The Irony of Glenn Greenwald Cuddling Up with Bill Barr, the Grandfather of Ed Snowden’s Phone Dragnet

Glenn Greenwald, who has written two books about the abuse of Presidential power, continues to dig in on his factually ignorant claims about the Mueller report. For days, he and the denialists said that if Mueller’s report was being misrepresented by Bill Barr, Mueller would speak up. Now that Mueller’s team has done so, Glenn complains that these are anonymous leaks and nevertheless only address obstruction, not a conspiracy with Russia on the election.

Glenn and his lackeys in the denialist crowd who continue to willfully misrepresent the public evidence have yet to deal with the fact that Mueller has already presented evidence that Paul Manafort conspired with Russian Konstantin Kilimnik on the election, but that they weren’t able to substantiate and charge it because Manafort lied. Mueller’s team say they believe Manafort did so in hopes and expectation that if he helped Trump and denialists like Glenn sustain a “no collusion” line, he might get a pardon. That is, we know that Trump’s offers of pardons — his obstruction — specifically prevented Mueller from pursuing a fairly smoking gun incident where Trump’s campaign manager coordinated with Russians on the hack-and-leak.

As Glenn once professed to know with respect to Scooter Libby’s obstruction, if someone successfully obstructs an investigation, that may mean the ultimate culprit in that investigation escapes criminal charge.

Glenn’s denialism is all the more remarkable, though, given that this same guy who wrote two books on abuse of presidential power is choosing to trust a memo from Bill Barr that was obviously playing legalistic games over what the public record says. As Glenn must know well, Barr has a history of engaging in precisely the kind of cover-up of presidential abuses Glenn once professed to oppose, fairly epically on Iran-Contra. The cover-up that Barr facilitated on that earlier scandal was the model that Dick Cheney used in getting away with leaking Valerie Plame’s identity and torture and illegal wiretapping, the kinds of presidential abuses that Glenn once professed to oppose.

I find Glenn’s trust of Bill Barr, one of the most authoritarian Attorneys General in the last half century, all the more ironic, coming as it does the same week that DOJ IG released this IG report on several DEA dragnets.

That’s because Glenn’s more recent opposition to abuse of power comes in the form of shepherding Edward Snowden’s leaks. Glenn’s recent fame stems in significant degree to the fact that on June 5, 2013, he published a document ordering Verizon to turn over all its phone records to the government.

The dragnet Snowden revealed with that document was actually just the second such dragnet. The first one targeted the phone calls from the US to a bunch of foreign countries claimed, with no court review, to have a drug nexus. Only, that term “drug nexus”  came to include countries with no significant drug ties but instead a claimed tie between drug money and financing terrorism, and which further came to be used in totally unrelated investigations. That earlier dragnet became the model for Stellar Wind, which became the model for the Section 215 dragnet that Glenn is now famous for having helped Edward Snowden expose.

Here’s what the IG Report released the same week that Glenn spent hours cuddling up to Bill Barr says about the original dragnet.

Bill Barr, the guy Glenn has spent 10 days nuzzling up to, is the grandfather of the dragnet system of surveillance.

The IG Report also shows that Bill Barr — the guy Glenn has spent 10 days trusting implicitly — didn’t brief Congress at all; the program wasn’t first briefed to Congress until years after Barr left office the first time.

This is the man that former critic of abusive presidential power Glenn Greenwald has chosen to trust over the public record.

This is, it seems, the strange plight of the denialist left, cozying up to the kind of authoritarians that their entire career, at least to this point, have vigorously opposed.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Keith Gartenlaub Challenges the Destroyed FISA Wall

Keith Gartenlaub is appealing his conviction on possession of child porn to the Supreme Court, based on a FISA challenge. And while any petition for cert before SCOTUS faces long odds, I believe this one is interestingly situated in that its challenge to the plain view doctrine, in conjunction with the use of FISA evidence in a prosecution having nothing to do with national security, may present a way for SCOTUS to reconsider the wall between national security investigations and criminal prosecutions.

As a reminder, the FBI decided to investigate Gartenlaub (at a time when they were making other bone-headed investigative decisions involving Chinese-Americans) because he had access to files the Chinese government was seeking and a naturalized Chinese-American wife.

FBI switched back and forth from criminal to FISA access at least once (and probably twice), and in the process did a physical search of three Gartenlaub hard drives using the more expansive search regime available under FISA, only to then repeat the same search to obtain the same evidence of child porn to use for prosecution.

The government never presented evidence the child porn had been accessed since 2005, and Gartenlaub presented an alternate explanation for how it had gotten on his computer. In fact, the record suggests the FBI didn’t want to prosecute Gartenlaub for child porn; they wanted to flip him, so he would spy on his well-connected in-laws. It didn’t happen and now, even after his release from prison, he’s trying to challenge the genesis of his prosecution from that FISA search.

The reason why the case is interesting is because the FBI was seeking something very specific: materials relating to Boeing’s C-17 program. A criminal forensic search for such materials, conducted under a Rule 41 warrant, would start by turning off the forensic search for items — most notably, videos — that would not return the suspected evidence of crime (which would be engineering documents).

Because of typical games the FBI plays with forensics, this was not established in the District court. But the appeal points to the government’s claims that under FISA they don’t have to use such forensic narrowing. It goes on to establish that they did not use such forensic narrowing tools, and, not having done that, found no evidence to support the FISA allegations but instead finding evidence that led to the child porn charges.

