Sheldon Whitehouse Confirms FISA Amendments Act Permits Unwarranted Access to US Person Content

In the Senate Judiciary Committee’s markup of the FISA Amendments Act, Mike Lee, Dick Durbin, and Chris Chris Coons just tried, unsuccessfully, to require the government to get a warrant before it searched US person communications collected via the targeting of non-US person under the FISA Amendments Act. It was, as Dianne Feinstein said, not dissimilar from an amendment Ron Wyden and Mark Udall had tried to pass when FAA was marked up before the Senate Intelligence Committee.

The debate revealed new confirmation that the government is wiretapping American citizens in the guise of foreign surveillance.

DiFi argued that the amendment would have impeded the government to pursue Nidal Hassan by delaying the time when they could have reviewed his communication (presumably with Anwar al-Awlaki). Of course, the amendment included an emergency provision that would have permitted such a search after the effect.

More telling, though, was Whitehouse’s response. He referred back to his time using warrants as a US Attorney, and said that requiring a warrant to access the US person communication would “kill this program,” and that to think warrants “fundamentally misapprehends the way in which this program operates.”

Now, I’d be more sympathetic to Whitehouse here if, back when this bill was originally argued, his amendments requiring FISC oversight of minimization after the fact had passed. They didn’t. To make things worse, though Leahy repeatedly talked about Inspector General reporting overdue on this program, Congress is not going to wait for these reports before they extend the program for another three years, at least. So Whitehouse’s assurances that we can trust minimization to protect US person privacy seems badly misplaced.

In any case, this represents an admission, as strong as any we’ve seen, that this program is entirely about collecting the US person communication of those who communicate with people (DiFi used the term “person of interest,” which I had not heard before) overseas.

Update: Updated to explain this came in a markup hearing. Thanks to Peterr for pointing out my oversight on that point.

A 15-Month Fight for Subscriber Information

The WSJ today presents a Whodunnit behind an NSL submitted to a cell company in spring 2011.

Early last year, the Federal Bureau of Investigation sent a secret letter to a phone company demanding that it turn over customer records for an investigation. The phone company then did something almost unheard of: It fought the letter in court.

The U.S. Department of Justice fired back with a serious accusation. It filed a civil complaint claiming that the company, by not handing over its files, was interfering “with the United States’ sovereign interests” in national security.

This is just the second time a challenge to an NSL has become public–the other being Calyx’s Nicholas Merrill, whom the WSJ also profiles this morning.

WSJ makes a compelling argument the company challenging the NSL is Credo, based in part on details that reveal the company has associational aspects in addition to its phone service. Assuming they’re right, I find it all the more interesting Credo is challenging not just the gag on this NSL, but the underlying order, particularly since the order asks for just the subscriber information–but not the call data–of the subscriber.

all subscriber information, limited to name, address, and length of service, for all services provided to or accounts held by the named subscriber and/or subscriber of the named account.

That is, this is by far the least invasive kind of NSL. Note, information elsewhere in this case is consistent with the possibility that this order seeks information on a group and not just an individual, though that may be boilerplate.

I’d be shocked if this were the first NSL Credo received, so there must be something about the request that makes it particularly worthwhile, from a Constitutional standpoint, to challenge (indeed, thus far a judge has not thrown out their challenge, so the possibility this subscriber is tied to a national security investigation can’t be obvious).

Credo may, after all, be challenging the order to protect the political speech of someone who has chosen to work with Credo because the company supports social causes. Or, if this is a group, it might be challenging an NSL to find out about the group’s recognizably political activities–though subscriber information doesn’t say much about that, unless this NSL would return, effectively, a membership list of a political organization.

But I’m wondering if Credo is also serving as a gate-keeper here. Credo doesn’t own its own lines; it’s just a reseller. And unless something has changed, it resells Sprint’s services. And Sprint is unique–at least as far as we know–for having set up a portal, L-Site, letting law enforcement access information, including precision location, directly.

I attended an invitation-only surveillance industry conference in Washington DC. It was at that event where I recorded an executive from Sprint bragging about the 8 million GPS queries his company delivered via a special website to law enforcement agencies in a 13 month period.

