mro-hirise-mars-dune-seasons-frost-pia18114-full

Hillary Claims to Support Targeted Spying But Advisor Matt Olsen Was Champion of Bulk Spying

Spencer Ackerman has a story on what Hillary Clinton meant when she said she supports an “intelligence surge” to defeat terrorism. Amid a lot of vague language hinting at spying expansions (including at fusion centers and back doors), her staffers told Ackerman she supported the approach used in USA Freedom Act.

Domestically, the “principles” of Clinton’s intelligence surge, according to senior campaign advisers, indicate a preference for targeted spying over bulk data collection, expanding local law enforcement’s access to intelligence and enlisting tech companies to aid in thwarting extremism.

The campaign speaks of “balancing acts” between civil liberties and security, a departure from both liberaland conservative arguments that tend to diminish conflict between the two priorities. Asked to illustrate what Clinton means by “appropriate safeguards” that need to apply to intelligence collection in the US, the campaign holds out a 2015 reform that split the civil liberties community as a model for any new constraints on intelligence authorities.

The USA Freedom Act, a compromise that constrained but did not entirely end bulk phone records collection, “strikes the right balance”, said [former NSC and State Department staffer and current senior foreign policy advisor Laura] Rosenberger. “So those kinds of principles and protections offer something of a guideline for where any new proposals she put forth would be likely to fall.”

It then goes on to list a bunch of advisors who have been contributing advice on the “intelligence surge.”

The campaign did not identify the architects of the intelligence surge, but it pointed to prominent counter-terrorism advisers who have been contributing ideas.

They include former acting CIA director Michael Morell – who has come under recent criticism for his attacks on the Senate torture report – ex-National Counterterrorism Center director Matt Olsen; Clinton’s state department counter-terrorism chief Dan Benjamin; former National Security Council legal adviser Mary DeRosa; ex-acting Homeland Security secretary Rand Beers; Mike Vickers, a retired CIA operative who became Pentagon undersecretary for intelligence; and Jeremy Bash, Leon Panetta’s chief of staff at the CIA and Pentagon.

It appalls me that Hillary is getting advice from Mike Morell, who has clearly engaged in stupid propaganda both for her and the CIA (though he also participated in the Presidents Review Group that advocated far more reform than Obama has adopted). I take more comfort knowing Mary DeRosa is in the mix.

But I do wonder how you can take advice from Matt Olsen — who was instrumental in a lot of our current spying programs — and claim to adopt a balanced approach.

Olsen was the DOJ lawyer who oversaw the Yahoo challenge to PRISM in 2007 and 2008. He did two things of note. First, he withheld information from the FISC until forced to turn it over, not even offering up details about how the government had completely restructured PRISM during the course of Yahoo’s challenge, and underplaying details of how US person metadata is used to select foreign targets. He’s also the guy who threatened Yahoo with $250,000 a day fines for appealing the FISC decision.

Olsen was a key player in filings on the NSA violations in early 2009, presiding over what I believe to be grossly misleading claims about the intent and knowledge NSA had about the phone and Internet dragnets. Basically, working closely with Keith Alexander, he hid the fact that NSA had basically willfully treated FISA-collected data under the more lenient protection regime of EO 12333.

Charlie Savage provided two more details about Olsen’s fondness for bulk spying in Power Wars. As head of NCTC, Olsen was unsurprisingly the guy in charge of arranging, in 2012, for the NCTC to have access to any federal database it claimed might have terrorist information in it (thereby deeming all of us terrorists). Savage describes how, in response to his own reporting that NCTC was considering doing so — at a time when the plan was to have a further discussion about the privacy implications of the move — ODNI pushed through the change without that additional privacy consideration. That strikes me as the same kind of disdain for due process as Olsen exhibited during the Yahoo challenge.

Finally, Savage described how, when Obama was considering reforms to the phone dragnet in 2014, Olsen opposed having the FISC approve query terms before querying the database as legally unnecessary. It’s hard to imagine how Olsen would really be in favor of USAF type reforms, which codify that change.

In short, among Hillary’s named advisors, the one with the most direct past involvement in such decisions (and also the one likely to be appointed to a position of authority in the future) has advocated for more bulk spying, not less.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

emptywheel

If Snowden Doesn’t Know Privacy Protections of 702, That’s a Problem with NSA Training

The House Intelligence Committee just released a report — ostensibly done to insist President Obama not pardon Snowden — that is instead surely designed as a rebuttal to the Snowden movie coming out in general release tomorrow. Why HPSCI sees it as their job to refute Hollywood I don’t know, especially since they didn’t make the same effort when Zero Dark Thirty came out, which suggests they are serving as handmaidens of the Intelligence Community, not an oversight committee.

There will be lots of debates about the validity of the report. In some ways, HPSCI admits they’re being as inflammatory as possible, as when they note that the IC only did a damage assessment of what they think Snowden took, whereas DOD did a damage assessment of every single thing he touched. HPSCI’s claims are all based on the latter.

There are things that HPSCI apparently doesn’t realize makes them and the IC look bad — not Snowden — such as the claim that he never obtained a high school equivalent degree; apparently people can just fake basic credentials and the CIA and NSA are incapable of identifying that. The report even admits a previously unknown contact between Snowden and CIA’s IG, regarding the training of IT specialists. BREAKING: Snowden did try to report something through an official channel!

It concerns me the “Intelligence Committee” can’t distinguish between details that help and hurt their case.

Meanwhile, Snowden has a bunch of rebuttals here, which extends the game of he says they say, but doesn’t help clarity much.

On one issue, however, I’m particularly concerned: with the HPSCI claim that Snowden may not understand the privacy impact of the programs he leaked because he failed Section 702 training:

It is also not clear Snowden understood the numerous privacy protections that govern the activities of the IC. He failed basic annual training for NSA employees on Section 702 of the Foreign Intelligence Surveillance Act (FISA) and complained the training was rigged to be overly difficult. This training included explanations of the privacy protections related to the PRISM program that Snowden would later disclose.

There are several implications about this allegation. First, the passage suggests that Snowden never passed 702 training. But he did. The Chief of the SIGINT Compliance Division said this in an email written on the low side (and as such, probably written with knowledge it would be released publicly). “He said he had failed it multiple times (I’d have to check with ADET on that). He did pass the course at some point.” Even in the middle of a big to-do over this training, the NSA knew one thing for certain: Snowden did pass the test (even if they weren’t sure whether he had really failed it).