In its Opposition Brief before the Ninth Circuit, the government acknowledges that there were no limitations to its secret search of Gartenlaub’s hard drives, saying in a header: “The Government Was Permitted to Search Every File on Defendant’s Computers . . . .”17 And nothing in the record indicates that the government used any standard forensic techniques routinely used to particularize computer searches like: date limitations; targeted key word searches; image recognition scans; taint teams, or other routine, well established techniques to limit a digital search to its target and screen out privileged, confidential, and irrelevant information.

Despite its unlimited search, the FBI found no evidence that Gartenlaub had provided C-17 data to China, or otherwise acted as a spy for China. But the FBI did allegedly find, among the tens of thousands of files on the hard drives, a handful of files containing child pornography. Dropping its fantasy that Gartenlaub was a Chinese spy, the FBI turned to the theory he collected child pornography.

The appeal then argues that using FISA to get to criminal evidence is an end run around criminal procedure, in part because Gartenlaub had no way to challenge the criminal warrant after the evidence had already been found via FISA warrant.

Gartenlaub’s case demonstrates how easy it is to bypass the Constitution’s criminal procedure guarantees by getting a secret FISA search warrant and using it to prosecute regular crimes. And it is impossible for a criminal defendant to challenge a secret FISA warrant because the defendant cannot access any of the information underlying the FISA warrant due to its secrecy. This thwarts a criminal defendant’s Due Process right to test the government’s case in adversarial proceedings. For these reasons alone the Court should grant certiorari to clarify the use of non-responsive FISA evidence in regular criminal proceedings.

Ultimately, one of Gartenlaub’s requests for cert (and most his requests parallel this closely) argues that the government should not be permitted to use FISA warrants unless it submits those FISA warrants for court review.

Gartenlaub’s case is an example of how the government can abuse a national security investigation under FISA to prosecute unrelated non-national security crimes. Because of this risk, the government should not be permitted to use secret national security warrants to prosecute regular crimes if it won’t submit those warrants and supporting materials to investigation and the adversarial process the criminal procedure amendments require. This Court should grant certiorari to analyze and clarify the scope of the 1978 FISA’s encroachment upon the fundamental, centuries old, criminal procedure protections of the Fourth, Fifth, and Sixth Amendments.

On its face, it’s a fairly modest request. And, as the appeal notes, a fairly modest one, given that there is only one other case where FISA is known to be used in a pure criminal case. The appeal distinguishes this case from the past one, Isa, in a way that appeals directly to the Court’s recent narrowing of digitally-based searches.

The 27 year old FISA case of United States v. Isa appears to be one of the few instances where a prosecutor used the non-responsive fruits of a FISA search for an unrelated regular criminal prosecution.70 Isa upheld the use of a FISA surveillance recording, in a state prosecution, of the surveillance target’s murder of his 16-year-old daughter.71 During the course of the surveillance the murder occurred and was incidentally recorded. Unlike Gartenlaub’s case, the evidence was not obtained via the methodical rummaging over the course of months through the target’s computers.

In other words, on its face, it presents a case where there is no question of standing, where the reach of the questions presented may seem narrow, and on topics that fit nicely with recent court decisions recognizing the greater invasiveness of digital searches.

Except the impact of putting FISA review on the table for a purely criminal case (the appeal raises the Carter Page example) would have significant, probably overdue impact on the complete elimination of the wall between intelligence and criminal investigations after 9/11.

None of that says it will work, of course. But it’s a neat formulation that, if it did, might finally push FISA back towards being closer to what it was first envisioned as.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Surveillance Whack-a-Mole, Section 215 to Section 702 Edition

As it happens, I and others covered the report that NSA purportedly has not restarted its use of the Section 215 CDR program in the wake of finding serious over-collection on the same day that I Con the Record released another Semiannual report on 702, the one completed in October 2018, which covers December 2016 to May 2017.

In my post on the Section 215 CDR claim, I suggested that function probably hasn’t shut down, but likely moved instead to a different authority, probably EO 12333.

The NSA almost never gives up a function they like. Instead, they make sure they don’t have any adverse court rulings telling them they’ve broken the law, and move the function some place else. Given that the government withdrew several applications last year after FISC threatened to appoint an amicus, and given that the government now has broadened 12333 sharing, they may have just moved something legally problematic somewhere else.

In Ellen Nakashima’s report on the 215 CDR shutdown, she suggested that NSA may not longer need the 215 CDR function because “terrorists” (this program was never just about terrorists) increasingly use secure apps which “don’t always create metadata.”

But these days, terrorists generally are not coordinating via phone calls or standard text messages, but communicate by using secure apps that don’t always create metadata trails, analysts said.

That is, the suggestion is that because “terrorists” are using encrypted apps like Signal and WhatsApp rather than AT&T or Verizon’s own SMS apps, getting the latter via the CDR program is not as useful.

But perhaps that explains the over-collection issue behind all this.

From the start of the USA Freedom Act debate, I have noted that the definition used in the law — session identifier — did not match the intent of most members of Congress: that is, to track telephony contacts. Telephony contacts are just an increasingly minimal subset of the session identifiers than any mobile phone user will generate. And in the age of super-cookies, providers increasingly track these other session identifiers. If providers collect it, spooks and law enforcement will try to use it, and the expanded universe of session identifiers is no exception.

