Keith Alexander: The One General Obama Didn’t Fire

/5 Comments/in /by

Obama has developed a reputation for firing Generals (so much so the wingnuts have developed some conspiracy theories about it).

Most famously, of course, he fired Stanley McChrystal for insubordination. He ousted CENTCOM Commander James Mattis early because of dissent on Iran policy (what on retrospect, with the distance and this AP report, might have been opposition to the back channel discussions that led to this weekend’s interim nuclear deal). A slew of Generals have been fired for offenses including drinking, fucking (including sexual abuse), swearing, and cheating at poker, as well as abusing their positions (Hamm, Gaouette, Baker, Roberts, Sinclair, Giardina, CarryHuntoon). Obama accepted then CIA Director David Petraeus’s resignation, ostensibly for fucking, too, but even before that kept refusing Petraeus the promotions he thought he deserved. Generals Gurganus and Sturdevant got fired for not sufficiently defending a big base in Afghanistan.

It’s that background that makes the premise of this WSJ piece on NSA so unconvincing. It presents the fact that General Keith Alexander offered — but Obama did not accept — his resignation as proof of how significantly the Snowden leaks have affected NSA.

Shortly after former government contractor Edward Snowden revealed himself in June as the source of leaked National Security Agency documents, the agency’s director, Gen. Keith Alexander, offered to resign, according to a senior U.S. official.

The offer, which hasn’t previously been reported, was declined by the Obama administration. But it shows the degree to which Mr. Snowden’s revelations have shaken the NSA’s foundations—unlike any event in its six-decade history, including the blowback against domestic spying in the 1970s.

[snip]

When the leaks began, some top administration officials found their confidence in Gen. Alexander shaken because he presided over a grave security lapse, a former senior defense official said. But the officials also didn’t think his resignation would solve the security problem and were concerned that letting him leave would wrongly hand Mr. Snowden a win, the former defense official said.

Even before Edward Snowden started working for the NSA via Booz, Alexander had presided over — by his own provably exaggerated admission — the plunder of America via cybertheft.

Then, on top of that purportedly catastrophic failure, Snowden served to demonstrate how easy it was to walk away with details on some of NSA’s most sensitive ops.

And yet the guy who left the entire US Internet as well as NSA’s codebreaking exposed — as compared to a single base in Afghanistan — did not get fired for his failures.

Because that might wrongly hand Snowden a win, apparently.

That’s the real tell. The article provides new details on an effort to weigh the value of wiretapping elite targets. But the rest of the article quotes hawks like Dutch Ruppersberger and Mike Rogers complaining about the risk of big new controls that might end the Golden Age of SIGINT while — again — focusing almost exclusively on the wiretapping of elites (the article includes one paragraph predicting a compromise on the dragnet programs, not noting, of course, how much of the dragnet has already moved overseas).

Broad new controls, though, run the risk of overcorrecting, leaving the agency unable to respond to a future crisis, critics of the expected changes warn.

[snip]

Another change under consideration is placing a civilian in charge of the NSA for the first time after Gen. Alexander leaves next spring, as he has been planning to do. Deputy Defense Secretary Ashton Carter is advocating internally for the change, according to current and former officials. Mr. Carter declined to comment.

“We’re getting clobbered, and we want a better story to tell than: ‘It’s under review, and everybody does it,’ ” the senior administration official said, speaking of the U.S. belief that other governments routinely electronic eavesdrop on foreign leaders.

There’s one more odd part of this story. It claims that after 9/11, the NSA was pilloried for its lapses leading up to the attack.

After the 2001 terrorist attacks, the NSA was pilloried for missing clues of the plot. It reinvented itself as a terrorist-hunting machine, channeling its computing power to zero in on suspects any time they communicated.

That’s not what happened. The National Security establishment has repeatedly, falsely portrayed NSA’s failure to realize Khalid al-Mihdhar was calling an Al Qaeda line in Yemen and CIA’s failure to share information about Mihdhar’s travel. And none of the 9/11 Commission’s recommendations address NSA (by the time of the report, the “wall” between intelligence and FBI, which otherwise would have been a recommendation, had been down for almost 3 years). But beyond that, no one has scrutinized NSA’s collections (in part because they include damning intercepts implicating the Saudis).

