I Con the Record Transparency Bingo Part One: Consider the Full Surveillance Playing Hand

Several weeks ago, the government released its yearly transparency reports:

  • FISA Court’s report: This provides a very useful description of approvals viewed from the FISA Court’s perspective. While it is the least deceptive report, FISC has only released one full year (2016) and one partial year (2015) report before, so it can’t be used to study trends or history.
  • DOJ report: This is the mostly useless report, told from the government’s standpoint, reflecting how many final applications get approved. While it isn’t very useful for nuance, it is the only measure we can use to compare last year with the full history of FISA.
  • DNI report: This is the report started in the wake of the Snowden leaks and codified in the USA Freedom Act and last year’s FISA Amendments Act. Parts of this report are very useful, parts are horribly misleading (made worse by new reporting requirements pass in the FAA reauthorization). But it requires more kinds of data than the other two reports.

I’ve been meaning to write more on the transparency reports released some weeks ago (see this post debunking the claim that we can say the FISA Court has rejected more applications than in the past). But given some misunderstandings in this post, I thought it better to lay out some general principles about how to understand what the transparency reports show us.

Consider the full surveillance playing hand

FISA is just one way that the government can collect data used for national security investigations, and because it involves a secret court, it attracts more attention than the many other ways. Worse, it often attracts the focus in isolation from other surveillance methods, meaning even experts fail to consider how authorities work together to provide different parts of the government all the kinds of data they might want. Additionally, an exclusive focus on FISA may blind people to how new restrictions or permissions in one authority may lead to changes in how the government uses another authority.

National security surveillance currently includes at least the following:

  • FISA, including individualized orders, 702, and metadata collection
  • NSLs, providing some kind of metadata with little (albeit increasing) court oversight
  • Criminal investigative methods, collecting content, metadata, and business records; in 2016 this came to include Rule 41 hacking
  • Other means to collect business records, such as private sector contractors or mandated bank reporting
  • The Cybersecurity Information Sharing Act, permitting the private sector to share cyber data “voluntarily” with the government
  • EO 12333: spying conducted overseas under Article II authority; in 2017, the Obama Administration permitted the sharing of raw data within the intelligence community (which includes FBI)

Two examples of how FISA interacts with other authorities may help to demonstrate the importance of considering all these authorities together.

The Internet dragnet moves to PRISM and SPCMA

For virtually the entirety of the time the government collected Internet metadata as metadata domestically, it was breaking the law (because the concepts of metadata and content don’t apply neatly to packet based collection). From 2009 to 2011, the government tried to fake their way through this (in part by playing games with the distinction between collection and access). By the end of 2011, however, that game became legally untenable. Plus, the restrictions the FISA Court imposed on dissemination rules and purpose (NSA was only permitted to collect this data for counterterrorism purposes) made the program less useful. As a result, the government moved the function of chaining on Internet metadata to two different areas: metadata collected under PRISM (which because it was collected as content avoided the legal problems with Internet metadata collection) and metadata collected under EO 12333 and made accessible to analysts under Special Procedures approved in 2008 and extended throughout NSA in early 2011.

Some location collections moves to criminal context

As I’ve laid out, the FISC actually takes notice of rulings in the criminal context — even at the magistrate level — and adjusts FISC rulings accordingly. They’ve done this with both Post Cut Through Dialed Digits and location data. When the FISC adopted a highest common denominator for location collection, it meant that, in jurisdictions where FBI could still obtain location data with a d order, they might do that for national security purposes rather than obtain a PRTT under FISA (to say nothing of the additional paperwork). More recently, we’ve gotten hints that FBI had ways to access cell phones in a national security realm that were unavailable in a criminal realm.

This probably goes on all the time, as FBI Agents make trade offs of secrecy, notice to defendants, paperwork and oversight, and specific collection techniques to pursue national security investigations. We don’t get great numbers for FBI collection in any case, but what we do get will be significantly affected by these granular decisions made in secret.

Understand why surveillance law changes

Additionally, it’s important to understand why surveillance laws get passed.

CISA, for example, came about (among many other reasons) because Congress wouldn’t permit the government to conduct upstream collection using Section 702 for all cybersecurity purposes. Engaging in “voluntary” sharing with backbone providers gave the government data from all kinds of hostile actors (not just nation states), with fewer restrictions on sharing, no court oversight, and no disclosure requirements.

Similarly, to this day, many privacy activists and journalists misunderstand why the government was willing (nay, happy!) to adopt USA Freedom Act. It’s not that the government didn’t collect mobile data. On the contrary, the government had been obtaining cell data from AT&T since 2011, and that was probably a resumption of earlier collection incorporating FISA changed rules on location collection. Nor was it about calling card data; that had been explicitly permitted under the old program. Rather, USAF gave the government the ability to require assistance, just as it can under Section 702. While that was instrumental in getting access to Verizon cell data (which had avoided complying because it did not retain business records in the form that complied with FISA collection rules), that also gave the ability to get certain kinds of data under the “session identifier” definition of call records in the law.

Here’s a post on all the other goodies the government got with USA Freedom Act.

One more important detail virtually unmentioned in coverage of this authority: the 215 dragnet (both the old one and the USAF one) intersect with a far vaster dragnet of metadata collected under 12333. The “bulk” is achieved — and has been since 2009! — using EO 12333 data, data which doesn’t have the same restrictions on things like location data that FISA data does. Section 215 is about getting records (and correlations) that aren’t available overseas, effectively filling in the holes in data collected overseas.

All that is necessary background to understanding numbers that track just FISA (and NSL authorities). FISA is just one part of the always evolving national security collection the government does. And as permissive as a lot of people think FISA is, in many ways it is the most closely regulated part of national security collection.

