October 17, 2019 / by 

 

“Or His Designee”

I noticed something really funny in the AT&T response to Dingell and friends that MadDog linked to. In a passage describing why the telecoms should be granted immunity for abetting the Administration in its illegal wiretap program, AT&T cites 18 USC 2411(2)(a)(ii) to argue that it is immune from prosecution.

The same principle–that a telecommunications carrier who cooperates in good faith with the authorized law enforcement or intelligence activities considered lawful by the executive–underlies numerous defenses and immunities reflected in existing statutory and case law. For example, 18 U.S.C. 2511(2)(a)(ii) provides that "notwithstanding any other law," carriers are authorized to provide "assistance" and "information" to the government whenever the communications service provider receives a "certification" from the Attorney General or his designee "that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required. When the Attorney General furnishes an appropriate certification, Congress has decreed that "no cause of action shall lie in any court." It does not matter whether the Attorney General’s judgment reflected in the certification is ultimately determined to have been right or wrong: as long as the carrier acted pursuant to such a certification, national policy forbids a lawsuit. [emphasis AT&T’s]

Now compare their citation of 18 U.S.C. 2511(2)(a)(ii) with the actual statute.

(ii) Notwithstanding any other law, providers of wire or electronic communication service, their officers, employees, and agents, landlords, custodians, or other persons, are authorized to provide information, facilities, or technical assistance to persons authorized by law to intercept wire, oral, or electronic communications or to conduct electronic surveillance, as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, if such provider, its officers, employees, or agents, landlord, custodian, or other specified person, has been provided with—

(A) a court order directing such assistance signed by the authorizing judge, or

(B) a certification in writing by a person specified in section 2518(7) of this title or the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required,

Do you see the difference? AT&T has unilaterally rewritten "a person specified in section 2518(7) of this title or the Attorney General" to say "Attorney General or his designee." (And if you’re wondering, 2518(7) doesn’t say anything about "designees" either. Update: yes it does–though it specifies that they have to be investigative officers.)

Of course, we know why AT&T has unilaterally rewritten the law. That’s because, as SSCI kindly told us, AT&T conducted its illegal wiretap program based on the authorization of Alberto Gonzales, then White House Counsel.

The Committee can say, however, that beginning soon after September 11, 2001, the Executive branch provided written requests or directives to U.S. electronic communication service providers to obtain their assistance with communications intelligence activities that had been authorized by the President.

The Committee has reviewed all of the relevant correspondence. The letters were provided to electronic communication service providers at regular intervals. All of the letters stated that the activities had been authorized by the President. All of the letters also stated that the activities had been determined to be lawful by the Attorney General, except for one letter that covered a period of less than sixty days. That letter, which like all the others stated that the activities had been authorized by the President, stated that the activities had been determined to be lawful by the Counsel to the President. [my emphasis]

Of course, AT&T is not alone in rewriting the law to make it legal for the President’s lawyer to authorize illegal wiretapping on American citizens. The SSCI did so themselves.

Under the existing statutory scheme, wire or electronic communication providers are authorized to provide information and assistance to persons with authority to conduct electronic surveillance if the providers have been provided with (1) a court order directing the assistance, or (2) a certification in writing signed by the Attorney General or certain other officers that ―no warrant or court order is required by law, that all statutory requirements have been met, and that the specific assistance is required.‖ See 18 U.S.C. § 2511(2)(a)(ii). [my emphasis]

"Certain other officers" … "or his designee." Neither of those phrases appear in the law, of course.

AT&T and SSCI have all but admitted that AT&T broke the law, engaging in wiretapping Americans based on the certification of Bush’s lawyer.

And now Congress wants to retroactively make such wiretapping legal.


“Dude, that’s what they want.”

Babak Pasdar’s affidavit on Verizon’s Quantico Circuit reveals something about the government’s back-door access to all of Verizon’s data, one which might be familiar to you from the missing White House emails saga.