Moreover, the claim that this dragnet exists solely to “zero in on suspects any time they communicated” ignores the shift from terrorism to cybersecurity.

In short, while WSJ’s sources seem to be claiming catastrophe, the story they’re telling is business as usual.

Obama has fired Generals for failure to protect a single base, not to mention cheating at poker. He seems intent on keeping Alexander — at least to get through this scandal — precisely because he’s so good at cheating at (metaphorical) poker.

Share this entry

NSA Denies Their Existing Domestic Cyberdefensive Efforts, Again

/9 Comments/in , /by

James Risen and Laura Poitras have teamed up to analyze a 4-year plan the NSA wrote in 2012, in the wake of being told its collection of some US person content in the US was illegal. I’ll discuss the document itself in more depth later. But for the moment I want to look at the denials anonymous senior intelligence officials (SIOs) gave Risen and Poitras about their domestic cyberdefensive efforts.

As a reminder, since before 2008, the government has been collecting bulk Internet data from switches located in the US by searching on selectors in the content. Some of that collection searches on identifiers of people (for example, searching for people sharing Anwar al-Awlaki’s email in the body of a message). But the collection also searches on other identifiers not tied to people. This collection almost certainly includes code, in an effort to find malware and other signs of cyberattacks.

We know that’s true, in part, because the Leahy-Sensenbrenner bill not only restricts that bulk domestic collection to actually targeted people, but also because it limits such collection only to terrorism and counterproliferation, thereby silently prohibiting its use for cybersecurity. The bill gives NSA 6 months to stop doing these two things — collecting non-person selectors and doing so for cybersecurity — so it’s clear such collection is currently going on.

So in 2012, just months after John Bates told NSA that when it collected domestic communications using such searches, it was violating the Constitution (the NSA contemplated appealing that decision), the NSA said (among other things),

The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on NSA’s mission.

The document then laid out a plan to expand its involvement in cybersecurity, citing such goals as,

Integrate the SIGINT system into a national network of sensors which interactively sense, respond, and alert one another at machine speed

Cyberdefense and offense are not the only goals mapped out in this document. Much of it is geared towards cryptanalysis, which is crucial for many targets. But it only mentions “non-state actors” once (and does not mention terrorists specifically at all) amid a much heavier focus on cyberattacks and after a description of power moving from West to East (that is, to China).

Which is why the SIO denials to Risen and Poitras ring so hollow.

Read more

Share this entry

Was DOJ Hiding a Section 215 Gun Registry from Congress?

/14 Comments/in , /by

Among other documents, ODNI released  on Monday all the Attorney General Reports on Section 215 use from 2005 to 2011 (2006200720082009201020112012).

This is the classified version of a report that also gets released in unclassified form as part of a larger report to Congress on FISA numbers (20052006200720082009201020112012; ODNI did not release the report covering 2012 because it lay outside the scope of ACLU’s FOIA). And the paragraph of each of these reports that lays out the following information remains redacted in all of them.

(3) the number of such orders either granted, modified, or denied for the production of each of the following:

(A) Library circulation records, library patron lists, book sales records, or book customer lists.

(B) Firearms sales records.

(C) Tax return records.

(D) Educational records.

(E) Medical records containing information that would identify a person.

Nevertheless, the reports show us two new things.

Screen shot 2013-11-22 at 8.52.29 AM

First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:

The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).

The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).

Julian Sanchez had speculated that’s what was going on in a post (I can’t find the link right now) noting that NSL use had halved while Section 215 use had gone up. Remember, too, the government has not released a 2010 opinion on Section 215 that may explain why the FISC got much more involved in policing the government’s minimization.

Still, it is almost certain that the need to double check government minimization stems from bulk collections. If those bulk collections were also on a 90-day renewal cycle, then we might be looking at 44 bulk collection programs in 2011.

