DOJ Did Not Fulfill Legally Required Disclosure on Section 215 to Congress Until After PATRIOT Reauthorization

/6 Comments/in , /by

In the Guardian’s superb summary of the importance of the NSA leaks, Zoe Lofgren challenges the claims that Congress has received all the documents NSA claims it has gotten.

I do serve on the Judiciary Committee and various statements have been made that the Judiciary Committee members were told about all of this and those statements are untrue, not the facts, we have not been provided the documents that the Agency said that we were.

In a Privacy and Civil Liberties Oversight Board today, NSA General Counsel Raj De and ODNI General Counsel Robert Litt both repeated such claims (these are from my notes on twitter; I’ll check my transcription later). De said that Section 215 “had all indicia of official legitimacy” which in part came because it was “twice reauthorized by Congress with full information from exec.” And Litt said they are “by statute required to provide copies [of FISC documents] to both houses. They got materials relating to this [Section 215] program.”

Obviously, we know De is wrong, and he must know it, because a sufficiently large block of Congressmen never had the opportunity to read the Executive’s official notice to make the difference in the 2011 reauthorization. His statement is a clear lie.

But I’m just as interested in Litt’s claim (which would rely on notice to the Judiciary and Intelligence Committees).

This most recent I Con dump provides some evidence that illuminates Lofgen’s implicit dispute of Litt’s claims. Remember this paragraph, which is one of the most specific claims about what notice the Administration gave to Congress about using Section 215 to authorize the phone dragnet.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this [Section 215] program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

As I noted in this post, the specific language (in bold) regarding the first, May 2006, authorization of the phone dragnet at least suggested, in this context, there wasn’t an opinion at all, as did a lot more evidence. But recent reporting strongly suggests there was (see this post where I argue this is likely the phone dragnet opinion).

Government lawyers have told the ACLU that they are withholding at least two significant FISC opinions — one from 2008 and one from 2010 — relating to the Patriot Act’s Section 215, or “business records” provision.

This would seem to indicate that Congress was not provided the original 2006 opinion (as distinct from the application and primary order) “by December 2008.”

With that mind, consider this document released by the I Con, an August 16, 2010 memo from Office of Legislative Affairs Assistant Attorney General Ronald Weich to the Chairs of the Judiciary and Intelligence Committees.

Pursuant to section 1871 of United States Code Title 50, we are providing the Committees with copies of the remaining decisions, orders, or opinions issued by the Foreign Intelligence Surveillance Court, and pleadings, applications, or memoranda of law associated therewith, that contain significant constructions or interpretations of any provision of FISA during the five-year period ending July 10, 2008. See 50 U.S.C. § 1871(c)(2). We have provided similar materials for the same time period. 

Now remember, while ODNI made a big show of releasing these documents, they released them as part of the ACLU’s FOIA for documents on Section 215 and all the documents released pertain to Section 215. I Con describes the memo as referring to “several documents to the Congressional Intelligence and Judiciary Committees relating to NSA collection of bulk telephony metadata under Section 501 of the FISA, as amended by Section 215 of the USA PATRIOT Act,” confirming they pertain to Section 215.

The Patriot Act was reauthorized in February 2010.

At a minimum, this suggests the White Paper provided in August may have been highly misleading. When it said “Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees,” it did not mean that by December 2008, the four oversight committees had all the significant opinions in hand. Even assuming the Weich brief was correct, which Lofgren’s comment suggests it might not be, they didn’t get around to handing over opinions pertaining to Section 215 going back to July 10, 2003 until August 2010. That period — July 10, 2003 to July 10, 2008 — would cover both the July 2004 Colleen Kollar-Kotelly opinion authorizing using the Pen Register/Trap and Trace to collect Internet metadata, and the May 2006 opinion authorizing the phone dragnet. While we don’t know that the Kollar-Kotelly opinion was withheld until 2010, the language of the White Paper (which suggests the opinion itself was not provided) strongly suggests the May 2006 one was.

