Posts

The Appropriations Battle over Funding “Moderate” Terrorists

/10 Comments/in /by

Two weeks ago, John Brennan admitted on a Sunday show that sometimes when we “push the envelope … to protect this country” it “stimulates and spurs additional threats to our national security interests.” In a post on his comments, I suggested he might be thinking specifically of Syria as much as generally of counterterrorism.

Today, the WaPo cites “U.S. officials” complaining that the House Intelligence Committee voted to cut 10% off CIA’s Syrian budget.

The measure has provoked concern among CIA and White House officials, who warned that pulling money out of the CIA effort could weaken U.S.-backed insurgents just as they have begun to emerge as effective fighters. The White House declined to comment.

Arrayed against those anonymous whiners, the WaPo cites Adam Schiff on the record and a senior aide anonymously, describing how the CIA effort isn’t tracked with real metrics and hasn’t done much to weaken Assad.

“There is a great deal of concern on a very bipartisan basis with our strategy in Syria,” said Rep. Adam B. Schiff (Calif.), the ranking Democrat on the intelligence panel. He declined to comment on specific provisions of the committee’s bill but cited growing pessimism that the United States will be in a position “to help shape the aftermath” of Syria’s civil war.

[snip]

“Assad is increasingly in danger, and people may be taking bets on how long he can last, but it’s largely not as a result of action by so-called moderates on the ground,” said a senior Republican aide in Congress, who spoke on the condition of anonymity, citing the sensitivity of the subject.

[snip]

“Unfortunately, I think that ISIS, al-Nusra and some of the other radical Islamic factions are the best positioned to capi­tal­ize on the chaos that might accompany a rapid decline of the regime,” Schiff said.

Underlying it all, though, appears to be yet another effort (one we’ve seen with propaganda in the press as well) to claim those linked to al Qaeda in Syria are “moderate,” which in turn permits insiders to believe they’ll have some control over Syria after our Sunni and Israeli allies pull off his defeat.

Remember: Devin Nunes has long shown skepticism about our efforts to use proxy terrorists to spread democracy. And Adam Schiff is simply smarter than the kind of person who typically gets to be a ranking member of an Intelligence Committee. Good for them for finally insisting on metrics and — absent that — reining in the CIA’s gravy train.

The Precedent for Using Presidential National Emergency Proclamations to Expand Surveillance

/6 Comments/in , , /by

On September 14, 2001 — 3 days before signing an expansive Memorandum of Notification that would authorize a suite of covert operations against al Qaeda, and 4 days before signing an AUMF that would give those operations the appearance of Congressional sanction — President Bush declared a National Emergency in response to the 9/11 attack.

The following day, according to a 2002 motion to the FISC to be able to share raw FISA-derived information with CIA and NSA (this was liberated by Charlie Savage), FISC suspended its rules on sharing intelligence derived under FBI-obtained FISA warrants with criminal investigations (see page 26 of this paper for background).

On September 15, 2001, upon motion of the Government, the [FISA] Court suspended the “Court wall,” certification, and caveat requirements that previously had applied to Court-authorized electronic surveillance and physical search of [redacted] related targets, while directing that the FBI continue to apply the standard minimization procedures applicable in each case. As stated in the order resulting from that motion, the Court took this action in light of inter alia:

“the President’s September 14, 2001, declaration of a national emergency and the near war conditions that currently exist;”

“the personal meeting the Court had with the Director of the FBI on September 12, 2001, in which he assured the Court of the collection authority requested from this Court in the face of the nature and scope of the multi-faced response of the United States to the above-referenced attacks;

“the need for the Government to rapidly disseminate pertinent foreign intelligence information to appropriate authorities.”

Ten days after FISC dismantled its role in “the wall” between intelligence and criminal investigations in response to the Executive’s invocation of a National Emergency, on September 25, 2001, John Yoo finished an OLC memo considering the constitutionality of dismantling the wall by replacing “the purpose” in FISA orders with “a purpose.”

A full month later, on October 25, 2001, Congress passed the PATRIOT Act. For over 13 years, analysis of the PATRIOT Act has explained that it eliminated “the wall” between intelligence and criminal investigations by replacing language requiring foreign intelligence be “the purpose” of FISA wiretaps with language requiring only that that be “a significant purpose” of the wiretap. But the FISC suspension had already removed the biggest legal barrier to eliminating that wall.