Contrary to Reports, We Cannot Say FISC Rejected a Record Number of FISA Applications Last Year

With the FISC report of its own surveillance approvals came out last week, some reporters claimed that the report showed the FISC Had rejected a record number of surveillance orders.

In my own post on the report, I noted that the rise from 8 to 18 rejected applications under the FISC standard was alarming.

The FISA Court released its second annual report on approval rates today (the obligation to produce such a report dates to 2015 and it produced a partial report covering that year). It shows that the FISA Court rejected and modified far more joint applications last year than the prior year, with just a 70% complete approval last year as compared to a 79% complete approval the year before, as reflected in this table.

[snip]

Most alarming, though, is the rise in outright rejections, from 8 to 18. This suggests the government is trying to wiretap and otherwise surveil people as agents of a foreign power that the FISC doesn’t agree are such.

And all this happened at a time when the government submitted fewer overall combined applications. Remember, the government can and sometimes does take its wiretapping elsewhere if the FISC rejects a practice.

But given that’s using a standard that has only been in place for 2.5 years, we can’t use it to make judgments across historical FISC practice.

I had explained to Whittaker before this that FISC used a different standard than DOJ, and made 4 efforts to get him to correct this headline, to no avail.

DOJ has now released its own version, which tracks approvals for final applications. It shows while it withdrew two applications (which likely means that of the three applications DOJ withdrew or changed after FISC told the government it would appoint an amicus to review the application, two were for content), all of the final applications it submitted to the court were approved.

During calendar year 2017, the Government filed 1,349 final applications to the Foreign Intelligence Surveillance Court (hereinafter “FISC”) for authority to conduct electronic surveillance and/or physical searches for foreign intelligence purposes. The 1,349 applications include applications made solely for electronic surveillance, applications made solely for physical search, and combined applications requesting authority for electronic surveillance and physical search. Of these, 1,321 applications included requests for authority to conduct electronic surveillance.

Two of these applications were withdrawn by the Government. The FISC did not deny any final, filed applications in whole, or in part. The FISC made modifications to the proposed orders in 154 final, filed applications. Thus, the FISC approved collection activity in a total of 1,319 of the applications that included requests for authority to conduct electronic surveillance.

In other words, we can’t say whether last year was an outlier, with the court rejecting a bunch more applications (though there are reasons to suggest that’s a trend), because the only metric for which we have historical numbers shows the same rubber stamp 100% approval.

Which is another way of saying that for decades the government gave us garbage numbers and only in the wake of the Snowden disclosures are we getting some meaningful metrics (though I Con the Record’s numbers are already headed in the opposite direction, becoming even less useful).

Update: I think there’s still a discrepancy in these reports. Here’s what I understand the numbers to look like (I’ve added 2016 to show how this tracks across time). Last year, to find the total number of final applications (the number DOJ uses), you could simply take the FISC number and subtract the Denied in Full number (1485-8=1477). But if you do that this year (1372-24=1348), you’re off by one. I think that’s because FISC is counting one of the applications the government claims to have withdrawn as a Denied in Part.

In 2017, the Government Withdrew Three FISA Collection Requests Rather than Face an Amicus Review

Last year’s Section 702 Reauthorization law included a bunch of technical fix language describing how appeals of FISA Court of Review decisions should work.

In this post on that technical language, I speculated that Congress may have added the language in response to a denial of a request by the FISCR, about the only thing that would have identified the need for such language.

As one piece of evidence to support that hypothesis, I noted that one of the times the FISC consulted with an amicus (probably Amy Jeffress), it did not make the topic or the result public.

There’s one other reason to think there must have been a significant denial: The report, in the 2015 FISC report, that an amicus curiae had been appointed four times.

During the reporting period, on four occasions individuals were appointed to serve as amicus curiae under 50 U.S.C. § 1803(i). The names of the three individuals appointed to serve as amicus curiae are as follows:  Preston Burton, Kenneth T. Cuccinelli II  (with Freedom Works), and Amy Jeffress. All four appointments in 2015 were made pursuant to § 1803(i)(2)(B). Five findings were made that an amicus curiae appointment was not appropriate under 50 U.S.C. § 1803(i)(2)(A) (however, in three of those five instances, the court appointed an amicus curiae under 50 U.S.C. § 1803(i)(2)(B) in the same matter).

We know of three of those in 2015: Ken Cuccinelli serving as amicus for FreedomWorks’ challenge to the restarted dragnet in June 2015, Preston Burton serving as amicus for the determination of what to do with existing Section 215 data, and Amy Jeffress for the review of the Section 702 certifications in 2015. (We also know of the consultation with Mark Zwillinger in 2016 and Rosemary Collyer’s refusal to abide by USA Freedom Act’s intent on amici on this year’s reauthorization.) I’m not aware of another, fourth consultation that has been made public, but according to this there was one more. I say Jeffress was almost certainly the amicus used in that case because she was one of the people chosen to be a formal amicus in November 2015, meaning she would have been called on twice. If it was Jeffress, then it likely happened in the last months of the year.

I raise that background because of a detail in the FISC report released yesterday, showing its approvals for 2017. It revealed that FISC told the government on three occasions it might appoint an amicus. On all three occasions, the government withdrew the request rather than undergo a FISC review with even a limited adversary.

During the reporting period, no individual was appointed to serve as amicus curiae by the FISA courts. No findings were made in 2017, pursuant to 50 U.S.C. § 1803(i)(2)(A), that an amicus curiae appointment was not appropriate. There were three matters in which the Court advised the government that it was considering appointment of an amicus curiae to address a novel or significant question of law raised in proposed applications, but the government ultimately did not proceed with the proposed applications at issue, or modified the final applications such that they did not present a novel or significant question of law, thereby obviating a requirement for consideration as to the appropriateness of appointment of amicus. These matters are reflected in the table above as, respectively, a modification to a proposed order, an application denied in full, and an application denied in part. This is the first report including information about such occurrences. A similarly small number of such events occurred during prior reporting periods but were not discussed in the reports for those years.

