The AlphaBay Jewish Community Center Bomb Threat of the Week Service

/13 Comments/in , /by

Back in April, the Department of Justice announced it had identified the perpetrator of at least some of the series of threats against targets that had terrified the Jewish community between January and March: Michael Ron David Kadar, an Israeli-American 18-year old, had allegedly placed at least 15 calls to different Jewish Community Centers and other targets this year. While it received less attention, DOJ also charged Kadar with swatting calls targeting secular schools in Georgia going back to August 2015.

The fact that Kadar, an Israeli Jew, was behind sowing terror throughout the Jewish community defied assumptions that the threats were motivated out of anti-Semitism. After all, why would a Jew seek to terrorize other Jews?

Except — as documents tweeted out by GWU’s Seamus Hughes yesterday make clear — the reality may be quite different.

Back in April, the FBI obtained a search warrant to search certain accounts on AlphaBay, the dark web marketplace taken down in July. It reveals that Israeli police seized a thumb drive in their search of Kadar’s room showing “THE ARCHIVE OF TARGETS.” Documents from the archive corresponded to the hoaxes launched against Jewish targets.

It then explains that an AlphaBay vendor working under the name Darknet_Legend — apparently run by Kadar — offered a “unique emailing service for all of you, I email bomb threats to schools on your request.” Emailed bomb threats cost $30 each, plus an extra $15 if you wanted to frame someone in particular for the hoax.

In June, a prosecutor asked the magistrate to unseal the earlier search warrant to facilitate the arrest of the person believed to have paid for at least one of the JCC bomb threats.

That ongoing investigation has identified a suspect believed to have ordered and paid for at least [sic] of the bomb threats made by Kadar. The FBI and local authorities in California intend to pursue criminal charges against the suspect. If they are successful in doing so, the local authorities may need this warrant and/or it may be producible in discovery.

On July 17, the magistrate unsealed that warrant.

While it’s not yet clear who the CA target was or what has happened to him or her since June, it appears that Kadar only carried out the threats, at $30 a pop, for someone else.

Share this entry

Robert Mueller’s Grand Jury and the Significance of Felix Sater

/25 Comments/in , , , /by

In response to Monday’s server hiccups and in anticipation that Mueller is nowhere near done, we expanded our server capacity overnight. If you think you’ll rely on emptywheel reporting on the Mueller probe, please consider a donation to support the site

The world is abuzz with the news that Robert Mueller has impaneled a DC-based grand jury that he used to subpoena information on the June 9, 2016 meeting between Don Jr., Paul Manafort, Jared Kushner, and some Russians promising dirt on Hillary Clinton. In reality, the Special Counsel had already been using a grand jury to get information on Mike Flynn and Paul Manafort and we should always have expected a dedicated grand jury.

Nevertheless, the move has convinced the chattering classes that this investigation is for real.

This comes as a surprise to people, apparently, after reports of Mueller’s 16th hire, illegal foreign bribery expert Greg Andres. It’s almost as if people haven’t been making sense of where Mueller is going from the scope of his hires, which include:

  1. Mob specialists: Andrew Weissman and Lisa Page are mob prosecutors.
  2. Fraud specialists: Weissman and Rush Atkinson are also fraud prosecutors.
  3. Corporate crime specialists: Weissman also led the Enron Task force. One of Dreeben’s key SCOTUS wins pertained to corporate crime. Jeannie Rhee has also worked on white collar defense.
  4. Public corruption specialists: Mueller hired someone with Watergate experience, James Quarles. And Andrew Goldstein got good press in SDNY for prosecuting corrupt politicians (even if Sheldon Silver’s prosecution has since been overturned).
  5. International experts: Zainab Ahmad, who worked terrorism cases in EDNY, which has some of the most expansive precedents for charging foreigners flown into JFK (including Russia’s darling Viktor Bout), knows how to bring foreigners to the US and successfully prosecute them in this country. Aaron Zelinsky has also worked in international law. Elizabeth Prelogar did a Fulbright in Russia and reportedly speaks it fluently. And, as noted, Andres has worked on foreign bribery.
  6. Cyber and spying lawyers: Brandon Van Grack is the guy who had been leading the investigation into Mike Flynn; he’s got a range of National Security experience. Aaron Zebley, Mueller’s former chief of staff at FBI, also has that kind of NSD experience.
  7. Appellate specialists: With Michael Dreeben, Mueller already has someone on the team who can win any appellate challenges; Adam Jed and Elizabeth Prelogar are also appellate specialists. Mueller’s hires also include former clerks for a number of SCOTUS justices, which always helps out if things get that far.

I lay this out there to suggest that in addition to hiring a bunch of super stars, Mueller also appears to have picked people for their expertise. Those picks reflect an already well-developed theory of the case, one formed long before he impaneled his own grand jury. And many of them boast expertise fairly distant from the question of foreign adversary’s hacking a political party’s server.

And I’d suggest there’s good reason for that.

Some of Mueller’s theory of the case undoubtedly comes from whatever evidence Jim Comey’s FBI and Van Grack’s grand jury had already collected, which at least publicly pertains to Mike Flynn’s disclosure problems, his comments to the Russians, and Paul Manafort’s money laundering. Some of it comes from stuff that was being investigated in NY.

But remember: Trump’s sordid ties to Russian mobsters (see categories 1, 2, 3, and 5) go back a long way. One of the best ways to understand what and how close some of those ties are is to look at the case of Felix Sater. Josh Marshall’s description here gets at a lot of the important bits.

Sater is a Russian emigrant who was jailed for assault in the mid-90s and then pulled together a major securities fraud scheme in which investors lost some $40 million. He clearly did something for the US government which the feds found highly valuable. It seems likely, though not certain, that it involved working with the CIA on something tied to the post-Soviet criminal underworld. Now Bayrock and Trump come into the mix.

According to Sater’s Linkedin profile, Sater joined up with Bayrock in 1999 – in other words, shortly after he became involved with the FBI and CIA. (The Times article says he started up with Bayrock in 2003.) In a deposition, Trump said he first came into contact with Sater and Bayrock in the early 2000s. The Trump SoHo project was announced in 2006 and broke ground in November of that year. In other words, Sater’s involvement with Bayrock started soon after he started working with the FBI and (allegedly) the CIA. Almost the entire period of his work with Trump took place during this period when he was working for the federal government as at least an informant and had his eventual sentencing hanging over his head.