In other words, the story we’ve been telling about “the wall” for over 13 years is partly wrong. The PATRIOT Act didn’t eliminate “the wall.” “The wall” had already been suspended, by dint of Executive Proclamation and a secret application with the FISC, over a month before the PATRIOT Act was initially introduced as a bill.

FISC suspended it, without congressional sanction, based on the President’s invocation of a National Emergency.

That’s not the only case where the Executive invoked that National Emergency in self-authorizing or getting FISC to authorize expansive new surveillance authorities (or has hidden the authorities under which it makes such claims).

Perhaps most illustratively, on May 6, 2004, Jack Goldsmith pointed to the National Emergency when he reauthorized most aspects of Stellar Wind.

On September 14, 2001. the President declared a national emergency “by reason of the terrorist attacks at the World Trade Center, New York, New York, and the Pentagon, and the continuing and immediate threat of further attacks on the United States.” Proclamation No. 7463, 66 Fed. Reg. 43, !99 (Sept. 14, 2001). The United States also launched a massive military response, both at home and abroad. In the United States, combat air patrols were immediately established over major metropolitan areas and were maintained 24 hours a day until April 2002, The United States also immediately began plans for a military response directed at al Qaeda’s base of operations in Afghanistan.

Only after invoking both the Proclamation and the immediate military response that resulted did Goldsmith note that Congress supported such a move (note, he cited Congress’ September 14 passage of the AUMF, not Bush signing it into law on September 18, thought that may be in part because Michael Hayden authorized the first expansions of surveillance September 14; also remember there are several John Yoo memos that remain hidden) and then point to an article on the friendly-fire death of Pat Tillman as proof that combat operations continued.

On September 14, 2001, both houses of Congress passed a joint resolution authorizing the President “to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks” of September I I. Congressional Authorization § 2(a). Congress also expressly acknowledged that the attacks rendered it “necessary and appropriate” for the United States to exercise its right “to protect United States citizens both at home and abroad,” and acknowledged in particular that the “the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the United States.” id. pmbl. Acting under his constitutional authority as Commander in Chief, and with the support of Congress, the President dispatched forces to Afghanistan and, with the cooperation of the Northern Alliance, toppled the Taliban regime from power Military operations to seek out resurgent elements of the Taliban regime and al Qaeda fighters continue in Afghanistan to this day. See, e.g., Mike Wise and Josh White, Ex-NFL Player Tillman Killed in Combat, Wash. Post, Apr. 24, 2004, at AI (noting that “there are still more than 10,000 U.S. troops in the country and fighting continues against remains of the Taliban and al Qaeda”).

That is, even in an OLC memo relying on the AUMF to provide legal sanction for President Bush’s systematic flouting of FISA for 2.5 years, Goldsmith relied primarily on the National Emergency Proclamation, and only secondarily on Congress’ sanction of such invocation with the AUMF.

The White Paper released in 2006 largely regurgitating Goldsmith’s opinion for more palatable consumption mentions the AUMF first in its summary, but then repeats Goldsmith’s emphasis on the Proclamation in the background section (see pages 2 and 4).

Paragraphs that may discuss such authorizations get redacted in the 2006 application to move content collection under FISC (see page 6). The entire background section (starting at page 5) of the initial Internet dragnet application is also redacted. While we can’t be sure, given parallel claims made in the same 2004 to 2006 period, it seems likely those memoranda also repeated this formula.

Such a formula was definitely dropped. The 2006 memorandum in support of using Section 215 to create a phone dragnet included no mention of authorities. The 2007 memorandum to compel Yahoo to fulfill Protect American Act orders cites PAA, not Emergency Declarations.

But the formula was retained in all discussions of the Administration’s illegal wiretap program in secret declarations submitted in court in 2006, 2007, and 2009, being repeated again in an unclassified 2013 declaration. While these declarations likely all derive, at least in part, from Goldsmith’s memo, it’s worth noting that the government has consistently suggested it could conduct significant surveillance programs without Congressional sanction by pointing to the that National Emergency Proclamation.

This is the precedent I meant to invoke when I expressed concern about President Obama’s expansive Executive Order of the other day, declaring a National Emergency because of cybersecurity.