At that same event, Paul W. Taylor, the manager of Sprint/Nextel’s Electronic Surveillance team revealed that the wireless carrier also provides a next-generation surveillance API to law enforcement agencies, allowing them to automate and digitally submit their requests for user data:

“We have actually our LSite [Application Programming Interface (API)] is, there is no agreement that you have to sign. We give it to every single law enforcement manufacturer, the vendors, the law enforcement collection system vendors, we also give it to our CALEA vendors, and we’ve given it to the FBI, we’ve given it to NYPD, to the Drug Enforcement Agency. We have a pilot program with them, where they have a subpoena generation system in-house where their agents actually sit down and enter case data, it gets approved by the head guy at the office, and then from there, it gets electronically sent to Sprint, and we get it … So, the DEA is using this, they’re sending a lot and the turn-around time is 12-24 hours. So we see a lot of uses there.”

This case is noteworthy because it is a rare public challenge. It’s noteworthy because the government has claimed the telecom has no legal means to challenge the NSL.

But there seems to be more to the challenge which, given the likelihood WSJ correctly identified Credo as the company, seems to get at underlying political speech as well.

The FDA Demonstrates What “Targeting” Does

“They think they can be the Gestapo and do anything they want.” — Chuck Grassley, on learning his staffer’s emails had been surveilled by the FDA

It is utterly predictable that members of Congress only get concerned about heavy-handed surveillance when they get sucked up in the surveillance. And so it is that Chuck Grassley, who voted for the FISA Amendments Act, and Chris Van Hollen, who didn’t, are outraged that their offices have been dragged into the FDA’s invasive surveillance used to conduct a leak investigation.

The surveillance started in response to a belief that FDA scientists, upset that their concerns about the safety of medical diagnostic equipment had been overridden, leaked classified proprietary information to the NYT. But after targeting just 5 scientists suspected of the leak, the FDA developed profiles on 21 people thought to be conspiring against the agency.

What began as a narrow investigation into the possible leaking of confidential agency information by five scientists quickly grew in mid-2010 into a much broader campaign to counter outside critics of the agency’s medical review process, according to the cache of more than 80,000 pages of computer documents generated by the surveillance effort.

Moving to quell what one memorandum called the “collaboration” of the F.D.A.’s opponents, the surveillance operation identified 21 agency employees, Congressional officials, outside medical researchers and journalists thought to be working together to put out negative and “defamatory” information about the agency.

Mind you, Grassley and Van Hollen’s aides (and Van Hollen himself) were not themselves the targets of the leak investigation. The scientists were the targets. Read more

We Can’t Afford Another “Complicated and Quirky” Presidency

You’ve no doubt heard about the BoGlo piece that describes 9 different legal documents on which Mitt Romney was listed as CEO of Bain after the time–in 1999–when he now claims to have left the company.

Romney has said he left Bain in 1999 to lead the winter Olympics in Salt Lake City, ending his role in the company. But public Securities and Exchange Commission documents filed later by Bain Capital state he remained the firm’s “sole stockholder, chairman of the board, chief executive officer, and president.”

[snip]

Romney did not finalize a severance agreement with Bain until 2002, a 10-year deal with undisclosed terms that was retroactive to 1999. It expired in 2009.

[snip]

The Globe found nine SEC filings submitted by four different business entities after February 1999 that describe Romney as Bain Capital’s boss; some show him with managerial control over five Bain Capital entities that were formed in January 2002, according to records in Delaware, where they were incorporated.

I’m envisioning Mitt Romney, in 2017, claiming the treaty he signed with China in 2014 doesn’t really count because he wasn’t really acting as President when he signed it, in spite of his legal status as President.

But I’m most interested in the scant response the Mitt campaign gave.

A Romney campaign official, who requested anonymity to discuss the SEC filings, acknowledged that they “do not square with common sense.” But SEC regulations are complicated and quirky, the official argued, and Romney’s signature on some documents after his exit does not indicate active involvement in the firm.

“Complicated and quirky” says a guy (or gal) now spending his time trying to get Mitt elected to an even more complicated and quirky office, the Presidency.