What about Salvatore Lauria, Sater’s accomplice in the securities swindle?

He went to work with Bayrock too and was also closely involved with managing and securing financing for the Trump SoHo project. The Timesarticle I mentioned in my earlier post on Trump SoHo contains this …

Mr. Lauria brokered a $50 million investment in Trump SoHo and three other Bayrock projects by an Icelandic firm preferred by wealthy Russians “in favor with” President Vladimir V. Putin, according to a lawsuit against Bayrock by one of its former executives. The Icelandic company, FL Group, was identified in a Bayrock investor presentation as a “strategic partner,” along with Alexander Mashkevich, a billionaire once charged in a corruption case involving fees paid by a Belgian company seeking business in Kazakhstan; that case was settled with no admission of guilt.

All sounds totally legit, doesn’t it?

But there’s more!, as they say.

Sater’s stint as a “Senior Advisor” to Donald Trump at the Trump Organization began in January of January 2010 and lasted roughly a year. What significance that has in all of this I’m not sure. But here’s the final morsel of information that’s worth knowing for this installment of the story.

How exactly did all of Sater’s secret work and the federal government’s efforts to keep his crimes secret come to light?

During the time Sater was working for Bayrock and Trump he organized what was supposed to be Trump Tower Ft Lauderdale. The project was announced in 2004. People paid in lots of money but the whole thing went bust and Trump finally pulled out of the deal in 2009. Lots of people who’d bought units in the building lost everything. And they sued.

In other words, an FBI (and, possibly, CIA) informant had links with two of Trump’s business with ties to the Russian mob for — effectively — the entire extended Mueller tenure at FBI.

This is a point one of the few other people with reservations about Mueller as Special Counsel made to me not long ago. The FBI — Mueller’s FBI — has known about the ties between Trump’s businesses and the Russian mob for well over a decade. The FBI — Mueller’s FBI — never referred those ties, that money laundering, for prosecution in that entire time, perhaps because of the difficulties of going after foreign corruption interlaced with US businesses.

Now, in a remarkably short timeframe, former mob prosecutor Robert Mueller has put together a dream team of prosecutors who have precisely the kind of expertise you might use to go after such ties.

Because now it matters. It matters that the President has all these obligations to the Russian mob going back over a decade, because he can’t seem to separate his own entanglements from the good of the country.

Yes, Robert Mueller convened a grand jury and he has used it to go after the records of a meeting set up by one of Trump’s key Russian allies, Aras Agalarov, and his campaign, the guy who, at the very end of Mueller’s tenure at FBI, helped Trump stage the Miss Universe pageant in Russia, an event that may have marked significant new levels of Trump exposure to Russian compromise. But Mueller was on the trail of Trump and his Russian crime ties long before that. (The person with Mueller reservations actually wondered whether Trump himself wasn’t cooperating with the FBI in this period.)

Folks have made much of this exchange in the NYT’s long interview with Trump.

SCHMIDT: Last thing, if Mueller was looking at your finances and your family finances, unrelated to Russia — is that a red line?

HABERMAN: Would that be a breach of what his actual charge is?

TRUMP: I would say yeah. I would say yes. By the way, I would say, I don’t — I don’t — I mean, it’s possible there’s a condo or something, so, you know, I sell a lot of condo units, and somebody from Russia buys a condo, who knows? I don’t make money from Russia. In fact, I put out a letter saying that I don’t make — from one of the most highly respected law firms, accounting firms. I don’t have buildings in Russia. They said I own buildings in Russia. I don’t. They said I made money from Russia. I don’t. It’s not my thing. I don’t, I don’t do that. Over the years, I’ve looked at maybe doing a deal in Russia, but I never did one. Other than I held the Miss Universe pageant there eight, nine years [crosstalk].

SCHMIDT: But if he was outside that lane, would that mean he’d have to go?

[crosstalk]

HABERMAN: Would you consider——

TRUMP: No, I think that’s a violation. Look, this is about Russia. So I think if he wants to go, my finances are extremely good, my company is an unbelievably successful company. And actually, when I do my filings, peoples say, “Man.” People have no idea how successful this is. It’s a great company. But I don’t even think about the company anymore. I think about this. ’Cause one thing, when you do this, companies seem very trivial. O.K.? I really mean that. They seem very trivial. But I have no income from Russia. I don’t do business with Russia. The gentleman that you mentioned, with his son, two nice people. But basically, they brought the Miss Universe pageant to Russia to open up, you know, one of their jobs. Perhaps the convention center where it was held. It was a nice evening, and I left. I left, you know, I left Moscow. It wasn’t Moscow, it was outside of Moscow.

Technically, Trump was only asked about whether he’d consider Mueller’s review of finances unrelated to Russia to be outside his lane. But Trump largely answered it about Russia, about business deals — the condos, the pageant — with Russia going back to the time Mueller’s FBI would have been working with Felix Sater to learn about the Russian mob.

Yeah. It’s no surprise Mueller has impaneled a grand jury.

Share this entry

The Leakers Get Craftier

/25 Comments/in , , /by

Hey, are you all still here?

Thanks to everyone — especially Rayne — for watching after the likker cabinet while I was in Oz. It appears the Donald Administration has only gotten crazier since I was gone.

Last night, the WaPo published yet another big scoop show more lies about Russia. It reveals that President Trump personally dictated the response to the news that Don Jr, Paul Manafort, and Jared Kushner met with Natalia Veselnitskaya.

Flying home from Germany on July 8 aboard Air Force One, Trump personally dictated a statement in which Trump Jr. said that he and the Russian lawyer had “primarily discussed a program about the adoption of Russian children” when they met in June 2016, according to multiple people with knowledge of the deliberations. The statement, issued to the New York Times as it prepared an article, emphasized that the subject of the meeting was “not a campaign issue at the time.”

Two important details about this scoop: first, as Laura Rozen noted, Trump’s focus on adoption came after he chatted up Vladimir Putin at the spouse’s dinner for up to an hour at the G20 (remember how Trump gesticulated wildly to get Putin’s attention). Given that Trump claims they spoke about adoptions, it makes it more likely (as batshit as this is to contemplate!) Trump looped Putin in on how to respond.

Remember, too, that Rob Goldstone specifically envisioned involving Trump in this matter.

What do you think is the best way to handle this information and would you be able to speak to Emin about it directly?

I can also send this info to your father via Rhona, but it is ultra sensitive so wanted to send to you first.