In one case, the government withdrew an entire application after learning the FISC might appoint an amicus to review the proposed technique. In two others, the final order in one or another way did not include the requested practice.

These three instances are not the first time the government has withdrawn a request after learning FISC would invite adversarial review. While the court doesn’t reveal how many or in what years, it does say that a “similarly small number of such events occurred during prior reporting periods.” Given that there have been just two other reporting periods (the report for part of 2015 and the report covering all of 2016), the language seems to suggest it happened in both years.

That the government has been withdrawing requests rather than submitting them to the scrutiny of an amicus suggests several things.

First, it may be withdrawing such applications out of reluctance to share details of such techniques even with a cleared amicus, not even one of the three who served as very senior DOJ officials in the past. If that’s right, that would reflect some pretty exotic requests, because some of the available amici (most notably former Assistant Attorney General David Kris) have seen all that DOJ was approving with NatSec collection.

Second, remember that for at least one practice (the collection of location information), the government has admitted to opting to using criminal process rather than FISA where more lenient precedents exist in particular jurisdictions. That might happen, for example, if a target could be targeted in a state that didn’t require a warrant for some kinds of location data whereas FISC does.

Starting in 2017, the government would have the ability to share raw EO 12333 with the FBI, which might provide another alternative means to collect the desired data.

All of which is to say these withdrawals don’t necessarily mean the government gave up. Rather, past history has shown that the government often finds another way to get information denied by the FISC, and that may have happened with these three requests.

Finally, remember that as part of 702 reauthorization last year, Ron Wyden warned that reauthorization should include language preventing the government from demanding that companies provide technical assistance (which obviously includes, but is probably not limited to, bypassing or weakening encryption) as part of 702 directives. The threat the government might do so under 702 is particularly acute, because unlike with individual orders (which is what the withdrawn requests here are), the FISC doesn’t review the directives submitted under 702. Some of these withdrawn requests — which may number as many as nine — may reflect such onerous technical requests.

Importantly, one reason the government might withdraw such requests is to avoid any denials that would serve as FISC precedent for individualized  and 702 requests. That is, if the government believed the court might deny an individual request, it might withdraw it and preserve its ability to make the very same demand in a 702 context, where the FISC doesn’t get to review the techniques use.

Whatever the case, the government has clearly been bumping up against the limits of what it believes FISC will approve in individualized requests. But that doesn’t mean it hasn’t been surpassing those limits via one or another technical or legal means.

The FISA Court Accepted 9% Fewer Combined Applications Last Year

The FISA Court released its second annual report on approval rates today (the obligation to produce such a report dates to 2015 and it produced a partial report covering that year). It shows that the FISA Court rejected and modified far more joint applications last year than the prior year, with just a 70% complete approval last year as compared to a 79% complete approval the year before, as reflected in this table.

Approval rates for combined orders, 2017 versus 2016

These are for combined orders, meaning the government wants to collect both data in motion and (collect stored data and/or conduct a physical search). Modifications usually mean additional reporting and/or minimization procedures (meaning the government had to treat the collected data with additional care). An order denied in part might prohibit the collection on one of the selectors submitted to the court, but not a bunch of other ones. An order denied in full would represent a complete rejection of a preliminary order (these won’t show up on DOJ’s numbers because those are fluffed to look good).

There are several things that might explain these numbers. First, the rising modification number might mean the government is using new techniques that present additional privacy concerns — accessing cell phones are a likely one, especially given the Riley SCOTUS precedent. Hacking is another technique that might pose specific privacy concerns, or accessing entire servers.

The denied in part number likely stems from the government asking to surveil selectors that are more attenuated from the actual target. The rejections might reflect individual selectors for which the FISC didn’t agree the government had shown probable cause the selector was being used by an agent of a foreign power.

Most alarming, though, is the rise in outright rejections, from 8 to 18. This suggests the government is trying to wiretap and otherwise surveil people as agents of a foreign power that the FISC doesn’t agree are such.

And all this happened at a time when the government submitted fewer overall combined applications. Remember, the government can and sometimes does take its wiretapping elsewhere if the FISC rejects a practice. I’ll do a follow-up post describing why this report may reflect that has happened.

Here’s this year’s report, covering 2017, and last year’s report, covering 2016. This post provides background on the requirement and how these reports differ from the required DOJ report. The full tables from the two reports are below. They show an increased rate of modifications for 1861, which are 215 orders, as well.

2018 Report (covering 2017)

2017 Report (covering 2016)

The Trump Toadies Who Are Worried about Being Unmasked

Last week, Zoe Tillman noted this FOIA lawsuit from attorney Gene Schaerr, working on behalf of someone who wants to remain anonymous “at present,” suing to obtain records on the unmasking of Trump campaign and transition officials. The thing is, Shaerr isn’t just asking for unmasking records generally.

The odd collection of people being FOIAed

He’s asking for unmasking records pertaining to a really curious group of people:

  1. Steve Bannon
  2. Rep. Lou Barletta
  3. Rep. Marsha Blackburn
  4. Florida Attorney General Pam Bondi
  5. Rep. Chris Collins
  6. Rep. Tom Marino
  7. Rebekah Mercer
  8. Steven Mnuchin
  9. Rep. Devin Nunes
  10. Reince Priebus
  11. Anthony Scaramucci
  12. Peter Thiel
  13. Donald Trump Jr.
  14. Eric Trump
  15. Ivanka Trump
  16. Jared Kushner
  17. Rep. Sean Duffy
  18. Rep. Trey Gowdy
  19. Rep. Dennis Ross
  20. Pastor Darrell C. Scott
  21. Kiron Skinner

Some of these would be obvious, of course: Trump’s spawn, Bannon, Priebus, and Mnuchin. I’m really interested to see Rebekah Mercer (especially given the more we learn on Cambridge Analytica). Mooch is there. The litigious Peter Thiel is there (making him at least a reasonable candidate to be paying for this lawsuit, except for reasons I lay out below).