One of several likely explanations for the over-collection that led the government to destroy all its records last year is that the FISA Court wrote something that distinguished between the two (basically, establishing a precedent that made fudging the issue legally problematic), leading NSA to “discover” the over-collection and quickly start deleting records before any overseer found the proof that it was no accident.

At least, that same pattern has happened numerous times before.

Anyway, back to surveillance whack-a-mole.

When this has happened in the past, the NSA didn’t actually shut down the function. It instead moved it to another authority, preferably one with less court oversight. Of particular note, when NSA shut down the PRTT dragnet in 2011, it moved some of that function to EO 12333 (NSA had resumed a practice shut down during the Stellar Wind shutdown allowing the agency to chain on Americans) and Section 702.

That’s why I want to point to something in the most recent Section 702 Semiannual Report (which, remember, reflects really dated reviews of Section 702 use. On top of being really dated, the report is, as all of these are, heavily redacted and largely boilerplate. Nevertheless, a close read of it (I do think I’m the only one who actually reads these!) can point to trends that can sometimes help identify problems on the same timeline that NSA’s Inspector General does.

And this most recent Semiannual report, from the period mid-way into implementation of the new USAF CDR function, has this passage (which — I believe — includes a typo).

This passage is not reporting a decrease, as the last clause of the paragraph claims; it is reporting an increase in the number of times Section 702 data appears in serialized (that is, finished) reports. The typo appears to be the result of retaining the claim that this is “the first and only decrease of for these ten reporting periods” from the prior report.

What is likely true of this passage, however, is that it is reporting a new trend: “expanded use of Section 702” for some function.

There are several likely candidates for the time period (early 2017). The increasing use of the 2014 exception, the ongoing shift of the old PRTT function (obtaining email metadata) are two.

But another would be to use 702 — such that it is technically feasible — to obtain what metadata exists for encrypted apps. Notably, during precisely this period, Facebook was moving to more closely integrate WhatsApp with its platform generally. And this would give it access (but not content) of chats. Since then, it has probably become easier for Verizon and AT&T to identify who is using Signal by matching the individual keys generated for each contact (just as an example, you can set Verizon to show this or not, meaning they’ve got visibility onto it one way or another). Using 702 to get encrypted app metadata would only give you one degree of separation from a foreign target. But you’d get it with far less oversight than NSA undergoes with Section 215.

Here’s the dirty secret about FISA. It is far easier for NSA to use Section 702 to get content and metadata than it is for NSA to use Section 215 to get just session identifiers.

Section 702 couldn’t replace all of what Section 215 — if it were collecting on the session identifiers associated with encrypted chat apps — gets. But what it could get might be far more voluminous than the 500 million session identifiers collected in 2017.

Update: Bobby Chesney — who seems to know more than he’s letting on — weighs in on the news here.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Lawfare “Breaks” News: NSA Hasn’t Restarted the Section 215 CDR Function

Last week, Lawfare’s podcast had on Luke Murry, National Security Advisor to Republican House Minority Leader Kevin McCarthy, and Daniel Silverberg, National Security Advisor to Democratic House Majority Leader Steny Hoyer.

At 5:10, in response to a question from Margaret Taylor about what kind of oversight Congress will exercise in this Congress, one of them says,

I think my mind goes to the must-pass things. Let’s use that as lowest common denominator. One which may be must-pass, may actually not be must-pass, is Section 215 of USA Freedom Act, where you have this bulk collection of, basically metadata on telephone conversations — not the actual content of the conversations but we’re talking about length of call, time of call, who’s calling — and that expires at the end of this year. But the Administration actually hasn’t been using it for the past six months because of problems with the way in which that information was collected, and possibly collecting on US citizens, in the way it was transferred from private companies to the Administration after they got FISA court approval. So, if the Administration does ask on that, that’s inherently a very sensitive subject. And we’ve seen that sensitivity be true in other areas of USA Freedom Act so I think that’s going to be a real challenge for Congress. But I’m not actually certain that the Administration will want to start that back up given where they’ve been in the last six months.

The staffer seems a bit confused by what he’s talking about.

By description — the description of this being metadata turned over by providers — this must be the Call Detail Record of USA Freedom Act, not all of Section 215. It appears to be public confirmation that the government never resumed the CDR program after it announced that it had destroyed all its records last June (though that works out to be 8 months, not just 6).

That, in turn, suggests that the problem with the records may not be the volume or the content turned over, but some problem created either by the specific language of the law or (more likely) the House Report on it or by the Carpenter decision. Carpenter came out on June 22, so technically after the NSA claims to have started deleting records on May 23. It also may be that the the NSA realized something was non-compliant with its collection just as it was submitting the 6th set of 180-day applications, and didn’t want to admit to the FISC that it had been breaking the law (which is precisely what happened in 2011 when the government deleted all its PRTT records).

Just as an example, I long worried that the government would ask providers to use location data to match phones. Under the law, so long as the government just got the phone number of a new phone that had been geolocated, it might qualify as a CDR under the law, but would absolutely be a violation of the intent of the law. Such an application — which is something that AT&T has long offered law enforcement — might explain what we’ve seen since.

One other thing, though: The NSA almost never gives up a function they like. Instead, they make sure they don’t have any adverse court rulings telling them they’ve broken the law, and move the function some place else. Given that the government withdrew several applications last year after FISC threatened to appoint an amicus, and given that the government now has broadened 12333 sharing, they may have just moved something legally problematic somewhere else.