One more thing. As was reflected in the ACLU Vaughn Index, it appears DOJ never provided these reports to Congress starting with the report covering 2008. It did do so for the report covering 2011, but the report isn’t dated, so it’s not clear it was done in April 2012, when it should have been provided to Congress. Furthermore, that production was cc’ed to John Bates, which the tardy August 16, 2010 production of FISC opinions also was, which makes me wonder whether Bates had to force the Executive to fulfill the requirements in the PATRIOT Reauthorization (both these reports and the pre-2008 “significant constructions of law” requirement stems from the 2006 reauthorization). [4/19/14 correction: The “significant constructions of law” stems from the FISA Amendments Act]

Now, maybe DOJ was just being lazy in not fulfilling the clear legal requirement. But given that it seems to have had no problem fulfilling the requirement for unclassified numbers during the same period, I wonder whether DOJ just didn’t want to reveal that it was collecting on one or more of the specified categories, such as firearms sales records (though I’ve long wondered whether DOJ was also collecting DNA records).

Read more

Share this entry

By “Application” the Administration Didn’t Mean “Memorandum of Law”

/1 Comment/in , /by

This is a very minor point.

But, perhaps to rebut my observation that the government withheld significant constructions of law from the oversight committees until after the PATRIOT Act was reauthorized in 2010, ODNI released these this July 22, 2009 document, approving the unsealing of the original application for the phone dragnet so it could be shared with the Judiciary and Intelligence Committees as mandated by the FISA Amendments Act over a year earlier.

That makes it clear the oversight committees did have the application, at least, before they started discussions to reauthorize PATRIOT.

But it also shows several other things.

It shows how misleading the White Paper was when it implied the oversight committees had everything by December 2008.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees. [my emphasis]

It seems that reference to “application” in the White Paper referred only to the formal application, absent the underlying legal memorandum revealing just how radical this request was, which the Executive Branch withheld for another 7 months (even as the program was showing serial violations).

It also shows that the government took over a year after FAA required this sharing before it actually shared the document.

And it shows that, while we don’t know what the government withheld for over another year, the government was still withholding substantive information from Congress until after PATRIOT was reauthorized in February 2010.

Unlike some of the documents released by the government, the original Colleen Kollar-Kotelly opinion doesn’t reveal when it got released to Congress. I wonder when the Executive decided to share that?

Update: I may have spoken too soon. FISC unsealed this, but I don’t see the submission recorded on the Vaughn indices. Will update soon.

Update: Here’s what the ACLU Vaughn Index (there are differences with the EFF Vaughn Index, but not on this point) shows as far as Congressional submissions of pre-FAA material.

  • October 3, 2008, 31 pages of post FAA matters, all apparently on Section 215
  • October 3, 2008, 31 pages of post FAA matters, all apparently on Section 215 (may be duplicate entry — see entries 13 and 82)
  • December 1, 2008, at least 1084 pages of pre FAA matters, 378 of which pertain to Section 215
  • August 16, 2010, 236 pages of Section 215 matter plus more on other topics, pre FAA matters
  • February 4, 2011, 39 pages, all apparently on Section 215, unclear whether this is pre or post FAA materials

In other words, if the Vaughn Index is accurate, FISC unsealed this opinion on July 22, 2009, but the Executive Branch didn’t provide it to the oversight committees until August 16, 2010.

Share this entry

8 Years Later, NSA Still Using Same PR Strategy to Hide Illegal Wiretap Program

/18 Comments/in , /by

[youtube]kfbHbht081E[/youtube]

Between these two posts (one, two), I’ve shown that the Executive Branch never stopped illegally wiretapping Americans, even after the worst part of it got “shut down” after the March 2004 hospital confrontation. Instead, they got FISC to approve collection with certain rules, then violated the rules consistently. When that scheme was exposed with the transition between the Bush and Obama Administrations, the Executive adopted two new strategies to hide the illegal wiretapping. First, simply not counting how many Americans they were illegally wiretapping, thus avoiding explicit violation of 50 USC 1809(a)(2). And, starting just as the Executive was confessing to its illegal wiretapping, moving — and expanding it — overseas. Given that they’re collecting content, that is a violation in spirit, at least, of Section 704 of FISA Amendments Act, which requires a warrant for wiretapping an American overseas (the government probably says this doesn’t apply because GCHQ does much of the wiretapping).