At this point it’s probably safest to assume all the other claims about this — such as that there was no follow-up — will prove to be lies, too.

I wanted to point one more thing out, though.

The WaPo story is notable for two reasons. First, it features an almost entirely new set of journalists from the three mainstays who’ve published the other big Russian scoops. Just as interesting — in the wake of the unceremonious firing of Reince Priebus and others — the story almost entirely hides the sources for the story. While the story quotes an anonymous Trump advisor and airs the complaint of Jared Kushner’s legal team, the story says nothing about who actually revealed this story. And the story is specifically framed in a way that tees it up for Robert Mueller to ask questions about Trump’s obstruction, personally.

Trump has serially fired his staffers because no one can get a handle on this Russian scandal. But with each firing, Trump also makes it likely new leaks with badly exacerbate the scandal.

 

Share this entry
[Photo: National Security Agency via Wikimedia]

If a Tech Amicus Falls in the Woods but Rosemary Collyer Ignores It, Would It Matter?

/10 Comments/in , /by

Six senators (Ron Wyden, Pat Leahy, Al Franken, Martin Heinrich, Richard Blumenthal, and Mike Lee) have just written presiding FISA Court judge Rosemary Collyer, urging her to add a tech amicus — or even better, a full time technical staffer — to the FISA Court.

The letter makes no mention of Collyer’s recent consideration of the 702 reauthorization certificates, nor even of any specific questions the tech amicus might consider.

That’s unfortunate. In my opinion, the letter entirely dodges the real underlying issue, at least as it pertains to Collyer, which is her unwillingness to adequately challenge or review Executive branch assertions.

In her opinion reauthorizing Section 702, Collyer apparently never once considered appointing an amicus, even a legal one (who, under the USA Freedom structure, could have suggested bringing in a technical expert). She refused to do so in a reconsideration process that — because of persistent problems arising from technical issues — stretched over seven months.

I argued then that that means Collyer broke the law, violating USA Freedom Act’s requirement that the FISC at least consider appointing an amicus on matters raising novel or significant issues and, if choosing not to do so, explain that decision.

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Without even considering an amicus, Collyer for the first time affirmatively approved the back door searches of content she knows will include entirely domestic communications, effectively affirmatively permitting the NSA to conduct warrantless searches of entirely domestic communications, and with those searches to use FISA for domestic surveillance. In approving those back door searches, Collyer did not conduct her own Fourth Amendment review of the practice.

Moreover, she adopted a claimed fix to a persistent problem — the collection of domestic communications via packet sniffing — without showing any inkling of testing whether the fix accomplished what it needed to. Significantly, in spite of 13 years of problems with packet sniffing collection under FISA, the court still has no public definition about where in a packet metadata ends and content begins, making her “abouts” fix — a fix that prohibits content sniffing without defining content — problematic at best.

I absolutely agree with these senators that the FISC should have its own technical experts.

But in Collyer’s case, the problem is larger than that. Collyer simply blew off USA Freedom Act’s obligation to consider an amicus entirely. Had she appointed Marc Zwillinger, I’m confident he would have raised concerns about the definition of content (as he did when he served as amicus on a PRTT application), whether or not he persuaded her to bring in a technical expert to further lay out the problems.

Collyer never availed herself of the expertise of Zwillinger or any other independent entity, though. And she did so in defiance of the intent of Congress, that she at least explain why she felt she didn’t need such outside expertise.

And she did so in an opinion that made it all too clear she really, really needed that help.

In my opinion, Collyer badly screwed up this year’s reauthorization certificates, kicking the problems created by upstream collection down the road, to remain a persistent FISA problem for years to come. But she did so by blowing off the clear requirement of law, not because she didn’t have technical expertise to rely on (though the technical expertise is probably necessary to finally resolve the issues raised by packet sniffing).

Yet no one but me — not even privacy advocates testifying before Congress — want to call her out for that.

Congress already told the FISA court they “shall” ask for help if they need it. Collyer demonstrably needed that help but refused to consider using it. That’s the real problem here.

I agree with these senators that FISC badly needs its own technical experts. But a technical amicus will do no good if, as Collyer did, a FISC judge fails to consult her amici.

Share this entry

Chris Wray’s DodgeBall and Trump’s Latest Threats

/22 Comments/in , , , , /by

Though I lived-tweeted it, I never wrote up Christopher Wray’s confirmation hearing to become FBI Director. Given the implicit and explicit threats against prosecutorial independence Trump made in this interview, the Senate should hold off on Wray’s confirmation until it gets far more explicit answers to some key questions.

Trump assails judicial independence

The NYT interview is full of Trump’s attacks on prosecutorial independence.

It started when Trump suggested (perhaps at the prompting of Michael Schmidt) that Comey only briefed Trump on the Christopher Steele dossier so he could gain leverage over the President.

Later, Trump called Sessions’ recusal “unfair” to the President.

He then attacked Rod Rosenstein by suggesting the Deputy Attorney General (who, Ryan Reilly pointed out, is from Bethesda) must be a Democrat because he’s from Baltimore.

Note NYT goes off the record (note the dashed line) with Trump in his discussions about Rosenstein at least twice (including for his response to whether it was Sessions’ fault or Rosenstein’s that Mueller got appointed), and NYT’s reporters seemingly don’t think to point out to the President that he appeared to suggest he had no involvement in picking DOJ’s #2, which would seem to be crazy news if true.

Finally, Trump suggested (as he has elsewhere) Acting FBI Director Andrew McCabe is pro-Clinton.

Having attacked all the people who are currently or who have led the investigation into him (elsewhere in the interview, though, Trump claims he’s not under investigation), Trump then suggested that FBI Directors report directly to the President. In that context, he mentioned there’ll soon be a new FBI Director.

In other words, this mostly softball interview (though Peter Baker made repeated efforts to get Trump to explain the emails setting up the June 9, 2016 meeting) served as a largely unfettered opportunity for Trump to take aim at every major DOJ official and at the concept of all prosecutorial independence. And in that same interview, he intimated that the reporting requirements with Christopher Wray — who got nominated, ostensibly, because Comey usurped the chain of command requiring him to report to Loretta Lynch — would amount to Wray reporting directly to Trump.

Rosenstein does what he says Comey should be fired for

Close to the same time this interview was being released, Fox News released an “exclusive” interview with Rod Rosenstein, one of two guys who acceded to the firing of Jim Comey ostensibly because the FBI Director made inappropriate comments about an investigation. In it, the guy overseeing Mueller’s investigation into (in part) whether Trump’s firing of Comey amounted to obstruction of justice, Rosenstein suggested Comey acted improperly in releasing the memos that led to Mueller’s appointment.