The passage also suggests the training program was really basic. But a Lieutenant Colonel who clearly worked with a lot of 702 analysts at some point had this to say about it: “It is not a gentleman’s course; *I* failed it once, the first time I had to renew.”

The passage also suggests that the training was worthwhile. Except days before the conflict, NSA’s IG reissued an IG Report that revealed problems with this and related training — including that NSA still had outdated materials pertaining to the Protect America Act available as the “current” standard operating procedures available online.

There’s evidence the NSA’s training materials and courses at the time had significant errors. A revised Inspector General report on Section 702 of FISA, reissued just days before Snowden returned to Maryland for training on the program in 2013, found that the Standard Operating Procedures (SOPs) posted on the NSA’s internal website, purportedly telling analysts how to operate under the FISA Amendments Act passed in 2008, actually referenced a temporary law passed a year earlier, the Protect America Act.

“It is unclear whether some of the guidance is current,” the report stated, “because it refers only to the PAA,” a law that had expired years before. A key difference between the two laws pertains to whether the NSA can wiretap an American overseas under EO 12333 with approval from the attorney general rather than a judge in a FISA Court. If the SOPs remained on the website when Snowden was training, it would present a clear case in which NSA guidance permitted actions under EO 12333 that were no longer permitted under the law that had been passed in 2008.

Similarly, a key FISA Amendments Act training course (not the one described in the face-to-face exchange, but another one that would become mandatory for analysts) didn’t explain “the reasonable belief standard,” which refers to how certain an analyst must be that their target was not an American or a foreigner in the US — a key theme of Snowden’s disclosures. While some work on both these problems had clearly been completed between the time of the report’s initial release and its reissue just days before Snowden showed up in Maryland, both these findings remained open and had been assigned revised target completion dates in the reissued report, suggesting the IG had not yet confirmed they had been fixed.

Perhaps most troubling, to me, is that HPSCI repeats as true a story that should not be treated as such by anyone — because the story has a number of problems, and the person who told it almost certainly didn’t write it down for a full year after it happened, and then, only in response to Snowden’s claims about the interaction. I don’t know whether she was telling the truth or Snowden (or, most likely, both were shading the truth), but given the circumstances of the evidence, neither one should be assumed to be credible. But this report treats it, perhaps unaware of the many problems and inconsistencies with the story, as credible.

Ultimately, though, if Snowden didn’t fully appreciate the privacy protections of PRISM, you can’t attribute that to the training program, because he took and passed it.

Remarkably, this dodgy claim is the only evidence HPSCI has to claim that Snowden didn’t understand the privacy implications of what he was looking at. I’m fully willing to admit that reporting (that is, second-hand from Snowden) has made errors. But if NSA’s overseers can’t assess Snowden’s public comments about the programs they allegedly oversee, then they’re not doing their job.

Unless their job extends only to running PR for the agencies they are supposed to oversee.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Government Uses FISCR Fast Track to Put Down Judges’ Rebellion, Expand Content Collection

Since it was first proposed, I’ve been warning (not once but twice!) about the FISCR Fast Track, a part of the USA Freedom Act that would permit the government to immediately ask the FISA Court of Review to review a FISC decision. The idea was sold as a way to get a more senior court to review dodgy FISC decisions. But as I noted, it was also an easy way for the government to use the secretive FISC system to get a circuit level decision that might preempt traditional court decisions they didn’t like (I feared they might use FISCR to invalidate the Second Circuit decision finding the phone dragnet to be unlawful, for example).

Sure enough, that’s how it got used in its first incarnation — not just to confirm that the FISC can operate by different rules than criminal courts, but also to put down a judges rebellion.

As I noted back in 2014, the FISC has long permitted the government to collect Post Cut Through Dialed Digits using FISA pen registers, though it requires the government to minimize anything counted as content after collection. PCTDD are the numbers you dial after connecting a phone call — perhaps to get a particular extension, enter a password, or transfer money. The FBI is not supposed to do this at the criminal level, but can do so under FISA provided it doesn’t use the “content” (like the banking numbers) afterwards. FISC reviewed that issue in 2006 and 2009 (after magistrates in the criminal context deemed PCTDD to be content that was impermissible).

At least year’s semiannual FISC judges’ conference, some judges raised concerns about the FISC practice, deciding they needed to get further briefing on the practice. So when approving a standing Pen Register, the FISC told the government it needed further briefing on the issue.

Screen Shot 2016-08-22 at 5.39.13 PM

The government didn’t deal with it for three months until just as they were submitting their next application. At that point, there was not enough time to brief the issue at the FISC level, which gave then presiding judge Thomas Hogan the opportunity to approve the PRTT renewal and kick the PCTDD issue to the FISCR, with an amicus.

Screen Shot 2016-08-22 at 5.43.08 PM

This minimized the adversarial input, but put the question where it could carry the weight of a circuit court.

Importantly, when Hogan kicked the issue upstairs, he did not specify that this legal issue applies only to phone PRTTs.

Screen Shot 2016-08-22 at 5.45.02 PM

At the FISCR, Mark Zwillinger got appointed as an amicus. He saw the same problem as I did. While the treatment of phone PCTDD is bad but, if properly minimized, not horrible, it becomes horrible once you extend it to the Internet.

Screen Shot 2016-08-22 at 5.59.12 PM

The FISCR didn’t much care. They found the collection of content using a PRTT, then promising not to use it except to protect national security (and a few other exceptions to the rule that the government has to ask FISC permission to use this stuff) was cool.

Screen Shot 2016-08-22 at 5.47.34 PM

Along the way, the FISCR laid out several other precedents that will have really dangerous implications. One is that content to a provider may not be content.

Screen Shot 2016-08-22 at 5.55.29 PM

This is probably the issue that made the bulk PRTT dragnet illegal in the first place (and created problems when the government resumed it in 2010). Now, the problem of collecting content in packets is eliminated!

Along with this, the FISCR extended the definition of “incidental” to apply to a higher standard of evidence.

Screen Shot 2016-08-22 at 6.07.50 PM

Thus, it becomes permissible to collect using a standard that doesn’t require probable cause something that does, so long as it is “minimized,” which doesn’t always mean it isn’t used.