In any case, there’s no follow-up on the podcast, which might at least clarify the obvious parts of this revelation, to say nothing of asking for the underlying detail. So it will take some work to figure out what really happened.

In the Most Cowardly Possible Decision, Ninth Circuit Upholds Gartenlaub Conviction

The Ninth Circuit just released an unsigned opinion in Keith Gartenlaub’s case; in a non-precedental opinion, they upheld his conviction.

As a reminder, Gartenlaub was an engineer at Boeing. During a period when there were suspected Chinese breaches of Boeing at other locations, an FBI Agent in the LA area decided that there must be someone breaching Boeing at the local facility. He set out to find a suspect and focused on Gartenlaub (apparently) because he had access to relevant files and a Chinese-America wife. It appears that the FBI used back door searches on Section 702 material in their early investigation of Gartenlaub. They also moved back and forth from criminal warrants to FISA warrants. Using a FISA physical search warrant, the FBI searched his home and imaged his hard drives. Searches of those hard drives found no evidence he was a spy for China, as they had claimed; instead, they found child porn that had not been accessed in a decade. The government used that to obtain yet another warrant on Gartenlaub, parallel constructing the child porn for use at trial, all in an attempt to get him to agree to spy on his Chinese relatives. Instead, he went to trial and was found guilty of knowingly possessing child porn.

He appealed his conviction both because the government presented no evidence he had actually accessed this child porn since it had been loaded onto his computer, and because the government used a FISA order to find the porn that they then used to search him (and also used to legitimize the Tor exception, which permits the NSA to target location-obscured facilities known to be used by Americans, so long as they sift out the non-criminal US person content after the fact).

The Ninth Circuit sat on this decision until Gartenlaub was out of prison

I say this opinion was cowardly for a number of reasons (aside from the court taking nine months to release a thin, unsigned opinion). Part of the cowardice is the timing. The court entered this judgment on September 17, two weeks ago.

They just released it today.

Today also happens to be the day that Gartenlaub moved to a halfway house. Perhaps the court hoped by releasing it after he was released from prison, it would moot any further challenge.

Even the Carter Page precedent didn’t win Gartenlaub a review of his FISA application

While Gartenlaub challenged the sufficiency of the evidence that he knowingly possessed the child porn (which the Ninth also upheld), the key to this challenge was whether using child porn the government had found using the broader search protocols available under FISA presented a Fourth Amendment challenge, particularly in light of the US v. Comprehensive Drug Testing precedent on plain view doctrine in the circuit.

The Ninth avoided dealing with this issue in two ways. First, even though Carter Page has established the precedent that defendants — indeed, the whole world! — can see FISA applications, the court conducted its own review, and found the FBI had presented probable cause that Gartenlaub (or perhaps his wife?) was an agent of China “when the FISA order was issued.”

Based upon our independent review of the classified record evidence, we conclude that the FISA warrant was supported by probable cause. The FISA application and supporting materials demonstrated probable cause to believe that Gartenlaub was an agent of a foreign power when the FISA order was issued.

I’m really curious about that language, “when the order was issued,” as the two streams of collection the FBI was using leaves open the possibility that FBI had learned that he wasn’t a spy by the time they did the search.

Based on their review of the FISA application the Ninth decided that such a review was not necessary or even useful to determine the legality of the search.

We have conducted an in camera review of the underlying FISA materials. We conclude that the disclosure of the FISA materials to Gartenlaub was not “necessary to make an accurate determination of the legality of the search.” 50 U.S.C. § 1825(g); see also United States v. Ott, 827 F.2d 473, 476–77 (9th Cir. 1987) (finding “no indications of possible misrepresentation of fact, vague identification of the persons to be surveilled, or surveillance records which include a significant amount of non-foreign intelligence information, or any other factors that would indicate a need for disclosure” (internal quotation marks omitted)). In point of fact, disclosure was not necessary even under a less rigorous standard than that proposed by the government.

Of course, given the likelihood that the government used 702 data to obtain this FISA order (and the FBI’s use of shoddy public reporting), that’s not all that comforting.

The Ninth punts on the Fourth Amendment issue

Having disposed of the sufficiency of the evidence and the probable cause challenges, the Ninth then addressed the key issue that any non-cowardly opinion would have dealt with: whether using a FISA order, instead of a criminal warrant, to get the ability to search more extensively on a person’s life constitutes a Fourth Amendment violation (this is particularly important in Gartenlaub’s case, because he was suspected of stealing non-videos, so a criminal search wouldn’t have had any reason to search for videos). The court admits that this is a really troubling issue.

The idea that the government can decide that someone is a foreign agent based on secret information; on that basis obtain computers containing “[t]he sum of [that] individual’s private life,” Riley v. California, 134 S. Ct. 2473, 2489 (2014); and then prosecute that individual for completely unrelated crimes discovered as a result of rummaging through that computer comes perilously close to the exact abuses against which the Fourth Amendment was designed to protect.

But they treat this question as a review for plain error (in part because Gartenlaub’s original attorney, who made some other key errors at the District level, didn’t raise the Fourth Amendment issue).

Plain error review is the appropriate standard because Gartenlaub did not assert the Fourth Amendment argument predicated on alleged misuse of the FISA warrant before the district court.

