Nunes Is So Dumb He Missed the Most Likely Way the Trump Campaign Might Have Been Wiretapped

Devin Nunes is so bad at his job overseeing the nation’s intelligence agencies that his memo alleging FISA abuses failed to mention the one way he might have legitimately argued that the Deep State was spying on the Trump campaign.

The memo, released Friday after a week of political drama, purports to show that the process by which the FBI applied for four individualized FISA orders targeting former Trump foreign policy advisor Carter Page, spanning from October 2016 through July 2017, failed to adequately explain to the court that the application included information obtained as part of paid opposition research. On that claim, the memo falls short of making the case. So too does Nunes’ claim that “top officials used unverified information [from the Title I warrants] to fuel a counter-intelligence investigation during an American political campaign,” since Carter Page had been gone from the Trump campaign for a month before he was targeted.

But the memo only deals with the request for traditional “probable cause” FISA orders approved by the FISA Court. The memo even says this surveillance at issue was “not under Title VII,” probably an effort to distinguish this surveillance practice, which Nunes claims is being abused, from collection under FISA’s Section 702, which is even more problematic from a privacy standpoint. Nunes wrote the bill that reauthorized Section 702 two weeks ago, a bill that included no reforms to the practice that allows the government to access the communications of Americans against whom the FBI has no evidence of wrong-doing without a warrant. That is, Nunes wants to make sure you know that only the FISA practice that actually requires probable cause is at issue in his claims of FISA abuse, not the practice that permits warrantless surveillance of Americans that he championed a few weeks ago.

The thing is, Nunes is probably wrong that the surveillance of Carter Page doesn’t involve any of the authorities he recently pushed through. That’s because, along with Section 702, Nunes’ bill extending FISA’s Title VII also reauthorized a section, 705(b), which the government uses to spy on Americans already under surveillance, like Carter Page, during the periods when they travel overseas.

Carter Page traveled to Russia and London in December 2016 and Abu Dhabi in January 2017; he told the House Intelligence Committee he met with a slew of interesting foreigners along the way. It would be malpractice for the government to halt surveillance on someone it suspected of spying for Russia when he went to Russia.

So assuming the NSA kept spying on Page when he was meeting with the Russians they suspected him of conspiring with while he was in Russia, then the government would have switched to 705(b) authority. That permits the NSA to use the different kinds of surveillance tools, more powerful tools like hacking someone’s computer or querying data collected in bulk, that it uses overseas, drawing from more kinds of collection.

The thing is, that kind of individualized overseas surveillance — far more than the domestic individual surveillance at issue in the memo — has been a problem in recent years. Indeed, in the months before the government obtained its first FISA order on Carter Page, the NSA’s Inspector General found that in the 8 years since Congress had passed 705(b), NSA had never set up a system to track surveillance conducted under it. Of particular concern, analysts were conducting surveillance under the authority outside the time frame permitted under the 705(b) order, meaning that analysts might collect data from a period before the 705(b) order, or even before the traditional FISA order underlying it, had been approved. Or, NSA might forget to turn off their hacking sensor in Page’s laptop or smart phone even after he returned to the US. By using overseas spying methods outside the time period when the person was overseas, then, NSA might have gotten what amounts to a time machine, letting the government (perhaps unknowingly) obtain stored communications from the period when Page was still working with the Trump campaign.

The discovery, in early 2016, that NSA hadn’t been following the rules for the kind of spying that would have been used with Page while he was in Russia led to a string of other discoveries, which in turn led to the termination of one kind of NSA spying, called “about” collection. But the process of fixing 705(b) and “about” collection continued well into the period when Page was under FISA surveillance, including the times when he was traveling overseas.

All that said, if the government obtained information from outside the time of Carter Page’s travels overseas improperly, Trump has only Trump to blame. That’s because, even after they did fix the problems with the program in April 2017, the Trump Administration didn’t do what the Obama Administration before it had done on numerous occasions: get rid of any data obtained improperly under such conditions. So while the underlying problems with 705(b) were never fixed under the Obama Administration (which is absolutely something that should be laid at his feet) Jeff Sessions and Dan Coats would be responsible for any lasting harm under the problems. The Trump Administration’s deviation from past practice in destroying improperly obtained data would be responsible for any harm to Trump.

Ultimately, Nunes’ failure to consider for his politicized memo the one FISA practice most likely to have affected Carter Page identifies the real source of any problems with FISA: a failure of oversight, including from people like Devin Nunes. With the Title VII reauthorization bill he authored, Nunes might have ensured some follow-up to make sure known overseas spying problems were fixed. He might have required the government to make sure it destroyed any data on the Trump campaign it collected while Page was overseas.

Instead, Nunes seems completely unaware that such problems existed.

 

Asha Rangappa Demands Progressive Left Drop Bad Faith Beliefs in Op-Ed Riddled with Errors Demonstrating [FBI’s] Bad Faith

It’s my fault, apparently, that surveillance booster Devin Nunes attacked the FBI this week as part of a ploy to help Donald Trump quash the investigation into Russian involvement in his election victory. That, at least, is the claim offered by the normally rigorous Asha Rangappa in a NYT op-ed.

It’s progressive left privacy defenders like me who are to blame for Nunes’ hoax, according to Rangappa, because — she claims — “the progressive narrative” assumes the people who participate in the FISA process, people like her and her former colleagues at the FBI and the FISA judges, operate in bad faith.

But those on the left denouncing its release should realize that it was progressive and privacy advocates over the past several decades who laid the groundwork for the Nunes memo — not Republicans. That’s because the progressive narrative has focused on an assumption of bad faith on the part of the people who participate in the FISA process, not the process itself.

And then, Ragappa proceeds to roll out a bad faith “narrative” chock full of egregious errors that might lead informed readers to suspect FBI Agents operate in bad faith, drawing conclusions without doing even the most basic investigation to test her pre-conceived narrative.

Rangappa betrays from the very start that she doesn’t know the least bit about what she’s talking about. Throughout, for example, she assumes there’s a partisan split on surveillance skepticism: the progressive left fighting excessive surveillance, and a monolithic Republican party that, up until Devin Nunes’ stunt, “has never meaningfully objected” to FISA until now. As others noted to Rangappa on Twitter, the authoritarian right has objected to FISA from the start, even in the period Rangappa used what she claims was a well-ordered FISA process. That’s when Republican lawyer David Addington was boasting about using terrorist attacks as an excuse to end or bypass the regime. “We’re one bomb away from getting rid of that obnoxious [FISA] court.”

I’m more peeved, however, that Rangappa is utterly unaware that for over a decade, the libertarian right and the progressive left she demonizes have worked together to try to rein in the most dangerous kinds of surveillance. There’s even a Congressional caucus, the Fourth Amendment Caucus, where Republicans like Ted Poe, Justin Amash, and Tom Massie work with Rangappa’s loathed progressive left on reform. Amash, Mike Lee, and Rand Paul, among others, even have their name on legislative attempts to reform surveillance, partnering up with progressives like Zoe Lofgren, John Conyers, Patrick Leahy, and Ron Wyden. This has become an institutionalized coalition that someone with the most basic investigative skills ought to be able to discover.

Since Rangappa has not discovered that coalition, however, it is perhaps unsurprising she has absolutely no clue what the coalition has been doing.

In criticizing the FISA process, the left has not focused so much on fixing procedural loopholes that officials in the executive branch might exploit to maximize their legal authority. Progressives are not asking courts to raise the probable cause standard, or petitioning Congress to add more reporting requirements for the F.B.I.