One big discovery the Snowden leaks have shown us, then, is that the government has never really stopped Bush’s illegal wiretapping program.

That actually shows in the PR response the government has adopted, which has consisted of an affirmative and a negative approach. The affirmative approach emphasizes the programs — PATRIOT Act Section 215 and Section 702 of FAA — that paralleled the illegal wiretap program (I’m not conceding either is constitutional, but only the upstream collection under 702 has been deemed an explicit violation of the law). This has allowed the government to release a blizzard of documents — Transparency!™ — that reveals some shocking disclosures, without revealing the bigger illegal programs. But note how, when the revelations touched on the Internet dragnet (which should be no more revelatory than the phone dragnet), ODNI tried to obscure basic details by hiding dates (even if they left those dates in one URL).

Meanwhile, the I Con has invested energy in trying to undermine every story that touches on the larger illegal wiretapping programs. Read more

Share this entry

The Empire’s New Clothes

/9 Comments/in /by

Jay Rosen likes to talk about the Snowden effect — the events that have followed on Edward Snowden’s leaks that lead to more public knowledge.

This is surely a superb example of it. Someone has leaked the US Redlines — US negotiating goals aiming to curtail the German-British proposal to recognize an international right to privacy in electronic communications — to Colum Lynch. Lynch writes,

Publicly, U.S. representatives say they’re open to an affirmation of privacy rights. “The United States takes very seriously our international legal obligations, including those under the International Covenant on Civil and Political Rights,” Kurtis Cooper, a spokesman for the U.S. mission to the United Nations, said in an email. “We have been actively and constructively negotiating to ensure that the resolution promotes human rights and is consistent with those obligations.”

But privately, American diplomats are pushing hard to kill a provision of the Brazilian and German draft which states that “extraterritorial surveillance” and mass interception of communications, personal information, and metadata may constitute a violation of human rights. The United States and its allies, according to diplomats, outside observers, and documents, contend that the Covenant on Civil and Political Rights does not apply to foreign espionage.

The Redlines set three goals:

  • Clarify that references to privacy rights are referring explicitly to States’ obligations under ICCPR and remove suggestion that such obligations apply extra-territorially.
  • Clarify that the focus of the resolution is on “unlawful” or “illegal” surveillance and interception of communications.
  • Clarify that violations of privacy rights to not necessarily violate freedom of expression.

The Redlines, along with a basic understanding of the degree to which the US dominates global telecommunications networks, make it clear how important retaining this advantage is to the American Empire. After all, a limit on extraterritorial spying primarily limits the US and its partners, because no one else has the ability to operate extraterritorially at such scale. And assuming the US can limit the application of privacy to nation-states, then limiting the resolution would exempt all the extraterritorial dragnet that would otherwise be in violation. I’m perhaps most intrigued by US insistence that massive dragnets don’t violate freedom of expression, because while that’s obviously false, the US already depends on that false claim to conduct its dragnet domestically.

This is, then, in addition to being a perfect example of the Snowden effect, it’s also a perfect example of what Henry Farrell and Martha Finnemore have described in their essay on American hypocrisy and what I elaborated on here.

US hegemony rests on a lot of things: the dollar exchange, our superlative military, our ideological lip service to democracy and human rights.

But for the moment, it also rests on the globalized communication system in which we have a huge competitive advantage. That is, one reason we are the world’s hegemon is because the rest of the world communicates through us — literally, in terms of telecommunications infrastructure, linguistically, in English, and in terms of telecommunications governance.