The law requiring such disclosure, 50 U.S.C. § 1871(c)(2), was part of the FISA Amendments Act, so had been in place for a full year by the time the PATRIOT Act reauthorization got started, yet DOJ didn’t get around to complying with it until 2 years after the law passed. And the law specifically requires disclosure of both the PR/T&T and the Section 215 authorities.

The possibility that DOJ did not turn over the original phone dragnet opinion is utterly damning given David Kris’ suggestion that the initial approval of the phone dragnet — the 2006 opinion — may have been erroneous.

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct.

David Kris at least entertains the possibility that the original May 2006 opinion was “erroneous,” but points to Congress’ reauthorization of the PATRIOT Act to claim it had incorporated FISC’s interpretation of the law.

But now we know that DOJ did not provide all of FISC’s significant opinions pertaining to Section 215 to the key oversight committees until August 16, 2010, over two years after they were obligated to do so — and the plain language of the White Paper strongly suggests that DOJ did not provide the key May 2006 opinion to the oversight committees.

This doesn’t yet prove that DOJ withheld the May 2006 opinion that Kris suggests might be “erroneous” until after Congress reauthorized the PATRIOT Act. But it strongly suggests that is the case.

Update: PATRIOT Act Reauthorization line moved per Anonster’s suggestion.

Update: Added the language I Con used to describe the documents handed over in August 2010.

Share this entry

Dianne Feinstein Opens the Tech Back Door to the Dragnet Database Even Wider

/2 Comments/in , /by

I’ve been writing for months about the great big loophole providing access to the phone dragnet database.

Basically, the NSA needs someone to massage the dragnet data before analysts do queries on it, to take out high frequency call numbers (telemarketers and pizza joints), and probably to take out certain protected numbers, like those of Members of Congress. (Note, that the NSA has to do this demonstrates not only that all their haystack claims are false, but also leaves the possibility they’ll remove numbers that actually do have intelligence value.)

The problem of course, is that this means there is routine access to the database of all phone-based relationships in the United States that does not undergo normal oversight. We know this is a problem because we know NSA has found big chunks of this data in places where it doesn’t belong, as it discovered on February 16, 2012 when it found over 3,000 call records that had been stashed and kept longer than the 5 years permitted by the FISA Court.

As of 16 February 2012, NSA determined that approximately 3,032 files containing call detail records potentially collected pursuant to prior BR Orders were retained on a server and been collected more than five years ago in violation of the 5-year retention period established for BR collection. Specifically, these files were retained on a server used by technical personnel working with the Business Records metadata to maintain documentation of provider feed data formats and performed background analysis to document why certain contact chaining rules were created. In addition to the BR work, this server also contains information related to the STELLARWIND program and files which do not appear to be related to either of these programs. NSA bases its determination that these files may be in violation of BR 11-191 because of the type of information contained in the files (i.e., call detail records), the access to the server by technical personnel who worked with the BR metadata, and the listed “creation date” for the files. It is possible that these files contain STELLARWIND data, despite the creation date. The STELLARWIND data could have been copied to this server, and that process could have changed the creation date to a timeframe that appears to indicate that they may contain BR metadata.

The bill the Intelligence Committee passed out of committee yesterday not only codifies this practice, but exempts this practice from the explicit limits placed on other uses of this database.

Here’s how it describes this access.

(D) LIMITED ACCESS TO DATA.—Access to information retained in accordance with the procedures described in subparagraph (C) shall be prohibited, except for access—

[snip]

(iii) as may be necessary for technical assurance, data management or compliance purposes, or for the purpose of narrowing the results of queries, in which case no information produced pursuant to the order may be accessed, used, or disclosed for any other purpose, unless the information is responsive to a query authorized under paragraph (3).

Note, I’ve never seen this access described in a way that would include “narrowing the results of queries” before. I’m actually very curious why a tech would need to directly access the database, presumably after a query has already been run, to narrow it. Isn’t that contrary to the entire haystack theory?

In any case, the rest of the bill relevant to the phone dragnet effectively exempts this access from almost all of the oversight it codifies.