Again, there are easily discoverable bills and even some laws that show the fruits of progressive left and libertarian right efforts to do just these things. In 2008, the Democrats mandated a multi-agency Inspector General on Addington’s attempt to blow up FISA, the Stellar Wind program. Progressive Pat Leahy has repeatedly mandated other Inspector General reports, which forced the disclosure of FBI’s abusive exigent letter program and that FBI flouted legal mandates regarding Section 215 for seven years (among other things). In 2011, Ron Wyden started his thus far unsuccessful attempt to require the government to disclose how many Americans are affected by Section 702. In 2013, progressive left and libertarian right Senators on the Senate Judiciary Committee tried to get the Intelligence Community Inspector General to review how the multiple parts of the government’s surveillance fit together, to no avail.

Rangappa’s apparent ignorance of this legislative history is all the more remarkable regarding the last several surveillance fights in Congress, USA Freedom Act and this year’s FISA Amendments Act reauthorization (the latter of which she has written repeatedly on). In both fights, the bipartisan privacy coalition fought for — but failed — to force the FBI to comply with the same kind of reporting requirements that the bill imposed on the NSA and CIA, the kind of reporting requirements Rangappa wishes the progressive left would demand. When a left-right coalition in the House Judiciary Committee tried again this year, the FBI stopped negotiating with HJC’s staffers, and instead negotiated exclusively with Devin Nunes and staffers from HPSCI.

With USAF, however, the privacy coalition did succeed in a few reforms (including those reporting requirements for NSA and CIA). Significantly, USAF included language requiring the FISA Court to either include an amicus for issues that present “a novel or significant interpretation of the law,” or explain why it did not. That’s a provision that attempts to fix the “procedural loophole” of having no adversary in the secret court, though it’s a provision of law the current presiding FISC judge, Rosemary Collyer, blew off in last year’s 702 reauthorization. (Note, as I’ve said repeatedly, I don’t think Collyer’s scofflaw behavior is representative of what FISC judges normally do, and so would not argue her disdain for the law feeds a “progressive narrative” that all people involved in the FISA process operated in bad faith.)

Another thing the progressive left and libertarian right won in USAF is new reporting requirements on FISA-related approvals for FISC, to parallel those DOJ must provide. Which brings me to Rangappa’s most hilarious error in an error-ridden piece (it’s an error made by multiple civil libertarians earlier in the week, which I corrected on Twitter, but Rangappa appears to mute me so wouldn’t have seen it).

To defend her claim that the FISC judge who approved the surveillance of Carter Page was operating, if anything, with more rigor than in past years, Rangappa points to EPIC’s tracker of FISA approvals and declares that the 2016 court rejected the highest number of applications in history.

We don’t know whether the memo’s allegations of abuse can be verified. It’s worth noting, however, that Barack Obama’s final year in office saw the highest number of rejected and modified FISA applications in history. This suggests that FISA applications in 2016 received more scrutiny than ever before.

Here’s why this is a belly-laughing error. As noted, USAF required the FISA Court, for the first time, to release its own record of approving applications. It released a partial report (for the period following passage of USAF) covering 2015, and its first full report for 2016. The FISC uses a dramatically different (and more useful) counting method than DOJ, because it counts what happens to any application submitted in preliminary form, whereas DOJ only counts applications submitted in final form. Here’s how the numbers for 2016 compare.

Rangappa relies on EPIC’s count, which for 2016 not only includes an error in the granted number, but adopts the AOUSC counting method just for 2016, making the methodology of its report invalid (it does have a footnote that explains the new AOUSC numbers, but not why it chose to use that number rather than the DOJ one or at least show both).

Using the only valid methodology for comparison with past years, DOJ’s intentionally misleading number, FISC rejected zero applications, which is consistent or worse than other years.

It’s not the error that’s the most amusing part, though. It’s that, to make the FISC look good, she relies on data made available, in significant part, via the efforts of a bipartisan coalition that she claims consists exclusively of lefties doing nothing but demonizing the FISA process.

If anyone has permitted a pre-existing narrative to get in the way of understanding the reality of how FISA currently functions, it’s Rangappa, not her invented progressive left.

Let me be clear. In spite of Rangappa’s invocation (both in the body of her piece and in her biography) of her membership in the FBI tribe, I don’t take her adherence to her chosen narrative in defiance of facts that she made little effort to actually learn to be representative of all FBI Agents (which is why I bracketed FBI in my title). That would be unfair to a lot of really hard-working Agents. But I can think of a goodly number of cases, some quite important, where that has happened, where Agents chased a certain set of leads more vigorously because they fit their preconceptions about who might be a culprit.

That is precisely what has happened here. A culprit, Devin Nunes — the same guy who helped the FBI dodge reporting requirements Rangappa thinks the progressive left should but is not demanding — demonized the FISA process by obscuring what really happens. And rather than holding that culprit responsible, Rangappa has invented some other bad guy to blame. All while complaining that people ever criticize her FBI tribe.

The Harm Releasing the Nunes Memo Caused

I did two pieces elsewhere on the Devin Nunes memo yesterday. At Vice, I tracked all the holes in the memo; subsequent reporting showed that I hit virtually all the big ones that Adam Schiff hit in his response memo: the memo misrepresented what FBI told FISC about the political nature of Christopher Steele’s, it misrepresents Andrew McCabe’s testimony, and the memo misrepresented why George Papadopoulos was mentioned in the application. At HuffPo, I described how on the twin FISA events of the last few weeks — 702 reauthorization and the Nunes memo — both Nunes and Paul Ryan were on the wrong side of the principles of rule of law and civil liberties.

Since the memo has proven to be such a dud, a lot of people are now questioning DOJ’s and Democrats’ claims that releasing the memo would harm national security. I want to lay out three ways (DOJ surely believes) it may well do that.

Tells Carter Page and any co-conspirators precisely when FISA surveillance started

The memo tells Carter Page — and any co-conspirators both within the Trump camp and overseas — precisely when the surveillance on Page started and what it consists of.

FBI obtained an electronic surveillance warrant against Page on October 21, 2016, and obtained 3 reauthorizations (so roughly January 19, April 19, and July 18). While Page’s interlocutors overseas were likely wiretapped, if possible, associates in the Trump camp can now assume any conversations they had with him before October 21 were not recorded and remain unavailable to Robert Mueller.

Mind you, we know the memo doesn’t reveal the full extent of surveillance directed against Carter Page, because it gives no details on the 2014 FISA wiretap reportedly used against him. That leaves open the possibility that he was surveilled using other means. I think the GOP would have included had FISC approved a physical search FISA warrant against Page, because that would include the possibility of obtaining stored communications from during the campaign. But I would also bet a lot of money that whatever Attorney General was in charge during periods when Page traveled overseas approved a 705(b) order on him, permitting surveillance to continue while he was overseas. I’ll have more to say on this in upcoming days.

Note, it is also possible that the surveillance against Page continues.

Tells subjects of the investigation the status of the investigation and FBI’s ability to validate the Steele memo

The memo provides other details about the investigation, too.

On October 21, per a quotation from FBI Assistant Director Bill Priestap, the investigation into Russian ties with the Trump camp was is its “infancy.” Again, this will let Russians and Trump associates know that anything they managed to destroy before that date may well be unavailable to Mueller.

Later in October, the source report on Steele reported that the dossier had been “only minimally corroborated.” If any of the events in the dossier are real, then the Russians (especially) will have a sense of how unsuccessful the FBI had been in finding the evidence to corroborate those events. If the dossier is, as I’ve suggested, disinformation, the Russians would know that their disinformation was wasting FBI Agent time at least for months.

Tells Australians and every other foreign partner shared intelligence may be officially declassified

The memo mentions the Papadopoulos tip and confirms that’s what triggered the investigation; it also confirms that nothing shared prior to then had triggered an investigation. While the description here doesn’t attribute that intelligence to the Australians, we know that’s where it came from. Now Australia and every other country will know that intelligence they share, including intelligence that makes it look like Five Eyes officials are reporting on the citizens of other Five Eyes countries, may be released by Devin Nunes for political gain. This will add to the many reasons why our friends will hesitate before sharing intelligence with us.