Frankly, though, there’s precedent for a President claiming “complicated and quirky” absolves him of responsibility for things that occurred under his presidency. After all, while Bush signed the paperwork in the first 6 years of his presidency, it wasn’t until he fired Rummy that Bush actually took over responsibility for the big decisions from Dick Cheney.

And I can’t help but harp on the “complicated and quirky” document–the “Gloves Come Off” Memorandum of Notification, effectively written by now Romney advisor Cofer Black–that has undermined the accountability Presidency more generally. Effectively, that MON pre-authorized the CIA (at least) to do whatever they wanted within certain general areas of organization. It served as Presidential authorization, but insulated the President from any provable involvement in torture and assassination and partnering with lethal regimes. When proof that the President had authorized all this torture threatened to come out via legal means, the current President went to the mat to prevent that from happening.

All the rest–the debates about what Congress authorized the day after this complicated and quirky document, the OLC memos, the repeated investigations that always end up in immunity for all (or almost all)–are just the legal facade that hides the fact that in fact even our Constitution has become “complicated and quirky.” And while Obama at least admits his involvement in these issues–while still hiding them from legal liability–he has chosen to keep the structure in place and has relied on the plausible deniability it gives.

The thing is, as damning as this revelation may prove to be for Mitt, it is in fact quite unsurprising that a man can run for President on a resumé for which–his advisors say, behind the veil of anonymity–he can simultaneously claim credit but no responsibility.

That’s the way this country increasingly works. Even–perhaps especially–the Presidency.

The Sevenfold Increase in Emergencies at AT&T

In its response to Ed Markey’s questions about law enforcement requests for cellphone data, AT&T attributed the growing number of requests it gets to its expanding customer base.

To keep these numbers in perspective, AT&T serves over 103,200,000 wireless customers (in 2007, by contrast AT&T served just over 70,000,000 wireless customers).

But that can’t explain the entire increase: only one category of request–requests like orders and warrants requiring court oversight–has gone up at or below the 47% increase in AT&T’s customer base. All other categories have increased at a faster pace.

What’s particularly striking is how many more non-PSAP (that is, non 911 call) exigent requests AT&T has gotten: a more than sevenfold increase.

Now, AT&T doesn’t explain how it treats such requests legally or practically. By comparison, US Cellular cites the language from 18 USC 2518(7)–including language permitting the release of information for “conspiratorial activities threatening the national security interest”–in its exigent request section (see Exhibit 1, page 1); that law requires requestors to submit paperwork for the order or warrant within 48 hours. Sprint cites 18 USC 2702(c)(4) explicitly, which doesn’t include the time limit; but Sprint imposes one itself, even while emphasizing providing this information is voluntary.

For example, Section 2702(c)(4) of the SCA permits Sprint to comply with law enforcement requests in emergency situations when Sprint believes there is an emergency involving danger of imminent death or serious physical injury. In those circumstances, our processes require law enforcement to fax in a form which we use to authenticate the law enforcement requestor and to help verify that an appropriate emergency exists. After being satisfied that the statutory requirements have been met, the Sprint analyst will comply with the request but only for 48 hours, providing law enforcement with sufficient time to obtain appropriate legal processes. To be clear, in these particular circumstances, providing information to law enforcement is not required and Sprint could decide that it will not comply with these emergency requests. Sprint has determined, though, that on balance it is in the interest of our customers and members of the general public who may be at risk to comply with emergency requests, particularly since they often involve very serious life-threatening situations such as kidnapping, child abduction and carjacking.

AT&T doesn’t cite the law directly, but its description matches 2702(c)(4) and therefore would not legally require a follow-up application. Verizon cites 2702(c)(4) explicitly.

Note that this means AT&T, Verizon, and Sprint are treating cell location as a record, not content. Sprint provides this–sort of–explanation for it.

Nonetheless, there are circumstances, which are outlined in the applicable statutes, where information can be disclosed to law enforcement with the consent of the customer or in certain emergency situations. In those cases, Sprint still requires appropriate documentation, and although it may not be a legal demand, per se, it is legally permissible for Sprint to provide the information under the statute, as discussed herein.