Finally, FISCR certified the redefinition of “minimization” that FISC has long adopted (and which is crucial in some other programs). Collecting content, but then not using it (except for exceptions that are far too broad), is all good.

Screen Shot 2016-08-22 at 6.01.41 PM

In other words, FISCR not only approved the narrow application of using calling card data but not bank data and passwords (except to protect national security). But they also approved a bunch of other things that the government is going to turn around and use to resume certain programs that were long ago found problematic.

I don’t even hate to say this anymore. I told privacy people this (including someone involved in this issue personally). I was told I was being unduly worried. This is, frankly, even worse than I expected (and of course it has been released publicly so the FBI can start chipping away at criminal protections too).

Yet another time my concerns have been not only borne out, but proven to be insufficiently cynical.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Until at Least 2014, NSA Was Having Troubles Preventing Back Door Searches of Upstream Searches

Since NSA’s practice of conducting back door searches — searches of already collected data based off the targeting of foreigners — became widely known, the spooks have offered a few assurances about why we don’t have to worry about these back door searches. For example, the US person identifiers have to be pre-approved and the NSA won’t conduct back door searches of upstream data, which sometimes includes entirely domestic communications.

According to the Semiannual Reports on Section 702 released some weeks ago, those assurances are fairly hollow, or at least were during the 2013 to 2014 timeframe.

The March 2014 report, which covers the period from December 1, 2012 through May 31, 2013, revealed that the semiannual review process could not directly monitor back door searches on US person identifiers because that information is not kept in a centralized place.

It should be noted both that NSA’s efforts to review queries are not limited to Section 702 authorities and that, at this time, content queries are not specifically identified as containing United States person identifiers. As such, and as the Government previously represented to Congress, NSD and ODNI cannot at this time directly monitor content queries using United States person identifiers because these records are not kept in a centrally located repository. While the changes described above in NSA’s super audit process have not changed this status, NSA is exploring whether future queries using United States person identifiers could be identified and centralized. In the meantime, and in accordance with NSA’s minimization procedures, NSD and ODNI review NSA’s approval of any United States person identifiers used to query unminimized Section 702- acquired communications.

This appears to indicate that internal overseers could not audit the actual queries completed, but instead only reviewed the identifiers used to query data to make sure they were approved. Which, in turn, means the NSA’s targeting of foreigners and dissemination of reports on them got monitored more closely than NSA’s spying on Americans.

The following report — completed in October 2014 and covering the period June 1, 2013 through November 30, 2013 — reports a predictable consequence of the inability to monitor the actual queries conducted as back door searches: prohibited back door searches on upstream data.

(TS//SI//NF) The joint oversight team, however, is concerned about the increase in incidents involving improper queries using United States person identifiers, including incidents involving NSA’s querying of Section 702-acquired data in upstream data using United States Person identifiers. Specifically, although section 3(b)(5) of NSA’s Section 702 minimization procedures permits the scanning of media using United States person identifiers, this same section prohibits using United States person identifiers to query Internet communications acquired through NSA’s upstream collection techniques. NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([redacted]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

While the actual number is redacted, the number is high enough to refer to to “many” improper searches of upstream content.

That explicit violation of the rules set by Bates in 2011 was part of a larger trend of back door search violations, including analysts not obtaining approval to query Americans’ identifiers.

(TS//SI//NF) In addition, section 3(b)(5) of NSA’s Section 702 minimization procedures requires that queries using United States person identifiers must be first be approved in accordance with NSA internal procedures. In this reporting period, [redacted] NSA was in non-compliance with this requirement, either because a prior authorization was not obtained or the authorization to query had expired. For example, in NSA Incidents [redacted] NSA analysts performed queries using United States person identifiers that had not been approved as query terms. These queries occurred for a variety of reasons, including because analysts continued queries on terms that they suspected (but had not confirmed) were used by United States persons, forgot to exclude Section 702 data from queries [redacted], or did not realize that [redacted] constitute a United States person identifier even if the analyst was seeking information on a non-United States person.

Among other things, the third redaction in this passage appears to suggest that analysts conduct back door searches on data generally, presumably including both EO 12333 and 702 obtained data, but have to affirmatively exclude Section 702 data to stay within the rules laid out in the minimization procedures.

Consider the timing of this: the reporting of “many” back door search and other US person query violations occurred in the first post-Snowden period. While the fact NSA did back door searches was knowable from the 2012 SSCI report on Section 702 renewal, it did not become general knowledge among members of Congress and the general public until Snowden leaked more explicit confirmation of it. And all of a sudden, as soon as people started complaining about back door searches and Congress considered regulating it, NSA’s overseers discovered that NSA wasn’t following an explicit prohibition on searching upstream data. One of several risks of back door searching upstream data is it may amount to searching data collected domestically, or even entirely domestic communications.

And while the details get even more redacted, it appears the problem did not go away in the following period, the December 1, 2013 through May 31, 2014 reviews reported in a June 2015 report. After a very long redaction on targeting, the report recommends NSA require analysts to state whether they believe they’re querying on a US person.

Additionally, but separately, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent instances of otherwise approved United States person query terms being used to query upstream Internet transactions, which is prohibited by the NSA minimization procedures.64

The footnote that modifies that discussion is entirely redacted.

The June 2015 report was the most recent one released, so it is unclear whether simply requiring analysts to confirm that they are querying Americans solved the improper back door searches of upstream data. But at least as of the most recently released report, the two most troubling aspects of Section 702 surveillance — the upstream searching on Internet streams and back door unwarranted searches on US person identifiers — were contributing to “many” violations of NSA’s rules.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

“Only Facts Matter:” Jim Comey Is Not the Master Bureaucrat of Integrity His PR Sells Him As

Since Jim Comey’s showy press conference yesterday, the press has rehashed Jim Comey’s carefully cultivated image as a Boy Scout, with outlet after outlet replaying the story of how he ran up some hospital steps once.

Sadly, even DOJ beat journalists seem unable to point out that that image has been carefully cultivated over years. Comey is a PR master.

But as I have written on several occasions, the story is more complicated. That’s true, first of all, because the 2004 hospital confrontation, in which Comey and a bunch of other DOJ officials threatened to quit and therefore allegedly shut down some illegal wiretap programs, did not end in March 2004. On the contrary, for the main unlawful program we know about — the Internet dragnet — that confrontation ended in July 2004 when, after some serious arm-twisting, DOJ got FISC presiding judge Colleen Kollar-Kotelly to authorize substantially the same Internet dragnet they refused to authorize themselves.  The arguments they used to pull that off are fairly breath-taking.