Mike Flynn, the one person we know to have been unmasked, is not in there (which is particularly odd given all the efforts to find some way to unring Flynn’s guilty plea, though that came after this FOIA was filed).

Then there are the eight members of Congress (in addition to the corrupt FL AG, Pam Bondi, who helped Trump out of a legal pinch in FL after Trump gave her a donation).

Lou Barletta, who’s a loud opponent of “illegal immigration,” a member of the Homeland Security Committee, and who, not long after this FOIA was first filed, prepared a challenge to PA’s Bob Casey in the Senate last year.

Marsha Blackburn, who works on a number of data issues in Congress, and is running to replace Bob Corker as TN Senator. Blackburn worked closely with Tom Marino to shield pharma and pill mills from DEA reach.

Chris Collins from upstate NY. His most interesting committee assignment is on Energy and Commerce, though he has worked on broadband issues.

Tom Marino, former US Attorney for Pennsyltucky who is on the Judiciary Committee. Trump tried to make him the Drug Czar, until it became clear he had pushed through a bill that hurt DEA’s ability to combat the opioid epidemic.

Devin Nunes, whose efforts to undermine the Mueller investigation have been epic, and who first manufactured the unmasking scandal. He’d be a great candidate to be Schaerr’s client, except he would probably just leak this information, which he has already seen.

Sean Duffy, a WI congressman who is chair of the investigations subcommittee of the Financial Services committee, and has been an opponent of CFPB.

Trey Gowdy took over as Chair of the Oversight Committee last year and also serves on the Judiciary and Intelligence Committees. Because of those appointments, even without being designated by Devin Nunes to take the lead on the Mueller pushback, he would have already had the most visibility on the Mueller investigation. But because Nunes put him in charge of actually looking at the intelligence, he is the single Republican who has seen the bulk of the Mueller investigative materials. During Nunes week, he announces his retirement suddenly, and has warned about the seriousness of the Mueller investigation, and he just gave a crazy interview to Fox News (which I’ll return to).

Dennis Ross, from FL, serves on the Financial Services committee.

On top of the Republicans, the list includes two of the few African Americans (with David Clarke, Omarosa, and Tim Scott) who supported Trump.  Darrell Scott was head of a Michael Cohen invented diversity group hastily put together in April 2016. Kiron Skinner is a legit scholar of Reagan who teaches at Carnegie Mellon and has a bunch of other appointments.

As I said, aside from the big obvious players, this list is a curious collection. Of note, however, four people on it should have a sound understanding of how NSA spying and FISA work: Thiel, Nunes, Gowdy, and Marino. But (again aside from the big players), the international ties of most of these people (Thiel and Skinner are big exceptions) are not readily apparent.

The whack understanding of FISA laid out on the complaint

I’m interested in the FISA knowledge of some people named in this list because of the crazy depiction of FISA that the complaint lays out.

The complaint highlights two departments of NSA, claiming they’re the ones that deal with improper use of intelligence (but does not include the Inspector General).

On information and belief, at least two departments within the NSA handle complaints regarding the improper use of intelligence. These departments are known publicly by the codes “S12,” a code name apparently referring to the agency’s Information Sharing Services authority, and “SV,” a code name apparently referring to the agency’s Oversight and Compliance authority.

As part of the FOIA to NSA, Schaerr asked for anything submitted to these departments.

All reports made to S12 and SV regarding improper dissemination of any individual listed in Question 2, above. See National Security Agency, United States Signals Intelligence Directive 18, § 7.5 (January 25, 2011).

That’s an oddly specific request, unless whoever is behind this request knows there are reports there.

That might suggest Nunes, Gowdy, or Marino is behind the request. But then consider how unbelievably wrong the complaint gets FISA.

After introducing FISA, it turns exclusively to Section 702, which is odd because the unmasking pseudo-scandal has thus far been based off the unmasking of individual orders.

Plaintiff’s requests in this case concern the Defendants’ use of the Foreign Intelligence Surveillance Act of 1978 (FISA).1 Section 702 of FISA (“Section 702”) empowers the Attorney General and the Director of National Intelligence to jointly authorize “the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.” 50 U.S.C. § 1881a(a) (emphasis added). Section 702 expressly forbids use of this surveillance process to target persons who are either “United States persons” or located “inside the United States.” Id. at 1881a(b).

The complaint then makes three utterly false statements about how labor is divided between the FBI, NSA, and CIA.

14. The FBI collects data on outgoing communications, i.e., from persons in the United States to persons outside the United States.

15. The NSA collects data on incoming communications, i.e., from persons outside the United States to persons inside the United States.

16. The CIA, like the FBI and NSA, analyzes the information that comes from the FBI’s and NSA’s data collection. Unlike the other agencies, the CIA uses the information to engage in international intelligence operations.

The FBI collects on domestic targets, which can include incoming and outgoing comms, plus anything domestic (such as Sergey Kislyak’s calls across town to Mike Flynn; update — the December 29 calls would have been from DC to Dominican Republic, where Flynn was vacationing). The NSA likewise collects incoming and outgoing comms, as well as stuff that takes place entirely overseas (though very little of the latter is done under 702). Both the other agencies, in addition to CIA, use FISA information to engage in international intelligence operations.

The complaint then claims, in contradiction to a bunch of public information, that minimization equates to completely anonymizing US person data.

Section 702 also requires that foreign intelligence surveillance be conducted consistently with “minimization procedures.” Id. § 1881a(e)(1). These procedures are designed to “minimize the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons,” but in a manner still “consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information.” Id. § 1801(h)(1). As relevant here, minimization procedures must be designed to ensure the anonymity of United States persons who may be incidentally surveilled. Id. § 1801(h)(1), (2).