Ranking House Intelligence Member Adam Schiff’s comment that Obama’s EO is “a necessary part of responding to the proliferation of dangerous and economically devastating cyber attacks facing the United States,” but that it will be “coupled with cyber legislation moving forward in both houses of Congress” only adds to my alarm (particularly given Schiff’s parallel interest in giving Obama soft cover for his ISIL AUMF while having Congress still involved).  It sets up the same structure we saw with Stellar Wind, where the President declares an Emergency and only a month or so later gets sanction for and legislative authorization for actions taken in the name of that emergency.

And we know FISC has been amenable to that formula in the past.

We don’t know that the President has just rolled out a massive new surveillance program in the name of a cybersecurity Emergency (rooted in a hack of a serially negligent subsidiary of a foreign company, Sony Pictures, and a server JP Morgan Chase forgot to update).

We just know the Executive has broadly expanded surveillance, in secret, in the past and has never repudiated its authority to do so in the future based on the invocation of an Emergency (I think it likely that pre FISA Amendments Act authorization for the electronic surveillance of weapons proliferators, even including a likely proliferator certification under Protect America Act, similarly relied on Emergency Proclamations tied to all such sanctions).

I’m worried about the Cyber Intelligence Sharing Act, the Senate version of the bill that Schiff is championing. But I’m just as worried about surveillance done by the executive prior to and not bound by such laws.

Because it has happened in the past.

Update: In his October 23, 2001 OLC memo authorizing the President to suspend the Fourth Amendment (and with it the First), John Yoo said this but did not invoke the September 14, 2001 proclamation per se.

As applied to the present circumstances, the [War Powers Resolution] signifies Congress’ recognition that the President’s constitutional authority alone enables him to take military measures to combat the organizations or groups responsible for the September 11 incidents, together with any governments that may have harbored or supported them, if such actions are, in his judgment, a necessary and appropriate response to the national emergency created by those incidents.

Update: Thanks to Allen and Joanne Leon for the suspend/suspect correction.

PATRIOT Extension: Congress Can’t Just Extend PATRIOT

/1 Comment/in /by

I’ve been remiss in laying out what I think the real solution for Section 215 is; I hope to get to that later this week.

Meanwhile, in the House, the question of what to do about the phone dragnet is already heating up. Adam Schiff, newly appointed ranking member in the House Intelligence Committee, is trying to buck up reform advocates in the face of calls for MOAR HAYSTACKS following the HebdoCharlie attack.

Schiff told me that those who are hoping for reform of bulk metadata collection need to remain vigilant against the possibility that lawmakers will seize on the Paris horror to blunt the case for change.

“Some will argue that the events in Paris make it impossible to reform any of our intelligence gathering programs,” Schiff said. “But as long as we can accomplish these reforms bolstering our privacy, while maintaining our security, we should do so.”

Remember, Schiff was the first to call publicly to have the telecoms hold the phone records.

Newly appointed Chair Devin Nunes, however, not only wants to reauthorize PATRIOT but also FISA (which isn’t expiring).

Q: What do you think should be the path forward for reform of the Foreign Intelligence Surveillance Act Courts? Do you support consideration and passage of the FISA Court Reform Act of 2013? If not, do you have your own proposals for FISA reform?
A: I believe the FISA court system is working well and striking the right balance between protecting Americans’ constitutional rights and allowing for effective intelligence operations to catch terrorists. So I don’t think it needs reform at this time — we don’t want to further encumber intelligence and law enforcement communities who already have a difficult task in tracking those who wish to attack Americans at home and abroad.

[snip]

Our immediate priorities will be analyzing the president’s budget, crafting the intelligence authorization bill and working with other committees to reauthorize FISA and the Patriot Act.

I hope we can hold him to his observation that FISC is working great, because most “reform” efforts (especially the RuppRoge effort out of the House Intelligence Committee) took authority out of FISC’s hands and put it into the IC’s.

One thing is missing from this discussion, on all sides.

Congress needs to do more than just extend PATRIOT, if they want full dragnet. They need to extend it, probably by starting with immunity, and probably some other tweaks, to be able to access all the phone records they want. That’ll be harder to do if it’s not done under cover of “reform.”

 

5 Democrats Have Called on Obama Not to Reauthorize the Dragnet Tomorrow

/in /by

Tomorrow is dragnet day, the next 90-day reauthorization for the dragnet.

In advance of that date, Pat Leahy just called on President Obama to simply let the dragnet end.

The President can end the NSA’s dragnet collection of Americans’ phone records once and for all by not seeking reauthorization of this program by the FISA Court, and once again, I urge him to do just that.  Doing so would not be a substitute for comprehensive surveillance reform legislation – but it would be an important first step.