When the Steven McDevitt tried to reconstruct all OVP the emails from the period when Scooter Libby and Dick Cheney were coordinating their cover story, he discovered no logs from the emails of that period existed; thus, there’s no way to be sure that the 250 pages of email turned over to Patrick Fitzgerald constitute all the missing emails.

Golly. What a surprise, then, that the government didn’t want any logs taken of its back-door access to (presumably) Verizon’s data.

Pasder notes that (presumably) Verizon’s log collection system was very primitive.

I specifically remembered being shocked at the primitiveness and inadequacy of their log collection system. After all, this was a major carrier. After a cursory overview I was able to point out to C1 and C2 that their log collection system might not have been collecting all logs. This surprised C1 and C2. A subsequent test showed that the client’s log collection system was missing as many as 75% of the logs being generated, essentially rendering the whole system useless.

Mind you, that covered the whole system, not just the Quantico Circuit the government was using to access the system. But when Pasdar describes learning about the Circuit itself, he explains that there was no logging system for the Circuit. None.

This is a little narrative he tells about learning of the Circuit when testing the firewalls of the new system he was putting in.

At one point I overheard C1 and C2 talking about skipping a location. Not wanting to do a shoddy job I stopped and said "we should migrate all sites."

C1 told me this site is different.

I asked, "Who is it? Carrier owned or affiliate?"

C1 said, "This is the ‘Quantico Circuit.’"

Pasdar goes on to learn that this is a 45 mega bit per second circuit that supports data and voice communication. The consultants he was working with made it clear they weren’t supposed to put any access controls on it.

C1 said that this circuit should not have any access control. He actually said it should not be firewallled.

I suggested to migrate it and implement an "Any-Any" rule. ("Any-Any" is a nickname for a completely open policy that does not enforce any restrictions.) That meant we could log any activity making a record of the source, destination and type of communication. It would have also allowed easy implementation of access controls at a future date. "Everything at least SHOULD be logged," I emphasized.

C1 said, "I don’t think that is what they want."

As Pasdar continued to insist on securing the circuit, the consultants called in the Director of Security for (presumably) Verizon, the Director drove to the location to insist that Pasdar do nothing with the wide open circuit. After the Director left, Pasdar persisted.

I shifted the focus. "Forgetting about who [the circuit] is, don’t you think it is unusual for some third party to have completely open access to your systems like this? You guys are even firewalling your internal offices, and they are part of your own company!"

C1 said, "Dude, that’s what they want."

Finally, Pasdar asks whether there is any logging tied to the circuit.

"Does this thing have any logging or access list tied to it?", I asked C1.

He paused, shook his head in the negative and said, "I don’t think so."

For the balance of the evening and for some time to come I thought about all the systems to which this circuit had complete and possibly unfettered access. The circuit was tied to the organization’s core network. It had access to the billing system, text messaging, fraud detection, web site, and pretty much all the systems in the data center without apparent restrictions.

What really struck me was that it seemed no one was logging any of the activity across this circuit. And if they were, the logging system was so abysmal that they wouldn’t capture enough information to build any type of picture of what had transpired. Who knw what was being sent across the circuit and who was sending it? To my knowledge no historical logs of the communications traversing the "Quantico Circuit" exists. [my emphasis]

In other words, not only did they tap right into (presumably) Verizon’s circuits directly. But they refused to allow a record of what they were doing, once they got into the circuits, be made.

No wonder the Republicans refuse to allow segregation of US person data. No wonder they refuse to pull out information collected afterwards if it was later found to be an improper search. At the circuit level, at least, they’re not tracking that information.

And they didn’t want anyone to come afterwards and be able to track what they had done, either.


The Quantico Circuit

Yesterday, Wired’s Threat Level reported on the Quantico Circuit, what appears to be Verizon’s back door to give the government complete access to our telecommunications.

A U.S. government office in Quantico, Virginia, has direct, high-speed access to a major wireless carrier’s systems, exposing customers’ voice calls, data packets and physical movements to uncontrolled surveillance, according to a computer security consultant who says he worked for the carrier in late 2003.

