Well over a year after the Department of Justice’s Inspector General started an investigation into the US Attorney firings, they’re set to punt tomorrow. They won’t refer Gonzales–or anyone else–for prosecution, but they will recommend that someone–someone with subpoena power–continue the investigation.

Justice Inspector General Glenn A. Fine and Office of Professional Responsibility director H. Marshall Jarrett, who wrote the report, will not absolve Justice Department officials of blame but will recommend that efforts continue to resolve unanswered questions, said the sources, who spoke on condition of anonymity because the findings have not yet been made public. 

The problem, it seems, is the same problem that prevented Congress from determining the truth behind the US Attorney firings: key participants refused to cooperate.

An intense effort to determine how the firing plan originated and whether perjury or obstruction of justice laws were violated in refusing to reveal the basis for the dismissals has been thwarted, partly because investigators lack the power to compel testimony from people outside of the Justice Department.

[snip]

Investigators did not win access to lawmakers and their assistants or former White House aides despite attempts to interview them.

Yeah, those key participants: Harriet Miers, Turdblossom, Bush, Domenici and his staffers, Heather Wilson and her staffers, etcetera. What a surprise. Mukasey’s refusal to appoint a prosecutor last year–and his ongoing support for the claims of executive privilege and absolute immunity–bought the White House a year in their attempts to stall or quash this investigation.

And, as if you didn’t already guess, Mukasey seems unprepared to appoint a special counsel to investigate this–he seems poised to appoint someone internal, just as he did with the torture tape destruction investigation.

Despite calls from some of the fired U.S. attorneys, Mukasey will not name a special prosecutor from outside the department. Instead, he intends to hand over the project to a career lawyer with experience in public corruption work, the sources said. 

Tune in tomorrow where we see yet more evidence of DOJ’s changing stories about why they fired the US Attorneys.

Via Marty Lederman, an update on the investigation(s) into the USA Purge.

But recent behind-the-scenes activity in several investigations suggests that the issue that roiled Congress in 2007 could re-emerge in the heat of the election year. Two inquiries by the House and Senate ethics committees are examining whether several congressional Republicans, including one running for the Senate this year, improperly interfered with investigations.

As potent as the congressional probes might be, they appear to be far narrower than a sprawling inquiry launched by the Justice Department’s Office of Inspector General (OIG) and the Office of Professional Responsibility (OPR).

Investigators from these offices have been questioning whether senior officials lied to Congress, violated the criminal provisions in the Hatch Act, tampered with witnesses preparing to testify to Congress, obstructed justice, took improper political considerations into account during the hiring and firing of U.S. attorneys and created widespread problems in the department’s Civil Rights Division, according to several people familiar with the investigation.

It is mostly just a review. The two most interesting details I found were, firstly, the news that the House and Senate Ethics Committees were still pursuing this. That suggests that–as we suspected–Pete Domenici may well be leaving the Senate because he knows he broke the law when he tried to get David Iglesias fired for not indicting Democrats according to the election schedule. It also means Representative Heather Wilson will have some challenges as she runs for the Senate this year (the House inquiry will predictably lead nowhere, but if this report comes out before the election…). 

The other interesting detail is a partial list of those whom the OIG/OPR investigation have interviewed (including David Iglesias’ wife):

Following the Senate ethics committee visit to Albuquerque last month, Justice Department investigators interviewed Iglesias’s former staff, according to a well-placed source.

Justice Department investigators also interviewed Allen Weh, chairman of the New Mexico Republican Party, last year.

Weh reportedly complained about Iglesias in 2005 to Karl Rove, who was then White House deputy chief of staff.

Weh said last week that his interview with the investigators was brief, and he didn’t expect inquiries to amount to anything significant. “People don’t care about this; this is yesterday,” Weh said.

These two details–that the investigators interviewed Weh and Iglesias’ former staffers–are important. Weh was in the press early claiming he had been pushing Rove to fire Iglesias back in 2005, much earlier than the DOJ documents suggested Iglesias had been targeted. But it now appears Weh’s comments were part of a cover-up, an attempt to draw attention away from the later period, in which Bush was personally involved in Iglesias’ targeting. No wonder Weh wants you to believe that "this is yesterday."