Leahy joins 4 other Democrats who have already called for the President to unilaterally stop the dragnet.

At a hearing last month, Adam Schiff suggested to DIRNSA Mike Rogers that they move forward without waiting for a new law.

“There’s nothing in statute that requires the government to gather bulk data, so you could move forward on your own with making the technological changes,” Schiff said. “You don’t have to wait for the USA Freedom Act.”

There’s no reason for the NSA to wait for congressional approval to put additional limits on the program “if you think this is the correct policy,” Schiff added. “Why continue to gather the bulk metadata if [Obama administration officials] don’t think this is the best approach?”

And back in June, Senators Wyden, Udall, and Heinrich not only made a similar suggestion in a letter to the President, but laid out how Obama could achieve what he says he wants to without waiting for legislation.

But the President is not going to end the dragnet. Heck, for all we know, FISC has already signed the reauthorization.

Mind you, it may be that President Obama can’t start the new-and-improved dragnet without offering providers immunity and compensation. But if Obama can’t simply end the dragnet without offering telecoms and second level contractors broad immunity, then he’s obviously planning on something more exotic than just regular phone contact chaining.

On USA Freedom: Heed Jan Schakowsky’s Warning

/3 Comments/in /by

There are two reviews of whether HR 3361 constitutes real reform today, one from McClatchy and one from National Journal, both written partly in response to privacy groups’ realization that Mike Rogers has been doing a circumspect victory lap over the shape of the bill.

While neither examines the flip side of the bill — what the intelligence community will gain from this — they both provide a useful caution about the potential pitfalls in the bill, many (but not all) I’ve examined at this site.

McClatchy is particularly useful, though, for the comments from Adam Schiff and Jan Schakowsky, two of the only people on the House Intelligence Committee who tend to balance the interests of civil liberties against the demands of the intelligence community. Here’s what they had to say about the legislative prospects.

Rep. Adam Schiff, D-Calif., an Intelligence Committee member who isn’t among the letter writers, said he hoped to offer an amendment that would seek to “introduce a greater adversarial process in the FISA court” by establishing a panel of attorneys from which counsel could be selected to participate in cases that involved novel legal and technical issues.

“I believe the civil liberties protections can be improved,” Schiff said.

[snip]

Rep. Jan Schakowsky, D-Ill., an Intelligence Committee member, praised the House bill. “If we could improve it,” she said, “I would go back to the original bill’s provisions that would implement stronger reporting regulations and create an office of the special advocate.”

Schakowsky added, though, “ I am most concerned at this point about preventing any efforts to weaken this bipartisan compromise.”

Remember, HPSCI held its markup behind closed doors, and there has been little leaking about went on there, aside from Rogers’ crowing. So this offers a bit of a read of what might have gone on.

Schiff, if you recall, was one of the very first people to get Keith Alexander to admit the government could conduct its contact-chaining program with the telecoms retaining the data. He is generally a pretty good read on the art of the possible. If he thinks this bill can be improved, perhaps he’s got reason for optimism.

But I find Schakowsky’s warning potentially more realistic.

Remember, one thing HPSCI considered was removing all definition of “specific selection term” (or “identifier,” which HPSCI also included). Without a definition, the bill might only prevent bulk collection of phone records, if that; I believe the government could come up with “selection terms” for everything else that would permit systematic programs. And I suspect something like dropping the definition would — will — happen if this ever gets to a conference (indeed, as Jim Sensenbrenner knows better than anyone, that’s how some of the existing loopholes got retained in PATRIOT in 2005-6, at a time when there was also bipartisan uproar over illegal spying). I think Schakowsky is realistic in worrying that, with the momentum it has picked up with unanimous passage in HJC and a voice vote passage in HPSCI, it could get worse just as easily as it could get better.

As I’ve said, this bill defuses the digital equivalent of a nuclear bomb by taking the phone-based relationship database out of the hands of the government. That’s important.

But from there, it’s unclear what effect this bill will have in practice, and could become far less clear if things like that definition disappear. So we’d be well to take Schakowsky’s warning seriously.

The Reason Obama Capitulated on the (Phone) Dragnet

/7 Comments/in /by

This will be a bit of a contrary take on what I believe to be the reasons for President Obama’s capitulation on the dragnet, announcing support today for a plan to outsource the first query in the dragnetting process to the telecoms.