The hospital confrontation only served to hide illegal surveillance under a new rock

First, they told Kollar-Kotelly she had to reauthorize the dragnet because terrorists wanted to plan an election year plot; as I note below, that claim was largely based on a fabrication.

Then, they argued that the standard for approval of a bulk Pen Register/Trap and Trace order was the same (arguably lower) as any other PRTT order focused on an individual. Kollar-Kotelly, DOJ argued, had no discretion over whether or how to approve this.

DOJ told Kollar-Kotelly she had no authority to do anything but approve their expansive plan to collect Internet data from telecom switches. “[T]he Court ‘shall’ authorize a pen register … if an application brought before it complies with the requirements of the statute.” Even though, by collecting Internet metadata in bulk, the government would take away FISC’s authority to review whether the targets were agents of a foreign power, DOJ argued she had no authority to determine whether this bulk data — which she deemed an “enormous” amount — was “relevant” to the FBI’s investigations into terrorism.

And that meaning — which the government expanded even further in 2006 to claim the phone records of every single American were “relevant” to the FBI’s standing terrorism investigations — “requires no stretching of the ordinary meaning of the terms of the statute at all,” they claimed, in apparent seriousness.

DOJ further argued that’s the way the FISA court — which Congress created in 1978 to provide real judicial review while permitting the executive to keep its foreign spying secret — is supposed to work. Having FISC rubber-stamp the program they themselves had refused to authorize “promotes both of the twin goals of FISA,” DOJ argued, “facilitating the foreign-intelligence collection needed to protect American lives while at the same time providing judicial oversight to safeguard American freedoms.”

Their claim this involved oversight is especially rich given that DOJ and FISC argued then — and continued to argue at least through 2010 when John Bates would reauthorize and expand this dragnet — that the FISC had no authority to impose minimization procedures for bulk collected data, which has historically been the sole way FISC exercises any oversight. Then, during the period of the very first dragnet order, NSA “discovered” it was violating standards Kollar-Kotelly imposed on the collection (effectively, violating the minimization procedures). But in spite of the fact that she then imposed more requirements, including twice quarterly spot checks on the collection, those violations continued unabated until NSA’s Inspector General finally started, on Reggie Walton’s order, an (aborted) real review of the collection in 2009. At that point, OGC all of a sudden “discovered” that their twice-quarterly spot checks had failed to notice that every single record NSA had collected during that 5 year period had violated FISC standards.

In short, the program was never, ever, in legal compliance. That was the solution Comey achieved to the unlawful program he got shut down.

DOJ’s — Jim Comey’s — efforts to undercut FISC not only led to other really problematic FISC decisions based on this precedent (including, but not limited to, the phone dragnet in 2006 and upstream collection in 2007), but also gave illegal collection the patina of legality solely by making someone else authorize a program she couldn’t oversee.

DOJ deliberately bypassed Congress because they knew it wouldn’t approve the surveillance

Along with radically changing the nature of FISC in the wake of the hospital confrontation, DOJ — Jim Comey — affirmatively bypassed Congress because they didn’t want to tell America it was spying on them in bulk.

DOJ pointed to language showing Congress intended pen registers to apply to the Internet; they pointed to the absence of language prohibiting a pen register from being used to collect data from more than a single user, as if that’s the same as collecting from masses of people and as if that proved congressional intent to wiretap everyone.

And then they dismissed any potential constitutional conflict involved in such broad rereadings of statutes passed by Congress. “In almost all cases of potential constitutional conflict, if a statute is construed to restrict the executive, the executive has the option of seeking additional clarifying legislation from Congress,” the heroes of the hospital confrontation admitted. The White House had, in fact, consulted Majority Leader Tom DeLay about doing just that, but he warned it would be too difficult to get new legislation. So two months later, DOJ argued Congress’ prerogative as an independent branch of government would just have to give way to secrecy. “In this case, by contrast, the Government cannot pursue that route because seeking legislation would inevitably compromise the secrecy of the collection program the Government wishes to undertake.”

This was a pretty big assault on separation of powers, and not one justified by the efficacy of the program or the needs of the collection.

While I won’t go into it here, this is all about the best known part of the Stellar Wind program that was not so much “shut down” as “dumped into someone else’s legal lap.” There’s another aspect of Stellar Wind — one I don’t yet fully understand — that Comey reauthorized on his own, one that has gotten no reporting. I hope to return to this.

Comey’s DOJ lets itself be manhandled into reauthorizing torture and surveillance

There’s an intimately related effort Comey gets some credit for which in fact led to fairly horrible conclusions: torture. Jack Goldsmith, with Comey’s backing, also withdrew the shoddy John Yoo memo authorizing waterboarding and other torture (Goldsmith also prevented Yoo from retroactively authorizing more techniques).

But on July 2, 2004 — two weeks before Goldsmith left — the intelligence community found another detainee it just had to torture, Janat Gul, based on already questioned claims he wanted to plan an election year attack. They had a Principal’s Committee meeting to discuss what to do. After Jim Comey and John Bellinger left the meeting, the PC agreed to engage in torture again (though not waterboarding). Five days later Goldsmith wrote to ensure the IC knew this meant they had to follow the guidelines laid out under the original Yoo memo. By September, after Gul and some associates had been tortured extensively — each time with Dan Levin writing what I’m sure he imagined to be a soundly reviewed approval for the torture — Levin had approved waterboarding again, along with the techniques Goldsmith had prevented Yoo from retroactively and unilaterally authorizing. OLC repeatedly promised a more fulsome memo laying out the approval offered, ostensibly in reaction to an immediate need, in 2004. Jim Comey initiated that process in fall and December 2004. But in the end, the technique memos completed by Steven Bradbury in May 2005 authorized both waterboarding, as well as all the other conditions (primarily techniques use in combination) Comey seems to have tried to have set to make them impossible to use again. Comey resigned right before these memos were finalized, so it’s possible he made another — failed — attempt to prevent the illegal program by threatening to quit; he did, however, stick around for another three months before he moved onto his sinecures at Lockheed and Bridgewater.

Here’s the tragic thing about this unsuccessful effort to impose order on the torture program: it, like the Iraq War itself, was based on a fabricator.