By interviewing Iglesias’ former staff, investigators will also be able to pinpoint when the "absentee landlord" claims began–and show that that, too, was just a cover story to hide the actual events that implicate Bush.

The article suggests we may get "a scathing report within the next three months," though we were waiting for a report last fall. Let’s hope the three months estimate is more real than the last one.

This is my general review of the interim report on the USA Purge. If you haven’t already done so, make sure you read the post on the Iglesias cover-up, which I believe to be the most important aspect of the report.

The report on the findings to date in the USA purge lists the following crimes and violations that may have been committed in the course of the USA firings:

• Obstruction of justice, attempted obstruction of justice [18 USC 1503, 1505, 1512(c)(2)]
• Criminal Hatch Act violations [18 USC 606]
• Presidential failure to ensure that laws are faithfully executed [Constitution, Article II, Section 3]
• Civil Hatch Act violations [5 USC 7323(a)(1)]
• Federal Civil Rights laws [18 USC 242]
• Conspiracy [18 USC 2, 371]
• Perjury [18 USC 1621]
• False Statements [18 USC 1001]

For a number of these potential crimes (particularly obstruction and criminal Hatch Act violations), the report cites multiple possible violations. This is a list that bloggers on this topic need to keep ready at hand, because it puts in concrete terms what this whole investigation is about. This report, for the first time, makes clear that Congress is investigating real criminal violations, that evidence suggests a crime was committed, and that by invoking executive privilege, the White House is obstructing the investigation into potential crimes.

281 days. That’s how long–by my admittedly rough count–Jeff Taylor has been serving as Interim USA for DC. He’s been serving roughly 21 days since George Bush signed a law that effectively did away with the PATRIOT appointment he currently serves under. Yet there he is, a former DOJ clique-member, Counselor to the Attorney General for four years, and before that Counsel to the Republican-led Senate Judiciary Committee.
Yet come Wednesday, when it comes time to talk about a contempt citation for Sara Taylor, Jeff Taylor is the one who will get to choose whether or not he will serve that citation.

Now, perhaps Pat Leahy knows Taylor and is confident he’ll serve SJC’s subpoenas. But I doubt it, because if so, I’m guessing Taylor wouldn’t have that "interim" before his name still.

So why is Jeff Taylor still serving? When do we get our new USA for DC? Because, in about four days, it’ll become crystal clear that appointing a Senate-approved USA is long overdue.

At a hearing before the Senate Committee on Indian Affairs this week, Thomas Heffelfinger got asked some questions about how the USA Purge related to his work–and that of Chiara, Charlton, Iglesias, McKay, and Bogden before they were fired. In his testimony, Heffelfinger noted that those USAs on NAIS who were fired were not just on the subcommittee, they were leaders on it. Of the meetings NAIS had, four of five were hosted by the fired USAs (Chiara was the only fired USA who did not host a meeting). Heffelfinger went on:

All of those five people were zealous advocates in their own districts for improving public safety in Indian Country and improving Indian Country’s role in our broader Homeland Security infrastructure. As to the specific reasons why individuals got put on that list I think you will have to ask Kyle Sampson [laughs] but it is not a mere coincidence that five of eight were leaders amongst Native American prosecutors.

You’d think that, after Heffelfinger made such a statement before Congress, someone would act on it. We may not have long to wait. From a local story on Heffelfinger’s testimony:

Heffelfinger was slated to attend a meeting at the Justice Departmenton Thursday afternoon but would not say with whom he was meeting.

And DOJ, which has given precisely no persuasive explanations for anyone (save Kevin Ryan’s) firing, wants you to know that a focus on Native American issues has nothing to do with the firing.

Justice Department spokesman Brian Roehrkasse said Heffelfinger’sassertions were false, suggesting that Heffelfinger had no evidencelinking the firings and work in Indian Country.

I say we bring back Kyle Sampson and ask him under oath!

I first mentioned the arrest of a Kaspersky researcher for treason last week.  Since then, more of the American press has been focusing on it, often simply assuming that what are now reported to be up to six arrests must have some tie to the Russian hack of the DNC and other election-related targets.