This comment comes immediately after a paragraph on finished intelligence reports, so this may be an incorrect statement of what masking is.

It then makes a claim about how data gets circulated that entirely ignores the sharing of raw data under 702, and further makes claims relying on this article that aren’t actually supported by the article (admittedly, the article doesn’t describe the sharing of raw data, but its focus in primarily on traditional FISA).

Generally, original raw intelligence is not circulated to other agencies; instead, intelligence reports are created and circulated internally. See, e.g., Gregory Korte, What is ‘unmasking?’ How intelligence agencies treat U.S. citizens, USA Today, (Apr. 4, 2017; 2:14 p.m.), https://www.usatoday.com/story/news/politics/ 2017/04/04/ what-unmasking-how-intelligence-agencies-treat-us-citizens/100026368. In the process of summarizing the intelligence, agencies exclude the names of U.S. citizens from the reports, referring to them instead with identifiers like “U.S. Person 1.” Id.

The complaint then describes what sounds like a muddle of upstream collection and back door searches, but gets both wrong.

The NSA also has the ability to search the internet data it collects by entering the name of an individual into a database search tool. This process is known as “upstreaming” and has the effect of creating additional raw intelligence that may contain the names of American persons. Such intelligence is also subject to the usual masking requirements and procedures.

This is wrong because upstream collection uses selectors, not names, whereas back door searches, which can use a name, are done by all three agencies. Such intelligence would not necessarily be masked at FBI if it made it into an investigative report.

The complaint then points to that godawful Circa report that itself muddles the difference between 702 and 704/705b to claim that they were upstream violations during the campaign cycle.

News reports—as well as a declassified Foreign Intelligence Surveillance Court (FISC) opinion—also note that some Americans had their names upstreamed, in violation of internal policies, during the 2016 election cycle, which the opinion described as a “serious Fourth Amendment issue.” See Declassified FISC Court opinion at 19-20, available at http://bit.ly/FISCopApril2017; Circa News, Obama intel agency secretly conducted illegal searches on Americans for years, May 23, 2017), https://www.circa.com/story/2017/05/23/politics/obama-intel-agencysecretly-conducted-illegal-searches-on-americans-for-years.

The violations in question, while serious, actually involve back door searches on upstream collection, and to the extent the searches were done on 704/705b targets, would only have happened were there an individualized FISA order against one of the named people (in fact, NSA’s back door searches on US persons are generally limited to people with individualized orders, those who may be targets of a foreign power, or urgent searches following a terrorist attack or similar situation).

In short, it’s a remarkable garble of how FISA really works. That doesn’t exclude Nunes’ involvement (I would hope both Marino and Gowdy have a better understanding of FISA than this, but don’t guarantee it). But it seems to be an attempt to declassify stuff it knows about, even while it exhibits a remarkable misunderstanding of what it’s talking about.

So why are all these Trump toadies worried about being unmasked

All of which brings me to the puzzle: what the hell is his anonymous client up to? Why is the client concerned about this specific selection of transition officials, but not (say) Mike Flynn?

Update: Laura Rozen notes that this list is the list provided here, except with this chunk taken out, and with some weird alpha order going on.

 

Andy Finds an Acorn: The Searches of Carter Page’s Devices

I’ve long argued that Trump opponents should include Andrew McCarthy among the right wing Trump defenders they read. That’s true, in part, because he at least feigns to be considering the public evidence (though I think he has long since gotten swept up in tribalism). Moreover, as a former prosecutor who worked on some high visibility national security cases, he knows how these things worked fifteen years ago.

His piece on the Adam Schiff memo is typical of his current work. Virtually every single point is easily refuted; most are laughable, such as when he claims the FBI’s use of his 2013 interview to prosecute some spies means his March 2016 interview was truthful.

The memo does note that “the FBI also interviewed Page multiple times about his Russian intelligence contacts.” Apparently, these interviews stretch back to 2013. The memo also lets slip that there was at least one more interview with Page in March 2016, before the counterintelligence investigation began. We must assume that Page was a truthful informant since his information was used in a prosecution against Russian spies and Page himself has never been accused of lying to the FBI.

McCarthy also adheres to the GOP propaganda line that “Democrats conveniently omit is that … the Russian spies explicitly regarded him as an ‘idiot’ (and they had not even seen him on cable TV),” which I mocked in this piece at Vice.

The Republican response to the evidence that the Trump campaign named Page a foreign policy advisor around the same time the FBI interviewed him over suspected ties with Russian spies is perhaps the most pathetic thing in here. Among other things, it complains that the Schiff memo doesn’t mention that “a Russian intelligence officer called Page ‘an idiot.’”

So the latest Memoghazi arguments might best be summarized this way: After Democrats convincingly argued Trump made a suspected Russian asset a key foreign policy advisor, Republicans insisted that doesn’t matter because the suspected Russian asset was a moron.

On one point (a point I’ve been making), however, McCarthy is right.

The Schiff memo reveals, for the first time, that DOJ obtained a FISA order covering both electronic surveillance and “physical search.” Not many people understand this, but DOJ uses physical search orders not just to authorize FBI agents to search through a person’s home, but also to search through that person’s electronic devices (and cloud providers’ cloud storage). As I explained in my post on FISA and the Space-Time Continuum, using a physical search order allows the government to search far back in time.

Domestically, there are two kinds of collection: 1805, which is the collection of data in motion — an old fashioned wiretap, and 1824, which is called a “physical search” order. The government likes to hide the fact that the collection of data at rest is accomplished with an 1824 physical search order, not 1805. So an 1824 order might be used to search a closet, or it might be used to image someone’s hard drive. Most often, 1805 and 1824 get combined, but not always (the FISC released a breakdown for these last year).

