Posts

PATRIOT Extension: Congress Can’t Just Extend PATRIOT

I’ve been remiss in laying out what I think the real solution for Section 215 is; I hope to get to that later this week.

Meanwhile, in the House, the question of what to do about the phone dragnet is already heating up. Adam Schiff, newly appointed ranking member in the House Intelligence Committee, is trying to buck up reform advocates in the face of calls for MOAR HAYSTACKS following the HebdoCharlie attack.

Schiff told me that those who are hoping for reform of bulk metadata collection need to remain vigilant against the possibility that lawmakers will seize on the Paris horror to blunt the case for change.

“Some will argue that the events in Paris make it impossible to reform any of our intelligence gathering programs,” Schiff said. “But as long as we can accomplish these reforms bolstering our privacy, while maintaining our security, we should do so.”

Remember, Schiff was the first to call publicly to have the telecoms hold the phone records.

Newly appointed Chair Devin Nunes, however, not only wants to reauthorize PATRIOT but also FISA (which isn’t expiring).

Q: What do you think should be the path forward for reform of the Foreign Intelligence Surveillance Act Courts? Do you support consideration and passage of the FISA Court Reform Act of 2013? If not, do you have your own proposals for FISA reform?
A: I believe the FISA court system is working well and striking the right balance between protecting Americans’ constitutional rights and allowing for effective intelligence operations to catch terrorists. So I don’t think it needs reform at this time — we don’t want to further encumber intelligence and law enforcement communities who already have a difficult task in tracking those who wish to attack Americans at home and abroad.

[snip]

Our immediate priorities will be analyzing the president’s budget, crafting the intelligence authorization bill and working with other committees to reauthorize FISA and the Patriot Act.

I hope we can hold him to his observation that FISC is working great, because most “reform” efforts (especially the RuppRoge effort out of the House Intelligence Committee) took authority out of FISC’s hands and put it into the IC’s.

One thing is missing from this discussion, on all sides.

Congress needs to do more than just extend PATRIOT, if they want full dragnet. They need to extend it, probably by starting with immunity, and probably some other tweaks, to be able to access all the phone records they want. That’ll be harder to do if it’s not done under cover of “reform.”

 

5 Democrats Have Called on Obama Not to Reauthorize the Dragnet Tomorrow

Tomorrow is dragnet day, the next 90-day reauthorization for the dragnet.

In advance of that date, Pat Leahy just called on President Obama to simply let the dragnet end.

The President can end the NSA’s dragnet collection of Americans’ phone records once and for all by not seeking reauthorization of this program by the FISA Court, and once again, I urge him to do just that.  Doing so would not be a substitute for comprehensive surveillance reform legislation – but it would be an important first step.

Leahy joins 4 other Democrats who have already called for the President to unilaterally stop the dragnet.

At a hearing last month, Adam Schiff suggested to DIRNSA Mike Rogers that they move forward without waiting for a new law.

“There’s nothing in statute that requires the government to gather bulk data, so you could move forward on your own with making the technological changes,” Schiff said. “You don’t have to wait for the USA Freedom Act.”

There’s no reason for the NSA to wait for congressional approval to put additional limits on the program “if you think this is the correct policy,” Schiff added. “Why continue to gather the bulk metadata if [Obama administration officials] don’t think this is the best approach?”

And back in June, Senators Wyden, Udall, and Heinrich not only made a similar suggestion in a letter to the President, but laid out how Obama could achieve what he says he wants to without waiting for legislation.

But the President is not going to end the dragnet. Heck, for all we know, FISC has already signed the reauthorization.

Mind you, it may be that President Obama can’t start the new-and-improved dragnet without offering providers immunity and compensation. But if Obama can’t simply end the dragnet without offering telecoms and second level contractors broad immunity, then he’s obviously planning on something more exotic than just regular phone contact chaining.

On USA Freedom: Heed Jan Schakowsky’s Warning

There are two reviews of whether HR 3361 constitutes real reform today, one from McClatchy and one from National Journal, both written partly in response to privacy groups’ realization that Mike Rogers has been doing a circumspect victory lap over the shape of the bill.

While neither examines the flip side of the bill — what the intelligence community will gain from this — they both provide a useful caution about the potential pitfalls in the bill, many (but not all) I’ve examined at this site.