Aggressively hacking the rest of the world endangers that, both because of what it does to our ideological claims, but just as importantly, because it provides rivals with the concrete incentive to dismantle that global infrastructure.

We’re opting to retain the ability to spy on everyone else, all using the increasingly flaccid claim of terrorism, all while pretending that simply endorsing this basic principle of human rights won’t devastate one tool of our Empire.

But as the leak of these Redlines makes clear, we clearly do believe it would undermine the Empire.

Share this entry

The Five Year Parade of Internet Dragnet Violations

/9 Comments/in /by

Monday’s document release provided mounting evidence that when the hospital confrontation “heroes” moved the Internet dragnet they had deemed to be illegal under the auspices of the FISA Court, neither they, nor Judge Colleen Kollar-Kotelly believed it was legally sound. But they traded those truly crummy legal claims to bring the program under court oversight. Since then, boosters of the scheme have claimed the oversight serves to eliminate violations quickly.

We already knew that’s not true.

Still, Monday’s release — particularly this John Bates opinion written around July 2010 — makes that even more clear. After Kollar-Kotelly sacrificed judicial wisdom for court oversight on July 14, 2004, the government continued breaking the court’s rules for five years, until Reggie Walton shut the program down, sometime in fall 2009.

First, let’s lay out the dates. I’ve done a rough timeline below, based on the known start-date (July 14, 2004) and the rough end point with John Bates’ opinion (around July 2010). The bulk of the other dates impose the timeline laid out in the Bates opinion on a few known dates taken from the phone dragnet production (plus, the geniuses at ODNI not only left the date of the June 22 Internet dragnet order in its URL (CLEANED101.%20Order%20and%20Supplemental%20Order%20%286-22-09%29-sealed.pdf), but it’s the same document as the June 22 phone dragnet order, which has different redactions but most dates intact — see the three bolded entries below).

As you’ll see, there were two known violations in the Internet dragnet before the before the discoveries of the problems started in earnest in 2009. That’s not that big a deal — there was at least one phone violation before 2009 too, except in the case of the Internet dragnet, NSA overcollected from the very start.

The examination of the Internet dragnet started in response to the first phone dragnet disclosures in January 2009 (with the change in Administration, it should be remembered). Reggie Walton told NSA to see if the Internet dragnet had the same compliance problems as the phone dragnet did.

From that point until June 2009, the discoveries seemed to work in parallel (the NSA was working on End-to-End reports for both programs at the same time, and they share some common databases). But with the discovery that both dragnet programs were sharing information freely with other agencies, it became clear the violations were much worse on the Internet dragnet side, with reports going out with US person information that did not even remotely comply with minimization requirements.

Then sometime after that — and after Walton issued what would be the last Internet dragnet order for a year (that was sometime after June 22, 2009) — NSA discovered they had been receiving “metadata” far outside the permitted scope, which surely included content. Note this may have happened around the same time as NSA reported that one phone provider had overproduced (including international data in addition to domestic, I think) on July 9, 2009, so I wonder if they were only then reviewing returned data on receipt.

In any case, it was around that time that NSA “discovered” the Internet metadata program had never ever been in compliance. From Bates:

Notwithstanding this and many similar prior representations [made on the summer 2009 reauthorization] there in fact had been systemic overcollection since [redacted]. On [redacted] the government provided written notice of yet another form of substantial non-compliance discovered by NSA OGC on [redacted] this time involving the acquisition of information beyond the [redacted] authorized categories.

[snip]

This overcollection, which had occurred continuously since the initial authorization in [redacted] included the acquisition of [long redaction]. [my emphasis]

Never.

If my math is correct, the application the NSA withdrew was submitted not long after September 20. There are briefings for the Intelligence Committees that likely alerted them to the scale of the Internet dragnet problems around that time. But as of October 5, some of the most assertive House Judiciary members seem to have had no idea about the problems with the Internet dragnet. If they found out about it with the notice to Congress on December 17, 2009, it explains why the PATRIOT Act reauthorization process stalled.