The requirement for a written record of the Reasonable Articulable Suspicion and identity of the person making the query does not apply (see 2 A and B). Since no record is made, the FISA Court doesn’t review these queries (6A) and these queries don’t get included in the public reporting (b)(3)(C)(i). I don’t see where the bill requires any record-keeping of this access.

The requirement that the data be kept secure specifically doesn’t apply.

SECURITY PROCEDURES FOR ACQUIRED DATA.—Information acquired pursuant to such an order (other than information properly returned in response to a query under subparagraph (D)(iii)) shall be retained by the Government in accordance with security procedures approved by the court in a manner designed to ensure that only authorized personnel will have access to the information in the manner prescribed by this section and the court’s order. [my emphasis]

And the requirement that personnel accessing the database for these purposes (4) be limited and specially trained doesn’t apply.

A court order issued pursuant to an application made under subsection (a), and subject to the requirements of this subsection, shall impose strict, reasonable limits, consistent with operational needs, on the number of Government personnel authorized to make a determination or perform a query pursuant to paragraph (1)(D)(i).

The only limit that appears to apply to the queries from this data management access of the database is the 5 year destruction.

Now, I think the FISA Court made tentative bids to limit some of the activities in 2009. But this language seems to undermine some of the controls the Court has placed on this access (including audits).

In short, in a purported bid to raise confidence about the NSA creating a database of every phone-based relationship in the United States, the Intelligence Committee has actually codified a loosening of access to the database outside the central purpose of it. It permits a range of people to access the database for vaguely defined purposes, it permits them to move that data onto less secure areas of the network, and it doesn’t appear to require record-keeping of the practice.

But what could go wrong with permitting tech personnel — people like Edward Snowden — access to data with less oversight than that imposed on analysts?

Update: Added the language from the 2012 violation to show how clueless the NSA was about finding this data just lying around and its inability to determine where it came from.

Share this entry

Feinstein’s Fake Fix May Expand Use of the Phone Dragnet

/7 Comments/in , /by

Dianne Feinstein and 10 other Senate Intelligence Committee members approved a bill yesterday that purports to improve the dragnet but actually does almost nothing besides writing down the rules the FISA Court already imposed on the practice.

I’ll have far more on DiFi’s Fake Fix later, but for now, I want to point to language that could dramatically expand use of the phone dragnet database, at least as they’ve portrayed its use.

Here’s how, in June, DiFi described the terms on which NSA could access the dragnet database.

It can only look at that data after a showing that there is a reasonable, articulable that a specific individual is involved in terrorism, actually related to al Qaeda or Iran. At that point, the database can be searched. [my emphasis]

Here are the terms on which her Fake Fix permits access to the database.

there was a reasonable articulable suspicion that the selector was associated with international terrorism or activities in preparation therefor. [my emphasis]

The bill passed yesterday does not require any tie to al Qaeda (or Iran!). An association with al Qaeda (and Iran!) is one possible standard for accessing the database. But it also permits use of the data if someone is “associated with activities in preparation” for international terrorism.

Does that include selling drugs to make money to engage in “terrorism”? Does that include taking pictures of landmark buildings? Does that include accessing a computer in a funny way?

All of those things might be deemed “activities in preparation” for terrorism. And this bill, as written, appears to permit the government to access the database of all the phone-based relationships in the US based not on any known association with al Qaeda (and Iran!), but instead activities that might indicate preparation for terrorism but might also indicate mild nefarious activity or even tourism crossing international borders.

Share this entry

Why Swim Upstream Overseas?

/12 Comments/in , /by

Screen shot 2013-10-30 at 1.23.18 PMIn 2011, when John Bates declared the existing upstream collection illegal, he didn’t stop the practice. Instead, he imposed new minimization procedures on part of the collection (just that part that included transactions including communications that were completely unrelated to the search terms used). He required that collection be segregated. And he wrung assurances from NSA they wouldn’t do things — like search on data collected via upstream collection — that they could do with data collected under PRISM.

In short, it was actually a pretty permissive ruling, allowing the NSA to continue to collecting upstream data, at least for the terms and purposes they had claimed they were using it for.