Note, significant evidence about how the government abused the FISA process to get at the more expansive search authority under FISA became public after Gartenlaub submitted his appeal.

In any case, having deemed this a plain error review rather than a Fourth Amendment one, the court basically said there’s no standard set for the use of plain view in national security cases, so the District judge could not have plainly erred.

No controlling authority dictates the conclusion that the government’s Foreign Intelligence Surveillance Act (“FISA”) search and subsequent use of FISA-derived materials in a non-national security prosecution violates the Fourth Amendment, such that the district court’s failure to follow it was plain error. See United States v. Gonzalez-Aparicio, 663 F.3d 419, 428 (9th Cir. 2011), as amended (Nov. 16, 2011). Our decision in United States v. Comprehensive Drug Testing, Inc., 621 F.3d 1162 (9th Cir. 2010) (en banc), abrogation recognized by Demaree v. Pederson, 887 F.3d 870 (9th Cir. 2018) (per curiam), is inapposite; it did not decide the question presented by this case and, in fact, addressed no national security concerns particular to the FISA context.

This is, in other words, a punt — a punt that admits such unrestricted searches are a problem, but manages to avoid ruling for this case, a case that itself served as precedent at the FISA court for a whole slew of even more problematic national security searches.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Keith Gartenlaub Wonders Why He Can’t Get the Carter Page Treatment

Whatever else you think of the Carter Page pseudo-scandal, the release of his FISA application has finally ended the 50 year period during which not a single person targeted under FISA has ever seen the application used to obtain the order.

That should mean that for defendants who can legitimately demonstrate there was probably something actually problematic with the application they can review the application and challenge the order and everything that comes from it. Keith Gartenlaub, who was targeted as a Chinese spy based off basically nothing, currently has a pending challenge in his FISA case in the 9th Circuit.

His attorney, John Cline, has already written the court pointing out that the release of Page’s FISA application demonstrates DOJ’s 50 year fearmongering about FISA is really overblown.

As with the HPSCI memoranda, the declassification and disclosure of the redacted Page FISA materials demonstrates that it is possible to discuss publicly aspects of a FISA application without damaging national security. In addition, the declassification and disclosure of the redacted FISA materials highlights the absurdity of the government’s assertion, in this and other cases involving motions to suppress FISA surveillance, that any disclosure of any portion of a FISA application, even to cleared defense counsel under the protections of CIPA, would harm national security. If the redacted Page FISA materials can be disclosed publicly without harming national security, as the Executive Branch has
determined, even more substantial disclosure of the Gartenlaub FISA application can be made to cleared defense counsel under CIPA without causing such harm.

It is likely that we (or rather, Cline, Gartenlaub’s cleared attorney) would learn far more about the things FBI gets away with in FISA applications from Gartenlaub’s application than Page’s.

If defendants like Gartenlaub can carry out such review, we actually might be able to make FISA more reasonable.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

NSA — Continually Violating FISA Since 2004

Last year, I did a report that catalogued all the times NSA had violated FISA since the Stellar Wind phone dragnet got moved under FISA in 2004. There were the five different practices deemed violations of 1809(a)(2), which prohibits the use of any data that was illegally collected.

From 2004 until 2009, in spite of twice quarterly Office of General Counsel spot checks imposed to prevent it, “‘[v]irtually every PR/TT record’ generated [by the bulk Internet metadata program] included some data that had not been authorized for collection.” 3

From 2007 until 2011, NSA collected entirely domestic and untargeted communications as part of Multiple Communication Transaction bundles without restricting access to the unrelated communications. 4

In June 2010, NSA admitted it had improperly retained Title I data in a management system that the court had deemed an overcollection; in May 2011, FISC found this retention problematic under 1809(a)(2). The government even argued that prohibitions 5 on using unlawfully collected information “only applied to interceptions authorized by the Court and did not apply to the fruits of unlawful surveillance.”

From 2011 to 2016, NSA retained Section 702 overcollection in its management systems, in spite of the 2011 FISC retention precedent ruling such retention a violation of 1809(a)(2). 7

In 2013, NSA discovered its post-tasking checks to ensure targeted phones had not roamed into the United States had not functioned properly for some redacted period of time (possibly dating back to 2008), meaning some of the telephone collection from that period may have been collected on individuals located inside the United States in violation of 702. 8

In addition to those, NSA had continued to conduct back door searches of data collected using upstream 702 collection even after John Bates prohibited the practice in 2011.

Because upstream collection foreseeably results in the collection of domestic communications, when John Bates first permitted searches of 702 data using US person identifiers in late 2011, he prohibited such searches on upstream data, for fear it would amount to using 702 for domestic surveillance. Yet NSA starting disclosing “many” such violations as early as 2013. 9

As NSA’s compliance organizations started looking more closely in 2015 and 2016, they discovered the NSA was even conducting such searches in systems “that do not interface with NSA’s query audit system,” raising questions about their ability to oversee US person queries 10 more generally. NSA discovered that some data obtained using upstream collection had been mislabeled as PRISM collection, meaning it would get no special treatment. With one tool used 11 to conduct queries of Americans located overseas, NSA experienced an 85% noncompliance rate. 12

While Rosemary Collyer (who is the worst presiding FISA Judge ever) didn’t deem that a violation of 1809(a)(2) — meaning NSA didn’t have to segregate and destroy andy data collected improperly — it still violated the minimization procedures that control 702 collection.