CIA came to Comey and others, said, “this guy wants to attack the presidential elections so we need a dragnet and torture,” to which DOJ said okay.

The CIA in March 2004 received reporting from a source the torture report calls “Asset Y,” who said a known Al-Qaeda associate in Pakistan, Janat Gul — whom CIA at the time believed was a key facilitator — had set up a meeting between Asset Y and Al-Qaeda’s finance chief, and was helping plan attacks inside the United States timed to coincide with the November 2004 elections. According to the report, CIA officers immediately expressed doubts about the veracity of the information they’d been given by Asset Y. A senior CIA officer called the report “vague” and “worthless in terms of actionable intelligence.” He noted that Al Qaeda had already issued a statement “emphasizing a lack of desire to strike before the U.S. election” and suggested that since Al-Qaeda was aware that “threat reporting causes panic in Washington” and inevitably results in leaks, planting a false claim of an election season attack would be a good way for the network to test whether Asset Y was working for its enemies. Another officer, assigned to the group hunting Osama bin Laden, also expressed doubts.

[snip]

Nevertheless, the CIA took seriously Asset Y’s claim that Gul was involved in an election plot and moved quickly to gain custody of him after his arrest by Pakistan in June 2004. Even before CIA rendered Gul to its custody, Tenet started lobbying to get torture techniques reapproved for his interrogation.

On June 29, Tenet wrote National Security Adviser Condoleezza Rice seeking approval to once again use some of the techniques whose use he suspended less than four weeks earlier, in the hope of gathering information on the election season plot. “Given the magnitude of the danger posed by the pre-election plot and Gul’s almost certain knowledge of any intelligence about that plot” Tenet wrote, relying on Asset Y’s claims, “I request the fastest possible resolution of the above issues.”

[snip]

Soon after the reauthorization of the torture and the Internet dragnet, the CIA realized ASSET Y’s story wasn’t true. By September, an officer involved in Janat Gul’s interrogation observed, “we lack credible information that ties him to pre-election threat information or direct operational planning against the United States, at home or abroad.” In October, CIA reassessed ASSET Y, and found him to be deceptive. When pressured, ASSET Y admitted had had made up the story of a meeting set up by Gul. ASSET Y blamed his CIA handler for pressuring him for intelligence, leading him to lie about the meeting.

By 2005, CIA had concluded that ASSET Y was a fabricator, and Janat Gul was a “rather poorly educated village man [who is] quite lazy [who] was looking to make some easy money for little work and he was easily persuaded to move people and run errands for folks on our target list” (though the Agency wasn’t always forthright about the judgment to DOJ).

During Comey’s entire effort — to put order to the dragnet, to put order to the torture — he was in fact being led by the nose by the CIA, once again using the report of a fabricator to authorize actions the US had no business engaging in.

If that were all, I’d consider this a tragic story: poor Jim Comey trying to ensure the US does good, only to be undermined by the dishonest folks at the CIA, using asymmetric information again to ensure their ass gets covered legally.

Jim Comey refuses to review what he did in 2004 and 2005

But here’s the part that, in my opinion, makes being snookered by the CIA unforgivable. Thus far, Comey has refused to read the full Torture Report to learn how badly he got snookered, even though he promised Dianne Feinstein to do so in his confirmation process.

I am specifically intrigued by Comey’s apparent lack of curiosity about the full report because of his actions in 2005.

As these posts lay out (one, two), Comey was involved in the drafting of 2 new OLC memos in May 2005 (though he may have been ignorant about the third). The lies CIA told OLC in 2004 and then told OLC again in 2005 covering the same torture were among the worst, according to Mark Udall. Comey even tried to hold up the memo long enough to do fact gathering that would allow them to tie the Combined memo more closely to the detainee whose treatment the memo was apparently supposed to retroactively reauthorize. But Alberto Gonzales’ Chief of Staff Ted Ullyot told him that would not be possible.

Pat [Philbin] explained to me (as he had to [Steven Bradbury and Ted Ullyot]) that we couldn’t make the change I thought necessary by Friday [April 29]. I told him to go back to them and reiterate that fact and the fact that I would oppose any opinion that was not significantly reshaped (which would involve fact gathering that we could not complete by Friday).

[snip]

[Ullyot] mentioned at one point that OLC didn’t feel like it would accede to my request to make the opinion focused on one person because they don’t give retrospective advice. I said I understood that, but that the treatment of that person had been the subject of oral advice, which OLC would simply be confirming in writing, something they do quite often.

At the end, he said that he just wanted me to know that it appeared the second opinion would go [Friday] and that he wanted to make sure I knew that and wanted to confirm that I felt I had been heard.

Presuming that memo really was meant to codify the oral authorization DOJ had given CIA (which might pertain to Hassan Ghul or another detainee tortured in 2004), then further details of the detainee’s torture would be available in the full report. Wouldn’t Comey be interested in those details now?

But then, so would details of Janat Gul’s torture, whose torture was retroactively authorized in an OLC memo Comey himself bought off on. Maybe Comey has good reason not to want to know what else is in the report.

Sure, he may be doing so to prevent Jason Leopold from liberating the report via FOIA. But in doing so, he is also refusing to examine his own actions, his own willingness to reauthorize the dragnet and torture he had just shut down in the service of a lie. He is refusing to consider whether the deals he made with the devil in 2004 were unsound.

Even here, I might just consider this a tragic story, of a morally just man bested by bureaucratic forces both more sinister and dishonest than Comey.

Except for Comey’s Manichean view of the world.

His world is separated into the Good Guys who should have access to encryption and the Bad Guys who should not, the loyal people like Hillary who can be “extremely careless in their handling of very sensitive, highly classified information” with no legal consequences and the disloyal people like Thomas Drake who get prosecuted for doing the very same things.

That’s not the world where self-proclaimed Boy Scout Jim Comey assents to the reauthorization of torture and dragnets based on a fabrication with no repercussions or even soul-searching.

I mean, I get it. There is no place for Boy Scouts in the top ranks of our national security state. I get that you’re going to lose bureaucratic fights to really immoral causes and manipulative spooks. I get you’re sometimes going to get the so-called trade-off between liberty and security wrong, especially when you get lied to.

But given that reality, there is no place for pretend Boy Scouts. There is no place to pretend your world is as easy as running up some hospital steps, victory!, we’ve vanquished presidential abuses so let’s go dismantle separation of powers! That’s just naive, but in the service of the FBI Director, it legitimizes a really unjust — morally-rather-than-legally-based — method of policing.