And he had tough words when asked about Comey’s recent admission that he used a friend at Columbia University to get a memo he penned on a discussion with Trump leaked to The New York Times.

“As a general proposition, you have to understand the Department of Justice. We take confidentiality seriously, so when we have memoranda about our ongoing matters, we have an obligation to keep that confidential,” Rosenstein said.

Asked if he would prohibit releasing memos on a discussion with the president, he said, “As a general position, I think it is quite clear. It’s what we were taught, all of us as prosecutors and agents.”

While Rosenstein went on to defend his appointment of Mueller (and DOJ’s reinstatement of asset forfeitures), he appears to have no clue that he undermined his act even as he defended it.

Christopher Wray’s dodge ball

Which brings me to Wray’s confirmation hearing.

In fact, there were some bright spots in Christopher Wray’s confirmation hearing, mostly in its last dregs. For example, Dick Durbin noted that DOJ used to investigate white collar crime, but then stopped. Wray suggested DOJ had lost its stomach for such things, hinting that he might “rectify” that.

Similarly, with the last questions of the hearing Mazie Hirono got the most important question about the process of Wray’s hiring answered, getting Wray to explain that only appropriate people (Trump, Don McGahn, Reince Priebus, Mike Pence) were in his two White House interviews.

But much of the rest of the hearing alternated between Wray’s obviously well-rehearsed promises he would never be pressured to shut down an investigation, alternating with a series of dodged questions. Those dodges included:

  • What he did with the 2003 torture memo (dodge 1)
  • Whether 702 should have more protections (dodge 2)
  • Why did Trump fire Comey (dodge 3)
  • To what extent the Fourth Amendment applies to undocumented people in the US (dodge 4)
  • What we should do about junk science (dodge 5)
  • Whether Don Jr should have taken a meeting with someone promising Russian government help to get Trump elected (dodge 6)
  • Whether Lindsey Graham had fairly summarized the lies Don Jr told about his June 9, 2016 meeting (dodge 7)
  • Can the President fire Robert Mueller (dodge 8)
  • Whether it was a good idea to form a joint cyber group with Russia (dodge 9)
  • The role of tech in terrorist recruitment (dodge 9 the second)
  • Whether FBI Agents had lost faith in Comey (dodge 10)
  • Who was in his White House interview — though this was nailed down in a Hirono follow up (dodge 11)

Now, don’t get me wrong, this kind of dodge ball is par for the course for executive branch nominees in this era of partisan bickering — it’s the safest way for someone who wants a job to avoid pissing anyone off.

But at this time of crisis, we can’t afford the same old dodge ball confirmation hearing.

Moreover, two of the these dodges are inexcusable, in my opinion. First, his non-responses on 702. That’s true, first of all, because if and when he is confirmed, he will have to jump into the reauthorization process right away, and those who want basic reforms let Wray off the hook on an issue they could have gotten commitments on. I also find it inexcusable because Wray plead ignorance about 702 even though he played a key role in (not) giving defendants discovery on Stellar Wind, and otherwise was read into Stellar Wind after 2004, meaning he knows generally how PRISM works. He’s not ignorant of PRISM, and given how much I know about 702, he shouldn’t be ignorant of that, either.

But the big one — the absolutely inexcusable non answer that would lead me to vote against him — is his claim not to know the law about whether the President can fire Robert Mueller himself.

Oh, sure, as FBI Director, Wray won’t be in the loop in any firing. But by not answering a question the answer to which most people watching the hearing had at least looked up, Wray avoided going on the record on an issue that could immediately put him at odds with Trump, the guy who thinks Wray should report directly to him.

Add to that the Committee’s failure to ask Wray two other questions I find pertinent (and his answers on David Passaro’s prosecution either revealed cynical deceit about his opposition to torture or lack of awareness of what really happened with that prosecution).

The first question Wray should have been asked (and I thought would have been by Al Franken, who instead asked no questions) is the circumstances surrounding Wray’s briefing of John Ashcroft about the CIA Leak investigation in 2003, including details on Ashcroft’s close associate Karl Rove’s role in exposing Valerie Plame’s identity.

Sure, at some level, Wray was just briefing his boss back in 2003 when he gave Ashcroft details he probably shouldn’t have. The fault was Ashcroft’s, not Wray’s. But being willing to give an inappropriate briefing in 2003 is a near parallel to where Comey found himself, being questioned directly by Trump on a matter which Trump shouldn’t have had access to. And asking Wray to explain his past actions is a far, far better indication of how he would act in the (near) future than his rehearsed assurances he can’t be pressured.

The other question I’d have loved Wray to get asked (though this is more obscure) is how, as Assistant Attorney General for the Criminal Division under Bush, he implemented the July 22, 2002 Jay Bybee memo permitting the sharing of grand jury information directly with the President and his top advisors without notifying the district court of that sharing. I’d have asked Wray this question because it was something he would have several years of direct involvement with (potentially even with the Plame investigation!), and it would serve as a very good stand-in for his willingness to give the White House an inappropriate glimpse into investigations implicating the White House.

There are plenty more questions (about torture and the Chiquita settlement, especially) I’d have liked Wray to answer.

But in spite of Wray’s many rehearsed assurances he won’t spike any investigation at the command of Donald Trump, he dodged (and was not asked) key questions that would have made him prove that with both explanations of his past actions and commitments about future actions.

Given Trump’s direct assault on prosecutorial independence, an assault he launched while clearly looking forward to having Wray in place instead of McCabe, the Senate should go back and get answers. Trump has suggested he thinks Wray will be different than Sessions, Rosenstein, Comey, and McCabe. And before confirming Wray, the Senate should find out whether Trump has a reason to believe that.

Update: I did not realize that between the time I started this while you were all asleep and the time I woke up in middle of the night Oz time SJC voted Wray out unanimously, which is a testament to the absolute dearth of oversight in the Senate.

Share this entry

Yevgeniy Nikulin Writes The Donald

/15 Comments/in , , /by

Back in July, I noted that Vladimir Putin started waxing about independent hackers’ “art” as it looked more and more likely that Yevgeniy Nikulin, the guy DOJ has accused of hacking Linked In and MySpace, among others, would be extradited to the US.  Nikulin also made some news by alleging that back in February, the FBI Agent who had interrogated him in Prague had asked him about the election hack.