McClatchy is particularly useful, though, for the comments from Adam Schiff and Jan Schakowsky, two of the only people on the House Intelligence Committee who tend to balance the interests of civil liberties against the demands of the intelligence community. Here’s what they had to say about the legislative prospects.

Rep. Adam Schiff, D-Calif., an Intelligence Committee member who isn’t among the letter writers, said he hoped to offer an amendment that would seek to “introduce a greater adversarial process in the FISA court” by establishing a panel of attorneys from which counsel could be selected to participate in cases that involved novel legal and technical issues.

“I believe the civil liberties protections can be improved,” Schiff said.

[snip]

Rep. Jan Schakowsky, D-Ill., an Intelligence Committee member, praised the House bill. “If we could improve it,” she said, “I would go back to the original bill’s provisions that would implement stronger reporting regulations and create an office of the special advocate.”

Schakowsky added, though, “ I am most concerned at this point about preventing any efforts to weaken this bipartisan compromise.”

Remember, HPSCI held its markup behind closed doors, and there has been little leaking about went on there, aside from Rogers’ crowing. So this offers a bit of a read of what might have gone on.

Schiff, if you recall, was one of the very first people to get Keith Alexander to admit the government could conduct its contact-chaining program with the telecoms retaining the data. He is generally a pretty good read on the art of the possible. If he thinks this bill can be improved, perhaps he’s got reason for optimism.

But I find Schakowsky’s warning potentially more realistic.

Remember, one thing HPSCI considered was removing all definition of “specific selection term” (or “identifier,” which HPSCI also included). Without a definition, the bill might only prevent bulk collection of phone records, if that; I believe the government could come up with “selection terms” for everything else that would permit systematic programs. And I suspect something like dropping the definition would — will — happen if this ever gets to a conference (indeed, as Jim Sensenbrenner knows better than anyone, that’s how some of the existing loopholes got retained in PATRIOT in 2005-6, at a time when there was also bipartisan uproar over illegal spying). I think Schakowsky is realistic in worrying that, with the momentum it has picked up with unanimous passage in HJC and a voice vote passage in HPSCI, it could get worse just as easily as it could get better.

As I’ve said, this bill defuses the digital equivalent of a nuclear bomb by taking the phone-based relationship database out of the hands of the government. That’s important.

But from there, it’s unclear what effect this bill will have in practice, and could become far less clear if things like that definition disappear. So we’d be well to take Schakowsky’s warning seriously.

The Reason Obama Capitulated on the (Phone) Dragnet

This will be a bit of a contrary take on what I believe to be the reasons for President Obama’s capitulation on the dragnet, announcing support today for a plan to outsource the first query in the dragnetting process to the telecoms.

It goes back to the claims — rolled out in February — that the NSA has only been getting 20 to 30% of the call data in the US. Those reports were always silent or sketchy on several items:

  • The claims were always silent that they applied only to Section 215, and did not account for the vast amount of data, including US person cell data, collected under EO 12333.
  • The claims were sketchy about the timing of the claim, especially in light of known collection of cell data in 2010 and 2011, showing that at that point NSA had no legal restrictions on accepting such data.
  • The claims were silent about why, in both sworn court declarations and statements to Congress, Administration officials said the collection (sometimes modified by Section 215, often, especially in court declarations, not) was comprehensive.

Here’s what I think lies behind those claims.

We know that as recently as September 1, 2011, the NSA believed it had the legal authority to collect cell location data under Section 215, because they were doing just that. Congress apparently did not respond well to learning, belatedly, that the government was collecting location data in a secret interpretation of a secret interpretation. Nevertheless, it appears the government still believed it had that authority — though was reevaluating it — on January 31, 2012, when Ron Wyden asked James Clapper about it — invoking the “secret law” we know to be Section 215 — during his yearly grilling of Clapper in the Global Threat hearing.

Wyden: Director Clapper, as you know the Supreme Court ruled last week that it was unconstitutional for federal agents to attach a GPS tracking device to an individual’s car and monitor their movements 24/7 without a warrant. Because the Chair was being very gracious, I want to do this briefly. Can you tell me as of now what you believe this means for the intelligence community, number 1, and 2, would you be willing to commit this morning to giving me an unclassified response with respect to what you believe the law authorizes. This goes to the point that you and I have talked, Sir, about in the past, the question of secret law, I strongly feel that the laws and their interpretations must be public. And then of course the important work that all of you’re doing we very often have to keep that classified in order to protect secrets and the well-being of your capable staff. So just two parts, 1, what you think the law means as of now, and will you commit to giving me an unclassified answer on the point of what you believe the law actually authorizes.