[snip]

Sprint has business records that contain information on the location of a wireless device based on that device’s proximity to nearby cell towers. The information in Sprint’s records is often referred to as “historic” or “stored” location as it is customer information of a historic nature that is stored by Sprint for its own business purposes. For example, Sprint uses this information for certain billing, taxing, network troubleshooting and capacity planning purposes. Sprint also has the capability to determine the location of a cell phone in real time by using GPS technology.

The location information contained in Sprint’s business records is not basic subscriber information as defined by the statute but is information Sprint has relating to its customers’ mobile device usage. Consequently, a court order based on “specific and articulable facts” is required prior to disclosure of that information to law enforcement.

[snip]

There is no statute that directly addresses the provision of location data of a mobile device to the government.

The explanation doesn’t really say whether it treats a GPS reading as a stored record or not–probably because that’s where this interpretation gets dicey.

Sprint goes on to suggest Congress provide some clarity about this cell location data. (It also note the government interprets the law to require the cell company to provide not just the target caller location, but also the “location of associates on a call with the target.”)

Not so AT&T, which seems to be giving this information out like candy in the name of exigent circumstances. And unlike Sprint, it’s not clear AT&T (or Verizon) imposes any requirements on how long such emergencies can last.

But then, it’s not just AT&T. The government, too, seems to want to declare a permanent state of emergency so it can get all our cell data anytime it wants.

Update: Transcription error fixed per joberly.

Update: Table corrected per Anchard.

The Tracking Device in Your Pocket

Eric Lichtblau has a story summarizing what Ed Markey discovered after he asked cellphone companies to tell him how many law enforcement requests they respond to every year. And while some of the companies (AT&T and Cricket, at least) claim the numbers are exploding because their subscriber base is too, the numbers are still troubling.

In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations.

The cellphone carriers’ reports, which come in response to a Congressional inquiry, document an explosion in cellphone surveillance in the last five years, with the companies turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests.

The reports are all here–I’ll do a followup once I’ve read them. In the meantime, consider this a working thread if you read the reports.

Failed Overseers Prepare to Legislate Away Successful Oversight

Before I talk about the Gang of Four’s proposed ideas to crack down on leaks, let’s review what a crop of oversight failures these folks are.

The only one of the Gang of Four who has stayed out of the media of late–Dutch Ruppersberger–has instead been helping Mike Rogers push reauthorization of the FISA Amendments Act through the House Intelligence Committee with no improvements and no dissents. In other words, Ruppersberger has delivered for his constituent–the NSA–in spite of the evidence the government is wiretapping those pesky little American citizens Ruppersberger should be serving.

Then there’s Rogers himself, who has been blathering to the press about how these leaks are the most damaging in history. He supported such a claim, among other ways, by suggesting people (presumably AQAP) would assume for the first time we (or the Saudis or the Brits) have infiltrators in their network.

Some articles within this “parade” of leaks, Rogers said late last week, “included at least the speculation of human source networks that now — just out of good counterintelligence activities — they’ll believe is real, even if its not real. It causes huge problems.”

Which would assume Rogers is unaware that the last time a Saudi infiltrator tipped us off to a plot, that got exposed too (as did at least one more of their assets). And it would equally assume Rogers is unaware that Mustafa Alani and other “diplomatic sources” are out there claiming the Saudis have one agent or informant infiltrated into AQAP regions for every 850 Yemeni citizens.

In short, Rogers’ claim is not credible in the least.

Though Rogers seems most worried that the confirmation–or rather, reconfirmation–that the US and Israel are behind StuxNet might lead hackers to try similar tricks on us and/or that the code–which already escaped–might escape.

Rogers, who would not confirm any specific reports, said that mere speculation about a U.S. cyberattack against Iran has enabled bad actors. The attack would apparently be the first time the U.S. used cyberweapons in a sustained effort to damage another country’s infrastructure. Other nations, or even terrorists or hackers, might now believe they have justification for their own cyberattacks, Rogers said.