Now Nikulin has gone one better, writing to President Trump with his claim that he was asked to perjure himself by claiming credit for the DNC hack. (h/t ME)

Obviously, this might just be a ploy to garner attention and give Russia some ammunition to bolster their (thus far reportedly losing) claim that they should get custody of Nikulin for a minor hack rather than the US for a number of very major ones. It is a good way to get attention, especially given the way Trump keeps raising doubts about who hacked the DNC.

But it is actually not crazy to think Nikulin had a role in the DNC hack. One fairly credible alternative theory for the source of the DNC emails dealt to WikiLeaks is that someone used easily cracked credentials from Nikulin’s alleged breaches to obtain the email boxes of about 9 people at the DNC. If that were the case, it would raise the stakes for the logic behind the hacks Nikulin is alleged to have committed and the timing of the more public release of the stolen credentials.

In which case Nikulin’s appeal to Trump (who of course has shown zero interest in the plight of unjust DOJ claims for anyone else, even American citizens, since being elected) would be far more interesting — a way for Trump to personally intervene to prevent potentially damning information from landing in the hands of American prosecutors.

It’s the kind of thing that might come up in hour long conversations on the sidelines of meetings between Putin and Trump.

Share this entry

Be Careful How You Define Collusion: On the Veselnitskaya Bombshell and the Steele Dossier

/105 Comments/in , , /by

See update, below, which provides evidence that was not present when I wrote this post. 

The NYT has a new bombshell showing that Don Jr. was willing to meet with someone to get Russian dirt on Hillary. It is damning. But Democrats should be very careful about calling it collusion, yet.

On Saturday, the NYT reported that Don Jr, Paul Manafort, and Jared Kushner met on June 9 with Natalia Veselnitskaya, a Russian lawyer who has worked to overturn the Magnitsky sanctions. In Don Jr’s first response to the NYT, he admitted to the meeting, but said it focused primarily on adoptions (which means it focused on the sanctions).

Then, yesterday, NYT reported that Don Jr took the meeting because he was promised Russia-related dirt on Hillary. With that new detail, Don Jr changed his story, admitting that’s why he took the meeting, though he claimed that the information Veselnitskaya offered “made no sense.”

In a statement on Sunday, Donald Trump Jr. said he had met with the Russian lawyer at the request of an acquaintance. “After pleasantries were exchanged,” he said, “the woman stated that she had information that individuals connected to Russia were funding the Democratic National Committee and supporting Ms. Clinton. Her statements were vague, ambiguous and made no sense. No details or supporting information was provided or even offered. It quickly became clear that she had no meaningful information.”

He said she then turned the conversation to adoption of Russian children and the Magnitsky Act, an American law that blacklists suspected Russian human rights abusers. The law so enraged President Vladimir V. Putin of Russia that he retaliated by halting American adoptions of Russian children.

“It became clear to me that this was the true agenda all along and that the claims of potentially helpful information were a pretext for the meeting,” Mr. Trump said.

WaPo revealed that the meeting was set up by music publicist Rob Goldstone, and hints that he may have done so at the behest of Emin Agalarov (which Goldstone has since confirmed).

He did not name the acquaintance, but in an interview Sunday, Rob Goldstone, a music publicist who is friendly with Trump Jr., told The Washington Post that he had arranged the meeting at the request of a Russian client and had attended it along with Veselnitskaya.

Goldstone has been active with the Miss Universe pageant and works as a manager for Emin Agalarov, a Russian pop star whose father is a wealthy Moscow developer who sponsored the pageant in the Russian capital in 2013.

This news is damning for several reasons. Kushner failed to disclose it at first in his clearance application, and Don Jr didn’t reveal it in past interviews about meeting with Russians. Everyone tried to hide this at first.

But thus far, it is not evidence of collusion, contrary to what a lot of people are saying.

That’s true, most obviously, because we only have the implicit offer of a quid pro quo: dirt on Hillary — the source of which is unknown — in exchange for sanctions relief. We don’t (yet) have evidence that Don Jr and his co-conspirators acted on that quid pro quo.

But it’s also true because if that’s the standard for collusion, then Hillary’s campaign is in trouble for doing the same.

Remember: A supporter of Hillary Clinton paid an opposition research firm, Fusion GPS, to hire a British spy who in turn paid money to Russians — including people even closer to the Kremlin than Veselnitskaya — for Russia-related dirt on Don Jr’s dad.

Yes, the Clinton campaign was full of adults, and so kept their Russian-paying oppo research far better removed from the key players on the campaign than Trump’s campaign, which was run by incompetents. But if obtaining dirt from Russians — even paying Russians to obtain dirt — is collusion, then a whole bunch of people colluded with Russians (and a bunch of other foreign entities, I’m sure), including whatever Republican originally paid Fusion for dirt on Trump.

Breaking: Our political process is sleazy as fuck (but then, so are most of our politicians).

The claim that merely meeting with Veselnitskaya is collusion is all the more dangerous given that it invokes some weird details about the Fusion dossier. Most importantly, as Trump’s lawyer’s spox has pointed out (incoherently, at first), like whatever Clinton supporter retained the oppo research firm, Veselnitskaya also employed Fusion. An update to NYT’s Friday story laid some of this out, in the form of Mark Corallo’s more clever than you actually might think suggestion that the Democrats might have paid Fusion to set up this meeting.

In an interview, Mr. [Mark] Corallo explained that Ms. Veselnitskaya, in her anti-Magnitsky campaign, employs a private investigator whose firm, Fusion GPS, produced an intelligence dossier that contained unproven allegations against the president. In a statement, the firm said, “Fusion GPS learned about this meeting from news reports and had no prior knowledge of it. Any claim that Fusion GPS arranged or facilitated this meeting in any way is false.”

[snip]

One of Ms. Veselnitskaya’s clients is Denis Katsyv, the Russian owner of a Cyprus-based investment company called Prevezon Holdings. He is the son of Petr Katsyv, the vice president of the state-owned Russian Railways and a former deputy governor of the Moscow region. In a civil forfeiture case prosecuted by Mr. Bharara’s office, the Justice Department alleged that Prevezon had helped launder money tied to a $230 million corruption scheme exposed by Mr. Magnitsky by parking it in New York real estate and bank accounts. As a result, the government froze $14 million of its assets. Prevezon recently settled the case for $6 million without admitting wrongdoing.