Clapper: Sir, the judgment rendered was, as you stated, was in a law enforcement context. We are now examining, and the lawyers are, what are the potential implications for intelligence, you know, foreign or domestic. So, that reading is of great interest to us. And I’m sure we can share it with you. [looks around for confirmation] One more point I need to make, though. In all of this, we will–we have and will continue to abide by the Fourth Amendment. [my emphasis]

Unsurprisingly, as far as I know, Clapper never gave Wyden an unclassified answer.

Nevertheless, since then the government has come to believe it cannot accept cell data under Section 215. Perhaps in 2012 as part of the review Clapper said was ongoing, the government decided the Jones decision made their collection of the cell location of every cell phone in the US illegal or at least problematic. Maybe, in one of the 7 Primary orders DOJ is still withholding from 2011 to 2013, the FISC decided Jones made it illegal to accept data that included cell location. It may be that a February 24, 2013 FISC opinion — not a primary order but one that significantly reinterpreted Section 215 — did so. Certainly, by July 19, 2013, when Claire Eagan prohibited it explicitly in a primary order, it became illegal for the government to accept cell location data.

That much is clear, though: until at least 2011, DOJ believed accepting cell location under Section 215 was legal. At least by July 19, 2013, FISC made it clear that would not be legal.

That, I believe, is where the problems accepting cell phone data as part of Section 215 come from (though this doesn’t affect EO 12333 data at all, and NSA surely still gets much of what it wants via EO 12333). Theresa Shea has explicitly said in sworn declarations that the NSA only gets existing business records. As William Ockham and Mindrayge have helped me understand, unless a telecom makes it own daily record of all the calls carried on its network — which we know AT&T does in the Hemisphere program, funded by the White House Drug Czar — then the business ecords the phone company will have are its SS7 routing records. And that’s going to include cell phone records. And those include location data for cell phones.

Now, it may be that the telecoms chose not to scan out this information for the government. It may be that after the program got exposed they chose to do the bare minimum, and the cell restrictions allowed them to limit what they turned over (something similar may have happened with VOIP calls carried across their networks). It may be that Verizon and even AT&T chose to only provide that kind of data via EO 12333 program that, because they are voluntary, get paid at a much higher rate. In any case, I have very little doubt that NSA got the phone records from Verizon, just not via Section 215.

But I’m increasingly sure the conflict between Section 215’s limit to existing business record and the limits imposed on Section 215 via whatever means was the source of the “problem” that led NSA to only get 30% of phone records [via the Section 215 program, which is different than saying they only got 30% of all records from US calls].

And a key feature of both the President’s sketchy program…

  • the companies would be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.

And the RuppRoge Fake Fix…

(h)(1)(A) immediately provide the Government with records, whether existing or created in the future, in the format specified by the Government

[snip]

(h)(2) The Government may provide any information, facilities, or assistance necessary to aid an electronic communications service provider in complying with a directive issued pursuant to paragraph (1).

Is that the government gets to dictate what format they get records in here, which they couldn’t do under Section 215. That means, among other things, they can dictate that the telecoms strip out any location data before it gets to NSA, meaning NSA would remain compliant with whatever secret orders have made the collection of cell location in bulk illegal.

Remember, too, that both of these programs will have an alert feature. In spite of getting an alert system to replace the one deemed illegal in 2009 approved on November 8 2012, the government has not yet gotten that alert function working for what are described as technical reasons.

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

It’s possible that, simply doing the alert on exclusively legally authorized data (as opposed to data mixing EO 12333 and FISC data) solves the technical problems that had stymied NSA from rolling out the alert system they have been trying to replace for 5 years. It’s possible that because NSA was getting its comprehensive coverage of US calls via different authorities, it could not comply with the FISC’s legal limits on the alert system. But we know there will be an alert function if either of these bills are passed.

The point is, here, too, outsourcing the initial query process solves a legal-technical problem the government has been struggling with for years.