Makes it more likely defendants will get FISA review

In the 40 year history of FISA, no defendant who got notice that FISA data was being used against them in prosecution has been able to review the application used against them. Because Nunes released this information so frivolously, because White House Counsel Don McGahn, in his cover memo, suggested this was a time when “public interest in disclosure of [FISA materials] outweighs any need to protect the information, the memo lowers the bar for release of FISA-related information going forward.

I assume Carter Page, if he is charged, will successfully be able to win review of his FISA application (and think that would be entirely appropriate); that may mean he doesn’t get charged or, if he does, Mueller has to bend over backwards to avoid using FISA material.

But I also assume — and hope — that this disclosure ends the 40 year drought on the release of information, which the original drafters of FISA envisioned would be appropriate in certain circumstances. I think this the one salutary benefit of this memo; it makes it more likely that FISA will work the way it is supposed to going forward.

I even think it possible that the release of this information may affect the response to Keith Gartenlaub’s pending appeal in the Ninth Circuit. His is a case that merits FISA review, and whereas the court might have hesitated to give him that in the past, it would be far easier for them to do so here.

In other words, the release of this memo likely helped those Mueller is trying to investigate, provided another reason for our foreign partners to hesitate before sharing intelligence with us, and makes it more likely some defendants will get to review their FISA application going forward. I can see how DOJ would consider all of that harmful to national security.

Update: On Twitter some folks added that this makes people distrust FBI, making it less likely they’ll share information with the Bureau. In my opinion actually sharing interview reports with HPSCI already did that (though that Chris Wray was forced to do so wouldn’t be as widely known). I also think the sheer shittiness of the dossier minimizes the impact of that somewhat. But I think it’s a fair point.

The Increasing Panic Surrounding Devin Nunes’ “Extraordinarily Reckless” Plan to Release Memo

I thought I’d chronicle the increasingly senior panic surrounding Devin Nunes’ plan — reportedly backed by Trump — to release the Nunes memo without first letting FBI and DOJ review it. Clearly, there’s concern this will burn underlying sources for the FISA application(s) described in the report. I don’t rule our the belated revelation of something I’ve been hearing for at least six months — that the Dutch passed on intelligence in real time of APT 29 hacking US targets and had an inside view of the operations — isn’t meant as a warning of what will happen if the US further burns the Dutch.

I’m also interested in AAG Stephen Boyd’s emphasis that Nunes delegated his review of these documents to Trey Gowdy, perhaps suggesting both will have some kind of liability for any damage that will result from this game of telephone.

Sunday, January 21: FBI denied a copy of Nunes’ memo.

“The FBI has requested to receive a copy of the memo in order to evaluate the information and take appropriate steps if necessary. To date, the request has been declined,” said Andrew Ames, a spokesperson for the FBI.

Wednesday, January 24: Richard Burr’s Senate Intelligence Committee staffers denied a copy of the memo.

Senate Intelligence Committee Chairman Richard Burr’s staff has not been given access to a classified memo drafted by House Intelligence Committee Chairman Devin Nunes, a sign of how closely House Republicans are guarding allegations of Justice Department wrongdoing over surveillance activities in the Russia investigation.

According to three sources familiar with the matter, Burr’s staff requested a copy of the memo and has been denied, just as the FBI and Justice Department have also been denied reviewing a copy of the document.

Wednesday, January 24: Trump’s Assistant Attorney General for Legislative Affairs Stephen Boyd writes letter noting that releasing memo will violate agreement.

Recent news reports indicate a classified memorandum prepared by House Permanent Select Committee on Intelligence (HPSCI or Committee) staff alleges abuses at the Department of Justice (Department) and the Federal Bureau of Investigation (FBI) in the FISA process. We understand many members of the House of Representatives have views this memorandum and that it has raised concerns.

As you know, we have provided HPSCI with more than 1,000 pages of classified documents relating to the FBI’s relationship, if any, with a source and its reliance, if any, on information provided by that source. Media reports indicate that the Committee’s memorandum contains highly classified material confidentially provided by the Department to the Committee in a secure facility.1

[snip]

In addition, we have also heard that HPSCI is considering making the classified memorandum available to the public and the media, an unprecedented action. We believe it would be extraordinarily reckless for the Committee to disclose such information publicly without giving the Department and the FBI the opportunity to review the memorandum and to advise the HPSCI of the risk of harm to national security and to ongoing investigations that could come from public release. Indeed, we do not understand why the Committee would possibly seek to disclose classified and law enforcement sensitive information without first consulting with the relevant members of the Intelligence Community.

Seeking Committee approval of public release would require HPSCI committee members to vote on a staff-drafted memorandum that purports to be based on classified source materials that neither you nor most of them have seen. Given HPSCI’s important role in overseeing the nation’s intelligence community, you well understand the damaging impact that the release of classified material could have on our national security and our ability to share and receive sensitive information from friendly foreign governments.

[snip]

Additionally, we believe that wider distribution of the classified information presumably contained within your memorandum would represent a significant deviation from the terms of access granted in good faith by the Department, HPSCI, and the Office of Speaker Paul Ryan.

The Department renews its request — as previously made in a personal appeal by the Director of the FBI — for an opportunity to review the memorandum in question so that it may respond to the Committee before any vote on public release.

1 To date, the Department has provided detailed briefings and made available to HPSCI documents requested as part of its investigation into Russian influence in the 2016 election. The terms of access stipulated that review of the documents would be limited to the Chairman or his designee, the Ranking Member or his designee, and two staff members each. (Mr. Gowdy reviewed the documents for the majority. Mr. Schiff reviewed the documents for the minority.) Other committees of jurisdiction — the Senate Select Committee on Intelligence, the Senate Committee on the Judiciary, and the House Committee on the Judiciary — have accepted similar procedural safeguards to protect against improper dissemination of information.

Thursday, January 25: DOJ spox (and close Jeff Sessions ally) Sarah Isgur Flores goes on Fox to argue DOJ should get to look at the memo first,

Let us see it first. At this point, nobody in the Senate or the White House or the Department of Justice or FBI has seen this document, and a number of Congressmen have expressed a lot of concern about it. So we would like to see it. Well, I think we’d certainly want to see any evidence of wrong-doing and take action upon that if there is wrong-doing going on. And then, I think we’d want to discuss, I mean, this is classified material for a reason. It has national security implications. It may have implications for our allies or others in the intelligence community.

Thursday, January 25: Majority Whip and SSCI member John Cornyn says Nunes should let DOJ review the memo.

Cornyn, who has been briefed on Nunes memo, suggests Nunes should listen to DOJ concerns. “We all should pay attention to what the Justice Department’s concerns are, and I’m sure the chairman will. It’s always good when we communicate and consult with one another,” he told me

Thursday, January 25: James Lankford says Nunes should follow “proper declassification procedures.”

Update: First, I fixed the dates.

Second, I wasn’t aware of this statement from Paul Ryan’s spox, sometime in the last day. (h/t Maestro)

A spokesman for Ryan pushed back at the DOJ’s characterization of the negotiations.

“As previously reported, the speaker’s only message to the Department was that it needed to comply with oversight requests and there were no terms set for its compliance,” Doug Andres, the spokesman, said in a statement.

This is fairly breathtaking, as it suggests Ryan (and by association Nunes) are not agreeing to abide by any of the security precautions imposed on the access to highly sensitive case files Nunes obtained.

Steve King Just Voted to Subject Americans to “Worse than Watergate”

Devin Nunes has launched the next installment of his effort to undercut the Mueller investigation, a “Top Secret” four page report based on his staffers’ review of all the investigative files they got to see back on January 5. He then showed it to a bunch of hack Republicans, who ran to the right wing press to give alarmist quotes about the report (few, if any, have seen the underlying FBI materials).