[snip]

Besides the private investigator whose firm produced the Trump dossier, the lobbying team included Rinat Akhmetshin, an émigré to the United States who once served as a Soviet military officer and who has been called a Russian political gun for hire.

Republicans have already pointed to Akhmetshin’s work with Fusion as a way to discredit the Steele dossier. Now they are (or at least were, before the really damning bits came out) using it to attempt to discredit the most damning detail about Trump’s ties to Russians.

But there in one other interesting detail.

The first report (that we have) reflecting Christopher Steele’s work (and also the first report that some unknown Democrat paid for after earlier oppo research had been paid for by some Republican) is dated June 20.

The report, dated 11 days after the Veselnitskaya meeting, states that the Kremlin has a dossier on Clinton, but that it has not as yet been distributed abroad.

That claim is seemingly contradicted by the claims of Source A (a senior Russian Foreign Ministry figure) and Source D. Indeed, Source D appears to have claimed, in June, that dirt from Russia was helpful.

Ultimately, though, the memo seems to credit Source B, “a former top level Russian intelligence officer” and Source G, a senior Kremlin official, who said the dossier, attributed here to the FSB, had not yet been shared with Trump or anyone else in America.

Consider: First, Akhmetshin himself qualifies as a former intelligence officer (though it’s not clear how senior he was). He might have reason to deny that intelligence he tried to pass was the intelligence in question. And he’d likely be right, given that the Clinton dossier was purportedly a FSB, not a GRU, product. But it’s even possible that he didn’t want Hillary to know that he or a colleague was dealing dirt, however bad.

Nevertheless, the senior-most Russian quoted in the dossier compiled for Hillary Clinton claimed — and Steele appears to have believed — that Russia’s dirt on Hillary Clinton had not yet been released.

Which doesn’t really help the treatment of this as a scandal.

Don’t get me wrong. I suspect there is more to this story. But I also note that Democrats should be really careful not to get too far ahead of this one, for fear of where it will lead.

Update: NYT’s latest provides evidence that gets you far closer to collusion than the previous evidence.

Mr. Goldstone’s message, as described to The New York Times by the three people, indicates that the Russian government was the source of the potentially damaging information. It does not elaborate on the wider effort by Moscow to help the Trump campaign. There is no evidence to suggest that the promised damaging information was related to Russian government computer hacking that led to the release of thousands of Democratic National Committee emails.

Share this entry

James Clapper Updated Rules on Congressional Notice the Day before He Retired

/2 Comments/in , /by

On his very last full day in office on January 19, in the middle of an investigation that included then Senator Jeff Sessions’ discussions with the Russian Ambassador, James Clapper updated the rules on dissemination of the identities of members or staffers of Congress in intelligence reports.

One minor change to the previous procedures involved adding the Director of National Intelligence to the list of people whose requests to identify a MoC’s identity in a report don’t have to go through the same approval process as other people (which, in any case, involves approval by the DNI).

Here’s what that provision looked like in 2013.

As I suggested after Clapper most recently testified, his answers about unmasking the identity of a member of Congress or a Trump associate logically suggest he may have unmasked the identity of Jeff Sessions (though this process would involve someone else sharing the name of a member of Congress with Clapper, not Clapper unmasking the name).

LINDSEY GRAHAM: You made a request for unmasking on a Trump associate and maybe a member of Congress? Is that right, Mr. Clapper?

CLAPPER: Yes.

As I noted, the DNI is the person who has to approve the most sensitive requests. So by adding himself, Clapper only closed a loop, giving himself (or his successor) permission to ask for and receive information he himself had the authority to ask and receive in any case.

But I find the timing of the change interesting.

Share this entry

Maddow’s Forgery and Mistaken Timing

/48 Comments/in , /by

Much of Rachel Maddow’s reporting on the Russian scandal has been overly drawn out and breathless. But you should watch this piece (which is not only overly drawn out and breathless, but doesn’t emphasize the most important point).

Rachel describes how, on June 7, her tip line received a smoking gun document, appearing to be a Top Secret NSA document, laying out collusion between a Trump campaign official she doesn’t name (I’m going to wildarseguess, for a lot of reasons, it is Mike Flynn) and the Russians who hacked the election. She describes multiple reasons her team determined the document to be a fake: some misspellings, a declassification date that is wrong, some spacing weirdness, and that the campaign official is actually named, rather than masked as US Citizen 1.

But she also describes how the printer dots and a seeming crease on the document appear to replicate those that appear in the document Reality Winner is alleged to have provided to the Intercept.

Which is interesting, because as she shows about 14 minutes in (but doesn’t emphasize enough), the document sent to her tip line appears to have been created between the time Reality Winner went to jail and the time the Intercept published the document (unless I missed it, she doesn’t say precisely when they got the document, just that it was the same week as the Intercept published it Update: Corrected above). The creation date appears to be three and a half hours before the publication date at the Intercept. [Update: but not the creation date for the document, see below.]

Rachel surmises, correctly, I think, that the person sent the document both to discredit her own reporting (in much the same way reliance on fake documents discredited Dan Rather’s reporting of George Bush’s real Air National Guard scandal) as well as to discredit the notion that the Trump campaign, and the person named in particular, colluded with the Russians. This was an attempt to undercut potentially real news with deliberately faked news, fed through a selected outlet.

That would mean one of two things. Either the person who created the document faked the metadata (or created the document from Alaska or someplace west of there). Or the person received a copy of the very same document, including the crease, either from Reality Winner or from the Intercept or one of their sources, and then used it as a template to create a fake NSA document (or had visibility into the FBI’s investigation about this document). If it’s the latter, then the number of people who might be involved is rather small.

I’ve suggested there are reasons to wonder whether Winner was directed towards this document. I’d say there are more questions now about whether that’s the case.

Update: as PaulMD notes on Twitter, the document Rachel received actually has the very same creation time as the document the Intercept uploaded.

Update: Glenn Greenwald is pretty pissed about Rachel’s insinuations.

Update: Changed the title given the mistaken timing in the Rachel story.

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Did NSA Start Using Section 702 to Collect from VPNs in 2014?

/4 Comments/in , /by

I’ve finally finished reading the set of 702 documents I Con the Record dumped a few weeks back. I did two posts on the dump and a related document Charlie Savage liberated. Both pertain, generally, to whether a 702 “selector” gets defined in a way that permits US person data to be sucked up as well. The first post reveals that, in 2010, the government tried to define a specific target under 702 (both AQAP and WikiLeaks might make sense given the timing) as including US persons. John Bates asked for legal justification for that, and the government withdrew its request.