Comey seems to believe his self-created myth at this point, and that’s a very dangerous spot for a guy deigning to be the investigator and prosecutor of who is loyal and who disloyal.

Update: Matthew Miller wrote up his criticism of Comey’s abuse of power here.

Update: Here’s an interview I did for Pacifica on the email question generally.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Shaping Traffic and Spying on Americans

Screen Shot 2016-06-29 at 8.07.56 AMAt the Intercept earlier this week, Peter Maass described an interview he had with a former NSA hacker he calls Lamb of God — this is the guy who did the presentation boasting “I hunt SysAdmins.” On the interview, I agree with Bruce Schneier that it would have been nice to hear more from Lamb of God’s side of things.

But the Intercept posted a number of documents that should have been posted long, long ago, covering how the NSA “shapes” Internet traffic and how it identifies those using Tor and other anonymizers.

I’m particularly interested in the presentations on shaping traffic — which is summarized in the hand-written document to the right and laid out in more detail in this presentation.

Both describe how the NSA will force Internet traffic to cross switches where it has collection capabilities. We’ve known they do this. Beyond just the logic of it, some descriptions of NSA’s hacking include descriptions of tracking traffic to places where a particular account can be hacked.

But the acknowledgement that they do this and discussions of how they do so is worth closer attention.

That’s true, first of all, because of wider discussions of cable maps. In discussing the various ways to make Internet traffic cross switches to which the NSA has access, Lamb of God facetiously (as is his style) suggests you could bomb or cut all the cable lines that feed links to which the NSA doesn’t have access.

Screen Shot 2016-07-01 at 9.13.22 AM

Lamb of God dismisses this possibility as “fun to think about, but not very reasonable.”

But we know that cable lines do get cut. Back in 2008, for example, there were a slew of cables coming into the Middle East that got cut at one time (though that may have been designed to cut Internet communication more generally). Then there’s the time in 2012 when NSA tried to insert an exploit into a Syrian route, only to knock out almost all of the country’s Internet traffic.

One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the US government was responsible. (This is the first time the claim has been revealed.)

Inside the TAO operations center, the panicked government hackers had what Snowden calls an “oh shit” moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.

Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage. Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”

Again, we’ve known this happened, which is why it would have been nice to have this presentation three years ago, if only to explain the concept to those who don’t factor it into considerations of how the NSA works.

The other reason this is important is because of the possibility the NSA could deliberately shape traffic to take it out of FISA-controlled domestic space and into EO 12333-governed international space, a possibility envisioned in a 2015 paper. The slides from the paper present the same techniques laid out in the NSA presentation as hypothetical. And, as their more accessible write up explains, the NSA’s denials about this practice don’t actually address their underlying argument, which is that 1) the technology would make this easy, 2) the legal regime is outdated and thereby tolerates such loopholes, and 3) the parts of declassified versions of USSID-18 that might address it are all redacted.

In the paper, we reveal known and new legal and technical loopholes that enable internet traffic shaping by intelligence authorities to circumvent constitutional safeguards for Americans. The paper is in some ways a classic exercise in threat modeling, but what’s rather new is our combination of descriptive legal analysis with methods from computer science. Thus, we’re able to identify interdependent legal and technical loopholes, mostly in internet routing. We’ll definitely be pursuing similar projects in the future and hope we get other folks to adopt such multidisciplinary methods too.

As to the media coverage, the CBS News piece contains some outstanding reporting and an official NSA statement that seeks – but fails – to debunk our analysis:

However, an NSA spokesperson denied that either EO 12333 or USSID 18 “authorizes targeting of U.S. persons for electronic surveillance by routing their communications outside of the U.S.,” in an emailed statement to CBS News.

“Absent limited exception (for example, in an emergency), the Foreign Intelligence Surveillance Act requires that we get a court order to target any U.S. person anywhere in the world for electronic surveillance. In order to get such an order, we have to establish, to the satisfaction of a federal judge, probable cause to believe that the U.S. person is an agent of a foreign power,” the spokesperson said.

The NSA statement sidetracks our analysis by re-framing the issue to construct a legal situation that conveniently evades the main argument of our paper. Notice how the NSA concentrates on the legality of targeting U.S. persons, while we argue that these loopholes exist when i) surveillance is conducted abroad and ii) when the authorities do not “intentionally target a U.S. person.” The NSA statement, however, only talks about situations in which U.S. persons are “targeted” in the legal sense.

As we describe at length in our paper, there are several situations in which authorities don’t intentionally target a U.S. person according to the legal definition, but the internet traffic of many Americans can in fact be affected.

Once you’re collecting in bulk overseas, you have access to US person communications with a far lower bar than you do under the FISA regime (which is what John Napier Tye strongly suggested he had seen).

This is one of the reasons I think the NSA’s decision not to answer obvious questions about where FISA ends and EO 12333 begins, in the context of concerns Snowden raised at precisely the time he was learning about this traffic shaping, to be very newsworthy. Using traffic shaping to access US person content even if it’s only in bulk (in the same way that hacking Google cables overseas) clearly bypasses the FISA regime. We don’t know that they do this intentionally for US traffic. But we do know it would be technically trivial for the NSA to pull off, and we do know that multiple NSA documents make it clear they were playing in that gray area at least until 2013 (and probably 2014, when Tye came forward).

The traffic shaping paper ultimately tries to point out how our legal regime fails to account for obvious technical possibilities, technical possibilities we know NSA exploits, at least overseas. Particularly as ODNI threatens to permit the sharing EO 12333 data more broadly — along with access to back door searches — this possibility needs to be more broadly discussed.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

In 2010, DOJ Was Stalling Gang of Four Member Silvestre Reyes Over (Probably) Common Commercial Services Memo

As far as the public record shows, Ron Wyden first started complaining about the Common Commercial Service OLC Memo in late 2010, in a letter with Russ Feingold written “over two years” before January 14, 2013. As I’ve written, John Yoo wrote the memo on May 30, 2003, as one of the last things he did before he left the Office of Legal Council. It seems to have something to do with both the Stellar Wind program and cybersecurity, and apparently deals with agreements with private sector partners. At least one agency has operated consistently with the memo (indeed, Ron Wyden’s secret memo submitted to the court probably says the memo was implemented) but the government claims that doesn’t mean that agency relied on the memo and so the ACLU can’t have it in its FOIA lawsuit.