Mark Meadows (who recently called for Jeff Sessions’ firing as part of this obstruction effort) said, “Part of me wishes that I didn’t read it because I don’t want to believe that those kinds of things could be happening in this country that I call home and love so much.”

Matt Gaetz (who strategized with Trump on how to undercut the Mueller investigation on a recent flight on Air Force One) said, “The facts contained in this memo are jaw-dropping and demand full transparency. There is no higher priority than the release of this information to preserve our democracy.”

Ron DeSantis (who joined Gaetz in that Air Force One strategy session with Trump and also benefitted directly from documents stolen by the Russians) said it was “deeply troubling and raises serious questions about the [the people in the] upper echelon of the Obama DOJ and Comey FBI,” who of course largely remain in place in the Sessions DOJ and Wray FBI.

Steve King claimed what he saw was, “worse than Watergate.” “Is this happening in America or is this the KGB?” Scott Perry said. Jim Jordan (who joined in Meadows’ effort to fire Sessions) said, “It is so alarming.” Lee Zeldin said the FBI, in using FISA orders against Russians and facilities used by suspected agents of Russia was relying “on bad sources & methods.”

It all makes for very good theater. But not a single one of these alarmists voted the way you’d expect on last week’s 702 reauthorization votes if they were really gravely concerned about the power of the FBI to spy on Americans.

Indeed, Gaetz, DeSantis, and King — three of those squawking the loudest — voted to give the same FBI they’re claiming is rife with abuse more power to spy on Americans, including political dissidents. Nunes, who wrote this alarming report, also wrote the bill to expand the power of the FBI he’s now pretending is badly abusive.

Even those who voted in favor of the Amash-Lofgren amendment and against final reauthorization — Meadows, Jordan, and Perry, among some of those engaging in this political stunt — voted against the Democratic motion to recommit, which would have at least bought more time and minimally improved the underlying bill (Justin Amash and Tom Massie, both real libertarians, voted with Democrats on the motion to recommit). Zeldin was among those who flipped his vote, backing the bill that will give the FBI more power after making a show of supporting Amash’s far better bill.

In short, not a single one of these men screaming about abuse at the FBI did everything they could do to prevent the FBI from getting more power.

Which — if you didn’t already need proof — shows what a hack stunt this is.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Jack Goldsmith and Susan Hennessey Run Cover for Those Giving Jeff Sessions Unreviewable Authority to Criminalize Dissent

I’m used to Susan Hennessey partnering with Ben Wittes to write apologies for NSA and FBI that ignore known facts. I’m a bit surprised that Jack Goldsmith did so in this defense of Democrats — like Adam Schiff and Nancy Pelosi and nineteen Democratic Senators — who have voted to give Jeff Sessions unreviewable authority to criminalize dissent using certain privacy tools.

NSA did not fix “abouts” problems before the issues became public

There are numerous problems with this post. The one that irks me the most, however, is the claim that the “system itself” identified and addressed problems with “abouts” collection before they became public.

We acknowledge that the program has raised hard legal questions as well as difficult compliance issues, primarily involving “abouts” collection. But these problems were identified by the system itself, long before the issues became public, and the practices were fixed or terminated.

This claim, one I’ve corrected Hennessey for on numerous occasions on Twitter, is false, and should be retracted.

I say that with great confidence, because I wrote about the problems on August 11, 2016, well before NSA failed to disclose the full extent of the problems in an October 4, 2016 hearing, which led the worst FISC judge ever, Rosemary Collyer, to complain about NSA’s institutional “lack of candor.”

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

As a reminder, the problem (the FISC has) with “abouts” collection is not so much that it collected entirely domestic communications — that’s the complaint of the rest of us. It’s that NSA never ever complied with John Bates’ 2011 requirement that NSA not conduct back door searches on upstream collection, because it might result in searches of those entirely domestic communications. In my August 2016 post, I noted that reviewers kept discovering that NSA continued to do back door searches on upstream data in violation of that prohibition, and kept refusing to implement technical fixes to avoid them.

I also raised concerns about the oversight of 704/705(b), which is how the NSA first realized how badly non-compliant their upstream searches were, on May 13, 2016, That’s about when NSA first reported to DOJ “in May and June 2016” that “approximately eighty-five percent of” queries using a tool the NSA employs with 704/705b queries “were not compliant with the applicable minimization procedures.”

I’ll grant that I’m remarkably attentive to documents that get declassified years after the fact. But I’m nevertheless “the public.” If I’m identifying these problems — and NSA’s refusal to make the technical fixes to avoid them — before they get fully briefed to DOJ or FISC, then it is absolutely false to claim that “the system” fixed or terminated the problem long before they became public.

Again, Lawfare should issue a retraction for that claim.

Update, January 19: On Twitter yesterday, Hennessey claimed I misread this quote, and that her proof that the system works was that the NSA had gotten away with ignoring Bates’ orders for five years, but finally shut it down before the public learned that NSA had been ignoring FISC’s orders.

This is still factually false — as I responded to her, the NSA was still identifying problems for eight months after I wrote about the problems, even assuming it had found all of them by April 2017, which was the last declassified reporting on it. But her explanation actually makes the comment downright damning for the NSA. It suggests a lawyer who was at NSA during the period it was not in compliance believes that getting away with violating the Fourth Amendment for five years, but fixing it before documents released on a three year delay (and only because of Snowden) is a sign of a law-abiding agency.

A portrait of a guy who doesn’t know key details as a rigorous overseer

The fact that I was harping on the “abouts” problems before any overseers of the program managed to fully investigate and fix them by itself disproves the claims that Hennessey and Goldsmith make in their hagiography of Adam Schiff.

He is the ranking Democrat on the House intelligence committee and one of the most knowledgeable and informed members of Congress on intelligence matters. Schiff has not hesitated to be  when he sees fit. He has watched the 702 program up close over many years in classified settings in his oversight role. He knows well its virtues and its warts. We suppose it is possible that Schiff would vote to give the president, whose integrity he so obviously worries about, vast powers to spy on Americans in an abusive way. Given everything Schiff has publicly said and done over the last year, however, a much more plausible inference is that he knows not only how valuable the 702 program is but also how law-constrained and carefully controlled and monitored it is.

Plus, I’m not sure why they think that Schiff’s attempt to fix the Section 215 phone dragnet only after Edward Snowden made it public proves that Schiff “never hesitated to be critical of intelligence community practices.” On the contrary, it proves that he did hesitate to do so before excessive programs became public.

The distinction is utterly critical given something I’ve pointed out about this bill. The bill itself is an admission that the intelligence community is out of control, and that congressional overseers can’t get information they need to adequately oversee the program without demanding it in legislation. That’s because it requires the IC to provide information on two practices that Congress cannot be deemed competent to legislate on without having answers about first.

For example, the bill requires an IG Report on how FBI queries raw data.

(b) MATTERS INCLUDED.—The report under subsection (a) shall include, at a minimum, an assessment of the following:

(1) The interpretations by the Federal Bureau of Investigation and the National Security Division of the Department of Justice, respectively, relating to the querying procedures adopted under subsection (f) of section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as added by section 101.

[snip]

(6) The scope of access by the criminal division of the Federal Bureau of Investigation to information obtained pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), including with respect to information acquired under subsection (a) of such section 702 based on queries conducted by the criminal division.

(7) The frequency and nature of the reviews conducted by the National Security Division of the Department of Justice and the Office of the Director of National Intelligence relating to the compliance by the Federal Bureau of Investigation with such querying procedures.

I have explained (and I know Hennessey regards this as a problem too) that since 2012, FBI has devolved its access to raw 702 data to field offices. The FBI already conducted far, far less oversight of the back door searches it conducts than NSA does. But because the DOJ/DNI 702 review teams visit only a fraction of the FBI field offices with each review, and because FBI’s querying system doesn’t collect enough information to do oversight remotely, it is possible that the offices that are least familiar with 702 requirements are — for the smaller number of 702 queries they conduct — getting the least oversight.