One way or another, the arrests—according to the Russian media accounts—are linked to the country’s hacking of the US election.

Such assumptions don’t even engage with some of the most obvious questions, such as what all these FSB-related arrests would have to do with the hack-and-leak of DNC and Podesta emails allegedly done by Russia’s military intelligence GRU.

Obviously, the timing of the arrests would suggest there might be a connection, but the presumption has been downright sloppy. So in an effort to unpack this story, I’m going to lay out some of the known claimed details

Some of the better English language sources on the arrests are stories in Bloomberg, Guardian, FT, NYT, and Forbes (as well as the Brian Krebs story quoted in detail below).

Committing crimes pre-dating 2012

When news of Stoyanov’s arrest was made public, Kaspersky released a statement saying the activity pre-dated his employment at the security firm, so before 2013. That would seem to rule out involvement in the DNC hack.

Exposing King Servers as key infrastructure in Russian hacks

A more public explanation behind the purge is that Stoyanov and Mikhailov served as sources for the FBI on the investigation into the probes of the state election sites.

On August 18, the FBI released a flash about two probes of US state election websites. Among the details, it released an IP address, 5.149.249.172, associated with the probe. “The FBI received information of an additional IP address, 5.149.249.172, which was detected in the July 2016 compromise of a state’s Board of Election Web site.” Why you would need two human sources for this information, I’m not sure, but the implication in this narrative is that it came from the Russians.

On September 2, ThreatConnect released a report analyzing the IP address, tying it to other suspected Russian hacks.

However, as we looked into the 5.149.249[.]172 IP address within the FBI Flash Bulletin, we uncovered a spearphishing campaign targeting Turkey’s ruling Justice and Development (AK) Party, Ukrainian Parliament, and German Freedom Party figures from March – August 2016 that fits a known Russian targeting focus and modus operandi. As we explored malicious activity in the IP ranges around 5.149.249[.]172 we found additional linkages back to activity that could be evidence of Russian advanced persistent threat (APT) activity. This connection around the 5.149.249[.]172 activity is more suggestive of state-backed rather than criminally motivated activity, although we are unable to assess which actor or group might be behind the attacks based on the current evidence.

At the time, the guy who owns King Servers, which hosts that IP, Vladimir Fomenko, played dumb, claiming that the entities tied to the election website hacks owed him money and that the FBI had never contacted him but that he’d be happy to provide information.

More recently, Brian Krebs pulled up some of his old reporting to note that Fomenko has long-established ties to spam businessman Pavel Vrublevsky, including with these servers. Vrublevsky has been trying to implicate Mikhaylov and Stoyanov in leaking Russian investigative details to people in the west for years.

Multiple Russian media outlets covering the treason case mention that King-Servers and its owner Fomenko rented the servers from a Dutch company controlled by Vrublevsky.

Both Fomenko and Vrublevsky deny this, but the accusations got me looking more deeply through my huge cache of leaked ChronoPay emails for any mention of Mikhaylov or Stoyanov — the cybercrime investigators arrested in Russia last week and charged with treason. I also looked because in phone interviews in 2011 Vrublevsky told me he suspected both men were responsible for leaking his company’s emails to me, to the FBI, and to Kimberly Zenz, a senior threat analyst who works for the security firm iDefense (now owned by Verisign).

In that conversation, Vrublevsky said he was convinced that Mikhaylov was taking information gathered by Russian government cybercrime investigators and feeding it to U.S. law enforcement and intelligence agencies and to Zenz. Vrublevsky told me then that if ever he could prove for certain Mikhaylov was involved in leaking incriminating data on ChronoPay, he would have someone “tear him a new asshole.”

Krebs’ story would date Stoyanov’s actions to before his ties with Kaspersky, which would explain that part. But it would also suggest this might be product of a long-standing feud — or that the long-standing feud provides cover for a fight for power within the FSB.

One thing that’s interesting about all this is that, for some time, the US intelligence community did not attribute the probes of voter registration databases to Russian intelligence. A September 20 DHS alert attributed it to criminal hackers seeking identity theft data. The October 7 ODNI/DHS statement affirmatively declined to attribute it. It was not until the January 6, 2017 report on the hacks that the IC first blamed Russian intelligence (without specifying whether it was FSB or GRU) for the probes.

