In the Most Cowardly Possible Decision, Ninth Circuit Upholds Gartenlaub Conviction

The Ninth Circuit just released an unsigned opinion in Keith Gartenlaub’s case; in a non-precedental opinion, they upheld his conviction.

As a reminder, Gartenlaub was an engineer at Boeing. During a period when there were suspected Chinese breaches of Boeing at other locations, an FBI Agent in the LA area decided that there must be someone breaching Boeing at the local facility. He set out to find a suspect and focused on Gartenlaub (apparently) because he had access to relevant files and a Chinese-America wife. It appears that the FBI used back door searches on Section 702 material in their early investigation of Gartenlaub. They also moved back and forth from criminal warrants to FISA warrants. Using a FISA physical search warrant, the FBI searched his home and imaged his hard drives. Searches of those hard drives found no evidence he was a spy for China, as they had claimed; instead, they found child porn that had not been accessed in a decade. The government used that to obtain yet another warrant on Gartenlaub, parallel constructing the child porn for use at trial, all in an attempt to get him to agree to spy on his Chinese relatives. Instead, he went to trial and was found guilty of knowingly possessing child porn.

He appealed his conviction both because the government presented no evidence he had actually accessed this child porn since it had been loaded onto his computer, and because the government used a FISA order to find the porn that they then used to search him (and also used to legitimize the Tor exception, which permits the NSA to target location-obscured facilities known to be used by Americans, so long as they sift out the non-criminal US person content after the fact).

The Ninth Circuit sat on this decision until Gartenlaub was out of prison

I say this opinion was cowardly for a number of reasons (aside from the court taking nine months to release a thin, unsigned opinion). Part of the cowardice is the timing. The court entered this judgment on September 17, two weeks ago.

They just released it today.

Today also happens to be the day that Gartenlaub moved to a halfway house. Perhaps the court hoped by releasing it after he was released from prison, it would moot any further challenge.

Even the Carter Page precedent didn’t win Gartenlaub a review of his FISA application

While Gartenlaub challenged the sufficiency of the evidence that he knowingly possessed the child porn (which the Ninth also upheld), the key to this challenge was whether using child porn the government had found using the broader search protocols available under FISA presented a Fourth Amendment challenge, particularly in light of the US v. Comprehensive Drug Testing precedent on plain view doctrine in the circuit.

The Ninth avoided dealing with this issue in two ways. First, even though Carter Page has established the precedent that defendants — indeed, the whole world! — can see FISA applications, the court conducted its own review, and found the FBI had presented probable cause that Gartenlaub (or perhaps his wife?) was an agent of China “when the FISA order was issued.”

Based upon our independent review of the classified record evidence, we conclude that the FISA warrant was supported by probable cause. The FISA application and supporting materials demonstrated probable cause to believe that Gartenlaub was an agent of a foreign power when the FISA order was issued.

I’m really curious about that language, “when the order was issued,” as the two streams of collection the FBI was using leaves open the possibility that FBI had learned that he wasn’t a spy by the time they did the search.

Based on their review of the FISA application the Ninth decided that such a review was not necessary or even useful to determine the legality of the search.

We have conducted an in camera review of the underlying FISA materials. We conclude that the disclosure of the FISA materials to Gartenlaub was not “necessary to make an accurate determination of the legality of the search.” 50 U.S.C. § 1825(g); see also United States v. Ott, 827 F.2d 473, 476–77 (9th Cir. 1987) (finding “no indications of possible misrepresentation of fact, vague identification of the persons to be surveilled, or surveillance records which include a significant amount of non-foreign intelligence information, or any other factors that would indicate a need for disclosure” (internal quotation marks omitted)). In point of fact, disclosure was not necessary even under a less rigorous standard than that proposed by the government.

Of course, given the likelihood that the government used 702 data to obtain this FISA order (and the FBI’s use of shoddy public reporting), that’s not all that comforting.

The Ninth punts on the Fourth Amendment issue

Having disposed of the sufficiency of the evidence and the probable cause challenges, the Ninth then addressed the key issue that any non-cowardly opinion would have dealt with: whether using a FISA order, instead of a criminal warrant, to get the ability to search more extensively on a person’s life constitutes a Fourth Amendment violation (this is particularly important in Gartenlaub’s case, because he was suspected of stealing non-videos, so a criminal search wouldn’t have had any reason to search for videos). The court admits that this is a really troubling issue.

The idea that the government can decide that someone is a foreign agent based on secret information; on that basis obtain computers containing “[t]he sum of [that] individual’s private life,” Riley v. California, 134 S. Ct. 2473, 2489 (2014); and then prosecute that individual for completely unrelated crimes discovered as a result of rummaging through that computer comes perilously close to the exact abuses against which the Fourth Amendment was designed to protect.

But they treat this question as a review for plain error (in part because Gartenlaub’s original attorney, who made some other key errors at the District level, didn’t raise the Fourth Amendment issue).

Plain error review is the appropriate standard because Gartenlaub did not assert the Fourth Amendment argument predicated on alleged misuse of the FISA warrant before the district court.

Note, significant evidence about how the government abused the FISA process to get at the more expansive search authority under FISA became public after Gartenlaub submitted his appeal.

In any case, having deemed this a plain error review rather than a Fourth Amendment one, the court basically said there’s no standard set for the use of plain view in national security cases, so the District judge could not have plainly erred.