According to a letter liberated by Jason Leopold, however, someone in Congress was raising concerns about a memo — which is probably the same one — even before Wyden and Feingold were. On June 30, 2010, then Chair of the House Intelligence Committee Silvestre Reyes wrote Attorney General Holder a letter about a May 30, 2003 memo. On October 5, Ron Weich wrote Reyes,

We have conferred with Committee staff about your letter and your concerns regarding the potential implications of the opinion. We appreciate your concerns and your recognition of the complexities of the issues involved in our consideration of your request. We will let you know as soon as we are in a position to provide additional information.

In other words, three months after one of the top ranking intelligence overseers in government raised concerns about the memo, DOJ wrote back saying they weren’t yet “in a position to provide additional information.”

That seems like a problem to me.

It also seems to be another data point suggesting that — whatever the government did back in 2003, after Yoo wrote the memo — it was being discussed more generally in 2010, possibly with an eye to implement it.

Update: On reflection, I may have overstated how sure we can be that this May 30 opinion is the same opinion. I’ve adjusted the post accordingly.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Facebook’s Flip-Flop: Is It a Law Enforcement Thing?

Kash Hill has a fascinating story about a Facebook flip-flop over a story she reported yesterday.

It started when — as increasingly happens in her work — someone came to her with a scary problem. Facebook recommended he friend someone he had only just met for the first time at a meeting for parents of suicidal teens. In response, Facebook confirmed they do use co-location for such recommendations.

Last week, I met a man who was concerned that Facebook has used his smartphone location to figure out people he might know. After he attended a gathering for suicidal teens, Facebook recommended one of the other parents there as a friend, even though they seemingly had nothing else in common but being in the same place at the same time. He asked me whether Facebook was using location to figure out if people knew each other.

I was skeptical, because that seemed like such an egregious violation of privacy. On Friday, I emailed Facebook:

A Facebook user told me that he attended an event last week with people he’d never met before. The next morning, one of the people at the event came up as a suggested friend. They had no other ties beyond being in the same room the night before. Could their shared location have resulted in the suggestion?

A spokesperson responded, saying that location is one of the signals for “People You May Know.”

But then, as people started making a stink about this, Facebook reached out again and offered this oblique reversal.

Thus I reported that “Facebook is using your phone’s location to suggest new friends—which could be a privacy disaster.” The story garnered lots of negative feedback, with people upset about Facebook using their location information this way without telling them.

Then, on Monday night, the Facebook spokesperson reached out again, saying the company had dug into the matter and found that location isn’t currently used. She sent an updated statement:

“We’re not using location data, such as device location and location information you add to your profile, to suggest people you may know. We may show you people based on mutual friends, work and education information, networks you are part of, contacts you’ve imported and other factors.”

One part of this comment is easy: Facebook is not using locations you mark for yourself (so if I said I was in Grand Rapids, they wouldn’t use that to find new Grand Rapids friends for me). But it’s not really clear what they mean by “device location.” Determined by what? GPS? Cell tower? IP location? Wifi hotspot colocation?

Which got me thinking about the way that federal law enforcement (in both the criminal and FISA context, apparently) are obtaining location data from social media as a way to tie physical location to social media activity.

[Magistrate Stephen Smith] explained he had had several hybrid pen/trap/2703(d) requests for location and other data targeting WhatsApp accounts. And he had one fugitive probation violation case where the government asked for the location data of those in contact with the fugitive’s Snapchat account, based on the logic that he might be hiding out with one of the people who had interacted with him on Snapchat. The providers would basically be asked to to turn over the cell site location information they had obtained from the users’ phone along with other metadata about those interactions. To be clear, this is not location data the app provider generates, it would be the location data the phone company generates, which the app accesses in the normal course of operation.

Doing so with Facebook would be particularly valuable, as you could target an event (say, a meeting of sovereign citizens) and find out who had attended the meeting to see whose location showed up there. The application would be even more useful with PRISM, because if you were targeting meetings overseas, you wouldn’t need to worry about the law on location data.

In other words, I started wondering whether Facebook is using this application — and was perfectly willing to tell Hill about it — until the FBI or someone started complaining that people would figure out one of their favorite new law enforcement (and intelligence) methods.

Hill is still pressing Facebook for real answers (and noted that Facebook may be violating FTC rules if they are doing this, so expects answers from there if not from Facebook directly).

Still, I’m wondering if FBI is now telling our private spy companies they can’t reveal the techniques law enforcement most likes to rely on.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Ron Wyden: Obtaining ECTRs without a Warrant Is Almost Like Spying on Someone’s Thoughts

Screen Shot 2016-06-28 at 8.50.20 AM

As a number of outlets have reported, Ron Wyden has placed a hold on the Intelligence Authorization in an attempt to thwart FBI’s quest to be able to obtain Electronic Communication Transaction Records with just a National Security Letter.

But Wyden’s released statement on that hold differs in emphasis from what he said in his Senate address announcing the hold yesterday. The statement describes how all toll records — from emails, texts, or web browsing — can infringe on privacy.

The fact of the matter is that ‘electronic communication transaction records’ can reveal a great deal of personal information about individual Americans.  If government officials know that an individual routinely emails a mental health professional, or sends texts to a substance abuse support group, or visits a particular dating website, or the website of a particular political group, then the government knows a lot about that individual.  Our Founding Fathers rightly argued that such intrusive searches should be approved by independent judges.

But in his floor statement, Wyden went on at length about the particular threat posed by obtaining web browsing history (this starts after 4:40).

For example, the National Security Letters could be used to collect what are called Electronic Communication Transaction Records. This would be email and chat records and text message logs, and in particular, Mr. President, and I’ve had Senators come up to me to ask me about whether this could be true, folks at home this weekend, when I was out and responding to questions about this, people asked, “Does this really mean that the government can get the Internet browsing history of an individual without a warrant even when the government has the emergency authority if it’s really necessary?”

And the answer to that question, Mr. President, is yes, the government can. The government can get access to web browsing history under the Intelligence Authorization legislation, under the McCain amendment, and they can do it without getting a warrant, even when the government can go get it without a warrant when there is an emergency circumstance.