Of course (as the Gartenlaub case will show), if you image someone’s hard drive, you’re going to get data from well before the time they’ve been under a FISA order, quite possibly even from before you’ve owned your computer.

In Keith Gartenlaub’s case, a physical search order was used to conduct a black bag search of his home, during which the FBI imaged and subsequently searched the saved hard drives from the last three computers Gartenlaub had used, going back a decade, which is how FBI found child porn that hadn’t been accessed in a decade.

And, as McCarthy notes (though without explaining the electronic/physical distinction), in the case of Carter Page, depending on what minimization procedures the FISC imposed, a physical search order approved on October 21, 2016 might allow FBI to search his devices for communications he had between March and September 2016, when he was a member of the Trump campaign.

What Democrats fail to mention is that the surveillance enabled the FBI to intercept not only his forward-going communications but also any stored emails and texts he might have had. Clearly, they were hoping to find a motherlode of campaign communications. Remember, Page was merely the vehicle for surveillance; the objective was to probe Trump ties to Russia.

I’ve explained that the near-certainty that NSA obtained a 705(b) order on Page for when he traveled to Moscow, London, and the Emirates in December and January would make such backwards looking surveillance even more likely.

I’m not sure that amounts to using Page as a vehicle to surveil the Trump campaign. Depending on how you count it, FISC modified somewhere between 112 and 310 applications in 2016, easily more than they ever had before (my guess is the big spike in numbers has to do with their consideration of the Riley SCOTUS precedent as they approve more orders accessing iPhones). Modifications are how minimization procedures show up in FISA counts, and imposing limits on what the government might access from Page’s devices is the kind of thing I’d expect to see out of the FISC.

Still, McCarthy doesn’t know that FBI used Page as a vehicle; the FBI could easily argue they were trying to protect Trump from the suspected spy the campaign’s non-existent vetting had invited into its midst. And he couldn’t know whether targeting Page allowed FBI to access campaign-related communications without knowing what kind of minimization procedures were imposed, if any.

A real oversight committee would make answering such a question a priority, because it’s the kind of question that goes to the core of the impact of the Page order on Trump’s campaign, but also because the question of how FISC orders permit FBI to access decades of information is a fairly important legal issue, not least in the Ninth Circuit in the Gartenlaub case.

Alas, HPSCI is not that real oversight committee, and so no one appears to be asking that question.

The Significance of the January 12 Reauthorization of Carter Page’s FISA Order

I’d like to riff on a small but significant detail revealed in the Schiff memo. This paragraph adds detail to the same general timeframe for the orders obtained against Page laid out in the Nunes memo: the first application approved on October 21, with reauthorizations in early January, early April, and late June.

Republican judges approved the Carter Page FISA orders

The passage also narrows down the judges who approved the orders, necessarily including FISC’s sole Reagan appointee Raymond Dearie and FISC’s sole Poppy appointee Anne Conway, plus two of the following W appointees:

 

  • Rosemary Collyer (worst FISC judge ever)
  • Claire Eagan (OK, she may be worse than Collyer)
  • Robert Kugler
  • Michael Mosman (a good one)
  • Dennis Saylor (also good)

I won’t dwell on this here, but it means the conspiracy theory that Obama appointee Rudolph Contreras approved the order, and because of that recused in the Flynn case, is false.

The first reapplication came days after the dossier and a second Isikoff article came out

Back to the timing. The footnotes provide the dates for two of the other applications: June 29 (in footnotes 12, 14, 15, 16) and January 12 (footnote 31), meaning the third must date between April 1 and 12 (the latter date being 90 days after the second application).

As I laid out here, the timing of that second application is critical to the dispute about whether FBI handled Michael Isikoff’s September 23 article appropriately, because it places the reapplication either before or after two key events: the publication of the Steele dossier on January 10 and Isikoff’s publication of this story on January 11. Isikoff’s January article included a link back to his earlier piece, making it fairly clear that Steele had been his source for the earlier article. The publication of that second Isikoff piece should have tipped off the FBI that the earlier article had been based on Steele (not least because the second Isikoff piece IDs Steele as an “FBI asset,” which surely got the Bureau’s attention).

FBI didn’t respond to Isikoff in time for the second application

Now, you could say that FBI should have immediately reacted to the Isikoff piece by alerting the FISC, but that’s suggesting bureaucracies work far faster than they do. Moreover, the application would not have been drafted on January 12. Except in emergency, the FISC requires a week notice on applications. That says the original application would have been submitted on or before January 5, before the dossier and second Isikoff piece.

FBI appears to have dealt with the Isikoff article interestingly. The body of the Schiff memo explains that Isikoff’s article, along with another that might be either Josh Rogin’s or Julia Ioffe’s articles from the time period, both of which cite Isikoff (Rogin’s is the only one of the three that gets denials from Page directly), were mentioned to show that Page was denying his Moscow meetings were significant.

That redacted sentence must refer to the January 12 application, because that footnote is the only footnote citing that application and nothing else in the paragraph discusses it.

An earlier passage describes the first notice to FISC, in that same January 12 application, “that Steele told the FBI that he made his unauthorized media disclosure because of his frustration at Director Comey’s public announcement shortly before the election that the FBI reopened its investigation into candidate Clinton’s email use.”

It’s possible that redacted sentence distinguishes what Grassley and Graham did in their referral of Steele. The first application stated that, “The FBI does not believe that [Steele] directly provided this information to the press.” Whereas the January reapplication stated in a footnote that the FBI, “did not believe that Steele gave information to Yahoo News that ‘published the September 23 News Article.” Within a day or so, the FBI should have realized that was not the case.

So it’s true FBI was denying that the September Isikoff article was based off Steele reporting after the time they should have known it was, but that can probably best be explained by the application timelines and the lassitude of bureaucracy.