It goes back to the claims — rolled out in February — that the NSA has only been getting 20 to 30% of the call data in the US. Those reports were always silent or sketchy on several items:

  • The claims were always silent that they applied only to Section 215, and did not account for the vast amount of data, including US person cell data, collected under EO 12333.
  • The claims were sketchy about the timing of the claim, especially in light of known collection of cell data in 2010 and 2011, showing that at that point NSA had no legal restrictions on accepting such data.
  • The claims were silent about why, in both sworn court declarations and statements to Congress, Administration officials said the collection (sometimes modified by Section 215, often, especially in court declarations, not) was comprehensive.

Here’s what I think lies behind those claims.

We know that as recently as September 1, 2011, the NSA believed it had the legal authority to collect cell location data under Section 215, because they were doing just that. Congress apparently did not respond well to learning, belatedly, that the government was collecting location data in a secret interpretation of a secret interpretation. Nevertheless, it appears the government still believed it had that authority — though was reevaluating it — on January 31, 2012, when Ron Wyden asked James Clapper about it — invoking the “secret law” we know to be Section 215 — during his yearly grilling of Clapper in the Global Threat hearing.

Wyden: Director Clapper, as you know the Supreme Court ruled last week that it was unconstitutional for federal agents to attach a GPS tracking device to an individual’s car and monitor their movements 24/7 without a warrant. Because the Chair was being very gracious, I want to do this briefly. Can you tell me as of now what you believe this means for the intelligence community, number 1, and 2, would you be willing to commit this morning to giving me an unclassified response with respect to what you believe the law authorizes. This goes to the point that you and I have talked, Sir, about in the past, the question of secret law, I strongly feel that the laws and their interpretations must be public. And then of course the important work that all of you’re doing we very often have to keep that classified in order to protect secrets and the well-being of your capable staff. So just two parts, 1, what you think the law means as of now, and will you commit to giving me an unclassified answer on the point of what you believe the law actually authorizes.

Clapper: Sir, the judgment rendered was, as you stated, was in a law enforcement context. We are now examining, and the lawyers are, what are the potential implications for intelligence, you know, foreign or domestic. So, that reading is of great interest to us. And I’m sure we can share it with you. [looks around for confirmation] One more point I need to make, though. In all of this, we will–we have and will continue to abide by the Fourth Amendment. [my emphasis]

Unsurprisingly, as far as I know, Clapper never gave Wyden an unclassified answer.

Nevertheless, since then the government has come to believe it cannot accept cell data under Section 215. Perhaps in 2012 as part of the review Clapper said was ongoing, the government decided the Jones decision made their collection of the cell location of every cell phone in the US illegal or at least problematic. Maybe, in one of the 7 Primary orders DOJ is still withholding from 2011 to 2013, the FISC decided Jones made it illegal to accept data that included cell location. It may be that a February 24, 2013 FISC opinion — not a primary order but one that significantly reinterpreted Section 215 — did so. Certainly, by July 19, 2013, when Claire Eagan prohibited it explicitly in a primary order, it became illegal for the government to accept cell location data.

That much is clear, though: until at least 2011, DOJ believed accepting cell location under Section 215 was legal. At least by July 19, 2013, FISC made it clear that would not be legal.

That, I believe, is where the problems accepting cell phone data as part of Section 215 come from (though this doesn’t affect EO 12333 data at all, and NSA surely still gets much of what it wants via EO 12333). Theresa Shea has explicitly said in sworn declarations that the NSA only gets existing business records. As William Ockham and Mindrayge have helped me understand, unless a telecom makes it own daily record of all the calls carried on its network — which we know AT&T does in the Hemisphere program, funded by the White House Drug Czar — then the business ecords the phone company will have are its SS7 routing records. And that’s going to include cell phone records. And those include location data for cell phones.

Now, it may be that the telecoms chose not to scan out this information for the government. It may be that after the program got exposed they chose to do the bare minimum, and the cell restrictions allowed them to limit what they turned over (something similar may have happened with VOIP calls carried across their networks). It may be that Verizon and even AT&T chose to only provide that kind of data via EO 12333 program that, because they are voluntary, get paid at a much higher rate. In any case, I have very little doubt that NSA got the phone records from Verizon, just not via Section 215.