Now the reality is web browsing history can reveal an awful lot of information about Americans. I know of little information, frankly Mr. President, that could be more intimate than that web browsing history. If you know that a person is visiting the website of a mental health professional, or a substance abuse support group, or a particular political organization, or — say — a particular dating site, you know a tremendous amount of private and personal and intimate information about that individual — that’s what you get when you can get access to their web browsing history without a warrant, even when the government’s interest is protected, as I’ve said, in an emergency.

The reality is getting access to somebody’s web browsing history is almost like spying on their thoughts. This level of surveillance absolutely ought to come with court oversight, and as I’ve spelled out tonight, that is possible in two separate ways — the traditional approach with getting a warrant, and then under Section 102, which I wrote as part of USA Freedom Act, the government can get the information when there’s an emergency and come back later after the fact and settle up.

Wyden’s statement makes a few other things clear. First, by focusing on the emergency provision of USA Freedom Act, Wyden illustrates that the FBI is trying to avoid court oversight, not so much obtain records quickly (though there would be more paperwork to a retroactive Section 215 order than an NSL).

That means two things. First, as I’ve noted, FBI is trying to avoid the minimization procedures the FISC spent three years imposing on FBI. Right now, we should assume that FISC would prohibit FBI from retaining all of the data it obtains from web searches, but if it moved (back) to NSL collection it would have no such restriction.

The other thing obtaining ECTRs with NSLs would do, though, is avoid a court First Amendment review, which should be of particular concern with web search history, since everything about web browsing involves First Amendment speech. Remember, a form of emergency provision (one limited to Section 215’s phone chaining application) was approved in February 2014. But in the September 2014 order, the FISC affirmatively required that such a review happen even with emergency orders. A 2015 IG Report on Section 215 (see page 176) explains why this is the case: because once FISC started approving seeds, NSA’s Office of General Counsel stopped doing First Amendment reviews, leaving that for FISC. It’s unclear whether it took FISC several cycles to figure that out, or whether they discovered an emergency approval that infringed on First Amendment issues. Under the expanded emergency provision under USAF, someone at FBI or DOJ’s National Security Division would do the review. But FBI’s interest in avoiding FISC’s First Amendment review is of particular concern given that FBI has, in the past, used an NSL to obtain data the FISC refused on First Amendment grounds, and at least one of the NSL challenges appears to have significant First Amendment concerns.

In the Senate yesterday, Senator Wyden strongly suggested the FBI wants this ECTR provision so it can “spy[] on their thoughts” without a warrant. We know from other developments that doing so using an NSL — rather than an emergency Section 215 order — would bypass rigorous minimization and First Amendment review.

In other words, the FBI wants to spy on — and then archive — your thoughts.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

How Did Booz Employee Analyst-Trainee Edward Snowden Get the Verizon 215 Order?

One thing I’ve been pondering as I’ve been going through the Snowden emails liberated by Jason Leopold is the transition Snowden made just before he left. They show that in August 2012, Snowden was (as we’ve heard) a Dell contractor serving as a SysAdmin in Hawaii.

Screen Shot 2016-06-10 at 1.48.37 PM

The training he was taking (and complaining about) in around April 5 – 12, 2013 was in preparation to move into an analyst role with the National Threat Operations Center.

Screen Shot 2016-06-10 at 1.55.17 PM

That would mean Snowden would have been analyzing US vulnerabilities to cyberattack in what is a hybrid “best defense is a good offense” mode; given that he was in HI, these attacks would probably have been launched predominantly from, and countermeasures would be focused on, China. (Before Stewart Baker accuses me of showing no curiosity about this move, as Baker did about the Chinese invitation to Snowden’s girlfriend to a pole dancing competition, I did, but got remarkably little response from anyone on it.)

It’s not clear why Snowden made the switch, but we have certainly seen a number of cybersecurity related documents — see the packet published by Charlie Savage in conjunction with his upstream cyber article. Even the PRISM PowerPoint — the second thing released — actually has a cybersecurity focus (though I think there’s one detail that remains redacted). It’s about using upstream to track known cyberthreat actors.

Screen Shot 2016-06-10 at 2.09.14 PM

I suspect, given the inaccuracies and boosterism in this slide deck, that it was something Snowden picked up while at Booz training, when he was back in Maryland in April 2013. Which raises certain questions about what might have been available at Booz that wasn’t available at NSA itself, especially given the fact that all the PRISM providers’ names appear in uncoded fashion.

Incidentally, Snowden’s job changes at NSA also reveal that there are Booz analysts, not NSA direct employees, doing Section 702 analysis (though that is technically public). In case that makes you feel any better about the way the NSA runs it warrantless surveillance programs.

Anyway, thus far, all that makes sense: Snowden got into a cybersecurity role, and one of the latest documents he took was a document that included a cybersecurity function (though presumably he could have gotten most of the ones that had already been completed as a SysAdmin before that).

But one of the most sensitive documents he got — the Verizon Section 215 primary order — has nothing to do with cybersecurity. The Section 215 dragnet was supposed to be used exclusively for counterterrorism. (And as I understand it, there are almost no documents, of any type, listing provider names in the Snowden stash, and not all that many listing encoded provider names). But the Verizon dragnet order it is dated April 23, 2013, several weeks into the time Snowden had moved into a cybersecurity analytical role.

Screen Shot 2016-06-10 at 2.29.20 PM

There’s probably an easy explanation: That even though NSA is supposed to shift people’s credentials as they move from job to job, it hadn’t happened for Snowden yet. If that’s right, it would say whoever was responsible for downgrading Snowden’s access from SysAdmin to analyst was slow to make the change, resulting in one of the most significant disclosures Snowden made (there have been at least some cases of credentials not being adjusted since Snowden’s leaks, too, so they haven’t entirely addressed what would have to be regarded as a major fuck-up if that’s how this happened).

Interestingly, however, the declassification stamp on the document suggests it was classified on April 12, not April 23, which may mean they had wrapped up the authorization process, only to backdate it on the date it needed to be reauthorized. April 12, 2013 was, I believe, the last day Snowden was at Fort Meade.

Screen Shot 2016-06-10 at 2.34.33 PM

Whatever the underlying explanation, it should be noted that the most sensitive document Snowden leaked — the one that revealed that the government aspired to collect phone records from every single Verizon customer (and, significantly, the one that made court challenges possible) — had to have been obtained after Snowden formally left his SysAdmin, privileged user, position.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.