There’s one more very important thing in this timeline. You’ll see below that almost at exactly the same time as NSA “realized” it had never complied with program requirements, it started a pilot project that would be rolled out on January 3, 2011, analyzing metadata with no special protections for US persons or limit for use only on counterterrorism.

Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.)

[snip]

In the second place it enables large-scale graph analysis on very large sets of communications metadata vwithout having to check foreignness of every node or address in the graph. Analysts in S2 have used this to great benefit over the past year and a half under a pilot program. [emphasis original]

In other words, at the moment they were coming clean with the FISC that they had never ever complied with the PR/TT orders, they were beginning the pilot project that would move metadata collection overseas, under EO 12333. (This document goes back to this NYT story on social network analysis.)

So much for the notion that putting all this under court oversight would accomplish a damn thing. All it did was degrade the law and provide NSA cover until they developed the technology to do all this overseas.

Update, 11/22: More dates added to timeline.

Update, 11/26: More dates added to timeline. Read more

Share this entry

The John Bates Internet Metadata Opinion Probably Dates to July 2010

/6 Comments/in /by

I’ve seen a lot of outright errors in the reporting on the John Bates opinion authorizing the government to restart the Internet metadata program released on Monday.

Bates’ opinion was likely written in July 2010.

We know it had to have been written before October 3, 2011, because Bates’ opinion of that date cites this one (page 17 footnote 15). It was almost certainly written before May 2, 2011, because that’s when the government “clarified” its upstream production included US person content, which was likely a response to this opinion.

According to Claire Eagan, it was written in 2010; this quotation from Eagan’s opinion cites page 73 of this opinion (though she leaves out one word — “analytic” — from this quotation).

As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ [analytic] tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.”

It had to have been written after June 21, 2010 and probably dates to between June 21 and July 23, 2010, because page 92 footnote 78 cites Holder v. HLP (which was released on June 21), but uses a “WL” citation; by July 23 the “S. Ct.” citation was available. (h/t to Document Exploitation for this last observation).

So: it had to have been written between June 21, 2010 and October 3, 2011, but was almost certainly written sometime in the July 2010 timeframe.

Share this entry

John Bates’ TWO Wiretapping Warnings: Why the Government Took Its Internet Dragnet Collection Overseas

/12 Comments/in /by

A couple of us were joking on Twitter the other day that the June-July 2010 John Bates opinion released the other day — in which he yelled mightily about illegal collection that had persisted for 5 years but then rubber stamped the government’s plan to vastly expand metadata collection — ought to lead to the term “Bates stamp” to take on new meaning, a rubber stamp by a FISC judge.

(I’m working on a separate post that shows the timing of all this, but for the moment, you’ll have to trust me that Bates’ opinion was written some time around July 2010.)

Bates did, however, sort of kind of rein in the government’s actions, spending the last 17 pages of his opinion explaining how 50 USC 1809(a) prohibited him from allowing the government to use metadata it had collected for years in violation of the court’s rules.

Basically, Bates argued that the government would be guilty of illegal wiretaps under FISA if it used the illegally collected information. I believe the illegal collection involved taking metadata that counted as content and/or didn’t count as addressing information.

The government, in a submission and a reply to him, argued that was not the case. It made several arguments: first, it claimed their collection wasn’t “intentional” and therefore distributing it would not count as an illegal wiretap.

Insofar as the government contends that Section 1809(a)(2) reaches only “intentional violations of the Court’s orders,” or “willful” as opposed to intentional conduct, see Memorandum of Law at 74 n. 37, the Court disagrees. The plain language of the statute requires proof that the person in question “intentionally” disclosed or used information “knowing or with reason to know” the information was obtained in the manner described.

It also argued that the Pen Register statute allowed the Court to override the wiretap prohibitions.

The government argues that the opening phrase of 50 U.S.C. § 1842(a) vests the Court with authority to enter an order rendering Section 1809(a)(2) inapplicable. See Memorandum of Law at 74 n. 37.

It argued that because the Court could limit what the government could do with the data, it could also expand it.