But I’m increasingly sure the conflict between Section 215’s limit to existing business record and the limits imposed on Section 215 via whatever means was the source of the “problem” that led NSA to only get 30% of phone records [via the Section 215 program, which is different than saying they only got 30% of all records from US calls].

And a key feature of both the President’s sketchy program…

  • the companies would be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.

And the RuppRoge Fake Fix…

(h)(1)(A) immediately provide the Government with records, whether existing or created in the future, in the format specified by the Government

[snip]

(h)(2) The Government may provide any information, facilities, or assistance necessary to aid an electronic communications service provider in complying with a directive issued pursuant to paragraph (1).

Is that the government gets to dictate what format they get records in here, which they couldn’t do under Section 215. That means, among other things, they can dictate that the telecoms strip out any location data before it gets to NSA, meaning NSA would remain compliant with whatever secret orders have made the collection of cell location in bulk illegal.

Remember, too, that both of these programs will have an alert feature. In spite of getting an alert system to replace the one deemed illegal in 2009 approved on November 8 2012, the government has not yet gotten that alert function working for what are described as technical reasons.

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

It’s possible that, simply doing the alert on exclusively legally authorized data (as opposed to data mixing EO 12333 and FISC data) solves the technical problems that had stymied NSA from rolling out the alert system they have been trying to replace for 5 years. It’s possible that because NSA was getting its comprehensive coverage of US calls via different authorities, it could not comply with the FISC’s legal limits on the alert system. But we know there will be an alert function if either of these bills are passed.

The point is, here, too, outsourcing the initial query process solves a legal-technical problem the government has been struggling with for years.

The Obama plan is an improvement over the status quo (though I do have grave concerns about its applicability in non-terrorist contexts, and my concerns about what the government does with the data of tens to hundreds of thousands of innocent Americans remain).

But don’t be fooled. Obama’s doing this as much because it’s the easiest way to solve legal and technical problems that have long existed because the government chose to apply a law that was entirely inapt to the function they wanted to use it for.

Shockers! A more privacy protective solution also happens to provide the best technical and legal solution to the problem at hand.

Update: Forgot to add that, assuming I’m right, this will be a pressure point that Members of Congress will know about but we won’t get to talk about. That is, a significant subset of Congress will know that unless they do something drastic, like threatening legal penalties or specifically defunding any dragnetting, the Executive will continue to do this one way or another, whether it’s under a hybrid of Section 215 and EO 12333 collection, or under this new program. That is, it will be a selling point to people like Adam Schiff (who advocated taking the call records out of government hands but who has also backed these proposals) that this could bring all US intelligence collection under the oversight of the FISC (it won’t, really, especially without a very strong exclusivity provision that prohibits using other means, which the Administration will refuse because it would make a lot of what it does overseas illegal). This is the same tension that won the support of moderates during the FISA Amendments Act, a hope to resolve real separation of powers concerns with an imperfect law. So long as the Leahy-Sensenbrenner supporters remain firm on their demands for more reforms, we may be able to make this a less imperfect law. But understand that some members of Congress will view passing this law as a way to impose oversight over a practice (the EO 12333 collection of US phone records) that has none.

Update: Verizon has released this telling statement.

This week Congressmen Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) released the “End Bulk Collection Act of 2014”, which would end bulk collection of data related to electronic communications. The White House also announced that it is proposing an approach to end bulk collection. We applaud these proposals to end Section 215 bulk collection, but feel that it is critical to get the details of this important effort right. So at this early point in the process, we propose this basic principle that should guide the effort: the reformed collection process should not require companies to store data for longer than, or in formats that differ from, what they already do for business purposes. If Verizon receives a valid request for business records, we will respond in a timely way, but companies should not be required to create, analyze or retain records for reasons other than business purposes. [my emphasis]

It’s telling, first of all, because Verizon still doesn’t want to have to fuss with anything but their business records. That says it has been unwilling to do so, in the past, which, in my schema, totally explains why the government couldn’t get Verizon cell records using Section 215. (I have wondered whether this was a newfound complaint, since they got exposed whereas AT&T did not; and even in spite of Randal Milch’s denial, I still do wonder whether the Verizon-Vodaphone split hasn’t freed them of some data compliance obligations.)

Just as importantly, Verizon doesn’t want to analyze any of this data. As I have pointed out, someone is going to have to do high volume number analysis, because otherwise the number of US person records turned over will be inappropriately large but small enough it will be a significant privacy violation to do it at that point (for some things, it requires access to the raw data).