No controlling authority dictates the conclusion that the government’s Foreign Intelligence Surveillance Act (“FISA”) search and subsequent use of FISA-derived materials in a non-national security prosecution violates the Fourth Amendment, such that the district court’s failure to follow it was plain error. See United States v. Gonzalez-Aparicio, 663 F.3d 419, 428 (9th Cir. 2011), as amended (Nov. 16, 2011). Our decision in United States v. Comprehensive Drug Testing, Inc., 621 F.3d 1162 (9th Cir. 2010) (en banc), abrogation recognized by Demaree v. Pederson, 887 F.3d 870 (9th Cir. 2018) (per curiam), is inapposite; it did not decide the question presented by this case and, in fact, addressed no national security concerns particular to the FISA context.

This is, in other words, a punt — a punt that admits such unrestricted searches are a problem, but manages to avoid ruling for this case, a case that itself served as precedent at the FISA court for a whole slew of even more problematic national security searches.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Keith Gartenlaub Wonders Why He Can’t Get the Carter Page Treatment

Whatever else you think of the Carter Page pseudo-scandal, the release of his FISA application has finally ended the 50 year period during which not a single person targeted under FISA has ever seen the application used to obtain the order.

That should mean that for defendants who can legitimately demonstrate there was probably something actually problematic with the application they can review the application and challenge the order and everything that comes from it. Keith Gartenlaub, who was targeted as a Chinese spy based off basically nothing, currently has a pending challenge in his FISA case in the 9th Circuit.

His attorney, John Cline, has already written the court pointing out that the release of Page’s FISA application demonstrates DOJ’s 50 year fearmongering about FISA is really overblown.

As with the HPSCI memoranda, the declassification and disclosure of the redacted Page FISA materials demonstrates that it is possible to discuss publicly aspects of a FISA application without damaging national security. In addition, the declassification and disclosure of the redacted FISA materials highlights the absurdity of the government’s assertion, in this and other cases involving motions to suppress FISA surveillance, that any disclosure of any portion of a FISA application, even to cleared defense counsel under the protections of CIPA, would harm national security. If the redacted Page FISA materials can be disclosed publicly without harming national security, as the Executive Branch has
determined, even more substantial disclosure of the Gartenlaub FISA application can be made to cleared defense counsel under CIPA without causing such harm.

It is likely that we (or rather, Cline, Gartenlaub’s cleared attorney) would learn far more about the things FBI gets away with in FISA applications from Gartenlaub’s application than Page’s.

If defendants like Gartenlaub can carry out such review, we actually might be able to make FISA more reasonable.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

NSA — Continually Violating FISA Since 2004

Last year, I did a report that catalogued all the times NSA had violated FISA since the Stellar Wind phone dragnet got moved under FISA in 2004. There were the five different practices deemed violations of 1809(a)(2), which prohibits the use of any data that was illegally collected.

From 2004 until 2009, in spite of twice quarterly Office of General Counsel spot checks imposed to prevent it, “‘[v]irtually every PR/TT record’ generated [by the bulk Internet metadata program] included some data that had not been authorized for collection.” 3

From 2007 until 2011, NSA collected entirely domestic and untargeted communications as part of Multiple Communication Transaction bundles without restricting access to the unrelated communications. 4

In June 2010, NSA admitted it had improperly retained Title I data in a management system that the court had deemed an overcollection; in May 2011, FISC found this retention problematic under 1809(a)(2). The government even argued that prohibitions 5 on using unlawfully collected information “only applied to interceptions authorized by the Court and did not apply to the fruits of unlawful surveillance.”

From 2011 to 2016, NSA retained Section 702 overcollection in its management systems, in spite of the 2011 FISC retention precedent ruling such retention a violation of 1809(a)(2). 7

In 2013, NSA discovered its post-tasking checks to ensure targeted phones had not roamed into the United States had not functioned properly for some redacted period of time (possibly dating back to 2008), meaning some of the telephone collection from that period may have been collected on individuals located inside the United States in violation of 702. 8

In addition to those, NSA had continued to conduct back door searches of data collected using upstream 702 collection even after John Bates prohibited the practice in 2011.

Because upstream collection foreseeably results in the collection of domestic communications, when John Bates first permitted searches of 702 data using US person identifiers in late 2011, he prohibited such searches on upstream data, for fear it would amount to using 702 for domestic surveillance. Yet NSA starting disclosing “many” such violations as early as 2013. 9

As NSA’s compliance organizations started looking more closely in 2015 and 2016, they discovered the NSA was even conducting such searches in systems “that do not interface with NSA’s query audit system,” raising questions about their ability to oversee US person queries 10 more generally. NSA discovered that some data obtained using upstream collection had been mislabeled as PRISM collection, meaning it would get no special treatment. With one tool used 11 to conduct queries of Americans located overseas, NSA experienced an 85% noncompliance rate. 12

While Rosemary Collyer (who is the worst presiding FISA Judge ever) didn’t deem that a violation of 1809(a)(2) — meaning NSA didn’t have to segregate and destroy andy data collected improperly — it still violated the minimization procedures that control 702 collection.

So between 2004 and 2016, NSA was always breaking the rules of FISA in one way or another.

And we can now extend that timeline to 2018. The NSA just revealed that it had destroyed all the call detail records it had collected since 2015, which would be all those collected under USA Freedom Act.