The Obama plan is an improvement over the status quo (though I do have grave concerns about its applicability in non-terrorist contexts, and my concerns about what the government does with the data of tens to hundreds of thousands of innocent Americans remain).

But don’t be fooled. Obama’s doing this as much because it’s the easiest way to solve legal and technical problems that have long existed because the government chose to apply a law that was entirely inapt to the function they wanted to use it for.

Shockers! A more privacy protective solution also happens to provide the best technical and legal solution to the problem at hand.

Update: Forgot to add that, assuming I’m right, this will be a pressure point that Members of Congress will know about but we won’t get to talk about. That is, a significant subset of Congress will know that unless they do something drastic, like threatening legal penalties or specifically defunding any dragnetting, the Executive will continue to do this one way or another, whether it’s under a hybrid of Section 215 and EO 12333 collection, or under this new program. That is, it will be a selling point to people like Adam Schiff (who advocated taking the call records out of government hands but who has also backed these proposals) that this could bring all US intelligence collection under the oversight of the FISC (it won’t, really, especially without a very strong exclusivity provision that prohibits using other means, which the Administration will refuse because it would make a lot of what it does overseas illegal). This is the same tension that won the support of moderates during the FISA Amendments Act, a hope to resolve real separation of powers concerns with an imperfect law. So long as the Leahy-Sensenbrenner supporters remain firm on their demands for more reforms, we may be able to make this a less imperfect law. But understand that some members of Congress will view passing this law as a way to impose oversight over a practice (the EO 12333 collection of US phone records) that has none.

Update: Verizon has released this telling statement.

This week Congressmen Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) released the “End Bulk Collection Act of 2014”, which would end bulk collection of data related to electronic communications. The White House also announced that it is proposing an approach to end bulk collection. We applaud these proposals to end Section 215 bulk collection, but feel that it is critical to get the details of this important effort right. So at this early point in the process, we propose this basic principle that should guide the effort: the reformed collection process should not require companies to store data for longer than, or in formats that differ from, what they already do for business purposes. If Verizon receives a valid request for business records, we will respond in a timely way, but companies should not be required to create, analyze or retain records for reasons other than business purposes. [my emphasis]

It’s telling, first of all, because Verizon still doesn’t want to have to fuss with anything but their business records. That says it has been unwilling to do so, in the past, which, in my schema, totally explains why the government couldn’t get Verizon cell records using Section 215. (I have wondered whether this was a newfound complaint, since they got exposed whereas AT&T did not; and even in spite of Randal Milch’s denial, I still do wonder whether the Verizon-Vodaphone split hasn’t freed them of some data compliance obligations.)

Just as importantly, Verizon doesn’t want to analyze any of this data. As I have pointed out, someone is going to have to do high volume number analysis, because otherwise the number of US person records turned over will be inappropriately large but small enough it will be a significant privacy violation to do it at that point (for some things, it requires access to the raw data).

I’m unclear whether the RuppRuge Fake Fix plan of offering assistance (that is, having NSA onsite) fixes this, because NSA could do this analysis at Verizon.

Military Commissions (in US!) for Non-Afghan Prisoners Held at Parwan? Brilliant!

When it comes to building policy around Afghanistan, the Obama administration is an endless fount of ideas with colossally ugly optics mixed with untenable legal positions. The latest brilliant offering from them is a beauty:

The Obama administration is actively considering the use of a military commission in the United States to try a Russian who was captured fighting with the Taliban several years ago and has been held by the U.S. military at a detention facility near Bagram air base in Afghanistan, former and current U.S. officials said.

Wait. He was “fighting with the Taliban”? Doesn’t that make him a standard combatant and traditional prisoner of war? Here is more of what the Post has on his history:

The Russian is a veteran of the Soviet war in Afghanistan in the 1980s who deserted and ended up fighting U.S. forces after the Sept. 11, 2001, attacks. U.S. officials said the man, thought to be in his mid- to late 50s, is suspected of involvement in several 2009 attacks in which U.S. troops were wounded or killed. He was wounded during an assault on an Afghan border post that year and later captured.

Little else is known about him except for his nom de guerre, Irek Hamidullan.