"What I thought was alarming is how this carrier ended up essentially allowing a third party outside their organization to have unfettered access to their environment," Babak Pasdar, now CEO of New York-based Bat Blue told Threat Level. "I wanted to put some access controls around it; they vehemently denied it. And when I wanted to put some logging around it, they denied that."

Pasdar won’t name the wireless carrier in question, but his claims are nearly identical to unsourced allegations made in a federal lawsuit filed in 2006 against four phone companies and the U.S. government for alleged privacy violations. That suit names Verizon Wireless as the culprit. [my emphasis]

To which John Dingell and friends respond, this is another reason not to pass telecom immunity.

Because legislators should not vote before they have sufficient facts, we continue to insist that all House Members be given access to the necessary information, including the relevant documents underlying this matter, to make an informed decision on their vote. After reviewing the documentation and these latest allegations, Members should be given adequate time to properly evaluate the separate question of retroactive immunity.

Yeah, and while we’re at it, let’s figure out why the email providers are actually opposed to retroactive immunity. 


My Version of Pelosi’s Statement on Exclusivity

TPMM wrote up a summary of a response Speaker Pelosi gave to a question I asked at a blogger conference call today that has caused a stir. While I don’t disagree with McJoan’s take–if the Speaker had really said immunity was the issue, it would reflect a short-sighted view of FISA (though I’d say the same about other topics, such as segregation; after all, once the government can legally use information that has been improperly collected, that’s toothpaste out of a tube, too)–I’d like to give my version of the conversation, because I don’t think that’s what Pelosi said or meant.

The call was originally supposed to be focused on contempt. So after the Speaker finished telling about the Paul Wellstone Mental Health and Addiction Equity bill, someone (Mike Stark, I think) asked for reassurances that the Democrats would continue to pursue contempt after we win the White House and larger margins in both houses next year. Pelosi spoke at length about how important this contempt fight is because of the separation of powers issue–and stated that this is a better case than when GAO tried to get Cheney’s records on his Energy Task Force. Finally, in response to a follow-up, Pelosi stated that Democrats would continue to pursue the contempt issue after November.

Then, I piped in. I basically asked the idea laid out in this post.

Email providers argue that immunity will contribute to uncertainty. They speak of receiving "vague promises," they demand "clear rules" and "bright lines."

Given that complaints about uncertainty and unclear demands have led these email providers to strongly oppose retroactive immunity, it suggests the requests the email providers got were really murky–murky enough that the requests caused the email providers a good deal of trouble.

If the government was making such murky requests, don’t you think Congress ought to know what those requests were in more detail?

That is, since email providers just made a very strong statement against immunity, shouldn’t we be asking them why they’re opposed to it?

Pelosi, having just spoken at length about about separation of powers, then said that immunity wasn’t the only issue, exclusivity was important as well.

Note, I’m not sure I can dispute Paul Kiel’s description, though I don’t remember Pelosi emphasizing exclusivity in the way his post suggests at all. I certainly didn’t hear her say immunity is the issue, but then I was listening for my answer. (I thought about noting that I have been writing about more than immunity, but decided there were better things to do with the Speaker’s time. She can just go ask Russ Feingold.)

I did, however, restate my question, asking why they don’t bring in Google and Microsoft to find out why the people who got these requests from the government are actually opposed to immunity. She said it sounded like a good idea. (Woo hoo!)

The point is, in my opinion it is utterly wrong to paint what Pelosi said as a strategic statement against immunity and for exclusivity. She said nothing about trading immunity for exclusivity. I took her answer, following so closely on a fairly involved statement about the importance of fights over separation of powers, to simply point back that earlier discussion about contempt.

I think Speaker Pelosi was responding with a focus on ways to make sure Article I regains its power from Article II, not about the nitty gritty of the FISA fight.


The Government’s Unclear Demands for Emails

Ryan Singel and Mary have pointed to to Ken Wainstein’s confirmation of something we’ve been discussing for some time: the problem with FISA’s restrictions on foreign communication has to do with email.