So if the FSB purge pertains to revealing details about the voter database probes to US intelligence, the first US public acknowledgment of that intelligence came after most people allegedly involved in exposing the tie had been arrested (though people like former Russian Ambassador Michael McFaul were yapping about such things in public statements, and the WaPo had gotten soft leaks about it). That is, in spite of complaints that US reporting might have set off this molehunt, for the registration databases, the molehunt preceded the IC’s affirmative (public) use of the data.

Hack-and-leaking top Russians

The other major allegation against the Russians is that they were involved with a hacking group Shaltai Boltai (which translates as Humpty Dumpty from Alice in Wonderland). The group has blackmailed and/or exposed the emails of a number of top Russian leaders, including Prime Minister Dmitry Medvedev and his deputy Arkady Dvorkovich.

Reports claim that Anikeev started the group years earlier, and the FSB either tried to infiltrate it, but then got swept up, or always had ties to it. Ultimately, though, the implication is that FSB was working both sides, using an Anonymous-modeled hacking group to acquire materials on powerful Russians even while, perhaps, using such hackers for Russian ends.

In mid-to-late October, the group released the emails of Vladislav Surkov, the architect of Putin’s Ukrainian policy. There wasn’t much revealed, though it did make it clear planning for Russia’s Ukrainian intervention went back some time. The understanding behind this narrative is that releasing these emails got too close to Putin, which led to the crack-down on the group.

Even when the emails got released, there was no public discussion of the possibility that this was US retaliation against Russia — not even after NBC published a really dick-wagging story on October 14 promising CIA retaliation. That’s the public story, anyway, which was really weird, given that exposing Putin’s plotting in Ukraine would be a really logical retaliation for the DNC hack (even if American exceptionalists like to pretend we would never do a hack and dump). The private story is different, but any private opinions I’ve heard don’t describe who might have conducted such a hack.

It’s also not entirely clear the timing works out. But it’s not clear we’ve got all those details yet.

I’m still working through these issues — and warnings from Russian observers that both of these narratives may just be convenient front stories for something else and/or for pure power consolidation are well taken.

What has also gone unmentioned is that at a time when Russia and the US would be staring each other down on a “cyber” battlefield, Putin just apparently took out a number of the key players in that field. No one has mentioned that, but even if these guys were working both sides in a manner that brought value to Putin, having them removed may leave holes in Russia’s cyber offense for the near future.

Update: This FT piece, based off an interview with what is alleged to be the last remaining Shaltai Boltai member at large, would seem to confirm that that explains the arrests (it explains the SB got FSB handlers in early 2016). Though I’d ask why someone would return from Thailand to apply for asylum in Estonia if Putin were after them.

Known arrestees

Colonel Sergey Mikhailov, deputy head of the Information Security Center at the FSB

Major Dmitry Dokuchaev (AKA Forb), also with ISC

Ruslan Stoyanov, now with Kaspersky but with earlier with cybercrime investigation firm Indryk and before that Ministry of Interior’s Cyber Crime Unit

Journalist Vladimir Anikeev, believed to have been in Ukraine and alleged to have led the hack ofVladislav Surkov

Known dates

August 18: FBI flash identifying new King Servers-related IP address used in probes of election related sites

September 2: ThreatConnect report implicating King Servers

September 5: Obama and Putin discuss hacks at G-20

September 20: DHS alert attributes voter registration probes to criminal hackers in search of PII

September 27: King Servers owner Vladimir Fomenko claims FBI hasn’t contacted him

October 7: ODNI/DHS statement on Russian hacking declines to attribute voter database hacks to Russian state

October 14: CIA preparing possible cyber response on Russia

October 23-25: Hackers release emails of Vladislav Surkov, exposing Putin’s Ukrainian plans

October 31: Obama contacts Putin on red cyber phone for first time

November 9: Anikeev reportedly detained, begins cooperating

November 26: Anonymous White House statement affirms integrity of election

December 4: Arrests of Mikhailov and Stoyanov

December 9: CIA-based leaks (based off recent human intelligence) claim DNC hack designed to get Trump elected

December 13: Last date on (partial) dossier implicating Trump

January 6, 2017: In declassified Russian Hack Report, US Intelligence Community for the first time attributes probes of voter websites to Russian intelligence (not specifying FSB or GRU): “Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards.”