Consistent with NSA’s core values of respect for the law, accountability, integrity, and transparency we are making public notice that on May 23, 2018, NSA began deleting all call detail records (CDRs) acquired since 2015 under Title V of the Foreign Intelligence Surveillance Act (FISA)

The Government relies on Title V of FISA to obtain CDRs, which do not include the content of any calls. In accordance with this law, the Government obtains these CDRs, following a specific court-authorized process.

NSA is deleting the CDRs because several months ago NSA analysts noted technical irregularities in some data received from telecommunications service providers. These irregularities also resulted in the production to NSA of some CDRs that NSA was not authorized to receive. Because it was infeasible to identify and isolate properly produced data, NSA concluded that it should not use any of the CDRs. Consequently, NSA, in consultation with the Department of Justice and the Office of the Director of National Intelligence, decided that the appropriate course of action was to delete all CDRs. NSA notified the Congressional Oversight Committees, the Privacy and Civil Liberties Oversight Board, and the Department of Justice of this decision. The Department of Justice, in turn, notified the Foreign Intelligence Surveillance Court. The root cause of the problem has since been addressed for future CDR acquisitions, and NSA has reviewed and revalidated its intelligence reporting to ensure that the reports were based on properly received CDRs.

Now it could well be these CDRs that NSA was not authorized to collect were selectors that went beyond what had been approved (though that’d be unlikely to trigger a technical alert). It may be these CDRs obtain something that counts as content — such as cookie information that identifies sublevel domains of a webpage.

But the only non content thing that is affirmatively permitted in USAF is location data, which as of last week would get treated as a search if not content. Which leads me to believe this is most likely location data (which would also explain the sudden transparency). It may be content data collected in ways the NSA didn’t understand, perhaps via apps that retain the location data shared from the phone. But it’s likely it was content data.

And given the specific reference to data “that NSA was not authorized to receive,” and the fact that NSA destroyed three years of CDRs, I suspect this, too, was deemed a violation of 1809(a)(2).

Which means the NSA’s streak of violating FISA just got extended several more years. It has been violating FISA, in one way or another, for 14 years.

The Trump People Really Really Want to Know How Much Mueller Knows about Roger Stone’s “Collusion”

In a piece that lets Roger Stone claim he un-forgot the Russian he met offering Hillary dirt for $2 million and also fails to ask Stone why it took over a month for him to correct his perjury before HPSCI and also fails to ask if there was follow-up about someone else paying for that dirt on Hillary, Ken Dilanian lets Stone float a claim that Mueller must have obtained the contents of his phone using a FISA order.

Stone also wondered to NBC News how Mueller “has copies of my text messages if not through an illegal FISA warrant. I have filed a notice of my intention to bring a lawsuit against the government for a civil rights and right to privacy violation to get to the bottom of that question.”

As I have noted repeatedly, close to the beginning of the time when Mueller has focused unrelentingly on Stone, on March 9, Mueller obtained a probable cause search warrant to obtain the contents of 5 AT&T phones, “In the Matter of the Search of Information Associated with Five Telephone Numbers Controlled by AT&T (D.D.C.) (18-sc-609).” When Paul Manafort attempted to unseal the parts of the affidavit laying out the probable cause for those phones covered by the warrant that he didn’t own, Amy Berman Jackson refused the request. The court record makes it fairly clear that the other phones don’t belong to Manafort.

THE COURT: What if — I think one of them is about phone information. What if the redacted phones are not his phone?

MR. WESTLING: I don’t have a problem with that. I think we’re talking about things that relate to this defendant in this case.

We should assume that, in addition to those five phones, there’s a warrant covering a proportional number (Verizon covers more of the cell phone market in the US than AT&T does) of Verizon phones.

All of which is to say that the most obvious explanation for how Mueller obtained the text messages Stone has selectively shared with the press showing he did accept a meeting with a Russian offering dirt on Hillary Clinton is that Mueller convinced a judge there was probable cause to believe that there was evidence of crimes were on that phone.

That is, the interest in Roger Stone is no longer strictly a counterintelligence question of whether Henry Greenberg was idly reaching out to Stone to offer dirt. Rather, it’s a question of whether, in his subsequent response (about which no journalist seems to have asked Stone questions) constitutes a crime.

In any case, Roger Stone’s attempt to turn this into another FISA pseudo scandal (including his suggestion that any warrant targeting him would be “illegal”) is just a desperate indication of how badly the Trump people want to know how much Mueller knows about the crimes Stone may have committed.

On the James Wolfe Indictment: Don’t Forget Carter Page

Last night, DOJ unsealed the indictment of James Wolfe, the former Director of Security for the Senate Intelligence Committee. He is accused of one count of false statements to the FBI. The indictment alleges that he lied about his conversation with four journalists, Ali Watkins and three others.

The NYT has revealed that Watkins, who had a three-plus year relationship with Wolfe, had years of her communications subpoenaed. They obtained years of her subscriber information, and a more narrow period of additional information from her phone. As a reminder, the subscriber information that can be obtained with a d-order is tremendously invasive — in addition to name and financial and other contact information, the government obtains IP and device addresses that allow them to map out all the communications a person uses. This post lays out what the government demands from tech companies. Obtaining it will burn all but the most disciplined operational security and with it, a journalists’ sources.