The submission of the preliminary second application likely coincides with the Obama briefing on the Russian threat

As noted above, the second application would have been submitted a full week earlier than it otherwise would have had to have been given the 90-day term on FISA orders targeting Americans. That means the preliminary application was probably submitted by January 5. Not only would that have been too early to incorporate the response to the dossier, most notably the second Isikoff piece, but it even preceded Trump’s briefing on the Russian tampering, which took place January 6.

It’s also interesting timing for another reason: it means FBI may have submitted its reapplication targeting Page on the same day that Jim Comey and Sally Yates briefed Obama, Susan Rice, and Joe Biden, in part, on the fact that Putin’s mild response to the election hack sanctions rolled out in late December arose in response to requests from Mike Flynn to Sergey Kislyak. As I addressed here, that briefing has become a subject of controversy again, as Chuck Grassley and Lindsey Graham tried to suggest that the Steele dossier may have contributed to the investigation of Flynn.

But contrary to what the Republican Senators claimed in their letter to Rice on the subject, Rice claims the Steele dossier and the counterintelligence investigation never came up.

The memorandum to file drafted by Ambassador Rice memorialized an important national security discussion between President Obama and the FBI Director and the Deputy Attorney General. President Obama and his national security team were justifiably concerned about potential risks to the Nation’s security from sharing highly classified information about Russia with certain members of the Trump transition team, particularly Lt. Gen. Michael Flynn. In light of concerning communications between members of the Trump team and Russian officials, before and after the election, President Obama, on behalf of his national security team, appropriately sought the FBI and the Department of Justice’s guidance on this subject. In the conversation Ambassador Rice documented, there was no discussion of Christopher Steele or the Steele dossier, contrary to the suggestion in your letter.

Given the importance and sensitivity of the subject matter, and upon the advice of the White House Counsel’s Office, Ambassador Rice created a permanent record of the discussion. Ambassador Rice memorialized the discussion on January 20, because that was the first opportunity she had to do so, given the particularly intense responsibilities of the National Security Advisor during the remaining days of the Administration and transition. Ambassador Rice memorialized the discussion in an email sent to herself during the morning of January 20, 2017. The time stamp reflected on the email is not accurate, as Ambassador Rice departed the White House shortly before noon on January 20. While serving as National Security Advisor, Ambassador Rice was not briefed on the existence of any FBI investigation into allegations of collusion between Mr. Trump’s associates and Russia, and she later learned of the fact of this investigation from Director Comey’s subsequent public testimony. Ambassador Rice was not informed of any FISA applications sought by the FBI in its investigation, and she only learned of them from press reports after leaving office.

Grassley and Graham appear to have confused the IC investigation with the counterintelligence investigation, only the latter of which incorporated the Steele dossier.

In any case, one reason the apparent coincidence between the January 5 briefing and the reapplication process is important is it suggests it was also pushed through a week early to provide room for error with the inauguration. If a FISA order on January 19 goes awry, it might not get approved under President Trump. But if anything happened to that application submitted around January 5, it’d be approved with plenty of time before the new Administration took over.

Intelligence from Page’s FISA collection helped support the government’s high confidence that Russia attempted to influence the election

Here’s one of the most interesting details in the Schiff memo, however. This passage describes that the wiretap on Page obtained important intelligence, though it won’t tell us what it is.

That redacted footnote, number 14, describes that the redacted intelligence is part of what gave the Intelligence Community “high confidence”

Admittedly, this footnote, with its citation to the October and June applications, is uncertain on this point. But for the wiretap on Page to have supported the December ICA assessment of the Russian tampering, then it would have had to have involved collection from that first period.

If that’s right, then it suggests the reason the Obama Administration may have applied for the order renewal early, the same day Comey and Yates briefed Obama on the ICA and Flynn, is because something from that order (possibly targeting Page’s December trip to Moscow) added to the IC’s certainty that the Russians had pulled off an election operation.

Keith Gartenlaub Just Notified the Ninth Circuit that Trump and Both Parties Now Support Releasing FISA Applications

During the entire period that the country has been obsessing about DOJ’s application to spy on Carter Page, who had been a legitimate counterintelligence concern going back to 2013 with renewed concern in early 2016, Keith Gartenlaub has been awaiting ruling in his challenge to his own targeting under FISA.

Only, with Gartenlaub, there is real reason to worry about the propriety — and the preconceptions about Gartenlaub’s Chinese-American wife — of the FISA application. Moreover, given the way FBI moved back and forth from FISA to criminal to FISA warrants, it seems like the government used FISA as a means to conduct a fishing expedition into Gartenlaub’s hard drives.

As I’ve been saying for a while, Devin Nunes’ stunt (and the aftermath) may lead judges to be less credulous of the government’s forty year run of claiming that releasing a FISA application would badly damage national security.

At least, that’s what Gartenlaub’s lawyer John Cline argues in a letter to the Ninth Circuit.

Throughout this litigation, the government has maintained that disclosure of the underlying FISA application, even with redactions, would cause grave damage to national security. The district court accepted the government’s argument, as has every court since FISA was enacted (with the exception of one district court, which was later reversed).

On February 2, 2018, the President–head of the same Executive Branch that is prosecuting appellant Gartenlaub–declassified and approved release of a House Permanent Select Committee on Intelligence (“HPSCI”) majority memorandum (attached as Exhibit A) that summarizes portions of a FISA application targeting an American citizen. According to the cover letter from the Counsel to the President, the President declassified the memorandum because “the public interest in disclosure outweighs any need to protect the information.” The Speaker of the House of Representatives observed that release of the HPSCI memorandum “provide[s] greater transparency” concerning FISA and helps “ensure the FISA system works as intended and Americans’ rights are properly safeguarded.” Al Weaver, Paul Ryan: Nunes memo lays out a ‘specific, legitimate’ worry about surveillance, Washington Examiner, Feb. 2, 2018.