I’m unclear whether the RuppRuge Fake Fix plan of offering assistance (that is, having NSA onsite) fixes this, because NSA could do this analysis at Verizon.

Military Commissions (in US!) for Non-Afghan Prisoners Held at Parwan? Brilliant!

/3 Comments/in , /by

When it comes to building policy around Afghanistan, the Obama administration is an endless fount of ideas with colossally ugly optics mixed with untenable legal positions. The latest brilliant offering from them is a beauty:

The Obama administration is actively considering the use of a military commission in the United States to try a Russian who was captured fighting with the Taliban several years ago and has been held by the U.S. military at a detention facility near Bagram air base in Afghanistan, former and current U.S. officials said.

Wait. He was “fighting with the Taliban”? Doesn’t that make him a standard combatant and traditional prisoner of war? Here is more of what the Post has on his history:

The Russian is a veteran of the Soviet war in Afghanistan in the 1980s who deserted and ended up fighting U.S. forces after the Sept. 11, 2001, attacks. U.S. officials said the man, thought to be in his mid- to late 50s, is suspected of involvement in several 2009 attacks in which U.S. troops were wounded or killed. He was wounded during an assault on an Afghan border post that year and later captured.

Little else is known about him except for his nom de guerre, Irek Hamidullan.

No. Still nothing in this description that distinguishes Hamidullan from any other non-Afghan teaming up with the Taliban to take on US forces there. And yet, the military seems to think that their “case” against Hamidullan is among the strongest against the 53 non-Afghan prisoners the US admits to housing at Parwan:

Military prosecutors have examined the evidence against Hamidullan and consider the case among the strongest that could be brought against any of the foreigners held at the Parwan Detention Facility near Bagram.

“He’s pretty well-connected in the terrorist world,” said one official with firsthand knowledge of the case. Hamidullan is thought to have links to one or more insurgent groups and ties to Chechnya, a part of the Russian Federation where rebels have fought two unsuccessful wars for independence.

Officials said Hamidullan remains committed to violent jihad and has sworn that he will return to the battlefield if he is released from prison. U.S. officials said that they have discussed the case with Moscow but that the Russians displayed little or no interest in his return. The senior official said transfers “are not always just up to us. Other countries have a say. Detainees have a say” in cases in which there are concerns about inhumane treatment.

How in the world does one become a fitting subject for a special military commission as an illegal combatant even while pledging to “return to the battlefield”? Read more

What’s the Relationship Database About?

/23 Comments/in , /by

Atrios asks what the whole dragnet is about.

It’s actually a serious question. Maybe it’s just a full employment program for spooks. Maybe they just do it because they can. But the only “real” point to such an extensive surveillance system is to abuse that surveillance (the surveillance itself is already an abuse of course).

At best it’s a colossal fucking waste of money. At worst?

I actually think there are understandable answers for much of this.

Since Michael Hayden took over the NSA, contractors have assumed an increasingly dominant role in the agency, meaning you’ve got a former DIRNSA at Booz Allen Hamilton pitching future Booz VPs on solutions to keep the country safe that just happen to make them fabulously profitable and don’t happen to foreground privacy. As Thomas Drake showed, we’re pursuing the biggest and most privacy invasive solutions because contractors are embedded with the agency.

I think there’s the One Percent approach we got from Dick Cheney, that endorses maximal solutions to hunt terrorists even while avoiding any real accountability (both for past failures and to review efficacy) because of secrecy. We’re slowly beginning to wean ourselves from this Cheney hangover, but it is taking time (and boosters for his approach are well-funded and publicized).

And, at the same time, criminals and other countries have attacked our weak network security underbelly, targeting the companies that have the most political sway, DOD contractors and, increasingly, financial companies, which is setting off panic that is somewhat divorced from the average American’s security. The accountability for cybersecurity is measured in entirely different ways than it is for terrorism (otherwise Keith Alexander, who claims the country is being plundered like a colony, would have been fired years ago). In particular, there is no punishment or even assessment of past rash decisions like StuxNet. But here, as with terrorism, the notion of cost-benefit assessment doesn’t exist. And this panicked effort to prevent attacks even while clinging to offensive cyberweapons increasingly drives the overaggressive collection, even though no one wants to admit that.