You can’t pass a bill that effectively blesses FBI’s use of back door searches on Americans about whom it has no evidence of any wrongdoing, while admitting you don’t know how FBI conducts those back door searches, and make any claim to conduct adequate oversight. Rather, the bill permits FBI to continue practices it has stubbornly refused to brief Congress on, rather than demanding that FBI brief Congress first, so Congress can impose any restrictions that might be necessary to adequately protect Americans.

The bill also requires a briefing within six months to explain how DOJ complies with FISA’s legally mandated notice requirements (because notice under 702 is treated as notice under 106(c), this covers 702 surveillance as well).

Not later than 180 days after the date of the enactment of this Act, the Attorney General, in consultation with the Director of National Intelligence, shall provide to the Committee on the Judiciary and the Permanent Select Committee on Intelligence of the House of Representatives and the Committee on the Judiciary and the Select 10 Committee on Intelligence of the Senate a briefing with respect to how the Department of Justice interprets the requirements under sections 106(c), 305(d), and 405(c) of the Foreign Intelligence Surveillance Act of 1978 (50 14 U.S.C. 1806(c), 1825(d), and 1845(c)) to notify an aggrieved person under such sections of the use of information obtained or derived from electronic surveillance, physical search, or the use of a pen register or trap and trace device. The briefing shall focus on how the Department interprets the phrase ‘‘obtained or derived from’’ in such sections.

The public treatment of DOJ’s serial, obvious failures to give notice to defendants is a nifty trick. When DOJ fails to give notice, it clearly violates the law, but notice is not included in minimization procedure review, so therefore is not reviewed by the FISC. When surveillance boosters like Hennessey and Goldsmith say there have never been any willful violations of the law, they manage to ignore the notice violations that have allowed some pretty problematic practices to avoid judicial oversight only because by breaking the law DOJ ensures no court will find them to be breaking the law.

Catch 22: Heads legal violations never get reviewed by a court, tails surveillance boosters can claim the surveillance has a clean bill of health.

Again, this is a known, egregious problem with the implementation of 702.

But rather than do the obvious thing as part of what this post dubs “robust democratic deliberation,” which is to demand answers about how notice is (not) given and require DOJ to fix it as part of the bill, the bill instead simply requires DOJ to provide the information that Congress needs to do basic oversight six months after reauthorization, which effectively punts fixing the problem six years down the road.

How many Chinese-American scientists will be improperly prosecuted because FBI is technically inane in those 6 years, because a bunch of California legislators like Nancy Pelosi, Adam Schiff, and Dianne Feinstein chose to punt on basic oversight?

The most egregious example of this, however, involves the government’s obstinate refusal to explain how many US persons are affected by 702. This bill also did not incorporate an HJC proposal requiring a count of how many Americans got referred for criminal prosecution off of 702 collection.

Letting Jeff Sessions criminalize dissent

That refusal — the refusal to even legislatively require the government to report on the impact of 702 surveillance on Americans, via incidental collection and/or criminal referral — brings us to the problem with this bill that opponents are all raising, but about which Hennessey and Goldsmith are inexcusably silent: the codification of giving Jeff Sessions unreviewable authority to determine what counts as a “criminal proceeding [that] affects, involves, or is related to the national security of the United States.”

Here’s how Hennessey and Goldsmith describe the impact of this program on Americans.

As Lawfare readers know, Section 702 authorizes the intelligence community to target the communications of non-U.S. persons located outside the United States for foreign intelligence purposes. It does not permit the intelligence community to target a U.S. person anywhere in the world. But it does permit incidental collection on U.S. persons, subject to strict rules about minimization and use.

Their silence about how the bill doesn’t deal with back door searches is problematic enough.

But they predictably, but problematically, make no mention of the way the bill codifies the use of 702 in domestic law enforcement under the Tor/VPN exception.

As I have laid out, in 2014 FISC created an exception to the rule that NSA must detask from a facility as soon as they learn that Americans are also using that facility. That exception applies to Tor and (though I understand this part even less) VPN servers — basically the kinds of privacy tools that criminals, spies, journalists, and dissidents might use to hide their online activities. NSA has to sort through what they collect on the back end, but along the way, they get to decide to keep any entirely domestic traffic they find has significant foreign intelligence purpose or is evidence of a crime, among other reasons. The bill even codifies 8 enumerated crimes under which they can keep such data. Some of those crimes — child porn and murder — make sense, but others — like transnational crime (including local drug dealers selling imported drugs) and CFAA (with its well-known propensity for abuse) pose more potential for abuse.

But it’s the unreviewable authority for Jeff Sessions bit that is the real problem.

We know, for example, that painting Black Lives Matter as a national security threat is key to the Trump-Sessions effort to criminalize race. We also know that Trump has accused his opponents of treason, all for making critical comments about Trump.

This bill gives Sessions unreviewable authority to decide that a BLM protest organized using or whistleblowing relying on Tor, discovered by collection done in the name of hunting Russian spies, can be referred for prosecution. The fact that the underlying data predicating any prosecution was obtained without a warrant under 702 would — in part because this bill doesn’t add teeth to FISA notice — ensure that courts would never learn the genesis of the prosecution. Even if a court somehow managed to do so, however, it could never deem the domestic surveillance unlawful because the bill gives Jeff Sessions the unreviewable authority to treat dissent as a national security threat.

This is such an obviously bad idea, and it is being supported by people who talk incessantly about the threat that Trump and Sessions present. Yet, rather than addressing the issue head on (which I doubt Hennessey could legally do in any case), they simply remain silent about what is the biggest complaint from privacy activists, that this gives a racist, vindictive Attorney General far more authority than he should have, and does so without fixing the inadequate protections for criminal defendants along the way.

I mean, I get that surveillance boosters who recognize the threat Trump and Sessions pose want to absolve themselves for giving Trump tools that can so obviously be abused.

But this attempt does so precisely by dodging the most obvious reasons for which boosters should be held to account.

Update: Changed post to note that just Trump has accused FBI Agents of treason, not Sessions, and not (yet) journalists.

Update: Here’s the roll call of the 65-34 vote passage of the bill. Democrats who voted in favor are:

  1. Carper
  2. Casey
  3. Cortez Masto
  4. Donnelly
  5. Duckworth
  6. Feinstein
  7. Hassan
  8. Heitkamp
  9. Jones
  10. Klobuchar
  11. Manchin
  12. McCaskill
  13. Nelson
  14. Peters
  15. Reed
  16. Schumer
  17. Shaheen
  18. Stabenow
  19. Warner
  20. Whitehouse

 

The 702 Capitulations: a Real Measure of the “Deep State”

There were two details of the Section 702 reauthorization in the House that deserve more attention, as the Senate prepares for a cloture vote today at 5:30.

First, in the Rules Committee hearing for the bill, Ranking House Judiciary Committee member Jerry Nadler revealed that the FBI stopped engaging with his staffers when the two sides reached a point on negotiations over the bill beyond which they refused to budge.

Effectively, FBI just used the dual HJC/House Intelligence jurisdiction over FISA to avoid engaging in the legislative process, to avoid making any concessions to representatives supposedly overseeing this program.

As a result, the final bill included only a sham warrant requirement — one that will give criminal suspects more protection against warrantless search than it gives people against whom the FBI has no suspicion — and provided an easy way for the NSA to turn “about” collection (which has been the source of repeated NSA violations of FISA over the years) back on.

Then there was the effort Nancy Pelosi made to use the President’s reactive FISA tweet to impose a few more limits on the warrant requirement. In a filibustering speech, she suggested that Trump’s tweet claiming his had been surveilled and abused under the law (in reality, Title I warrants were used during the campaign, but Section 702 has likely been part of the investigation as well) necessitated a motion to recommit instructing HPSCI to boost the protections for Americans.