January 11: Partial anti-Trump dossier published by BuzzFeed; Christopher Steele flees his home

January 23: GCHQ head Robert Hannigan quits to spend more time with his family

January 25: Kommersant announces arrests

Please consider a donation to support this work — we’ve got a long haul ahead 

When I learned yesterday that, in addition to “purging” Mike Rogers, Trump had added Devin Nunes and Crazy Pete Hoekstra to his transition team (thus replacing Rogers with both his predecessor and successor as House Intelligence Chair), I wondered whether the Benghazi report had something to do with the exchange. As I noted when the House Intelligence Committee’s report came out, Nunes repeatedly asked questions that Rogers cut short.

The NYT confirms that that is, indeed, one of the reasons Rogers got purged.

One member of the transition team said that at least one reason Mr. Rogers had fallen out of favor among Mr. Trump’s advisers was that, as chairman of the House Intelligence Committee, he had overseen a report about the 2012 attacks on the American diplomatic compound in Benghazi, Libya, which concluded that the Obama administration had not intentionally misled the public about the events there. That report echoed the findings of numerous other government investigations into the episode.

The report’s conclusions were at odds with the campaign position of Mr. Trump, who repeatedly blamed Hillary Clinton, his Democratic opponent and the secretary of state during the attacks, for the resulting deaths of four Americans.

In point of fact, the Additional Views that Rogers released with three other Republicans on the committee (but not Nunes) did find,

Senior U.S. officials perpetuated an inaccurate story that matched the Administration’s misguided view that the United States was nearing victory over al-Qa’ida.

The Additional Views also blamed State for ignoring safety concerns in Benghazi.

So that may not be the key difference between Rogers and Trump with regards to the Benghazi report.

Instead, consider what the report did not say about CIA’s facilitation of Saudi, Qatari, and Turkish arms transfers to Syria during this period — and Nunes’ attempts to push this issue further.

The report concludes that, “The CIA was not collecting and shipping arms from Libya to Syria.” It then explains how it proved this, noting that all witnesses (it sourced its reports only to security personnel and the Benghazi base chief, not the officers at the Annex) said they had not seen any non-CIA weapons at the Annex. But then it said:

From the Annex in Benghazi, the CIA was collecting intelligence about foreign entities that were themselves collecting weapons in Libya and facilitating their passage to Syria.

Here’s what the transcript of the committee’s interview with Mike Morell and the other intel bosses actually shows (page 15):

Mr. [Devin] Nunes: Are we aware of any arms that are leaving that area and going into Syria?

Mr. Morell: Yes, sir.

Mr. Nunes: And who is coordinating that?

Mr. Morell: I believe largely the [redacted–right length for Saudis] are coordinating that.

Mr. Nunes: They are leaving Benghazi ports and going to Syria?

Mr. Morell: I don’t know how they are getting the weapons from Libya to Syria. But there are weapons going from Libya to Syria. And there are probably a number of actors involved in that. One of the biggest are the [redacted–could be Qataris]

Mr. Nunes: And were the CIA folks that were there, were they helping to coordinate that, or were they watching it, were they gathering information about it?

Mr. Morell: Sir, the focus of my officers in Benghazi was [redacted], to try to penetrate the terrorist groups that were there so we could learn their plans, intentions and capabilities

Mike Rogers then interrupts because not everyone in the room is cleared to hear about what the CIA was doing in Benghazi. (Note, Fox’s Catherine Herridge also covered this here.)

Four months later, in a follow-up interview of Morell (file one, file two, at the break), Nunes picked up that line of questioning again. Having gotten Morell to state that there were weapons for security folks at the annex, he tries to clarify that none of these were being sent on. Mike Rogers again interrupts to offer “clarification,” though it becomes clear that on at least one occasion the CIA facility was used to transfer weapons.

The Chairman: There may be an exception, but that was not the rule.