But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA’s current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don’t know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States. [my emphasis]

Now that the Administration is finally telling us some truths about their program, I think it worthwhile to repeat and expand on an observation I made here about CCIA’s letter opposing telecom immunity. CCIA, after all, represents three big email companies: Microsoft (Hotmail), Google (Gmail), and Yahoo. And in their letter, these email companies directly tie immunity with confusing requests from the government.

To the Members of the U.S. House of Representatives:

The Computer & Communications Industry Association (CCIA) strongly opposes S. 2248, the “FISA Amendments Act of 2007,” as passed by the Senate on February 12, 2008. CCIA believes that this bill should not provide retroactive immunity to corporations that may have participated in violations of federal law. CCIA represents an industry that is called upon for cooperation and assistance in law enforcement. To act with speed in times of crisis, our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact. !!

CCIA dismisses with contempt the manufactured hysteria that industry will not aid the United States Government when the law is clear. As a representative of industry, I find that suggestion insulting. To imply that our industry would refuse assistance under established law is an affront to the civic integrity of businesses that have consistently cooperated unquestioningly with legal requests for information. This also conflates the separate questions of blanket retroactive immunity for violations of law, and prospective immunity, the latter of which we strongly support.

Therefore, CCIA urges you to reject S. 2248. America will be safer if the lines are bright. The perpetual promise of bestowing amnesty for any and all misdeeds committed in the name of security will condemn us to the uncertainty and dubious legalities of the past. Let that not be our future as well. [my emphasis]

Email providers argue that immunity will contribute to uncertainty. They speak of receiving "vague promises," they demand "clear rules" and "bright lines."

Given that complaints about uncertainty and unclear demands have led these email providers to strongly oppose retroactive immunity, it suggests the requests the email providers got were really murky–murky enough that the requests caused the email providers a good deal of trouble.

If the government was making such murky requests, don’t you think Congress ought to know what those requests were in more detail?


Shorter Google:

"Don’t eliminate the competitive advantage I gained by trying to protect Americans’ privacy."

McJoan reports that the CCIA wrote a letter to Congress opposing retroactive immunity.

In strong rebuke of the Chamber’s knee jerk Republican pandering, the trade group that actually represents companies in the computer, Internet, information technology, and telecommunications industries, the Computer & Communications Industry Association (CCIA) is opposed to telco amnesty [pdf], and have weighed in with their own letter to Congress.

To the Members of the U.S. House of Representatives:

The Computer & Communications Industry Association (CCIA) strongly opposes S. 2248, the "FISA Amendments Act of 2007," as passed by the Senate on February 12, 2008. CCIA believes that this bill should not provide retroactive immunity to corporations that may have participated in violations of federal law. CCIA represents an industry that is called upon for cooperation and assistance in law enforcement. To act with speed in times of crisis, our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact.

CCIA dismisses with contempt the manufactured hysteria that industry will not aid the United States Government when the law is clear. As a representative of industry, I find that suggestion insulting. To imply that our industry would refuse assistance under established law is an affront to the civic integrity of businesses that have consistently cooperated unquestioningly with legal requests for information. This also conflates the separate questions of blanket retroactive immunity for violations of law, and prospective immunity, the latter of which we strongly support. [emphasis McJoan’s]

And if I’m not mistaken, Google and Yahoo are the two primary CCIA members who would be (as the letter states) "called upon for cooperation and assistance in law enforcement" [Update: as WO points out, Evil Bill Gates is as big a player in free email, and was also asked for search queries.] As you’ll recall, both Google and Yahoo were asked to turn over vast amounts of data that would have also revealed a good deal of proprietary information (Yahoo complied, Google fought the request).

The Justice Department has asked a federal judge to compel Google, the Internet search giant, to turn over records on millions of its users’ search queries as part of the government’s effort to uphold an online pornography law.

Google has been refusing the request since a subpoena was first issued last August, even as three of its competitors agreed to provide information, according to court documents made public this week. Google asserts that the request is unnecessary, overly broad, would be onerous to comply with, would jeopardize its trade secrets and could expose identifying information about its users.