No. Still nothing in this description that distinguishes Hamidullan from any other non-Afghan teaming up with the Taliban to take on US forces there. And yet, the military seems to think that their “case” against Hamidullan is among the strongest against the 53 non-Afghan prisoners the US admits to housing at Parwan:

Military prosecutors have examined the evidence against Hamidullan and consider the case among the strongest that could be brought against any of the foreigners held at the Parwan Detention Facility near Bagram.

“He’s pretty well-connected in the terrorist world,” said one official with firsthand knowledge of the case. Hamidullan is thought to have links to one or more insurgent groups and ties to Chechnya, a part of the Russian Federation where rebels have fought two unsuccessful wars for independence.

Officials said Hamidullan remains committed to violent jihad and has sworn that he will return to the battlefield if he is released from prison. U.S. officials said that they have discussed the case with Moscow but that the Russians displayed little or no interest in his return. The senior official said transfers “are not always just up to us. Other countries have a say. Detainees have a say” in cases in which there are concerns about inhumane treatment.

How in the world does one become a fitting subject for a special military commission as an illegal combatant even while pledging to “return to the battlefield”? Read more

What’s the Relationship Database About?

Atrios asks what the whole dragnet is about.

It’s actually a serious question. Maybe it’s just a full employment program for spooks. Maybe they just do it because they can. But the only “real” point to such an extensive surveillance system is to abuse that surveillance (the surveillance itself is already an abuse of course).

At best it’s a colossal fucking waste of money. At worst?

I actually think there are understandable answers for much of this.

Since Michael Hayden took over the NSA, contractors have assumed an increasingly dominant role in the agency, meaning you’ve got a former DIRNSA at Booz Allen Hamilton pitching future Booz VPs on solutions to keep the country safe that just happen to make them fabulously profitable and don’t happen to foreground privacy. As Thomas Drake showed, we’re pursuing the biggest and most privacy invasive solutions because contractors are embedded with the agency.

I think there’s the One Percent approach we got from Dick Cheney, that endorses maximal solutions to hunt terrorists even while avoiding any real accountability (both for past failures and to review efficacy) because of secrecy. We’re slowly beginning to wean ourselves from this Cheney hangover, but it is taking time (and boosters for his approach are well-funded and publicized).

And, at the same time, criminals and other countries have attacked our weak network security underbelly, targeting the companies that have the most political sway, DOD contractors and, increasingly, financial companies, which is setting off panic that is somewhat divorced from the average American’s security. The accountability for cybersecurity is measured in entirely different ways than it is for terrorism (otherwise Keith Alexander, who claims the country is being plundered like a colony, would have been fired years ago). In particular, there is no punishment or even assessment of past rash decisions like StuxNet. But here, as with terrorism, the notion of cost-benefit assessment doesn’t exist. And this panicked effort to prevent attacks even while clinging to offensive cyberweapons increasingly drives the overaggressive collection, even though no one wants to admit that.

Meanwhile, I think we grab everything we can overseas out of hubris we got while we were the uncontested world power, and only accelerated now that we’re losing that uncontested position. If we’re going to sustain power through coercion — and we developed a nasty habit of doing so, especially under Bush — then we need to know enough to coerce successfully. So we collect. Everything. Even if doing so makes us stupider and more reliant on coercion.

So I can explain a lot of it without resorting to bad faith, even while much of that explanation underscores just how counterproductive it all is.

But then there’s the phone dragnet, the database recording all US phone-based relationships in the US for the last 5 years. Read more

3 Tech Issues the Non-Technologist NSA Technical Committee Needs to Address

A number of people are asking why I’m so shocked that President Obama appointed no technologists for his NSA Review Committee.

Here are three issues that should be central to the Committee’s discussions that are, in significant part, technology questions. There are more. But for each of these questions, the discussion should not be whether the Intelligence Community thinks the current solution is the best or only one, but whether it is an appropriate choice given privacy implications and other concerns.

  • Whether the Intelligence Community can accomplish the goals of the Section 215 dragnet without collecting all US person metadata
  • Whether the NSA can avoid collecting Multiple Communication Transactions as part of upstream collection
  • How to oversee unaudited actions of technical personnel

There are just three really obvious issues that should be reviewed by the committee. And for all of them, it would be really useful for someone with the technical background to challenge NSA’s claims to be on the committee.