The indictment also reveals the government obtained Signal and WhatsApp call records and content; it seems to have been Wolfe’s preferred means to communicate “securely.” I suspect they obtained the communications after June 2017, by targeting Wolfe’s phone. It’s possible he voluntarily provided his phone after confronted with his lies, but I suspect they obtained the Signal content via other means, basically compromising his device as an end point. I’ll return to this, but it appears DOJ has made a decision in recent days to expose the ease with which they can obtain Signal and other secure chat apps, at least in national security investigations, perhaps to make people less comfortable using it.

What I’d like to focus on, however, is the role of Carter Page in the indictment.

The government lays out clear proof Wolfe lied about conversations with three reporters. With Watkins and another, they point to stories about Carter Page to do so. The Watkins story is this one, confirming he is the person identified in the Evgeny Buryakov indictment. Another must be one of two stories revealing Page was subpoenaed for testimony by the Senate Intelligence Committee — either this one or this one.

I’m most interested, however, in this reference to a story the FBI raised with Wolfe in its interview, a story for which (unlike the others) the indictment never confirms whether Wolfe is the source.

During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l), that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes

The story suggests they don’t have content for the communications between Wolfe and Reporter #1, and the call records they’re interested in ended last June (meaning the story must precede it).

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

For that reason, I suspect this is the story they asked about — whether Wolfe is a source for the original credible story on Carter Page’s FISA order. The focus on Page generally in the indictment suggests this investigation started as an investigation into who leaked the fact that Page had been targeted under FISA, and continued to look at the stories that revealed classified details about the investigative focus on him (stories which he rightly complained to SSCI about).

I know the focus will be on the impact on Watkins and any other journalists DOJ has subpoenaed, if they have with the others; that impact is very real and we’ll hear more about how DOJ has shifted its treatment of journalists in upcoming days.

But I’d like to consider what it means that this investigation largely stems from leaks about the investigation into Page.

Page is not at all a sympathetic person. He’s nuts, and may well be or have been a willing recruit of Russia. But there are two reasons why the leaks into the investigation into him should be of concern, along with the concern about journalism.

First, whatever the truth about Page, one reason the government treats counterintelligence wiretaps differently than criminal ones is because there are times they need to obtain content from people they don’t have probable cause are criminals. Legitimately obtained wiretaps should never be revealed except in legal proceedings anyway, but that’s all the more true where the government may be using the wiretap to learn whether someone has been recruited. Unlike Paul Manafort, Mike Flynn, and George Papadopoulos, Carter Page has not been charged, yet the leaks about the investigation into him (including of the damned Steele dossier) have branded him as a Russian spy. I’ve reported on too many cases where FISA orders were used against people who weren’t spies (particularly Chinese Americans), and it needs to be said that investigative targets are kept secret, in part, because they’ve not been charged yet.

Then there’s the flip side to the issue. All the leaks about Carter Page may well have poisoned the investigation into him in several ways. Certainly, Page and the Russians were alerted to the scrutiny he was under. If he is or was a Russian spy, the government may never make its case because the stories on Page made it a lot easier for the targets of the investigation to counter it (I actually think several of the less credible leaks about this investigation were designed to do just that).

Indeed, all the leaked stories about him may have made it politically impossible for FBI to continue the investigation. We know the FISA orders against him ceased after all the leaks about his targeting, for example. So if Page is a spy, all the publicity about this may help him get away with it.

The government has wrapped up a tidy indictment where, while they know Wolfe is a source for at least some of the suspect stories about Page, any trial would instead focus on the clear evidence Wolfe lied about things like a multi-year relationship with someone working SSCI and not classified information. Probably, the hope is he’ll plea and identify all the stories for which he has been a source. To get there, the government has used awesome powers against at least one journalist (and in Watkins’ case, it’s not at all clear they needed to do that).

That said, while I don’t defend Page as a person at all, the giddy leaks about him do come with a cost in both due process and investigative terms and it’s worth remembering that as we talk about this case.

A Thinking Person’s Guide to the Stefan Halper Conspiracy Theory

For some time, I’ve been agnostic about whether Chuck Ross’ series on Stefan Halper derived from his own discussions with George Papadopoulos, Carter Page, and Sam Clovis, or whether he relied on leaks from HPSCI.

Today, he gave one of the leading comments he often does, about Paul Ryan’s claimed concern about “FISA abuse.” (Ryan, remember, pushed through 702 reauthorization this year without reforming a single one of the abuses laid out in this report, but apparently Chuck’s gonna play along with the notion that Ryan gives a shit about FISA.)

That mirrors Ross’ own logically nonsensical focus on the dossier as a source for the Carter Page FISA order in conjunction with Halper. Which, especially since other journalists are making it clear the Halper focus is coming from Hill Republicans, suggests Ross was getting leaks from Republicans.

That’s even more true of this interview with Sam Clovis. In it, Clovis makes it very clear the meeting did not stick out in his memory.

It was an academic meeting. It was not anything other than him talking about the research that he had done on China.

[snip]

No indication or inclination that this was anything other than just wanting to offer up his help to the campaign if I needed it.

After describing how he hadn’t opened up attachments Halper sent later in the month, he said, “that is how little this registered with me.”

And yet, somehow, by March, someone had told Ross about this meeting.