So between 2004 and 2016, NSA was always breaking the rules of FISA in one way or another.

And we can now extend that timeline to 2018. The NSA just revealed that it had destroyed all the call detail records it had collected since 2015, which would be all those collected under USA Freedom Act.

Consistent with NSA’s core values of respect for the law, accountability, integrity, and transparency we are making public notice that on May 23, 2018, NSA began deleting all call detail records (CDRs) acquired since 2015 under Title V of the Foreign Intelligence Surveillance Act (FISA)

The Government relies on Title V of FISA to obtain CDRs, which do not include the content of any calls. In accordance with this law, the Government obtains these CDRs, following a specific court-authorized process.

NSA is deleting the CDRs because several months ago NSA analysts noted technical irregularities in some data received from telecommunications service providers. These irregularities also resulted in the production to NSA of some CDRs that NSA was not authorized to receive. Because it was infeasible to identify and isolate properly produced data, NSA concluded that it should not use any of the CDRs. Consequently, NSA, in consultation with the Department of Justice and the Office of the Director of National Intelligence, decided that the appropriate course of action was to delete all CDRs. NSA notified the Congressional Oversight Committees, the Privacy and Civil Liberties Oversight Board, and the Department of Justice of this decision. The Department of Justice, in turn, notified the Foreign Intelligence Surveillance Court. The root cause of the problem has since been addressed for future CDR acquisitions, and NSA has reviewed and revalidated its intelligence reporting to ensure that the reports were based on properly received CDRs.

Now it could well be these CDRs that NSA was not authorized to collect were selectors that went beyond what had been approved (though that’d be unlikely to trigger a technical alert). It may be these CDRs obtain something that counts as content — such as cookie information that identifies sublevel domains of a webpage.

But the only non content thing that is affirmatively permitted in USAF is location data, which as of last week would get treated as a search if not content. Which leads me to believe this is most likely location data (which would also explain the sudden transparency). It may be content data collected in ways the NSA didn’t understand, perhaps via apps that retain the location data shared from the phone. But it’s likely it was content data.

And given the specific reference to data “that NSA was not authorized to receive,” and the fact that NSA destroyed three years of CDRs, I suspect this, too, was deemed a violation of 1809(a)(2).

Which means the NSA’s streak of violating FISA just got extended several more years. It has been violating FISA, in one way or another, for 14 years.

The Trump People Really Really Want to Know How Much Mueller Knows about Roger Stone’s “Collusion”

In a piece that lets Roger Stone claim he un-forgot the Russian he met offering Hillary dirt for $2 million and also fails to ask Stone why it took over a month for him to correct his perjury before HPSCI and also fails to ask if there was follow-up about someone else paying for that dirt on Hillary, Ken Dilanian lets Stone float a claim that Mueller must have obtained the contents of his phone using a FISA order.

Stone also wondered to NBC News how Mueller “has copies of my text messages if not through an illegal FISA warrant. I have filed a notice of my intention to bring a lawsuit against the government for a civil rights and right to privacy violation to get to the bottom of that question.”

As I have noted repeatedly, close to the beginning of the time when Mueller has focused unrelentingly on Stone, on March 9, Mueller obtained a probable cause search warrant to obtain the contents of 5 AT&T phones, “In the Matter of the Search of Information Associated with Five Telephone Numbers Controlled by AT&T (D.D.C.) (18-sc-609).” When Paul Manafort attempted to unseal the parts of the affidavit laying out the probable cause for those phones covered by the warrant that he didn’t own, Amy Berman Jackson refused the request. The court record makes it fairly clear that the other phones don’t belong to Manafort.

THE COURT: What if — I think one of them is about phone information. What if the redacted phones are not his phone?

MR. WESTLING: I don’t have a problem with that. I think we’re talking about things that relate to this defendant in this case.

We should assume that, in addition to those five phones, there’s a warrant covering a proportional number (Verizon covers more of the cell phone market in the US than AT&T does) of Verizon phones.

All of which is to say that the most obvious explanation for how Mueller obtained the text messages Stone has selectively shared with the press showing he did accept a meeting with a Russian offering dirt on Hillary Clinton is that Mueller convinced a judge there was probable cause to believe that there was evidence of crimes were on that phone.

That is, the interest in Roger Stone is no longer strictly a counterintelligence question of whether Henry Greenberg was idly reaching out to Stone to offer dirt. Rather, it’s a question of whether, in his subsequent response (about which no journalist seems to have asked Stone questions) constitutes a crime.

In any case, Roger Stone’s attempt to turn this into another FISA pseudo scandal (including his suggestion that any warrant targeting him would be “illegal”) is just a desperate indication of how badly the Trump people want to know how much Mueller knows about the crimes Stone may have committed.

On the James Wolfe Indictment: Don’t Forget Carter Page

Last night, DOJ unsealed the indictment of James Wolfe, the former Director of Security for the Senate Intelligence Committee. He is accused of one count of false statements to the FBI. The indictment alleges that he lied about his conversation with four journalists, Ali Watkins and three others.

The NYT has revealed that Watkins, who had a three-plus year relationship with Wolfe, had years of her communications subpoenaed. They obtained years of her subscriber information, and a more narrow period of additional information from her phone. As a reminder, the subscriber information that can be obtained with a d-order is tremendously invasive — in addition to name and financial and other contact information, the government obtains IP and device addresses that allow them to map out all the communications a person uses. This post lays out what the government demands from tech companies. Obtaining it will burn all but the most disciplined operational security and with it, a journalists’ sources.