So at the very least CIA was watching its allies send weapons from Libya to Syria, which given the clusterfuck in Syria — most notably the possibility that these weapons are now in the hands of ISIL — may be one reason to moderate the report.

That is, the interviews behind the report include clear evidence that the CIA was watching our allies run arms to Syria (and note, even there, Morell stopped short of saying the CIA wasn’t directly involved). Evidence that Nunes had a particular interest in pursuing.

Now consider a pair of rather famous DIA reports — reports done at a time that Trump advisor Mike Flynn was running the agency — on how the US ended up on the same side as al Qaeda in Syria.

What did the CIA know and when did they know it?

That’s the real question that ought to be raised by a recently declassified Defense Intelligence Agency (DIA) report, obtained by Judicial Watch in a Freedom of Information Act lawsuit. The August 2012 document describes how the U.S. ended up on the same general side in the Syrian Civil War as Al Qaeda in Iraq, the predecessor to ISIS. “AQI supported the Syrian opposition from the beginning,” the report explained. Meanwhile, “[w]estern countries, the Gulf states, and Turkey are supporting” rebel efforts against the Assad regime in a proxy war, putting them on the same side as, if not working together with, the terrorists now overrunning Iraq.

Some outlets have concluded that this means “the West intentionally sponsored violent Islamist groups to destabilize Assad.”

But as Juan Cole counters, the report that western powers supported rebels “doesn’t say that the US created sectarian groups and it does not say that the US favors al-Qaeda in Syria or the so-called ‘Islamic State of Iraq.’” Cole continues, “It says that those powers (e.g. Turkey and the Gulf monarchies) supporting the opposition wanted to see the declaration of a Salafi (hard line Sunni) breakaway statelet, in order to put pressure on the al-Assad regime.”

In a nutshell, Cole argues that the U.S. didn’t support Al-Qaeda in Syria directly. But its allies certainly did.

Two months after the report laying out AQI support for the rebels — another of the documents obtained by Judicial Watch shows — the DIA provided a detailed description of how weapons got shipped from Benghazi to Syria, presumably for rebel groups. “During the immediate aftermath of, and following the uncertainty caused by, the downfall of the [Qaddafi] regime in October 2011 and up until early September of 2012,” the report explained, “weapons from the former Libya military stockpiles located in Benghazi, Libya were shipped from the port of Benghazi, Libya, to the ports of Banias and the Port of Borj Islam, Syria.”

The report obtained by Judicial Watch says that the weapons shipments ended in “early September of 2012.” But note what event this second report conspicuously does not mention: The Sept. 11 attack on the State Department and CIA facilities in Benghazi at the same time that the flow of weapons stopped.

By all appearances, the Benghazi attack interrupted a CIA effort to arm the rebels in Syria that the US government acknowledged were allied with al Qaeda.

That’s what the Rogers-directed HPSCI report did not include.

Just as importantly, this fits in with what Flynn has said during the campaign [RT link intentional]. which is where Trump got the claim that Obama (and Hillary) “created” ISIS.

In addition, recall that in Flynn’s wake, DIA whistleblowers revealed that their more pessimistic take on ISIS was getting softened before it got to CentCom bosses.

Two senior analysts at CENTCOM signed a written complaint sent to the Defense Department inspector general in July alleging that the reports, some of which were briefed to President Obama, portrayed the terror groups as weaker than the analysts believe they are. The reports were changed by CENTCOM higher-ups to adhere to the administration’s public line that the U.S. is winning the battle against ISIS and al Nusra, al Qaeda’s branch in Syria, the analysts claim.

That complaint was supported by 50 other analysts, some of whom have complained about politicizing of intelligence reports for months. That’s according to 11 individuals who are knowledgeable about the details of the report and who spoke to The Daily Beast on condition of anonymity.

As I said in my post the other day, the definition of Specific Selection Term in the Leahy version of USA Freedom addresses almost all my concerns about bulk collection under USA Freedom Act.

But not all of them.

I have two concerns.