This could have devastating effects, Rogers warned. For instance, he said, a cyberattack could unintentionally spread beyond its intended target and get out of control because the Web is so interconnected. “It is very difficult to contain your attack,” he said. “It takes on a very high degree of sophistication to reach out and touch one thing…. That’s why this stuff is so concerning to me.”

Really, though, Rogers is blaming the wrong people. He should be blaming the geniuses who embraced such a tactic and–if it is true the Israelis loosed the beast intentionally–the Israelis most of all.

And while Rogers was not a Gang of Four member when things started going haywire, his colleague in witch hunts–Dianne Feinstein–was. As I’ve already noted, one of the problems with StuxNet is that those, like DiFi, who had an opportunity to caution the spooks either didn’t have enough information to do so–or had enough information but did not do their job.The problem, then, is not leaks; it’s inadequacy of oversight.

In short, Rogers and Ruppersberger and Chambliss ought to be complaining about DiFi, not collaborating with her in thwarting oversight.

Finally, Chambliss, the boss of the likely sources out there bragging about how unqualified they are to conduct intelligence oversight, even while boasting about the cool videogames they get to watch in SCIFs, appears to want to toot his horn rather the conduct oversight.

Which brings me back to the point of this post, before I got distracted talking about how badly the folks offering these “solutions” to leaks are at oversight.

Their solutions:

Discussions are ongoing over just how stringent new provisions should be as the Senate targets leakers in its upcoming Intelligence Authorization bill, according to a government source.

Read more

The Only Independent Reviewer of Targeting and Minimization Refuses to Review It

On May 4, Senate Intelligence Committee members Ron Wyden and Mark Udall asked the Intelligence Community Inspector General to determine whether it was feasible to determine how many US persons have been spied on under the FISA Amendments Act.

The Temporally Perfect Fuck You

On May 22, the Committee marked up the renewal of the Act. During consideration of the bill, the Committee rejected Wyden and Udall’s efforts to require the IGs quantify such numbers based on their pending request to the IGs.

During the Committee’s consideration of this legislation, several Senators expressed a desire to quantify the extent of incidental collection under Section 702. I share this desire. However, the Committee has been repeatedly advised by the ODNI that due to the nature of the collection and the limits of the technology involved, it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority. Senators Ron Wyden and Mark Udall have requested a review by the Inspector General of the NSA and the Inspector General of the Intelligence Community to determine whether it is feasible to estimate this number. The Inspectors General are conducting that review now, thus making an amendment on this subject unnecessary. SSCI report on the bill reminds that the IC IGs are authorized–but not required too–conduct reviews of Section 702.

Note, elsewhere the bill report includes these authorized but not mandatory reviews as part of the “robust oversight” of this spying program.

In addition, the Inspectors General of the Department of Justice and certain elements of the Intelligence Community are authorized to review the implementation of Section 702 and must provide copies of any such reviews to the Attorney General, DNI, and congressional committees of jurisdiction.

Yet in rejecting the motion to actually mandate a review, Dianne Feinstein’s report emphasizes that this authority is optional.

Also while marking up the bill, Wyden and Udall attempted to direct the Committee’s Technical Advisory Group to review what was really going on with the FAA. That motion was ruled out of order (Kent Conrad joined Wyden and Udall on this one vote–otherwise the committee voted against all their efforts for greater oversight).

We also proposed directing the committee’s Technical Advisory Group to study FISA Amendments Act collection and provide recommendations for improvements. We were disappointed that our motion to request that the Technical Advisory Group study this issue was ruled by our colleagues to be out of order.

As a result, the bill was voted out of committee on May 22 without any requirement that the intelligence community report on how many US persons it is spying on with FAA.

On June 15, the IC IGs finally got back to Wyden and Udall. (h/t Wired) Note the dates cited in the response.

On 21 May 2012, I informed you that the NSA Inspector General, George Ellard, would be taking the lead on the requested feasibility assessment, as his office could provide an expedited response to this important inquiry.