Whether the Intelligence Community can accomplish the goals of the Section 215 dragnet without collecting all US person metadata

One of the most contentious NSA practices — at least as far as most Americans go — is the collection of all US person phone metadata for the Section 215 dragnet. Yet even Keith Alexander has admitted — here in an exchange with Adam Schiff in a House Intelligence Committee hearing on June 18 — that it would be feasible to do it via other means, though perhaps not as easy.

REP. SCHIFF: General Alexander, I want to ask you — I raised this in closed session, but I’d like to raise it publicly as well — what are the prospects for changing the program such that, rather than the government acquiring the vast amounts of metadata, the telecommunications companies retain the metadata, and then only on those 300 or so occasions where it needs to be queried, you’re querying the telecommunications providers for whether they have those business records related to a reasonable, articulable suspicion of a foreign terrorist connection?

Read more

“Credibility”

An embarrassing number of people in DC have been saying publicly since Friday that we have to launch cruise missiles against Bashar al-Assad or risk the “credibility” of the United States. John McCainMike McCaul. Adam Schiff. Former NSC staffer Barry Pavel.

But this WSJ piece — after describing how central the Saudis were in presenting earlier claims that Assad had used chemical weapons and in the midst of descriptions of how central a role Bandar bin Sultan is playing in drumming up war against Syria — reports that Saudi King Abdullah and others were bitching about US credibility as early as April.

In early April, said U.S. officials, the Saudi king sent a strongly worded message to Mr. Obama: America’s credibility was on the line if it let Mr. Assad and Iran prevail. The king warned of dire consequences of abdicating U.S. leadership and creating a vacuum, said U.S. officials briefed on the message.

Saudi Foreign Minister Prince Saud al-Faisal, who was the first Saudi official to publicly back arming the rebels, followed with a similar message during a meeting with Mr. Obama later that month, the officials said.

I wonder if we started taking Saudi taunts about our credibility more seriously after Bandar made a show of wooing Vladimir Putin?

In any case, here we go, hastily getting involved in the war in Syria and potentially escalating it across the region as a whole, without proper review much less a plan on how to actually improve the situation in Syria.

Credibility.

Apparently, the only kind of credibility that matters for America’s place in the role anymore is if our Saudi overlords suggest we lack credibility if we fail to do their explicit, and long-planned, bidding.

Credibility.

Meanwhile think of all the things American has squandered its position as unquestioned leader of the world without confronting. Poverty, hunger. The most obvious, of course, is climate change.

How much more “credibility” would the United States have by now if, at the start of his Administration, Obama had launched not just a Manhattan project to dramatically curb American use of fossil fuels, but also invested the goodwill Obama had (back before he expanded the drones) to find an equitable, global approach to climate change.

Credibility.

Apparently, the only thing the Villagers in DC think could or should win us “credibility” is in unquestioningly serving as global enforcer against the brutal dictators our brutal dictator friends the Saudis wants us to punish (though the Saudis are quite selective about which brutal dictators they stake our credibility on).

America could have used its power and leadership to earn real credibility. Instead, we’re trying to suck up to Bandar Bush.

GOP Not Anxious to End John Roberts’ Unilateral Reign Appointing FISA Judges

FWIW, Roger “Broccoli” Vinson aside, John Roberts has been appointing some solidly conservative, but nevertheless not lockstep Republicans to the FISA Court in recent years. But especially given the degree to which the FISC is now playing what former FISC judge James Robertson called a policy role, it is all the more inappropriate to have the Chief Justice, of whatever party, unilaterally pick FISC judges.

And some members of Congress — Adam Schiff in the House and Richard Blumenthal in the Senate — are trying to change that.

Curiously, however, while Republicans are happy to cosponsor legislation to force FISC to publish their opinions, Schiff, at least, has had no success finding a Republican cosponsor to support moves to take the FISC appointments out of John Roberts’ hands.

Schiff’s having a tougher time finding GOP co-sponsors for a second measure that would require Presidential nomination and Senate confirmation of FISA judges. Currently they are appointed by U.S. Supreme Court Chief Justice John Roberts.

I guess whatever claims GOP Representatives make about wanting to impose some controls on this dragnet take a back seat to maximizing party influence?