The indictment also reveals the government obtained Signal and WhatsApp call records and content; it seems to have been Wolfe’s preferred means to communicate “securely.” I suspect they obtained the communications after June 2017, by targeting Wolfe’s phone. It’s possible he voluntarily provided his phone after confronted with his lies, but I suspect they obtained the Signal content via other means, basically compromising his device as an end point. I’ll return to this, but it appears DOJ has made a decision in recent days to expose the ease with which they can obtain Signal and other secure chat apps, at least in national security investigations, perhaps to make people less comfortable using it.

What I’d like to focus on, however, is the role of Carter Page in the indictment.

The government lays out clear proof Wolfe lied about conversations with three reporters. With Watkins and another, they point to stories about Carter Page to do so. The Watkins story is this one, confirming he is the person identified in the Evgeny Buryakov indictment. Another must be one of two stories revealing Page was subpoenaed for testimony by the Senate Intelligence Committee — either this one or this one.

I’m most interested, however, in this reference to a story the FBI raised with Wolfe in its interview, a story for which (unlike the others) the indictment never confirms whether Wolfe is the source.

During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l), that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes

The story suggests they don’t have content for the communications between Wolfe and Reporter #1, and the call records they’re interested in ended last June (meaning the story must precede it).

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

For that reason, I suspect this is the story they asked about — whether Wolfe is a source for the original credible story on Carter Page’s FISA order. The focus on Page generally in the indictment suggests this investigation started as an investigation into who leaked the fact that Page had been targeted under FISA, and continued to look at the stories that revealed classified details about the investigative focus on him (stories which he rightly complained to SSCI about).

I know the focus will be on the impact on Watkins and any other journalists DOJ has subpoenaed, if they have with the others; that impact is very real and we’ll hear more about how DOJ has shifted its treatment of journalists in upcoming days.

But I’d like to consider what it means that this investigation largely stems from leaks about the investigation into Page.

Page is not at all a sympathetic person. He’s nuts, and may well be or have been a willing recruit of Russia. But there are two reasons why the leaks into the investigation into him should be of concern, along with the concern about journalism.

First, whatever the truth about Page, one reason the government treats counterintelligence wiretaps differently than criminal ones is because there are times they need to obtain content from people they don’t have probable cause are criminals. Legitimately obtained wiretaps should never be revealed except in legal proceedings anyway, but that’s all the more true where the government may be using the wiretap to learn whether someone has been recruited. Unlike Paul Manafort, Mike Flynn, and George Papadopoulos, Carter Page has not been charged, yet the leaks about the investigation into him (including of the damned Steele dossier) have branded him as a Russian spy. I’ve reported on too many cases where FISA orders were used against people who weren’t spies (particularly Chinese Americans), and it needs to be said that investigative targets are kept secret, in part, because they’ve not been charged yet.

Then there’s the flip side to the issue. All the leaks about Carter Page may well have poisoned the investigation into him in several ways. Certainly, Page and the Russians were alerted to the scrutiny he was under. If he is or was a Russian spy, the government may never make its case because the stories on Page made it a lot easier for the targets of the investigation to counter it (I actually think several of the less credible leaks about this investigation were designed to do just that).

Indeed, all the leaked stories about him may have made it politically impossible for FBI to continue the investigation. We know the FISA orders against him ceased after all the leaks about his targeting, for example. So if Page is a spy, all the publicity about this may help him get away with it.

The government has wrapped up a tidy indictment where, while they know Wolfe is a source for at least some of the suspect stories about Page, any trial would instead focus on the clear evidence Wolfe lied about things like a multi-year relationship with someone working SSCI and not classified information. Probably, the hope is he’ll plea and identify all the stories for which he has been a source. To get there, the government has used awesome powers against at least one journalist (and in Watkins’ case, it’s not at all clear they needed to do that).

That said, while I don’t defend Page as a person at all, the giddy leaks about him do come with a cost in both due process and investigative terms and it’s worth remembering that as we talk about this case.

A Thinking Person’s Guide to the Stefan Halper Conspiracy Theory

For some time, I’ve been agnostic about whether Chuck Ross’ series on Stefan Halper derived from his own discussions with George Papadopoulos, Carter Page, and Sam Clovis, or whether he relied on leaks from HPSCI.

Today, he gave one of the leading comments he often does, about Paul Ryan’s claimed concern about “FISA abuse.” (Ryan, remember, pushed through 702 reauthorization this year without reforming a single one of the abuses laid out in this report, but apparently Chuck’s gonna play along with the notion that Ryan gives a shit about FISA.)

That mirrors Ross’ own logically nonsensical focus on the dossier as a source for the Carter Page FISA order in conjunction with Halper. Which, especially since other journalists are making it clear the Halper focus is coming from Hill Republicans, suggests Ross was getting leaks from Republicans.

That’s even more true of this interview with Sam Clovis. In it, Clovis makes it very clear the meeting did not stick out in his memory.

It was an academic meeting. It was not anything other than him talking about the research that he had done on China.

[snip]

No indication or inclination that this was anything other than just wanting to offer up his help to the campaign if I needed it.

After describing how he hadn’t opened up attachments Halper sent later in the month, he said, “that is how little this registered with me.”