Halper also requested and attended a one-on-one meeting with another senior campaign official, TheDCNF learned. That meeting was held a day or two before Halper reached out to Papadopoulos. Halper offered to help the campaign but did not bring up Papadopoulos, even though he would reach out to the campaign aide a day or two later.

Clovis seems to derive his memory of the meeting, in significant part, from the documentation he does (four emails setting the meeting up) and doesn’t (any notes) have about it.

There’s a record of the exchange of emails that we had, four emails to set the appointment.

[snip]

I had my notebook. Always take notes and always keep track of what’s going on. And there wasn’t anything — I didn’t have any notes on the meeting cause there must not have been anything substantive that took place.

That suggests someone knew to go back to look for communications involving Halper. Now, if HPSCI requested all the comms campaign aides had with investigative target Carter Page, then Clovis would have turned over these emails (which mentioned Page but probably discussed China, not Russia), and HPSCI staffers could have found the tie. If HPSCI only asked for Russia-related comms involving Page, then someone got Toensing or Clovis to search for Halper emails themselves.

Clovis explains that he’s bothered, now, about the meeting because he thinks he was used as an excuse to reach out to George Papadopoulos.

He had met with Carter Page. He had used that to get the bona fides to get an appointment with me.

[snip]

Then I think he used my meeting as bona fides to get a meeting with George Papadopoulos.

Remember, one of the inane complaints in the Nunes memo is that the Carter Page FISA application mentioned Papadopoulos.

The Schiff memo explains that Papadopoulos got mentioned because, after Alexander Downer told the FBI that Papadopoulos had told him the Russians were going to release Hillary emails to help Trump, they opened a counterintelligence investigation into the Trump campaign.

In other words, the frothy right likely believes, like Clovis, that Halper was networking as a way to get to Papadopoulos, and that in some way ties to the FISA application against Page.

And he may well have done so! As TPM clarifies some confusion created by WaPo, both Page, Clovis, and Clovis lawyer Victoria Toensing agree that Halper mentioned Page when he reached out to Clovis.

Clovis’ lawyer, Victoria Toensing, previously said, according to the Washington Post that the informant had not mentioned his other Trump contacts when reaching out to Clovis. Clovis said he wasn’t sure “where she got that information,”since she had access to the emails setting up the September 2016 meeting.

Toensing, in an phone interview Tuesday with TPM, backed up Clovis’ account. She told TPM that the informant had said in an email to Clovis that Page had recommended that they meet. She also claimed that the informant had told Page when they met at the conference that he was a big fan of Clovis’. Page confirmed Toensing’s account in an email to TPM.

Halper met with Clovis on September 1 and then reached out to Papadopoulos the next day.

Though note: Page says Halper raised Clovis at the July conference where they met, a meeting that occurred before dossier reports started getting back to FBI (particularly to the people investigating the hack-and-leak) and before the Papadopoulos report. That either suggests the FBI already had concerns about Clovis by then, or Halper was more generally networking with Page along with checking out someone who had been a live counterintelligence concern in his own right since March and for years beforehand.

Here’s where things start to go off the rails for this whole conspiracy theory, though. Clovis (who, remember, testified to Mueller’s team in the days before Papadopoulos’ cooperation agreement was unsealed, and who therefore may have his own false statements to worry about) believes that the FBI had no business trying to ask Papadopoulos about his April knowledge of Russians dealing Clinton emails in a way that would not arouse Papadopoulos’ suspicion.

What unsettled me … is what he tried to do with George Papadopoulos and that was to establish an audit trail from the campaign or somebody associated with the campaign back to those Clinton emails, whether or not they existed we don’t know.

Clovis believes, as does the entire frothy right, that the FBI had no reason to check out leads from someone who predicted the Russians would leak dirt from Hillary to help Trump a month before it became publicly known.

What were they investigating? To be investigating, there has to be some indication of a crime. And there does not appear to have been any indication for a crime. And by the way the Fourth Amendment protects you in your place and your person from investigation without a clear indication of what, uh, probable cause.

Somehow, Clovis conveniently forgets that stealing emails is a crime. And the FBI had been investigating that crime since June 2016, a month before learning that Papadopoulos might have known about the stolen emails before the FBI itself did.

In other words, at the core of this entire conspiracy theory (on top of pretending that Carter Page wasn’t already a counterintelligence concern in March, as all the designated GOP stenographers do) is the GOP fantasy that the FBI had no business trying to chase down why Papadopoulos knew of the theft before the DNC itself did.

And they’re making an enormous case out of the fact that FBI used Halper — a lifelong Republican to whom Papadopoulos could and did lie to without legal jeopardy — to interview someone Clovis claims was “ancillary” to the campaign at the time.

It’s also clear to me that they misread George’s relationship with the campaign entirely, so, because he was not, he was ancillary at best at that point.

So that appears to be where this is heading: an attempt to criminalize a Republican networking with a goal of learning whether George Papadopoulos, and through him, Sam Clovis and the rest of the campaign, committed what Papadopoulos himself has said (though this is legally incorrect) might amount to treason.

Ultimately, it comes down to this: the GOP doesn’t think Russian theft of Democratic emails was a crime and therefore doesn’t think FBI had reason to investigate Papadopoulos’ apparent foreknowledge of that crime.