The NSA IG provided a classified response on 6 June 2012. I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

As I stated in my confirmation hearing and as we have specifically discussed, I firmly believe that oversight of intelligence collection is a proper function of an Inspector General. I will continue to work with you and the Committee to identify ways that we can enhance our ability to conduct effective oversight. [my emphasis]

So IC IG Charles McCullough waited 17 days to even tell Wyden what he was going to do with the request, at which point–the eve of the bill markup–he told Wyden that Ellard would prospectively conduct the inquiry. So when the Committee decided not to mandate an IG review based on the “pending” review, it had not started yet. Read more

The “Most Transparent Administration Ever” Treats Recess Appointments with Greater Secrecy than Illegal Wiretapping

Charlie Savage just released the OLC opinion he got in response to a FOIA on opinions relating to recess appointments (this became an issue after Obama appointed Richard Cordray head of the Consumer Financial Protection Board using a recess appointment). It is a Jack Goldsmith memo dated February 20, 2004.

It is almost entirely redacted. Just 11 lines out of three pages are left unredacted–and one of those reads, “Please let us know if we may be of further assistance.”

Just for shits and giggles, I compared that memo to another Jack Goldsmith memo, one that relates to actual national security issues: Goldsmith’s May 6, 2004 memo finding the revamped illegal wiretap program legal. That’s a 108 page memo, of which 46 pages are entirely redacted or redacted to the same degree as any one of the three pages in this recess appointment one. There are a slew more redactions, many of them obviously improper.

The last line, “Please let me know if we can be of further assistance. (U)” appears unredacted there, too.

Nevertheless, the Administration redacted far more of the earlier Goldsmith memo–the recess appointment one–than the one dealing with one of our most sensitive counterterrorism programs.

Next up, the Administration is going to start redacting Civics textbooks, because the workings of government are so terribly sensitive.

Ron Wyden: “An Obvious Question I Have Not Answered”

In the background of the larger drama of the leak witch hunts is a paragraph that, to me, summarizes where the balance between secrecy and sanity is in our country.

An obvious question that I have not answered here is whether any warrantless searches for Americans’ communications have already taken place. I am not suggesting that any warrantless searches have or have not occurred, because Senate and committee rules regarding classified information generally prohibit me from discussing what intelligence agencies are actually doing or not doing. However, I believe that we have an obligation as elected legislators to discuss what these agencies should or should not be doing, and it is my hope that a majority of my Senate colleagues will agree with that searching for Americans’ phone calls and emails without a warrant is something that these agencies should not do.

This is the language Ron Wyden used to attempt to persuade his colleagues to join his opposition to the reauthorization of the FISA Amendments Act without first including protections for Americans’ communications. A very similar paragraph appeared at the end of Wyden and Mark Udall’s dissent from the Senate Intelligence Report on the legislation.

Now, I have already shown that even leak witch hunt convert Dianne Feinstein (who supports reauthorization without telling citizens what the legislation really does) made it clear that while NSA may not target Americans under FAA, the agency does query information collected under FAA to find the communications of Americans. That is, DiFi herself made it clear that the communications collected “incidentally” are fair game for review. And both the Wyden/Udall dissent and the exchange Wyden had with Director of National Intelligence James Clapper last year–which he re-released in conjunction with his hold–make it more clear that the government is reviewing Americans’ communications it collects in the guise of “targeting” non-US persons.

Everyone–Wyden, DiFi, DNI Clapper–admit that the government is accessing Americans’ communications under FAA; it’s just the latter two are pretending they’re not doing so by hiding behind the magic word “targeting.”

With that said, let’s look at Wyden’s paragraph closely and what it says about democracy in the age of secrecy. The first sentence reads like CYA, insulation against any accusation that Wyden has revealed classified information.

An obvious question that I have not answered here is whether any warrantless searches for Americans’ communications have already taken place.

Yet at the same time, Wyden defines the question that DiFi refuses to answer clearly: whether or not the government is using FAA to conduct warrantless searches of Americans’ communications.

It’s an obvious question, Wyden continues, but he’s not legally permitted to answer it.

I am not suggesting that any warrantless searches have or have not occurred, because Senate and committee rules regarding classified information generally prohibit me from discussing what intelligence agencies are actually doing or not doing.

That said, Wyden makes it clear he knows the answer. Read more

image_print