The second reveals that, in 2011, as Bates was working through the mess of upstream surveillance, he asked whether the definition of “active user,” as it applies for a multiple communication transaction, referred to the individual user. The question is important because if a facility is defined to be used by a group — say, Al Qaeda or Wikileaks — it’s possible a user of that facility might be an unknown US person user, the communications of which would only be segregated under the new minimization procedures if the individual user’s communication were reviewed (not that it mattered in the end; NSA doesn’t appear to have implemented the segregation regime in meaningful fashion). Bates never got a public answer to that question, which is one of a number of reasons why Rosemary Collyer’s April 26 702 opinion may not solve the problem of upstream collection, especially not with back door searches permitted.

As it happens, some of the most important documents released in the dump may pertain to a closely related issue: whether the government can collect on selectors it knows may be used by US persons, only to weed out the US persons after the fact.

In 2014, a provider challenged orders (individual “Directives” listing account identifiers NSA wanted to collect) that it said would amount to conducting surveillance “on the servers of a U.S.-based provider” in which “the communications of U.S. persons will be collected as part of such surveillance.” The provider was prohibited from reading the opinions that set the precedent permitting this kind of collection. Unsurprisingly, the provider lost its challenge, so we should assume that some 702 collection collects US person communications, using the post-tasking process rather than pre-targeting intelligence to protect American privacy.

The documents

The documents that lay out the failed challenge are:

2014, redacted date: ACLU Document 420: The government response to the provider’s filing supporting its demand that FISC mandate compliance.

2014, redacted date: EFF Document 13: The provider(s) challenging the Directives asked for access to two opinions the government relied on in their argument. Rosemary Collyer refused to provide them, though they have since been released.

2014, redacted date: EFF Document 6 (ACLU 510): Unsurprisingly, Collyer also rejected the challenge to the individual Directives, finding that post-tasking analysis could adequately protect Americans.

The two opinions the providers requested, but were refused, are:

September 4, 2008 opinion: This opinion, by Mary McLaughlin, was the first approval of FAA certifications after passage of the law. It lays out many of the initial standards that would be used with FAA (which changed slightly from PAA). As part of that, McLaughin adopted standards regarding what kinds of US person collection would be subject to the minimization procedures.

August 26, 2014 opinion: This opinion, by Thomas Hogan, approved the certificates under which the providers had received Directives (which means the challenge took place between August and the end of 2014). But the government also probably relied on this opinion for a change Hogan had just approved, permitting NSA to remain tasked on a selector even if US persons also used the selector.

The argument also relies on the October 3, 2011 John Bates FAA opinion and the August 22, 2008 FISCR opinion denying Yahoo’s challenge to Protect America Act. The latter was released in a second, less redacted form on September 11, 2014, which means the challenge likely post-dated that release.

The government’s response

The government’s response consists of a filing by Stuart Evans (who has become DOJ’s go-to 702 hawk) as well as a declaration submitted by someone in NSA that had already reviewed some of the taskings done under the 2014 certificates (which again suggests this challenge must date to September at the earliest). There appear to be four sections to Evans’ response. Of those sections, the only one left substantially unredacted — as well as the bulk of the SIGINT declaration — pertains to the Targeting Procedures. So while targeting isn’t the only thing the provider challenged (another appears to be certification of foreign intelligence value), it appears to be the primary thing.

Much of what is unredacted reviews the public details of NSA’s targeting procedure. Analysts have to use the totality of circumstances to figure out whether someone is a non US person located overseas likely to have foreign intelligence value, relying on things like other SIGINT, HUMINT, and (though the opinion redacts this) geolocation information and/or filters to weed out known US IPs. After a facility has been targeted, the analyst is required to do post-task analysis, both to make sure that the selector is the one intended, but also to make sure that no new information identifies the selector as being used by a US person, as well as making sure that the target hasn’t “roamed” into the US. Post-task analysis also ensures that the selector really is providing foreign intelligence information (though in practice, per PCLOB and other sources, this is not closely reviewed).

Of particular importance, Evans dismisses concerns about what happens when a selector gets incorrectly tasked as a foreigner. “That such a determination may later prove to be incorrect because of changes in circumstances or information of which the government was unaware does not render unreasonable either the initial targeting determination or the procedures used to reach it.”

Evans also dismisses the concern that minimization procedures don’t protect the providers’ customers (presumably because they provide four ways US person content may be retained with DIRNSA approval). Relying on the 2008 opinion that states in part…

The government argues that, by its terms, Section 1806(i) applies only to a communication that is unintentionally acquired,” not to a communication that is intentionally acquired under a mistaken belief about the location or non-U.S. person status of the target or the location of the parties to the communication. See Government’s filing of August 28, 2008. The Court finds this analysis of Section 1806(i) persuasive, and on this basis concludes that Section 1806(i) does not require the destruction of the types of communications that are addressed by the special retention provisions.”

Evans then quotes McClaughlin judging that minimization procedures “constitute a safeguard against improper use of information about U.S. persons that is inadvertently or incidentally acquired.” In other words, he cites an opinion that permits the government to treat stuff that is initially targeted, even if it is later discovered to be an American’s communication, differently than it does other US person information as proof the minimization procedures are adequate.

The missing 2014 opinion references

As noted above, the provider challenging these Directives asked for both the 2008 opinion (cited liberally throughout the unredacted discussion in the government’s reply) and the 2014 one, which barely appears at all beyond the initial citation.  Given that Collyer reviewed substantial language from both opinions in denying the provider’s request to obtain them, the discussion must go beyond simply noting that the 2014 opinion governs the Directives in question. There must be something in the 2014 opinion, probably the targeting procedures, that gets cited in the vast swaths of redactions.

That’s especially true given that on the first page of Evans’ response claims the Directives address “a critical, ongoing foreign intelligence gap.” So it makes sense that the government would get some new practice approved in that year’s certification process, then serve Directives ostensibly authorized by the new certificate, only to have a provider challenge a new type of request and/or a new kind of provider challenge their first Directives.

One thing stands out in the 2014 opinion that might indicate the closing of a foreign intelligence gap.