I Con the Record Transparency Bingo Part One: Consider the Full Surveillance Playing Hand

Several weeks ago, the government released its yearly transparency reports:

  • FISA Court’s report: This provides a very useful description of approvals viewed from the FISA Court’s perspective. While it is the least deceptive report, FISC has only released one full year (2016) and one partial year (2015) report before, so it can’t be used to study trends or history.
  • DOJ report: This is the mostly useless report, told from the government’s standpoint, reflecting how many final applications get approved. While it isn’t very useful for nuance, it is the only measure we can use to compare last year with the full history of FISA.
  • DNI report: This is the report started in the wake of the Snowden leaks and codified in the USA Freedom Act and last year’s FISA Amendments Act. Parts of this report are very useful, parts are horribly misleading (made worse by new reporting requirements pass in the FAA reauthorization). But it requires more kinds of data than the other two reports.

I’ve been meaning to write more on the transparency reports released some weeks ago (see this post debunking the claim that we can say the FISA Court has rejected more applications than in the past). But given some misunderstandings in this post, I thought it better to lay out some general principles about how to understand what the transparency reports show us.

Consider the full surveillance playing hand

FISA is just one way that the government can collect data used for national security investigations, and because it involves a secret court, it attracts more attention than the many other ways. Worse, it often attracts the focus in isolation from other surveillance methods, meaning even experts fail to consider how authorities work together to provide different parts of the government all the kinds of data they might want. Additionally, an exclusive focus on FISA may blind people to how new restrictions or permissions in one authority may lead to changes in how the government uses another authority.

National security surveillance currently includes at least the following:

  • FISA, including individualized orders, 702, and metadata collection
  • NSLs, providing some kind of metadata with little (albeit increasing) court oversight
  • Criminal investigative methods, collecting content, metadata, and business records; in 2016 this came to include Rule 41 hacking
  • Other means to collect business records, such as private sector contractors or mandated bank reporting
  • The Cybersecurity Information Sharing Act, permitting the private sector to share cyber data “voluntarily” with the government
  • EO 12333: spying conducted overseas under Article II authority; in 2017, the Obama Administration permitted the sharing of raw data within the intelligence community (which includes FBI)

Two examples of how FISA interacts with other authorities may help to demonstrate the importance of considering all these authorities together.

The Internet dragnet moves to PRISM and SPCMA

For virtually the entirety of the time the government collected Internet metadata as metadata domestically, it was breaking the law (because the concepts of metadata and content don’t apply neatly to packet based collection). From 2009 to 2011, the government tried to fake their way through this (in part by playing games with the distinction between collection and access). By the end of 2011, however, that game became legally untenable. Plus, the restrictions the FISA Court imposed on dissemination rules and purpose (NSA was only permitted to collect this data for counterterrorism purposes) made the program less useful. As a result, the government moved the function of chaining on Internet metadata to two different areas: metadata collected under PRISM (which because it was collected as content avoided the legal problems with Internet metadata collection) and metadata collected under EO 12333 and made accessible to analysts under Special Procedures approved in 2008 and extended throughout NSA in early 2011.

Some location collections moves to criminal context

As I’ve laid out, the FISC actually takes notice of rulings in the criminal context — even at the magistrate level — and adjusts FISC rulings accordingly. They’ve done this with both Post Cut Through Dialed Digits and location data. When the FISC adopted a highest common denominator for location collection, it meant that, in jurisdictions where FBI could still obtain location data with a d order, they might do that for national security purposes rather than obtain a PRTT under FISA (to say nothing of the additional paperwork). More recently, we’ve gotten hints that FBI had ways to access cell phones in a national security realm that were unavailable in a criminal realm.

This probably goes on all the time, as FBI Agents make trade offs of secrecy, notice to defendants, paperwork and oversight, and specific collection techniques to pursue national security investigations. We don’t get great numbers for FBI collection in any case, but what we do get will be significantly affected by these granular decisions made in secret.

Understand why surveillance law changes

Additionally, it’s important to understand why surveillance laws get passed.

CISA, for example, came about (among many other reasons) because Congress wouldn’t permit the government to conduct upstream collection using Section 702 for all cybersecurity purposes. Engaging in “voluntary” sharing with backbone providers gave the government data from all kinds of hostile actors (not just nation states), with fewer restrictions on sharing, no court oversight, and no disclosure requirements.

Similarly, to this day, many privacy activists and journalists misunderstand why the government was willing (nay, happy!) to adopt USA Freedom Act. It’s not that the government didn’t collect mobile data. On the contrary, the government had been obtaining cell data from AT&T since 2011, and that was probably a resumption of earlier collection incorporating FISA changed rules on location collection. Nor was it about calling card data; that had been explicitly permitted under the old program. Rather, USAF gave the government the ability to require assistance, just as it can under Section 702. While that was instrumental in getting access to Verizon cell data (which had avoided complying because it did not retain business records in the form that complied with FISA collection rules), that also gave the ability to get certain kinds of data under the “session identifier” definition of call records in the law.

Here’s a post on all the other goodies the government got with USA Freedom Act.

One more important detail virtually unmentioned in coverage of this authority: the 215 dragnet (both the old one and the USAF one) intersect with a far vaster dragnet of metadata collected under 12333. The “bulk” is achieved — and has been since 2009! — using EO 12333 data, data which doesn’t have the same restrictions on things like location data that FISA data does. Section 215 is about getting records (and correlations) that aren’t available overseas, effectively filling in the holes in data collected overseas.