So why go to the trouble of stealing data from Google and Yahoo links overseas instead of through PRISM — a question The Switch asks here — and upstream collection here?

Obviously, one of the problem is encryption. The graphic above makes it very clear NSA/GCHQ are trying to avoid Google’s default and Yahoo’s available SSL protection. Which mean they can’t do the same kind of upstream collection on encrypted content.

Now it’s clear from the aftermath of the 2011 ruling — in the way Google and Yahoo had to invest a lot to keep responding to new orders — that PRISM collection in the US is tied in some way to that upstream collection. Julian Sanchez suggests Google and Yahoo may now be unwilling to do keyword (actually key-selector, since some of these would be code) searches. And that may be the case (though it’s hard to see how they could refuse an order requiring that, given that the telecoms were responding to similar orders).

There are a few other possibilities, though.

First, remember that NSA wanted to continue its collection practice as it existed, with no changes. It considered appealing Bates’ decision. And it resisted his demands they clean up existing illegally collected data.

So it may be they simply continued doing what they were doing by stealing this data overseas. But that would only make sense if MUSCULAR dates to 2012, when Bates imposed new restrictions.

It’s also possible some of the restrictions he imposed wouldn’t allow NSA to accomplish what it wanted to. Two possibilities are his requirement that NSA segregate this collection. Another is his refusal to let NSA search “incidentally” collected data.

A third possibility is that other FISC restrictions — such as limits on how many contact chains one could do on Internet metadata (WaPo makes it clear this collection includes metadata) — provided reason to evade FISC as well.

Finally, I wonder whether the types of targets they’re pursuing have anything to do with this. For a variety of reasons, I’ve come to suspect NSA only uses Section 702 for three kinds of targets.

  • Terrorists
  • Arms proliferators
  • Hackers and other cyber-attackers

According to the plain letter of Section 702 there shouldn’t be this limitation; Section 702 should be available for any foreign intelligence purpose. But it’s possible that some of the FISC rulings — perhaps even the 2007-8 one pertaining to Yahoo (which the government is in the process of declassifying as we speak) — rely on a special needs exception to the Fourth Amendment tied to these three types of threats (with the assumption being that other foreign intelligence targets don’t infiltrate the US like these do).

Which would make this passage one of the most revealing of the WaPo piece.

One weekly report on MUSCULAR says the British operators of the site allow the NSA to contribute 100,000 “selectors,” or search terms. That is more than twice the number in use in the PRISM program, but even 100,000 cannot easily account for the millions of records that are said to be sent back to Fort Meade each day.

Given that NSA is using twice as many selectors, it is likely the NSA is searching on content outside whatever parameters that FISC sets for it, perhaps on completely unrelated topics altogether. This may well be foreign intelligence, but it may not be content the FISC has deemed worthy of this kind of intrusive search.

That’s just a wildarsedguess. But I do think it possible FISC has already told the NSA — whether it be in the 2011 opinion, opinions tied to the Internet dragnet problems (which themselves may have imposed limits on just this kind of behavior), or on the original PAA/FAA opinions themselves — that this collection violated the Fourth Amendment.

In which case the prediction Russ Feingold made back in 2007 — “So in other words, if they don’t like what we [or the FISA Court] come up with, they can just go back to Article II” — would prove, as so many Feingold comments have, prescient.

Share this entry

How Does NSA (and Its Partners) Catch More Terrorists in Europe with Less Metadata?

/12 Comments/in , /by

In follow-up to yesterday’s I Con, Le Monde reports that France’s spy agency, DGSE and the US, established a data sharing arrangement in 2011-2012 via which France provides call data to the US. It notes that part of the data the US gets comes from the French (apparently, Le Monde has better mastery of the conjunction than American National Security journalists) and that French citizens, as well as other targets, are included.

I suspect this is where the global dragnet may proceed: where we learn, country by country, that the US has side deals with partners, in addition to massive collections done largely (in Europe, anyway) by GCHQ, that allows it access to a lot of metadata.

But there’s something missing.