Prior to 2014, the NSA could say an entity — say, Al Qaeda — used a facility, meaning they’d suck up any people that used that facility (think how useful it would be to declare a chat room a facility, for example). But (again, prior to 2014) as soon as a US person started “using” that facility — the word use here is squishy as someone talking to the target would not count as “using” it, but as incidental collection — then NSA would have to detask.

The 2014 certifications for the first time changed that.

The first revision to the NSA Targeting Procedures concerns who will be regarded as a “target” of acquisition or a “user” of a tasked facility for purposes of those procedures. As a general rule, and without exception under the NSA targeting procedures now in effect, any user of a tasked facility is regarded as a person targeted for acquisition. This approach has sometimes resulted in NSA’ s becoming obligated to detask a selector when it learns that [redacted]

The relevant revision would permit continued acquisition for such a facility.

[snip]

For purposes of electronic surveillance conducted under 50 U.S.C. §§ 1804-1805, the “target” of the surveillance ‘”is the individual or entity … about whom or from whom information is sought.”‘ In re Sealed Case, 310 F.3d 717, 740 (FISA Ct. Rev. 2002) (quoting H.R. Rep. 95-1283, at 73 (1978)). As the FISC has previously observed, “[t]here is no reason to think that a different meaning should apply” under Section 702. September 4, 2008 Memorandum Opinion at 18 n.16. It is evident that the Section 702 collection on a particular facility does not seek information from or about [redacted].

In other words, for the first time in 2014, the FISC bought off on letting the NSA target “facilities” that were used by a target as well as possibly innocent Americans, based on the assumption that the NSA would weed out the Americans in the post-tasking process, and anyway, Hogan figured, the NSA was unlikely to read that US person data because that’s not what they were interested in anyway.

Mind you, in his opinion approving the practice, Hogan included a bunch of mostly redacted language pretending to narrow the application of this language.

This amended provision might be read literally to apply where [redacted]

But those circumstances fall outside the accepted rationale for this amendment. The provision should be understood to apply only where [redacted]

But Hogan appears to be policing this limiting language by relying on the “rationale” of the approval, not any legal distinction.

The description of this change to tasking also appears in a 3.5 page discussion as the first item in the tasking discussion in the government’s 2014 application, which Collyer would attach to her opinion.

Collyer’s opinion

Collyer’s opinion includes more of the provider’s arguments than the Reply did. It describes the Directives as involving “surveillance conducted on the servers of a U.S.-based provider” in which “the communications of U.S. person will be collected as part of such surveillance.” (29) It says [in Collyer’s words] that the provider “believes that the government will unreasonably intrude on the privacy interests of United States persons and persons in the United States [redacted] because the government will regularly acquire, store, and use their private communications and related information without a foreign intelligence or law enforcement justification.” (32-3) It notes that the provider argued there would be “a heightened risk of error” in tasking its customers. (12) The provider argued something about the targeting and minimization procedures “render[ed] the directives invalid as applied to its service.” (16) The provider also raised concerns that because the NSA “minimization procedures [] do not require the government to immediately delete such information[, they] do not adequately protect United States person.” (26)

All of which suggests the provider believed that significant US person data would be collected off their servers without any requirement the US person data get deleted right away. And something about this provider’s customers put them at heightened risk of such collection, beyond (for example) regular upstream surveillance, which was already public by the time of this challenge.

Collyer, too, says a few interesting things about the proposed surveillance. For example, she refers to a selector as an “electronic communications account” as distinct from an email — a rare public admission from the FISC that 702 targets things beyond just emails. And she treats these Directives as an “expansion of 702 acquisitions” to some new provider or technology. Finally, Collyer explains that “the 2014 Directives are identical, except for each directive referencing the particular certification under which the directive is issued.” This means that the provider received more than one Directive, and they fall under more than one certificate, which means that the collection is being used for more than one kind of use (counterterrorism, counterproliferation, and foreign government plus cyber). So the provider is used by some combination of terrorists, proliferators, spies, or hackers.

Ultimately, though, Collyer rejected the challenge, finding the targeting and minimization procedures to be adequate protection of the US person data collected via this new approach.

Now, it is not certain that all this relied on the new targeting procedure. Little in Collyer’s language reflects passing familiarity with that new provision. Indeed, at one point she described the risk to US persons to involve “the government may mistakenly task the wrong account,” which suggests a more individualized impact.

Except that after her almost five pages entirely redacted of discussion of the provider’s claim that the targeting procedures are insufficient, Collyer argues that such issues don’t arise that frequently, and even if they do, they’d be dealt with in post-targeting analysis.

The Court is not convinced that [redacted] under any of the above-described circumstances occurs frequently, or even on a regular basis. Assuming arguendo that such scenarios will nonetheless occur with regard to selectors tasked under the 2014 Directives, the targeting procedures address each of the scenarios by requiring NSA to conduct post-targeting analysis [redacted]

Similarly, Collyer dismissed the likelihood that Americans’ data would be tasked that often.

[O]ne would not expect a large number of communications acquired under such circumstances to involve United States person [citation to a redacted footnote omitted]. Moreover, a substantial proportion of the United States person communications acquired under such circumstances are likely to be of foreign intelligence value.

As she did in her recent shitty opinion, Collyer appears to have made these determinations without requiring NSA to provide real numbers on past frequency or likely future frequency.

However often such collection had happened in the past (which she didn’t ask the NSA to explain) or would happen as this new provider started responding to Directives, this language does sound like it might implicate the new case of a selector that might be used both by legitimate foreign intelligence targets and by innocent Americans.

Does the government use 702 collection to obtain VPN traffic?

As I noted, it seems likely, though not certain, that the new collection exploited the new permission to keep tasking a selector even if US persons were using it, in addition to the actual foreigners targeted. I’m still trying to puzzle this through, but I’m wondering if the provider was a VPN provider, being asked to hand over data as it passed through the VPN server. (I think the application approved in 2014 would implicate Tor traffic as well, but I can’t see how a Tor provider would challenge the Directives, unless it was Nick Merrill again; in any case, there’d be no discussion of an “account” with Tor in the way Collyer uses it).

What does this mean for upstream surveillance

In any case, whether my guesstimates about what this is are correct, the description of the 2014 change and the discussion about the challenge would seem to raise very important questions given Collyer’s recent decision to expand the searching of upstream collection. While the description of collection from a provider’s server is not upstream, it would seem to raise the same problems, the collection of a great deal of associated US person collection that could later be brought up in a search. There’s no hint in any of the public opinions that such problems were considered.

Share this entry