All that is necessary background to understanding numbers that track just FISA (and NSL authorities). FISA is just one part of the always evolving national security collection the government does. And as permissive as a lot of people think FISA is, in many ways it is the most closely regulated part of national security collection.

Contrary to Reports, We Cannot Say FISC Rejected a Record Number of FISA Applications Last Year

With the FISC report of its own surveillance approvals came out last week, some reporters claimed that the report showed the FISC Had rejected a record number of surveillance orders.

In my own post on the report, I noted that the rise from 8 to 18 rejected applications under the FISC standard was alarming.

The FISA Court released its second annual report on approval rates today (the obligation to produce such a report dates to 2015 and it produced a partial report covering that year). It shows that the FISA Court rejected and modified far more joint applications last year than the prior year, with just a 70% complete approval last year as compared to a 79% complete approval the year before, as reflected in this table.

[snip]

Most alarming, though, is the rise in outright rejections, from 8 to 18. This suggests the government is trying to wiretap and otherwise surveil people as agents of a foreign power that the FISC doesn’t agree are such.

And all this happened at a time when the government submitted fewer overall combined applications. Remember, the government can and sometimes does take its wiretapping elsewhere if the FISC rejects a practice.

But given that’s using a standard that has only been in place for 2.5 years, we can’t use it to make judgments across historical FISC practice.

I had explained to Whittaker before this that FISC used a different standard than DOJ, and made 4 efforts to get him to correct this headline, to no avail.

DOJ has now released its own version, which tracks approvals for final applications. It shows while it withdrew two applications (which likely means that of the three applications DOJ withdrew or changed after FISC told the government it would appoint an amicus to review the application, two were for content), all of the final applications it submitted to the court were approved.

During calendar year 2017, the Government filed 1,349 final applications to the Foreign Intelligence Surveillance Court (hereinafter “FISC”) for authority to conduct electronic surveillance and/or physical searches for foreign intelligence purposes. The 1,349 applications include applications made solely for electronic surveillance, applications made solely for physical search, and combined applications requesting authority for electronic surveillance and physical search. Of these, 1,321 applications included requests for authority to conduct electronic surveillance.

Two of these applications were withdrawn by the Government. The FISC did not deny any final, filed applications in whole, or in part. The FISC made modifications to the proposed orders in 154 final, filed applications. Thus, the FISC approved collection activity in a total of 1,319 of the applications that included requests for authority to conduct electronic surveillance.

In other words, we can’t say whether last year was an outlier, with the court rejecting a bunch more applications (though there are reasons to suggest that’s a trend), because the only metric for which we have historical numbers shows the same rubber stamp 100% approval.

Which is another way of saying that for decades the government gave us garbage numbers and only in the wake of the Snowden disclosures are we getting some meaningful metrics (though I Con the Record’s numbers are already headed in the opposite direction, becoming even less useful).

Update: I think there’s still a discrepancy in these reports. Here’s what I understand the numbers to look like (I’ve added 2016 to show how this tracks across time). Last year, to find the total number of final applications (the number DOJ uses), you could simply take the FISC number and subtract the Denied in Full number (1485-8=1477). But if you do that this year (1372-24=1348), you’re off by one. I think that’s because FISC is counting one of the applications the government claims to have withdrawn as a Denied in Part.

In 2017, the Government Withdrew Three FISA Collection Requests Rather than Face an Amicus Review

Last year’s Section 702 Reauthorization law included a bunch of technical fix language describing how appeals of FISA Court of Review decisions should work.

In this post on that technical language, I speculated that Congress may have added the language in response to a denial of a request by the FISCR, about the only thing that would have identified the need for such language.

As one piece of evidence to support that hypothesis, I noted that one of the times the FISC consulted with an amicus (probably Amy Jeffress), it did not make the topic or the result public.

There’s one other reason to think there must have been a significant denial: The report, in the 2015 FISC report, that an amicus curiae had been appointed four times.

During the reporting period, on four occasions individuals were appointed to serve as amicus curiae under 50 U.S.C. § 1803(i). The names of the three individuals appointed to serve as amicus curiae are as follows:  Preston Burton, Kenneth T. Cuccinelli II  (with Freedom Works), and Amy Jeffress. All four appointments in 2015 were made pursuant to § 1803(i)(2)(B). Five findings were made that an amicus curiae appointment was not appropriate under 50 U.S.C. § 1803(i)(2)(A) (however, in three of those five instances, the court appointed an amicus curiae under 50 U.S.C. § 1803(i)(2)(B) in the same matter).

We know of three of those in 2015: Ken Cuccinelli serving as amicus for FreedomWorks’ challenge to the restarted dragnet in June 2015, Preston Burton serving as amicus for the determination of what to do with existing Section 215 data, and Amy Jeffress for the review of the Section 702 certifications in 2015. (We also know of the consultation with Mark Zwillinger in 2016 and Rosemary Collyer’s refusal to abide by USA Freedom Act’s intent on amici on this year’s reauthorization.) I’m not aware of another, fourth consultation that has been made public, but according to this there was one more. I say Jeffress was almost certainly the amicus used in that case because she was one of the people chosen to be a formal amicus in November 2015, meaning she would have been called on twice. If it was Jeffress, then it likely happened in the last months of the year.

I raise that background because of a detail in the FISC report released yesterday, showing its approvals for 2017. It revealed that FISC told the government on three occasions it might appoint an amicus. On all three occasions, the government withdrew the request rather than undergo a FISC review with even a limited adversary.