Meanwhile, I think we grab everything we can overseas out of hubris we got while we were the uncontested world power, and only accelerated now that we’re losing that uncontested position. If we’re going to sustain power through coercion — and we developed a nasty habit of doing so, especially under Bush — then we need to know enough to coerce successfully. So we collect. Everything. Even if doing so makes us stupider and more reliant on coercion.

So I can explain a lot of it without resorting to bad faith, even while much of that explanation underscores just how counterproductive it all is.

But then there’s the phone dragnet, the database recording all US phone-based relationships in the US for the last 5 years. Read more

3 Tech Issues the Non-Technologist NSA Technical Committee Needs to Address

/32 Comments/in , /by

A number of people are asking why I’m so shocked that President Obama appointed no technologists for his NSA Review Committee.

Here are three issues that should be central to the Committee’s discussions that are, in significant part, technology questions. There are more. But for each of these questions, the discussion should not be whether the Intelligence Community thinks the current solution is the best or only one, but whether it is an appropriate choice given privacy implications and other concerns.

  • Whether the Intelligence Community can accomplish the goals of the Section 215 dragnet without collecting all US person metadata
  • Whether the NSA can avoid collecting Multiple Communication Transactions as part of upstream collection
  • How to oversee unaudited actions of technical personnel

There are just three really obvious issues that should be reviewed by the committee. And for all of them, it would be really useful for someone with the technical background to challenge NSA’s claims to be on the committee.

Whether the Intelligence Community can accomplish the goals of the Section 215 dragnet without collecting all US person metadata

One of the most contentious NSA practices — at least as far as most Americans go — is the collection of all US person phone metadata for the Section 215 dragnet. Yet even Keith Alexander has admitted — here in an exchange with Adam Schiff in a House Intelligence Committee hearing on June 18 — that it would be feasible to do it via other means, though perhaps not as easy.

REP. SCHIFF: General Alexander, I want to ask you — I raised this in closed session, but I’d like to raise it publicly as well — what are the prospects for changing the program such that, rather than the government acquiring the vast amounts of metadata, the telecommunications companies retain the metadata, and then only on those 300 or so occasions where it needs to be queried, you’re querying the telecommunications providers for whether they have those business records related to a reasonable, articulable suspicion of a foreign terrorist connection?

Read more

“Credibility”

/36 Comments/in /by

An embarrassing number of people in DC have been saying publicly since Friday that we have to launch cruise missiles against Bashar al-Assad or risk the “credibility” of the United States. John McCainMike McCaul. Adam Schiff. Former NSC staffer Barry Pavel.

But this WSJ piece — after describing how central the Saudis were in presenting earlier claims that Assad had used chemical weapons and in the midst of descriptions of how central a role Bandar bin Sultan is playing in drumming up war against Syria — reports that Saudi King Abdullah and others were bitching about US credibility as early as April.

In early April, said U.S. officials, the Saudi king sent a strongly worded message to Mr. Obama: America’s credibility was on the line if it let Mr. Assad and Iran prevail. The king warned of dire consequences of abdicating U.S. leadership and creating a vacuum, said U.S. officials briefed on the message.

Saudi Foreign Minister Prince Saud al-Faisal, who was the first Saudi official to publicly back arming the rebels, followed with a similar message during a meeting with Mr. Obama later that month, the officials said.

I wonder if we started taking Saudi taunts about our credibility more seriously after Bandar made a show of wooing Vladimir Putin?

In any case, here we go, hastily getting involved in the war in Syria and potentially escalating it across the region as a whole, without proper review much less a plan on how to actually improve the situation in Syria.

Credibility.

Apparently, the only kind of credibility that matters for America’s place in the role anymore is if our Saudi overlords suggest we lack credibility if we fail to do their explicit, and long-planned, bidding.

Credibility.

Meanwhile think of all the things American has squandered its position as unquestioned leader of the world without confronting. Poverty, hunger. The most obvious, of course, is climate change.

How much more “credibility” would the United States have by now if, at the start of his Administration, Obama had launched not just a Manhattan project to dramatically curb American use of fossil fuels, but also invested the goodwill Obama had (back before he expanded the drones) to find an equitable, global approach to climate change.

Credibility.

Apparently, the only thing the Villagers in DC think could or should win us “credibility” is in unquestioningly serving as global enforcer against the brutal dictators our brutal dictator friends the Saudis wants us to punish (though the Saudis are quite selective about which brutal dictators they stake our credibility on).

America could have used its power and leadership to earn real credibility. Instead, we’re trying to suck up to Bandar Bush.