Pelosi had to have know the motion would fail (it did, with just six of the most libertarian Republicans joining Democrats in support). She counts votes better than anyone.

What the vote was really about was an effort not to fix the real problems with the bill. Nor was it a meaningful effort to add anything but illusory protections to the bill. It was an effort to make a vote in support of the bill more politically palatable. Pelosi (and Adam Schiff, who worked closely with Pelosi on this front) appears to have known that there will be political costs for supporting this bill, perhaps especially in San Francisco where one-fifth of Pelosi’s constituents are Chinese-American, one of the groups most disproportionately affected by the spying program.

She knew she was going to have to vote for the bill, political cost and all, and was trying to use Trump’s tweet to minimize the costs of doing so.

These two events, in my opinion, show how dysfunctional legislation affecting the “Deep State,” the entrenched national security bureaucracy, is. There is a clear political recognition among the Democratic leaders cooperating in passing the bill that the bill goes too far. Probably, they worry about what will happen when we learn how Jeff Sessions will use the unreviewable authority to deem either warrantless back door searches for Americans’ names or retention of Tor and VPN domestic collection a “national security” issue to target Democratic constituencies.

But that recognition was not enough to muster the political will to oppose the bill.

Heads the “Deep State” wins, tails democratic oversight fails.

Incidental Collection Under Section 702 Has Probably Contributed to Trump’s Downfall, Too

As you’ve no doubt heard, the House passed the bad reauthorization to Section 702 yesterday. The Senate will vote on cloture on Tuesday — though both Rand Paul and Ron Wyden have threatened to filibuster it — and will almost certainly be voted into law after that.

I’ll have comment later on the rising costs, for politicians, for mindlessly reauthorizing these bills in a follow-up post.

Paul Ryan told President Trump Section 702 hasn’t affected his people

But for the moment, I want to comment on the debate that took place in response to Trump’s two tweets. The first tweet, which was clearly a response to a Judge Napolitano piece on Fox News yesterday morning, complaining about FISA.

Then, after a half hour lesson from Paul Ryan on the different FISA regimes (note, for some reason Devin Nunes was conspicuously absent from much of this process yesterday, both the coddling of the President and managing debate on the bill), a follow-up tweet hailing Section 702’s utility for “foreign surveillance of foreign bad guys on foreign land.”

In response to those tweets, many commenters stated, as a matter of fact, that Trump hasn’t been impacted by Section 702, that only traditional FISA intercepts drove key developments in the Russian investigation.

That’s unlikely to be true, and I suspect we already have evidence that that’s not the case.

It is true that incidental collection on a Title I got Mike Flynn in trouble

To defend the case that incidental collection off a traditional FISA order has impacted Trump’s administration, people point to the December 29, 2016 intercepts of communications between Sergey Kislyak and Mike Flynn which were cited in Flynn’s guilty plea. It is true that those intercepts were done under a traditional FISA order. Admiral Mike Rogers as much as confirmed that last March in his efforts to explain basic FISA law to the House Intelligence Committee Republicans who are supposed to oversee it.

Rogers: FISA collection on targets in the United States has nothing to do with 702, I just want to make sure we’re not confusing the two things here. 702 is collection overseas against non US persons.

And Speaker Ryan, fresh off his efforts to teach the President basic surveillance law, yesterday clarified — inaccurately — that,

Title 1 of the FISA law is what you see in the news that applies to U.S. citizens. That’s not what we’re talking about here. This is Title 7, Section 702. This is about foreign terrorists on foreign soil.

Whatever the facts about FISA orders targeting Carter Page and Paul Manafort, the intercepts that have done the most known damage to the Trump Administration so far targeted a foreigner on US soil, Sergey Kislyak, and Flynn just got picked up incidentally.

Papadopoulos’ affidavit and statement of offense make different claims about his false claims and obstruction

But as I said, I suspect it is highly likely the Trump Administration has also been brought down by an American being caught up incidentally in a Section 702 tasking. That’s because of several details pertaining to the George Papadopoulos plea which I nodded to here; they strongly suggest that Papadopoulos’ Facebook communications with Joseph Mifsud were first obtained by the FBI via Section 702, and only subsequently parallel constructed using a warrant. It’s further likely that the FBI obtained a preservation order on Papadopoulos’ Facebook account before he deleted it because of what they saw via Section 702. [Update: KC has alerted me that they may not have gotten a preservation order, but instead were able to access the Facebook account because that content doesn’t all go away when you deactivate an account, which is what the October 5 document describes as happening.]

Compare the two descriptions of how Papadopoulos obstructed justice. The July 28, 2017 affidavit supporting Papadopoulos’ arrest describes Papadopoulos destroying his Facebook account to hide conversations he had with Timofeev.

The next day, on or about February 17, 2017, however, GEORGE PAPADOPOULOS, the defendant, shut down his Facebook account, which he had maintained since approximately August 2005. Shortly after he shut down his account, PAPADOPOULOS created a new Facebook account.

The Facebook account that PAPADOPOULOS shut down the day after his interview with the FBI contained information about communications he had with Russian nationals and other foreign contacts during the Campaign, including communications that contradicted his statements to the FBI. More specifically, the following communications, among others, were contained in that Facebook account, which the FBI obtained through a judicially authorized search warrant.

The affidavit makes it clear that Papadopoulos attempted to hide “his interactions during the Campaign with foreign contacts, including Russian nationals.” The descriptions of the communications that Papadopoulos attempted to hide are described as “a Facebook account identified with Foreign Contact 2,” Timofeev.

The FBI recorded both interviews, suggesting they already by January 27 they had reason to worry that Papadopoulos might not tell the truth.

The October 5 statement of the offense describes one of Papadopoulos’ false statements this way:

PAPADOPOULOS failed to inform investigators that the Professor had introduced him to the Russian MFA Connection [Timofeev], despite being asked if he had met with Russian nationals or “[a]nyone with a Russian accent” during the Campaign. Indeed, while defendant PAPADOPOULOS told the FBI that he was involved in meetings and did “shuttle diplomacy” with officials from several other countries during the Campaign, he omitted the entire course of conduct with the Professor and the Russian MFA Connection regarding his efforts to establish meetings between the Campaign and Russian government officials.

And it describes his obstruction this way:

The next day, on or about February 17, 2017, defendant PAPADOPOULOS deactivated his Facebook account, which he had maintained since approximately August 2005 and which contained information about communications he had with the Professor and the Russian MFA Connection. Shortly after he deactivated his account, PAPADOPOULOS created a new Facebook account that did not contain the communications with the Professor and the Russian MFA Connection.

On or about February 23, 2017, defendant PAPADOPOULOS ceased using his cell phone number and began using a new number.

In neither document does FBI mention having the content of Papadopoulos’ April 2016 Skype calls with Timofeev and neither one cites data — such as texts — that might have been on his cell phone.

What FBI (probably) learned when

While we can’t be sure — after all, the government may simply be withholding more information from other suspects — the differences between the two legal filings and other public information suggest the following evolution in what the government knew of Papadopoulous’ communications with his interlocutors when. Most importantly, the FBI had learned of Papadopoulos’ communications with Joseph Mifsud and Olga Vinogradova before his two interviews, but they had not learned of his communications with Ivan Timofeev.

Late July 2016

In a drunken conversation in May 2016, Papadopoulos told the Australian Ambassador Alexander Downer that he had been told (by Joseph Mifsud, but it’s not clear Papadopoulos would have revealed that) the Russians had dirt on Hillary in the form of emails.