The US can, so long as it gets away with it, collect as much metadata as it can from France and other foreign countries. In the US, it has to work through the courts (well, that’s the law, one the Bush Administration flouted for 5 years).

And yet, the US collects far more metadata in the US than it does in France. In the last month of 2012, the US (and its partners, including GCHQ and DGSE) collected 70.3 million pieces of metadata in France, or roughly 1.07 piece of metadata on every French person. According to the Guardian, Boundless Informant shows the NSA (and its partners) collected 2.89 billion pieces of data in the month ending March 2013, or roughly 9.32 pieces of metadata on every American. And all that’s apparently before you consider the billions or trillions of pieces of metadata collected in the phone dragnet (which of course collects on “substantially all” the 310 million Americans (though in France, investigators can access phone metadata more readily).

That is, legally, the NSA (and its partners, including GCHQ) are not bound by legal limits on what they collect. But it collects more on Americans than it does on the French.

And yet … NSA finds more terrorists in Europe than in America.

More terrorists, less metadata.

I am sure this is a matter of comparing oranges to orange bouncey balls. Different times of the year, different numbers of terrorists in the country, different complementary tools and investigative skills. That is, there are nuances in all this data that neither the Snowden document recipients nor the NSA are going to be able to explain anytime soon. But they both seem to agree Boundless Informant does provide some picture of how much data the NSA (and its partners) collect where. And that does seem to show that NSA collects relatively more in the US than it does in Europe.

If that’s the case, then why is having a complete haystack of metadata here in the US pursuant to the Section 215 dragnet necessary? Doesn’t the European case show you can find even more terrorists without it?

Share this entry

John Bates Intervened in the Phone Dragnet Problems

/7 Comments/in , /by

Yesterday, I Con the Record released more records in response to the ACLU FOIA for records on the Section 215 program (though once again, they didn’t mention the FOIA).

Three of the documents provide more data points for a notable progression I laid out in this post, in which Reggie Walton appears to have shut down some collection from one telecom on July 9, 2009, reapproved it (including retroactively) on September 3, 2009, just in time for the Intelligence Community to claim Section 215 collection was central to the Najibullah Zazi investigation.

First, a July 2, 2009 notice to Walton provided the End-to-End review “for the Court’s information.” It had been completed on June 25 and provided to the Intelligence and Judiciary Committees on June 30. It was also included in the formal DOJ filing to Walton on August 19, which left the impression that DOJ had held it for two months before sharing it with the court. But this notice makes it clear Walton received a copy with only a slight delay (and the day before they delivered the first weekly report he had demanded). It also makes it clear he had gotten it, and probably read it, before whatever action he took on July 9. What may be the problematic collection (see page 15-16) apparently got reported to FISC before May 29 (no mention of a formal notice is included, though it seems to be addressed in the May 29 order). But there are other violations (such as the sharing described on page 17 that may involve Homeland Security) that appear to have been newly disclosed with this report.

In a second document — a September 10 notice to just the Senate Intelligence Committee (?!) that Judge Walton had reauthorized the bulk collection program on September 3 — reveals that on August 4, FISC Chief Judge John Bates had written Eric Holder a letter raising concerns. The notice portrays a September 1 demonstration for Walton, Bates, and Judge Thomas Hogan (who I believe was the only other FISC judge from the DC Circuit at the time) apparently at NSA as a response to Bates’ concerns. But the description of the demonstration also notes that,

The information was presented in the context of a current operation that concerns a potential threat to the U.S. homeland.

Remember, this was before (by 2 days) the Zazi investigation started. So this must reference something else, though it certainly didn’t sound all that urgent.

In any case, while it is unclear who got Bates involved (after all, it could have been the Administration, complaining that some of its production had been cut off), it is noteworthy he was involved, which provides a little more background to the frustration he expressed in his October 3, 2011 opinion accusing the government of signifiant misrepresentations on 3 occasions.