During the reporting period, no individual was appointed to serve as amicus curiae by the FISA courts. No findings were made in 2017, pursuant to 50 U.S.C. § 1803(i)(2)(A), that an amicus curiae appointment was not appropriate. There were three matters in which the Court advised the government that it was considering appointment of an amicus curiae to address a novel or significant question of law raised in proposed applications, but the government ultimately did not proceed with the proposed applications at issue, or modified the final applications such that they did not present a novel or significant question of law, thereby obviating a requirement for consideration as to the appropriateness of appointment of amicus. These matters are reflected in the table above as, respectively, a modification to a proposed order, an application denied in full, and an application denied in part. This is the first report including information about such occurrences. A similarly small number of such events occurred during prior reporting periods but were not discussed in the reports for those years.

In one case, the government withdrew an entire application after learning the FISC might appoint an amicus to review the proposed technique. In two others, the final order in one or another way did not include the requested practice.

These three instances are not the first time the government has withdrawn a request after learning FISC would invite adversarial review. While the court doesn’t reveal how many or in what years, it does say that a “similarly small number of such events occurred during prior reporting periods.” Given that there have been just two other reporting periods (the report for part of 2015 and the report covering all of 2016), the language seems to suggest it happened in both years.

That the government has been withdrawing requests rather than submitting them to the scrutiny of an amicus suggests several things.

First, it may be withdrawing such applications out of reluctance to share details of such techniques even with a cleared amicus, not even one of the three who served as very senior DOJ officials in the past. If that’s right, that would reflect some pretty exotic requests, because some of the available amici (most notably former Assistant Attorney General David Kris) have seen all that DOJ was approving with NatSec collection.

Second, remember that for at least one practice (the collection of location information), the government has admitted to opting to using criminal process rather than FISA where more lenient precedents exist in particular jurisdictions. That might happen, for example, if a target could be targeted in a state that didn’t require a warrant for some kinds of location data whereas FISC does.

Starting in 2017, the government would have the ability to share raw EO 12333 with the FBI, which might provide another alternative means to collect the desired data.

All of which is to say these withdrawals don’t necessarily mean the government gave up. Rather, past history has shown that the government often finds another way to get information denied by the FISC, and that may have happened with these three requests.

Finally, remember that as part of 702 reauthorization last year, Ron Wyden warned that reauthorization should include language preventing the government from demanding that companies provide technical assistance (which obviously includes, but is probably not limited to, bypassing or weakening encryption) as part of 702 directives. The threat the government might do so under 702 is particularly acute, because unlike with individual orders (which is what the withdrawn requests here are), the FISC doesn’t review the directives submitted under 702. Some of these withdrawn requests — which may number as many as nine — may reflect such onerous technical requests.

Importantly, one reason the government might withdraw such requests is to avoid any denials that would serve as FISC precedent for individualized  and 702 requests. That is, if the government believed the court might deny an individual request, it might withdraw it and preserve its ability to make the very same demand in a 702 context, where the FISC doesn’t get to review the techniques use.

Whatever the case, the government has clearly been bumping up against the limits of what it believes FISC will approve in individualized requests. But that doesn’t mean it hasn’t been surpassing those limits via one or another technical or legal means.

The FISA Court Accepted 9% Fewer Combined Applications Last Year

The FISA Court released its second annual report on approval rates today (the obligation to produce such a report dates to 2015 and it produced a partial report covering that year). It shows that the FISA Court rejected and modified far more joint applications last year than the prior year, with just a 70% complete approval last year as compared to a 79% complete approval the year before, as reflected in this table.

Approval rates for combined orders, 2017 versus 2016

These are for combined orders, meaning the government wants to collect both data in motion and (collect stored data and/or conduct a physical search). Modifications usually mean additional reporting and/or minimization procedures (meaning the government had to treat the collected data with additional care). An order denied in part might prohibit the collection on one of the selectors submitted to the court, but not a bunch of other ones. An order denied in full would represent a complete rejection of a preliminary order (these won’t show up on DOJ’s numbers because those are fluffed to look good).

There are several things that might explain these numbers. First, the rising modification number might mean the government is using new techniques that present additional privacy concerns — accessing cell phones are a likely one, especially given the Riley SCOTUS precedent. Hacking is another technique that might pose specific privacy concerns, or accessing entire servers.

The denied in part number likely stems from the government asking to surveil selectors that are more attenuated from the actual target. The rejections might reflect individual selectors for which the FISC didn’t agree the government had shown probable cause the selector was being used by an agent of a foreign power.

Most alarming, though, is the rise in outright rejections, from 8 to 18. This suggests the government is trying to wiretap and otherwise surveil people as agents of a foreign power that the FISC doesn’t agree are such.

And all this happened at a time when the government submitted fewer overall combined applications. Remember, the government can and sometimes does take its wiretapping elsewhere if the FISC rejects a practice. I’ll do a follow-up post describing why this report may reflect that has happened.

Here’s this year’s report, covering 2017, and last year’s report, covering 2016. This post provides background on the requirement and how these reports differ from the required DOJ report. The full tables from the two reports are below. They show an increased rate of modifications for 1861, which are 215 orders, as well.

2018 Report (covering 2017)

2017 Report (covering 2016)

image_print