Before January 27, 2017

  • Papadopoulos might lie and so should be recorded
  • Papadopoulos had interesting communications with Joseph Mifsud and Olga Vinogradova
  • Since Timofeev did not come up in the interview, FBI appears not to have learned of those conversations yet

Before February 16, 2017

  • Papadopoulos’ Facebook was interesting enough to sustain a preservation request but (because FBI still didn’t know about Timofeev) FBI had not yet accessed its content via Papadopoulos [Though see update above]
  • FBI had not yet accessed Skype, which would have shown call records between Timofeev and Papadopoulos
  • FBI did not have a warrant on Papadopoulos’ phone and never obtained one before February 23

By July 28, 2017

  • FBI had obtained a warrant for Papadopoulos’ email
  • FBI had read the Facebook content Papadopoulos tried to delete, discovering the communications (and the relationship) with Timofeev
  • FBI had identified the Skype conversations that had taken place, but not in time to collect them using 702

By October 5, 2017

  • FBI had obtained far more email from the campaign side
  • FBI had discovered that, in addition to destroying his Facebook account, Papadopoulos had also gotten a new phone number (and, I suspect, a new phone), thereby destroying any stored texts on the phone

FBI probably tracked Papadopoulos’ Facebook communications with Mifsud before February 16

Again, this is just a guess, but given the evolution of FBI’s understanding about Papadopoulos laid out above, it seems highly likely that FBI had obtained some (but not all) of Mifsud’s communications before February 16, had submitted preservation requests to Papadopoulos’ providers, but had not yet obtained any legal process for content via Papadopoulos. Given that Papadopoulos’ Facebook content was preserved even in spite of his effort to destroy it, it seems clear the government had reason to know its content was of interest, but it did not yet know about his Facebook communications with Timofeev. This is how FBI routinely launders Section 702 information through criminal process, by getting a warrant for the very same content available at PRISM providers that they already obtained via PRISM. They key detail is that they appear to have known about the content of some but not all of Papadopoulos’ Facebook messages in time to preserve the account before February 16.

This strongly suggests the FBI had obtained Mifsud’s Facebook content, but not Papadopoulos’.

Once FBI opened a full investigation into the Russian ties — which we know they did in late July, in part because of that Papadopoulos conversation about the Mifsud comments — it could task and obtain a raw feed of any known PRISM account for any foreigner overseas associated with that investigation. Once it identified Mifsud as Papadopoulos’ interlocutor — and they would have been able to identify their common relationship from their common front organization, the London Centre of International Law Practice — they would have tasked Mifsud on any identifier they could collect.

And collecting on Facebook would be child’s play — just ask nicely. So it would be shocking if they hadn’t done it as soon as they identified that Mifsud was Papadopoulos’ interlocutor and that he had a Facebook account.

Incidental collection under 702 may have led to the preservation of evidence about the Timofeev relationship Papadopoulos tried to destroy

If all this is right — and it is admittedly just a string of well-educated guesses — then it means FBI’s ability to incidentally collect on Papapdopoulos by targeting Mifsud may have been what led them to take action to preserve Papadopoulos’ Facebook content, and with it evidence of ongoing communications with Timofeev that he had tried to hide.

And the fact that he did try to hide it is what led to Mueller flipping his first cooperating witness.

So if all this is right, then incidental collection on Papadopoulos under Section 702 may be every bit as central to Trump’s legal jeopardy right now as the incidental collection on Flynn under Title I. They’re both critical pieces in proving any hypothetical case that Trump traded policy considerations for the release of Hillary emails.

This is how Section 702 is supposed to work, and could be done under USA Rights

Let me be clear: I’m not saying the discovery of Papadopoulos’ Facebook communications with Mifsud and through them his Facebook communications with Timofeev is an abuse. On the contrary, this is how 702 is supposed to work.

If we’re going to have this program, it should be used to target suspect agents of a foreign power located overseas, as Mifsud clearly was. If he was targeted under 702, he was targeted appropriately.

But there is no reason to believe doing so required any of the more abusive uses of 702 that USA Rights would limit. Unless Mifsud was already tasked at FBI when they opened the investigation in July 2016, there’s no reason to believe this account could have been found off of a back door search at FBI. Mifsud may have been tasked at NSA or even CIA, but if he was, searching on Papadopoulos because the government suspected he was being recruited by a foreign power would fall under known justifications for back door searches at those foreign intelligence agencies (especially at CIA).

USA Rights would permit the use of this 702 information to support the criminal case against Papadopoulos, because it’s clearly a case of foreign government spying.

And no use of the Tor exception would be implicated with this search.

In other words, Section 702 as Ron Wyden and Rand Paul and Justin Amash and Zoe Lofgren would have it would still permit the use of Section 702 as a tool to — ultimately — lead FBI to figure out that Papadopoulos was hiding his contacts with Ivan Timofeev.

As it turns out, the kinds of people Trump’s foreign policy advisor George Papadopoulos was chatting up on Facebook — Joseph Mifsud and Ivan Timofeev — are precisely the kind of people the FBI considers “foreign bad guys on foreign land” for the purposes of Section 702, meaning the Bureau could get their Facebook account quite easily.

And the incidental collection of Americans of such conversations can be — may well have been — as dangerous to Donald Trump as the incidental collection of Americans under Title I.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

What HPSCI Wants to Protect in 702: Back Doors, the Tor Exception, and a Dysfunctional FISC

The House is revving up to vote on 702 reauthorization, offering either the shitty bill drafted by Devin Nunes, Adam Schiff, and Devin Nunes or the Amash amendment (which is the Wyden-Paul USA Rights bill). As I noted in a piece at The New Republic,

Congress is, in an apparently serious attempt at surveillance reform, about to make it easier for the FBI to spy on those whom it has zero evidence of wrongdoing than those whom it has probable cause to suspect of illegal behavior. This bill would protect a very small subset of suspected criminals—perhaps just one a year, based on reporting from 2016. But it would do nothing to prevent the FBI from reading the communications of any innocent American who is named in a tip.

HPSCI has come out with a one pager making shite up about USA Rights. And I’m interested in three things HPSCI prioritizes:

  • Ensuring that NSA can order companies to bypass encryption
  • Sustaining the Tor domestic spying exception
  • Coddling the dysfunction of the FISA Court

Ensuring that NSA can order companies to bypass encryption

The HPSCI flyer complains that USA Rights,

Significantly limit[s] the Government’s ability to obtain Section 702 information on foreign terrorists by unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers;

At issue is language in USA Rights that limits government requests for technical assistance to things that are necessary, narrowly tailored, and would not pose an undue burden.

(B) LIMITATIONS.—The Attorney General or the Director of National Intelligence may not request assistance from an electronic communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the assistance sought—

(i) is necessary;

(ii) is narrowly tailored to the surveillance at issue; and

(iii) would not pose an undue burden on the electronic communication service provider or its customers who are not an intended target of the surveillance.

It is clear this is Wyden’s effort to prohibit the government from using individual directives (which are not reviewed by the FISA Court) to back door or circumvent a company’s encryption. While the government says it has not yet asked the FISC to force companies to do this (which is different from saying they haven’t asked and gotten companies to willingly do so), it has dodged whether it has asked companies to circumvent their own encryption.

So basically, one of the big things HPSCI thinks is wrong with USA Rights is that it won’t let NSA back door your phone.

Sustaining the Tor domestic spying exception

The HPSCI flyer claims that USA Rights,

Mandat[es] a flat prohibition on the use of Section 702 information in prosecuting dangerous criminals, including murderers and child abusers;

That flips reality on its head. What HPSCI is trying to protect, here, is its carve-out permitting the use of 702 information for anything that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

As I have noted, the carve out, taken in conjunction with the 2014 exception letting the NSA collect on location obscuring servers (like VPNs and Tor) used by Americans, effectively makes 702 a domestic spying bill (on top of permitting its use for anything else Jeff Sessions claims is related to national security).

In other words, HPSCI doesn’t so much want 702 to spy on the terrorists, spies, and proliferators included in USA Rights: it wants to spy domestically.