On February 24, 2018, HPSCI released a redacted, declassified version of a minority memorandum (attached as Exhibit B), which challenges certain assertions made in the majority memorandum. The minority memorandum, like the majority memorandum, summarizes portions of the underlying FISA application.

The declassification of the HPSCI memoranda demonstrates that it is possible to discuss publicly the merits of a FISA application without damaging national security. In addition, the declassification of the memoranda highlights the absurdity of the government’s assertion, in this and other cases involving motions to suppress FISA surveillance, that any disclosure of a FISA application, even to cleared defense counsel under the protections of CIPA, would harm national security. If the HPSCI memoranda can be disclosed without harming national security, as the Executive Branch has determined, at least comparable disclosure of the Gartenlaub FISA application can be made to cleared defense counsel under CIPA without causing such harm.

The one good thing that might come out of this stunt is that defendants against whom the spying case is weak, as it appears to have been with Gartenlaub, might begin to get to review their FISA applications to see whether FBI acted improperly in obtaining a warrant.

Perhaps, with this notice to the Ninth Circuit, Gartenlaub will be the first defendant in forty years to get a real glimpse into the FISA process.

Schiff Memo Reveals that Mifsud Specifically Told Papadopoulos Russia Would Release Hillary Emails to Help Trump Campaign

“If it’s what you say I love it” – Don Jr., gleefully accepting Russian dirt after George Papadopoulos had been told Russia would release emails to help the campaign

HPSCI just released the Schiff memo responding to the Nunes memo. Mostly, it’s underwhelming.

But there is one piece of important news. The memo provides more details about what George Papadopoulos told Australian Ambassador, Alexander Downer, about the Russian outreach via Joseph Mifsud. That passage reads:

George Papadopoulos revealed [redacted] that individuals linked to Russia, who took interest in Papadopoulos as a Trump campaign foreign policy adviser, informed him in late April 2016 that Russia [two lines redacted]. Papadopoulos’s disclosure, moreover, occurred against the backdrop  of Russia’s aggressive covert campaign to influence our elections, which the FBI was already monitoring. We would later learn in Papadopoulos’s plea that the information the Russians could assist by anonymously releasing were thousands of Hillary Clinton emails.

While the description of what Papadopoulos said is redacted, the context makes it clear (as does this Adam Schiff tweet) that Papadopoulos didn’t tell Downer specifically what Russia had told him was available, only that they could release it to help Trump.

But that Mifsud told Papadopoulos that the Russians were thinking of releasing it to help Trump is news, important news. It means the discussions of setting up increasingly senior levels of meetings between Russia and the Trump campaign took place against the offer of help in the form of released kompromat.

Which, particularly given the evidence that Papadopoulos shared that information with the campaign, makes the June 9 meeting still more damning.

Rosemary Collyer Moves to Lock Down the FISA Court

These two filings at the FISA Court — letters from Rosemary Collyer to Republican members of Congress trying to liberate documents related to Carter Page’s FISA application — have generated a good deal of attention. But they’re not all that exciting. All they consist of is Collyer (the worst presiding judge ever, if not the worst FISC judge outright) telling Bob Goodlatte and Devin Nunes that DOJ and FBI have most of the documents they want and she’s not going to budge until she learns what they’ll do.

Thank you for the courtesy of copying me on your February 1, 2018, letter to the Department of Justice and the FBI in which you made requests for information similar to those in your letter to us. Those agencies possess most, if not all, of the responsive materials the Court might possess, and we have previously made clear to the Department, both formally and informally, that we do not object to any decision by the Executive Branch to release any such FISA materials to Congress. I expect that their handling of your requests will inform the Court as to how the Executive Branch perceives its interests and will assist us in our consideration of the full range of issues; therefore we have asked the Department of Justice to keep us informed regarding its response to your February 1 letter.

It’s a punt. And not a very bold one.

The context, though, is interesting. The move comes after three related events:

  • After Collyer blew off a previous FISC precedent in ruling against an ACLU effort to liberate some FISA documents, the FISC apparently revolted, leading the entire court to consider the issue which was narrowly decided for ACLU. FISC then punted that decision up to the FISCR. FISCR named Laura Donahue as amicus on that challenge (both giving the proceeding a patina of process but also ensuring she doesn’t give up on the amicus process like John Cline did in December). I hope I’m wrong, but I expect FISCR to rule against ACLU, thereby tamping down any First Amendment right to access decisions of the court.
  • NYT’s Adam Goldman and Charlie Savage asked for the Carter Page application. This is a serious legal effort, with attentive follow-up. If ACLU loses at FISCR, however, it’ll make it very easy for FISC to deny their request.
  • Lawfare’s Susan Hennessey and Ben Wittes asked for the FISC to release a statement about whether DOJ conducted any misconduct in the Page application. This is less serious than the NYT effort, both for the utter lack of self-awareness of two people who just four months ago were applauding FISC law-breaking, deeming themselves “true friends” of the court, claiming that FISC telling us it is cool with DOJ’s application will restore faith in the process. As if that would be sufficient. Plus, the motion isn’t necessary: Reggie Walton has made public statements on his own. If Collyer did so in this case, it would be more credible if she did so on her own than if she did so because a former NSA lawyer and a surveillance booster invited her too.

I don’t support the full Page application coming out in this case. But a sharply redacted version would do more to silence the skeptics than anything else.

But by all appearances, Collyer wants the Executive to tell her what to do here, ceding the “inherent authority” Hennessey and Wittes proclaim in their motion.

Collyer’s continued subservience to the Executive is, in my opinion, a far graver challenge to FISA Court legitimacy than the Carter Page approvals are. Particularly at this moment, I wish Judge Collyer would act like the independent court most other FISC judges treat it as.

image_print