The government next contends that because the Court has, in its prior orders, regulated access to and use of previously accumulated metadata, it follows that the Court may not authorize NSA to access and use all previously collected information, including information that was acquired outside the scope of prior authorizations, so long as the information “is within the scope of the [PR/TT] statute and the Constitution.” Memorandum of Law at 73.

It then argued that the Court’s own rules allowed it to authorize access to the data.

The government further contends that Rule 10(c) of the Rules of this Court gives the Court discretion to authorize access to and use of the overcollected information. Memorandum of Law at 73.

Finally, Article II argued that Article III had inherent authority to ignore the law. (!)

Finally, insofar as the government suggests that the Court has an inherent authority to permit the use and disclosure of all unauthorized collection without regard to Section 1809, see Memorandum of Law at 73-74 & n.37, the Court again must disagree.

Read more

Share this entry

Wrong Agency, Wrong Minimization: Two More Ways the Original Phone Dragnet Application Violated the Law

/12 Comments/in , /by

In addition to everything else several of us have been pointing out in the original Internet metadata opinion and the phone metadata application, there are two more problems with the phone dragnet.

They’re using the wrong agency and the wrong minimization procedures.

Section 215 reads, in part:

[T]he Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things [my emphasis]

Here’s who signed the application that kicked off the phone dragnet program:

Screen shot 2013-11-19 at 3.02.54 PM

 

This is probably the lesser of these two problems. After all, the law permits the FBI Director to delegate this, and delegating the application to your boss is probably perfectly fine. Though it is a bit of a conflict if the boss in question was, in part, trying to legalize a program that had operated under his purview when he worked at the White House.

The problem becomes bigger still given that there’s no explanation of how it is that an NSA declaration serves as backup for an application to obtain data for the NSA, the use of which is limited to FBI. At least in what we get (which, remember, is what got produced to Congress, not what got submitted to the Court), there’s no discussion of that process.

The other problem is a bit more complicated. As I described last week, the 2006 Reauthorization of the PATRIOT Act included a new requirement that the Attorney General develop minimization procedures for Section 215.

(1) IN GENERAL- Not later than 180 days after the date of the enactment of the USA PATRIOT Improvement and Reauthorization Act of 2005, the Attorney General shall adopt specific minimization procedures governing the retention and dissemination by the Federal Bureau of Investigation of any tangible things, or information therein, received by the Federal Bureau of Investigation in response to an order under this title.

(2) DEFINED- In this section, the term `minimization procedures’ means–

(A) specific procedures that are reasonably designed in light of the purpose and technique of an order for the production of tangible things, to minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information;

(B) procedures that require that nonpublicly available information, which is not foreign intelligence information, as defined in section 101(e)(1), shall not be disseminated in a manner that identifies any United States person, without such person’s consent, unless such person’s identity is necessary to understand foreign intelligence information or assess its importance;

This post describes how DOJ basically blew off that requirement and — at least according to former DOJ Inspector General Glenn Fine — instead used existing procedures that didn’t meet the terms of the law.

Given that this application passed just 2 months after the Reauthorization, this dragnet application was probably one of the earliest Section 215 applications submitted after the Reauthorization so there might have been a discussion about this new requirement anyway. But in this case, the new requirement should have posed an additional problem. The data went not to FBI, but immediately to NSA, an enormous database of non-publicly available of information pertaining to US persons, handed off without a hint of minimization first.

Here’s how the application dealt with minimization procedures.

NSA will apply the existing (Attorney General approved) guidelines in United States Signals Intelligence Directive 18 (1993) … to minimize the information reported concerning U.S. persons.

USSID 18 is supposed to be less restrictive than FBI minimization procedures (though FBI data gets shared freely with other agencies).

There’s not only no discussion in this application of how USSID 18 meets the terms of the law, but there’s no discussion of what it means that NSA basically got unminimized data for which FBI is, by law, the proper recipient, which should be the most voluminous minimization violation ever.

And yet … the application doesn’t even acknowledge this problem at all.

Share this entry