Coddling the dysfunction of the FISA Court

Finally, the HPSCI flyer complains that USA Freedom,

Subvert[s] the authority and expediency of the Foreign Intelligence Surveillance Court by requiring an amicus review during every Section 702 authorization; and

This is a complaint about a number of common sense measures that make the FISA Court more credible, most notably requiring each 702 authorization to include an amicus review. The bill also includes measures to make the amicus review more robust, like enough advance involvement to be useful.

For a body of Congress to guard “the authority and expediency” of the FISC — especially in the wake of last year’s debacle of a ruling from Rosemary Collyer, who stubbornly refused to follow the law and either appoint an amicus or explain why she chose not to do so, is an outright abdication of congressional authority.

The FISC just defied Congressional intent as reflected in USA Freedom Act. USA Rights would make it harder for the FISC to continue to do so. And HPSCI’s response to that is to whimper that Congress is “subverting the authority” of another branch by demanding that it follow the law?

Update: DemandProgress did a fact check of this flyer that’s quite good.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Base Bill for 702 Reauthorization: Serial Admissions Oversight Committees Haven’t Been Doing Their Jobs

On Tuesday, the Rules Committee will do rules for a 702 reauthorization bill that is based on the HPSCI bill, but with some improvements designed to get Adam Schiff and Bob Goodlatte on board.

The changes are:

Eliminates expansion to definition of foreign power

The HPSCI bill had expanded the definition of a foreign power to include those engaged in “international malicious cyber activity” defined as someone who,

engages in international malicious cyber activity that threatens the national defense or security of the United States, or activities in preparation therefor, for or on behalf of a foreign power, or knowingly aids or abets any person in the conduct of such international malicious cyber activity or activities in preparation therefor, or knowingly conspires with any person to engage in such international malicious cyber activity or activities in preparation therefor;

It was particularly problematic given that activity that was merely “directed by” persons located outside the US qualified. This provision has been struck. (Note, the inclusion and then removal of it seems to confirm that there is not yet a separate Cyber certificate, beyond the cyber collection on designated foreign hacking groups currently done under the Foreign Government certificate.)

Adds a stripped down version of the meaningless HJC warrant requirement

The bill adds a warrant requirement before accessing the communications identified by metadata for use in a fully predicated criminal investigation (this is basically the existing HPSCI optional warrant, made obligatory for a narrow use), one that is as meaningless as the HJC warrant requirement. The caveats make it clear how meaningless it is, particularly clause iii that permits FBI to run queries even before they’ve opened an assessment.

(F) RULE OF CONSTRUCTION.—Nothing in this paragraph may be construed as—

(i) limiting the authority of the Federal Bureau of Investigation to conduct lawful queries of information acquired under subsection (a);

(ii) limiting the authority of the Federal Bureau of Investigation to review, without a court order, the results of any query of information acquired under subsection (a) that was reasonably designed to find and extract foreign intelligence information, regardless of whether such foreign intelligence information could also be considered evidence of a crime; or

(iii) prohibiting or otherwise limiting the ability of the Federal Bureau of Investigation to access the results of queries conducted when evaluating whether to open an assessment or predicated investigation relating to the national security of the United States.

In other words, back door searches will still function as Google for FBI (perhaps even at a more basic level), except for the one time a year when an Agent discovers communications she wants when she’s already deep into an a criminal investigation and can’t justify accessing the information on national security (including recruiting someone as an informant) grounds.

Or to put it more bluntly: FBI can access information more easily if they have zero suspicion than if they have probable cause, effectively flipping the Fourth Amendment on its head.

Ends a requirement FBI count how many acquisitions from criminal queries they obtain

The bill eliminates this requirement from reporting obligations under the old HPSCI bill.

‘(D) the number of instances in which the Federal Bureau of Investigation has received and reviewed the unminimized contents of electronic communications or wire communications concerning a United States person obtained through acquisitions authorized under such section in response to a search term that was not designed to find and extract foreign intelligence information;

think this would have the effect of hiding any criminal investigations that get opened off queries at the assessment stage (which would also serve to hide how the warrant requirement doesn’t actually protect the searches that most need protection).

Adopts the HJC definition of about collection

The HPSCI bill replaces its old definition of about collection,

(5) may not intentionally acquire communications that contain a reference to, but are not to or from, a facility, place, premises, or property at which an acquisition authorized under subsection (a) is directed or conducted, except as provided under section 203(b) of the FISA Amendments Reauthorization Act of 2017;

With the HJC one.

(5) may not intentionally acquire communications that contain a reference to, but are not to or from, a target of an acquisition authorized under subsection (a), except as provided under section 103(b) of the FISA Amendments Reauthorization Act of 2017; and

In reality, the government is collecting on facilities in any case (though the HJC definition is the one Rosemary Collyer adopted in last year’s reauthorization).

That said, the bill adopts the HPSCI method of restarting about collections, which (IMO) will result in an emergency reauthorization, followed by Congress failing to use its veto power to turn about back off again.

Eliminates unmasking changes

The bill takes out the unmasking changes that were in the HPSCI bill, which had offended Schiff. This will result in far too many Democrats reauthorizing 702 without meaningful changes.

Adds in inadequate whistleblower protections

The bill adds in the worse-than-nothing whistleblower protections from the HJC bill.

Requires a DOJ IG Report on FBI’s use of queries

The bill adds a DOJ IG Report — due within a year of the bill — that lays out,

(b) MATTERS INCLUDED.—The report under sub20 section (a) shall include, at a minimum, an assessment of the following:

(1) The interpretations by the Federal Bureau of Investigation and the National Security Division of the Department of Justice, respectively, relating to the querying procedures adopted under subsection (f) of section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as added by section 101.

(2) The handling by the Federal Bureau of Investigation of individuals whose citizenship status is unknown at the time of a query conducted under such section 702.

(3) The practice of the Federal Bureau of Investigation with respect to retaining records of queries conducted under such section 702 for auditing purposes.

(4) The training or other processes of the Federal Bureau of Investigation to ensure compliance with such querying procedures.

(5) The implementation of such querying procedures with respect to queries conducted when evaluating whether to open an assessment or predicated investigation relating to the national security of the United States.

(6) The scope of access by the criminal division of the Federal Bureau of Investigation to information obtained pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), including with respect to information acquired under subsection (a) of such section 702 based on queries conducted by the criminal division.

(7) The frequency and nature of the reviews conducted by the National Security Division of the Department of Justice and the Office of the Director of National Intelligence relating to the compliance by the Federal Bureau of Investigation with such querying procedures.

(8) Any impediments, including operational, technical, or policy impediments, for the Federal Bureau of Investigation to count—

(A) the total number of queries where the Federal Bureau of Investigation subsequently accessed information acquired under subsection (a) of such section 702;

(B) the total number of such queries that used known United States person identifiers; and

(C) the total number of queries for which the Federal Bureau of Investigation received an order of the Foreign Intelligence Surveillance Court pursuant to subsection (f)(2) of such section 702.

Thus, like the requirement that the AG and DNI tell the oversight committees what really goes on with notice to aggrieved persons, the bill adds another requirement that should have been done in 2012 (when FBI started devolving its access to 702 data to field offices, which — among other things — resulted in fewer reviews of how this data was used).

And this report does something that should have been done in 2015, when new transparency was added under the USA Freedom Act — require FBI to count how much of this goes on.

Extends 702 for almost six years

The revised bill extends 702 through 2023, as opposed to through 2021, as the HPSCI bill had originally done. This, in spite of the fact that a number of provisions in the bill (the notice study, the IG report, and the GAO study on classification, and a report on challenges to surveillance) that are basically admissions that all oversight committees have been negligent in recent years, and are only now requiring the IC produce the knowledge that should influence legislation.

image_print