First, some background. The bill actually uses two definitions of “specific selection term.” The definition as it applies to traditional Section 215, PRTT, and NSL collection is,

(i) means a term that specifically identifies a person, account, address, or personal device, or another specific identifier, that is used by the Government to narrowly limit the scope of tangible things sought to the greatest extent reasonably practicable, consistent with the purpose for seeking the tangible things; and [my emphasis]

It defines “address” this way:

ADDRESS.—The term ‘address’ means a physical address or electronic address, such as an electronic mail address, temporarily assigned network address, or Internet protocol address.

That’s my first concern. IP addresses can represent entire companies. And who knows what the NSA might consider “temporarily assigned network addresses”?

Then there’s the difference between that definition of “specific selection term” and the more narrow one used with the prospective contact chaining at telecoms, which is:

CALL DETAIL RECORD APPLICATIONS.—For purposes of an application submitted under subsection (b)(2)(C), the term ‘specific selection term’ means a term that specifically identifies an individual, account, or personal device. [my emphasis]

You’ll note the bill targets “individual” for its contact chaining, but “person” for the rest of Section 215 collection. The obvious reason to do that is if you’re collecting on an entire corporate person, like Western Union (which WSJ and NYT reported CIA uses Section 215 to collect on).

The bill does include limits on what kinds of corporate persons can be collected. The bill explicitly prohibits using electronic communication service providers and cloud providers as specific selection terms, unless they are being investigated.

(II) a term identifying an electronic communication service provider (as that term is defined in section 701) or a provider of remote computing service (as that term is defined  in section 2711 of title 18, United States Code), when not used as part of a specific identifier as described in clause (i), unless the provider is itself a subject of an authorized investigation for which the specific selection term is used as the basis of production.

That still seems to leave a whole slew of corporate persons who can be the selection term for collection.

The bill limits that collection in another way, through minimization procedures.

‘(C) for orders in which the specific selection term does not specifically identify an individual, account, or personal device, procedures that prohibit the dissemination, and require the destruction within a reasonable time period (which time period shall be specified in the order), of any tangible thing or information therein that has not been determined to relate to a person who is—

(i) a subject of an authorized investigation;

(ii) a foreign power or a suspected agent of a foreign power;

(iii) reasonably likely to have information about the activities of—

(I) a subject of an authorized investigation; or

(II) a suspected agent of a foreign power who is associated with a subject of an authorized investigation; or

(iv) in contact with or known to—

(I) a subject of an authorized investigation; or

(II) a suspected agent of a foreign power who is associated with a subject of an authorized investigation,

unless the tangible thing or information therein indicates a threat of death or serious bodily harm to any person or is disseminated to another element of the intelligence community for the sole purpose of determining whether the tangible thing or information therein relates to a person who is described in clause (i), (ii), (iii),  or (iv)

This language is almost certainly not new — as CDT’s otherwise decent analysis suggests. We know the FISC has been modifying orders more and more in recent years. We don’t know — we have to rely on Congress, blindly — whether these minimization procedures are more strict or (likely, because other parts of this bill are) less restrictive than what the FISC itself has been imposing.

But even the existence of this language — and the differential use of “person” and “individual” — makes it clear the bill still permits the bulk collection of data. It just requires the agency in question to purge the data … sometime.

The question is whether this “agency protocol” — what Chief Justice John Roberts said was not enough to protect Americans’ privacy — is sufficient to protect Americans’ privacy.

I don’t think it is.

First, it doesn’t specify how long the NSA and FBI and CIA can keep and sort through these corporate records (or what methods it can use to do so, which may themselves be very invasive).

It also permits the retention of data that gets pretty attenuated from actual targets of investigation: agents of foreign powers that might have information on subjects of investigation and people “in contact with or known to” suspected agents associated with a subject of an investigation.

Known to?!?! Hell, Barack Obama is known to all those people. Is it okay to keep his data under these procedures?

Also remember that the government has secretly redefined “threat of death or serious bodily harm” to include “threats to property,” which could be Intellectual Property.

So CIA could (at least under this law — again, we have no idea what the actual FISC orders this is based off of) keep 5 years of Western Union money transfer data until it has contact chained 3 degrees out from the subject of an investigation or any new subjects of investigation it has identified in the interim.

In other words, probably no different and potentially more lenient than what it does now.