Now, I don’t actually know whether or not Google is opposed to retroactive immunity because of this fight over the search queries or a request explicitly tied to terrorism. But I do wonder whether CCIA Google has specific requests in mind when it says,"our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact."

Chairman Reyes–while you’re talking to telecom companies, maybe you ought to talk to Google, too, to find out what wacky requests the Bush Administration asked it comply with, because it sure sounds like it got some rather ambiguous requests.

Meanwhile, speaking of McJoan’s post–did you notice that yet another Quinn Gillespie client–the US Chamber of Commerce–is pushing for telecom immunity? Has the President’s Counselor recused himself from this fight, because those Quinn Gillespie clients sure seem to be pushing this big.


Mixed Telecom Signals

As Ryan Singel points out, Silvestre Reyes went from writing a scathing editorial with Senators Leahy and Jello Jay and Congressman Conyers on Monday, denouncing Bush’s scare tactics, to announcing imminent agreement by the end of the week.

Regarding a compromise deal, Reyes said: "We think we’re very close, probably within the next week we’ll be able to hopefully bring it to a vote."

Seemingly a pretty big turn-around over the course of the week, no?

But there’s more that’s funky with Reyes’ timing. The AP reports his statement was taped Friday, not Sunday.

Rep. Silvestre Reyes, in a television interview broadcast Sunday, did not specifically say whether the House proposal would mirror the Senate’s version.

[snip]

Reyes, whose interview was taped Friday, appeared on CNN’s "Late Edition," as did Blunt.

Friday happens to be the same day that Harry Reid moved to pass a 30-day extension to the PAA.

As we move forward, there is no reason not to extend the Protect America Act to ensure that there are no gaps in our intelligence gathering capabilities. Even Admiral McConnell, the Director of national Intelligence, has testified that such an extension would be valuable. But the President threatens to veto an extension, and our Republican colleagues continue, inexplicably, to oppose it.

“I urge them to withdraw their opposition. I will now ask unanimous consent to take up and pass S. 2664, a bill to extend the Protect America Act for 30 days, and to make the extension effective as of February 15, to ensure that there are no adverse legal consequences from the President’s decision to let that law expire.”

Now I suppose the 30-day extension, made retroactive to February 15, would amount to just a 15 day extension. And I see the value of forcing Republicans to repeatedly refuse to ensure the wiretaps continue.

But which is it? Imminent deal, or two more weeks?

And while we’re talking about weird temporal anomalies, can someone help me with the timing of this passage?

Reyes, D-Texas, said he was open to that possibility after receiving documents from the Bush administration and speaking to the companies about the industry’s role in the government spy program.

"We are talking to the representatives from the communications companies because if we’re going to give them blanket immunity, we want to know and we want to understand what it is that we’re giving immunity for," he said. "I have an open mind about that."

The word "after" suggests that Reyes has seen what the telecoms did, and now is more comfortable with the idea of immunity. Yet the phrase, "are talking" suggests this discussion is still in process. Is this just some kind of AP grammar, or has Reyes already talked to the telecoms? Have his colleagues from Commerce gotten a chance to talk to the companies they oversee, or just a select group of Congressmen whose word we’re being asked to trust? As McJoan notes,

Bully for you, Congressman Reyes, for being able to talk to the telcos about their illegal activities. How about the rest of us? How about the American citizens who were spied on illegally and want to know why? Perhaps Congressman Reyes should consider calling those telco CEOs into a public hearing so that we could all learn about their role in the spying program before sealing that deal, before ensuring that those activities will never be examined by a court of law. And all due respect to the Congressman, his judgment on this matter shouldn’t be substituted for that of a federal court.

If this is all much ado about nothing–as Reyes suggests–then let’s hear it. Let’s hear what assurances the telecoms had that their spying was legal after DOJ had rejected it in March 2004. Because a bunch of Republican lawyers sure thought it was illegal. Did Bush simply not tell them they were breaking the law? Because, if he did, then we surely have the right to know that, too.