In These Times We Can’t Blindly Trust Government to Respect Freedom of Association

One of my friends, who works in a strategic role at American Federation of Teachers, is Iranian-American. I asked him a few weeks ago whom he called in Iran; if I remember correctly (I’ve been asking a lot of Iranian-Americans whom they call in Iran) he said it was mostly his grandmother, who’s not a member of the Republican Guard or even close. Still, according to the statement that Dianne Feinstein had confirmed by NSA Director Keith Alexander, calls “related to Iran” are fair game for queries of the dragnet database of all Americans’ phone metadata.

Chances are slim that my friend’s calls to his grandmother are among the 300 identifiers the NSA queried last year, unless (as is possible) they monitored all calls to Iran. But nothing in the program seems to prohibit it, particularly given the government’s absurdly broad definitions of “related to” for issues of surveillance and its bizarre adoption of a terrorist program to surveil another nation-state. And if someone chose to query on my friend’s calls to his grandmother, using the two-degrees-of-separation query they have used in the past would give the government — not always the best friend of teachers unions — a pretty interesting picture of whom the AFT was partnering with and what it had planned.

In other words, nothing in the law or the known minimization rules of the Business Records provision would seem to protect some of the AFT’s organizational secrets just because they happen to employ someone whose grandmother is in Iran. That’s not the only obvious way labor discussions might come under scrutiny; Colombian human rights organizers with tangential ties to FARC is just one other one.

When I read labor organizer Louis Nayman’s “defense of PRISM,” it became clear he’s not aware of many details of the programs he defended. Just as an example, Nayman misstated this claim:

According to NSA officials, the surveillance in question has prevented at least 50 planned terror attacks against Americans, including bombings of the New York City subway system and the New York Stock Exchange. While such assertions from government officials are difficult to verify independently, the lack of attacks during the long stretch between 9/11 and the Boston Marathon bombings speaks for itself.

Keith Alexander didn’t say NSA’s use of Section 702 and Section 215 have thwarted 50 planned attacks against Americans; those 50 were in the US and overseas. He said only around 10 of those plots were in the United States. That works out to be less than 20% of the attacks thwarted in the US just between January 2009 and October 2012 (though these programs have existed for a much longer period of time, so the percentage must be even lower). And there are problems with three of the four cases publicly claimed by the government — from false positives and more important tips in the Najibullah Zazi case, missing details of the belated arrest of David Headley, to bogus claims that Khalid Ouazzan ever planned to attack NYSE. The sole story that has stood up to scrutiny is some guys who tried to send less than $10,000 to al-Shabaab.

While that doesn’t mean the NSA surveillance programs played no role, it does mean that the government’s assertions of efficacy (at least as it pertains to terrorism) have proven to be overblown.

Yet from that, Nayman concludes these programs have “been effective in keeping us safe” (given Nayman’s conflation of US and overseas, I wonder how families of the 166 Indians Headley had a hand in killing feel about that) and defends giving the government legal access (whether they’ve used it or not) to — among other things — metadata identifying the strategic partners of labor unions with little question.

And details about the success of the program are not the only statements made by top National Security officials that have proven inaccurate or overblown. That’s why Nayman would be far better off relying on Mark Udall and Ron Wyden as sources for whether or not the government can read US person emails without probable cause than misstating what HBO Director David Simon has said (Simon said that entirely domestic communications require probable cause, which is generally but not always true). And not just because the Senators are actually read into these programs. After the Senators noted that Keith Alexander had “portray[ed] protections for Americans’ privacy as being significantly stronger than they actually are” — specifically as it relates to what the government can do with US person communications collected “incidentally” to a target — Alexander withdrew his claims.

Nayman says, “As people who believe in government, we cannot simply assume that officials are abusing their lawfully granted responsibility and authority to defend our people from violence and harm.” I would respond that neither should we simply assume they’re not abusing their authority, particularly given evidence those officials have repeatedly misled us in the past.

Nayman then admits, “We should do all we can to assure proper oversight any time a surveillance program of any size and scope is launched.” But a big part of the problem with these programs is that the government has either not implemented or refused such oversight. Some holes in the oversight of the program are:

  • NSA has not said whether queries of the metadata dragnet database are electronically  recorded; both SWIFT and a similar phone metadata program queries have been either sometimes or always oral, making them impossible to audit
  • Read more