Finally, on October 21, in what must have been part of the PATRIOT Act reauthorization push, National Counterterrorism Center’s Michael Leiter and the NSA’s Assistant Deputy Director for Counterterrorism addressed the House Intelligence Committee. Along with their case for the program and a heavily glossed description of the problems with it (which they indicate had already been noticed in some form to the Committee), they described how tips from the dragnet “have contributed directly to the following specific cases,” plural. It includes an entirely unredacted description of the dragnet’s role in the Zazi investigation (without, for example, disclosing FBI already knew of Adis Medunjanin through travel documents to Pakistan where he and Zazi trained with terrorists). And it includes a shorter description of what must be at least one other case, which is entirely redacted. It’s possible, after all, that that second “success” (which is so credible we can’t know about it) is the ongoing threat referred to in the September 10 notice, which NSA used to scare FISC into reauthorizing the dragnet.

One more detail about the notice to HPSCI. It fails to mention that, less than 3 weeks after he reauthorized the dragnet, Walton learned — from DOJ, not NSA — of further information sharing violations. In other words, the HPSCI witnesses falsely portrayed the problems as fixed, when there were pending violations still being discussed between NSA and FISC.

There’s nothing enormous in these revelations, but they do add to the understanding of how grave FISC took these violations to be, and how partial was Congressional briefing on them.  Read more

Share this entry

Obama Throws Top Spying Partner, Verizon, at ObamaCare

/5 Comments/in , /by

For the record, I hope the Administration finds a way to fix the ObamaCare website. While ObamaCare is a mix of good (Medicaid expansion, Medicare tweaks, MLR, some weakly enforceable limits on insurers) and bad (cost, corporate incentives, Caddy tax, insurance over care), if it fails it will set back efforts to improve health coverage in this country.

But I do take some of the warnings about how difficult it will be to fix the site seriously.

All that said, I’m not sure this is the “best and brightest” group of consultants Obama should have chosen to “surge” the website fix.

An informed source in the telecommunications industry said Verizon’s Enterprise Solutions division has been asked by the Department of Health and Human Services to improve the performance of the HealthCare.gov site, which is a key component of the Affordable Care Act. The source spoke on condition of anonymity because the announcement had not been made official.

HHS office said Sunday the department would reach outside its government contractors to civilian companies that might be able to solve HealthCare.gov’s problems more quickly.

“Our team is bringing in some of the best and brightest from both inside and outside government to scrub in with the team and help improve HealthCare.gov,” an HHS blog post said on Sunday.

HHS did not respond to a request for confirmation about Verizon. The company also declined to comment.

It makes sense for HHS to seek Verizon’s help, said Aneesh Chopra, the Obama administration’s former chief technology officer and now a senior fellow at the Center for American Progress. “There is an existing ‘best and brightest’ available to call in,” Chopra said. “Verizon is one of those already under contract.”

Even assuming Verizon is among the most competent entities in doing this kind of fix, there are the optics.

Verizon is, after all, the entity that charges millions of Americans inflated rates even as it turns over data on all their phone based relationships on a daily basis. In addition, along with AT&T and Sprint, Verizon helps the government copy and scan up to 75% of US Internet content in search of secret selectors.

Verizon is, then, one of the worst examples of the dangerous marriage between big corporate and big government. Which perhaps makes it an appropriate entity to be tied to ObamaCare, but not one that will help ObamaCare’s credibility.

Share this entry

On the 12th Day of Christmas, the NSA Gave to Me … 12 “Terrorism Supporters”

/4 Comments/in , , /by

Dianne Feinstein is writing op-eds again. Of course, I’m not actually recommending you read her defense of the phone dragnet program — though I do recommend this rebuttal of her claims from ACLU’s Mike German.

In other words, the problem was not that the government lacked the right tools to do its job (it had ample authority to trace Mihdhar’s calls). The problem was that the government apparently failed to use them.

But I do want to look at how DiFi dances around the debunked claims about all the plots the dragnet have stopped.

Since its inception, this program has played a role in stopping roughly a dozen terror plots and identifying terrorism supporters in the U.S.