It’s All About $$$

We know that the Administration only became intransigent about immunity for telecoms after a telecom lobbyist took over as Counselor to the President. And we know the telecoms cut off wiretaps–even a FISA one–when they didn’t get paid by the FBI. It’s pretty clear the fight over telecom immunity and FISA is about the money.

Which is probably why Republicans are now whining that telecoms are not paying them enough for their willingness to gut the Constitution. 

In a reflection of the sensitivity of the subject matter, and an apparent recognition that they would undermine their own messaging by appearing to be motivated by fundraising concerns, Republicans on and off Capitol Hill declined to comment on the record.

But several confirmed the griping in GOP leadership ranks over the phone companies’ shifting donations.

"When those numbers are made evident, it causes some angst," one Republican lobbyist said. "Leadership are told by staff, who look through this. There’s communication back and forth" between GOP leadership and downtown.

"There’s no question that from time to time staff, and maybe some Members, say to fellow travelers: ‘Are you giving us some air cover? Are you helping us help you?’"

Added another K Street Republican: "There’s a growing frustration that a lot of these guys getting screwed by Democratic leadership are continuing to load their coffers."

Republican leaders, this lobbyist said, "sit there and scratch their heads and say, ‘We’ve always been very supportive of free markets and our opponents haven’t, so why do they keep feeding the beast?’"

Shorter anonymous Republican aides: cough up for the immunity campaign. Now.

Can we start calling it a quid pro quo if this blatant demand to the telecoms works? And what’s the going rate for gutting the Constitution, anyway?


Republican No Shows on FISA Negotiation

Let’s hope getting stood up teaches Jello Jay about Republican priorities:

In what should have been a bipartisan, bicameral meeting, staff members of the House and Senate Judiciary and Intelligence Committees met today to work in good faith to reach a compromise on FISA reform. As we have said, we are using this week to work on a compromise that strengthens our national security and protects Americans’ privacy. Unfortunately, we understand our Republican counterparts instructed their staffs not to attend this working meeting, therefore not allowing progress to be made in a bipartisan, bicameral way. While we are disappointed that today’s meeting could not reflect a bipartisan effort, we will continue to work and hope Republicans will join us to put our nation’s security first.

I guess immunity and all that isn’t so important after all…


SCOTUS Says “No Thanks” to ACLU Suit–Will It Change the FISA Debate?

SCOTUS just declined to review the 6th Circuit’s dismissal of the ACLU warrantless wiretapping suit.

 The Supreme Court rejected a challenge Tuesday to the Bush administration’s domestic spying program.

The justices’ decision, issued without comment, is the latest setback to legal efforts to force disclosure of details of the warrantless wiretapping that began after the Sept. 11 attacks.

The American Civil Liberties Union wanted the court to allow a lawsuit by the group and individuals over the wiretapping program. The 6th U.S. Circuit Court of Appeals dismissed the suit, saying the plaintiffs could not prove their communications had been monitored.

McJoan and Christy point to the key issue here–standing. As Glenn points out, judges have ruled that this warrantless wiretapping program was illegal, yet also ruled (at least the 6th Circuit) that no one had standing to do anything about it. 

It’s not clear whether the 9th Circuit will rule different on the majority of the 40 or so cases out there. But for now, this decision sure seems to put the immunity debate in a different light. After all, if judges won’t let any of these suits advance because no one can prove standing, then why bother with the constitutionally suspect step of having Congress intervene in the Courts?

The rub is the Al-Haramain lawsuit, where plaintiffs once had documented proof that the government had intercepted calls between one of the Charity’s members and its lawyers in the US. Only the government’s Kafkaesque games, which demand lawyers for the charity treat their own memory as classified, prevents the charity from proving standing.

Is Congress going to bigfoot into the privileges of another branch of government because one Islamic charity once had proof of the Bush Administration’s law-breaking? Or is it the threat of a differing opinion in the 9th Circuit the basis of the single-minded panic about immunity?

Copyright © 2018 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/fisa/page/169/