And yet, somehow, by March, someone had told Ross about this meeting.

Halper also requested and attended a one-on-one meeting with another senior campaign official, TheDCNF learned. That meeting was held a day or two before Halper reached out to Papadopoulos. Halper offered to help the campaign but did not bring up Papadopoulos, even though he would reach out to the campaign aide a day or two later.

Clovis seems to derive his memory of the meeting, in significant part, from the documentation he does (four emails setting the meeting up) and doesn’t (any notes) have about it.

There’s a record of the exchange of emails that we had, four emails to set the appointment.

[snip]

I had my notebook. Always take notes and always keep track of what’s going on. And there wasn’t anything — I didn’t have any notes on the meeting cause there must not have been anything substantive that took place.

That suggests someone knew to go back to look for communications involving Halper. Now, if HPSCI requested all the comms campaign aides had with investigative target Carter Page, then Clovis would have turned over these emails (which mentioned Page but probably discussed China, not Russia), and HPSCI staffers could have found the tie. If HPSCI only asked for Russia-related comms involving Page, then someone got Toensing or Clovis to search for Halper emails themselves.

Clovis explains that he’s bothered, now, about the meeting because he thinks he was used as an excuse to reach out to George Papadopoulos.

He had met with Carter Page. He had used that to get the bona fides to get an appointment with me.

[snip]

Then I think he used my meeting as bona fides to get a meeting with George Papadopoulos.

Remember, one of the inane complaints in the Nunes memo is that the Carter Page FISA application mentioned Papadopoulos.

The Schiff memo explains that Papadopoulos got mentioned because, after Alexander Downer told the FBI that Papadopoulos had told him the Russians were going to release Hillary emails to help Trump, they opened a counterintelligence investigation into the Trump campaign.

In other words, the frothy right likely believes, like Clovis, that Halper was networking as a way to get to Papadopoulos, and that in some way ties to the FISA application against Page.

And he may well have done so! As TPM clarifies some confusion created by WaPo, both Page, Clovis, and Clovis lawyer Victoria Toensing agree that Halper mentioned Page when he reached out to Clovis.

Clovis’ lawyer, Victoria Toensing, previously said, according to the Washington Post that the informant had not mentioned his other Trump contacts when reaching out to Clovis. Clovis said he wasn’t sure “where she got that information,”since she had access to the emails setting up the September 2016 meeting.

Toensing, in an phone interview Tuesday with TPM, backed up Clovis’ account. She told TPM that the informant had said in an email to Clovis that Page had recommended that they meet. She also claimed that the informant had told Page when they met at the conference that he was a big fan of Clovis’. Page confirmed Toensing’s account in an email to TPM.

Halper met with Clovis on September 1 and then reached out to Papadopoulos the next day.

Though note: Page says Halper raised Clovis at the July conference where they met, a meeting that occurred before dossier reports started getting back to FBI (particularly to the people investigating the hack-and-leak) and before the Papadopoulos report. That either suggests the FBI already had concerns about Clovis by then, or Halper was more generally networking with Page along with checking out someone who had been a live counterintelligence concern in his own right since March and for years beforehand.

Here’s where things start to go off the rails for this whole conspiracy theory, though. Clovis (who, remember, testified to Mueller’s team in the days before Papadopoulos’ cooperation agreement was unsealed, and who therefore may have his own false statements to worry about) believes that the FBI had no business trying to ask Papadopoulos about his April knowledge of Russians dealing Clinton emails in a way that would not arouse Papadopoulos’ suspicion.

What unsettled me … is what he tried to do with George Papadopoulos and that was to establish an audit trail from the campaign or somebody associated with the campaign back to those Clinton emails, whether or not they existed we don’t know.

Clovis believes, as does the entire frothy right, that the FBI had no reason to check out leads from someone who predicted the Russians would leak dirt from Hillary to help Trump a month before it became publicly known.

What were they investigating? To be investigating, there has to be some indication of a crime. And there does not appear to have been any indication for a crime. And by the way the Fourth Amendment protects you in your place and your person from investigation without a clear indication of what, uh, probable cause.

Somehow, Clovis conveniently forgets that stealing emails is a crime. And the FBI had been investigating that crime since June 2016, a month before learning that Papadopoulos might have known about the stolen emails before the FBI itself did.

In other words, at the core of this entire conspiracy theory (on top of pretending that Carter Page wasn’t already a counterintelligence concern in March, as all the designated GOP stenographers do) is the GOP fantasy that the FBI had no business trying to chase down why Papadopoulos knew of the theft before the DNC itself did.

And they’re making an enormous case out of the fact that FBI used Halper — a lifelong Republican to whom Papadopoulos could and did lie to without legal jeopardy — to interview someone Clovis claims was “ancillary” to the campaign at the time.

It’s also clear to me that they misread George’s relationship with the campaign entirely, so, because he was not, he was ancillary at best at that point.

So that appears to be where this is heading: an attempt to criminalize a Republican networking with a goal of learning whether George Papadopoulos, and through him, Sam Clovis and the rest of the campaign, committed what Papadopoulos himself has said (though this is legally incorrect) might amount to treason.

Ultimately, it comes down to this: the GOP doesn’t think Russian theft of Democratic emails was a crime and therefore doesn’t think FBI had reason to investigate Papadopoulos’ apparent foreknowledge of that crime.

image_print