Her claim is grammatically false, of course. Of the 2 known of these 12 cases where Section 215 was useful, with just one — when it was used to identify an unknown phone of one already identified accomplice of Najibullah Zazi — was a plot actually stopped. In the other, all Section 215 did was identify a supporter of terrorism, Basaaly Moalin. And even there, the FBI itself believed Moalin sent money to al-Shabaab not so much to support terrorism, but to support expelling (US backed) Ethiopian invaders of Somalia.

So while she could say that on 12 occasions Section 215 has helped stop a plot or identified terrorism supporters, what she has said is — surprise surprise! — a lie.

But I am rather amused at how close DiFi gets to arguing a dragnet of every Americans’ phone based relationships is worthwhile because it has found 12 guys who support, but do not engage in, terrorism.

Share this entry

Docket Inflation at the FISA Court?

/2 Comments/in , /by

Screen shot 2013-10-18 at 3.17.36 PMAs I noted in my last post, I’m a bit alarmed by the docket numbers we’re seeing out of the FISC court. The order released today appears to be the 158th docket for the year.

Compare that to the docket numbers from 2009, as revealed in the orders Reggie Walton issued while trying to clean up NSA’s act. His November 5, 2009 order appears to be just the 15th docket for the year, as compared to Mary McLaughlin’s October order being the 158th.

We’re running at 10 times the pace we were 4 years ago.

The thing is, while the comparison does make this year seem especially bad, it actually seems to be part of a longer trend. Here’s the numbers of NSLs and Section 215 orders the FISC has issued since 2005.

Screen shot 2013-10-18 at 4.17.42 PM

 

 

Before we knew how extensive the phone dragnet was, these numbers suggested some of the NSL production got moved into the secret interpretations of Section 215 after 2010 (which is about the same time Ron Wyden and Mark Udall got especially shrill about it).

While that may or may not explain the big jump between 2009 — when the Walton numbers are perfectly consistent — and 2011, it’s not the phone dragnet driving the numbers. That has only been responsible for something like 6 dockets in any given year, and more often just 4 (for example, even in 2009, the multiple iterations were just additional entries to the docket tied to that quarter’s order).

I thought, too, the Boston Marathon attack might explain higher numbers for this year. But we might even come in slightly lower than we did last year.

Which is another way of noting how deceitful these numbers are. Any single NSL could include more than one American. We know at least some of the Section 215 orders include every American.

So how many records might these entail of each one could represent every American?

Share this entry

Mary McLaughlin Repeats Claire Eagan’s Error

/3 Comments/in /by

FISC just released the opinion accompanying the most recent Section 215 phone dragnet order.

(Note: does it concern anyone besides me that FISC is now up to 158 dockets for Business Records production this year??)

In it, Judge Mary McLaughlin repeats the very same error Claire Eagan made.

Although the definition of relevance set forth in Judge Egan’s decision is broad, the Court is persuaded that that definition is supported by the statutory analysis set out in the August 29 Opinion. That analysis is reinforced by Congress’ s re-enactment of Section 215 after receiving information about the government’s and the FISA Court’s interpretation of the statute.

As I’ve noted over and over and over, the public record shows that the notice on Section 215 did not actually meet the terms of Eagan’s opinion.

Eagan says,

The ratification presumption applies here where each Member was presented with an opportunity to learn about a highly-sensitive classified program important to national security in preparation for upcoming legislative action. [my emphasis]

Not only did the vast majority of Members have to go out of their way to learn about this program, 19% in fact had no way of learning everything they needed to know about it. Therefore, the ratification presumption fails, and that legal basis crumbles.

Each member was not presented with such an opportunity — certainly not one identified as such.

Now, perhaps FISC’s clerks are incompetent and haven’t even scanned the Google alerts on the issues before them (McLaughlin did finally address US v. Jones, so maybe it’s just a very slow Google alert?).

But this points to the problem with FISC’s lack of an adversary. Because anyone coming before the court would presumably help out FISC’s clerks by pointing them to the many many many reports of how inadequate this notice really was.

Instead, they keep repeating the same mistake over and over — and proving the claims about being a rubber stamp.

Share this entry