ( several times over since not only possibly recorded via software on your computer/phone, but also recorded when every web page address is first passed off to google to check that it is not a malware address), every email, every text, every phone call metadata, ( that would include all voice since it is digitized), and every social media post I imagine is in the public domain or could be as well as searchable by business and law enforcement entities already. A poor man’s tool as to whether a Stingray like device is being used to degrade cell phones to 2G technology is just observe how fast your old 3G phone’s battery is used near the suspected Stingray device.
    Combine EO 12333 like activities with the re-elect the president campaign filing Jan 20th and constraints on US visitors political activities and perhaps the day will come if the President’s name is found to have mentioned by an incoming visitor they will be denied entry just as those traveling from Canada were denied entry on Jan 20th when they admitted to going to Washington DC “women’s march”.

  5. tryggth says:

    If the EO 12333 sharing use case you mentioned at the end is closed under Trump do you think we would hear?

  6. bevin says:

    “But one of the only beneficial aspects of such sharing might be if, before Trump inevitably uses bulk SIGINT data to persecute his political enemies, CIA and FBI use such bulk data to chase down any Russian spies that may have had a role in defeating Hillary Clinton.”

    I am genuinely shocked by the persistence with which you drag this bedraggled canard around. Is there anything to tell Bob in Portland? Is there any evidence of Russian involvement in the publication of the Podesta and DNC emails?

    And, if there should be some, does it begin to make a perceptible showing when measured against the regular US government intervention in foreign elections?

    Or the Israeli influence in the elections, which is open and plain for all to see?

    Or the British influence, as for example, in the clear connivance of both CGHQ and MI6 in bolstering this anti-Putin story, a much more serious and undeniable influence on both the election and the formation of the new government than anything being alleged against Russia.

    • John Casper says:

      bevin,

      “I am” not at all “shocked by the persistence with which you drag this bedraggled canard around” that completely misses the point.

       

      • Bob In Portland says:

        Proof. It’s something we used to demand before accepting allegations as truth.

        Perhaps a little quaint these days.

         
        In the midst of this descent toward psychosis, democratic politics as tolerance, acknowledging the boundary of the other, the integrity of rights, and respect for difference erodes; its perceptual universe, grounded in secondary process thinking, in the morality of liberty and proportion, disappears before the psychotic fears, unconscious phantasies, and the annihilating power of rage. The culture, caught up in the abject, shows little patience with ambiguity, ambivalence, or individuality; it may embrace totalistic solutions, visions that posit others as all good or all bad. It may provoke bizarre ideological and cultural ideas and become scornful of deliberation. Primitive need overwhelms proportion. “Politicians and philosophers,” in Peter Gay’s words, proclaim “a world of saints in combat with devils”. The ideology of abjection defines nations, peoples, groups, values, beliefs, as inferior, noxious, corrupt, poisonous. Even the Hobbesian justification of economic appetite and the laws of the market—the nonempathic, frenetic, exclusionary, and often brutal properties of possessive individualism—might itself be an example of primitive entitlement, a historical representation of abjection working itself out in the marketplace, pathological narcissism as economic reality. – James M. Glass, PSYCHOSIS AND POWER

Comments are closed.