Posts

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Five Reasons the 702 Reauthorization Transparency Provisions Are Bogus

I thought that, after Bob Litt left the Office of Director of National Intelligence, we might stop pushing transparency measures in surveillance bills that don’t provide transparency.

Nope.

For the most part, the added transparency in the bill is either already being accomplished (like counts of individual FISA orders or published minimization procedures) or useless. The exception is language requiring a real count of Pen Registers, which would fix a problem in the USA Freedom Act transparency provisions, which only counted Pen Registers that targeted communications, but not that targeted things like location data.

I’ll deal with two others — a declaration tied to Section 309 and a Comptroller General review of classification — separately.

The truly insulting “transparency” provisions, however, are the ones that pretend to count US person impact but do anything but. There are two parts to them. First, the bill mandates semiannual reports from the FBI (which, remember, got exempted from everything meaningful in the USA Freedom Act transparency provisions).

(d) SEMIANNUAL FBI REPORTS.—Together with the semiannual report submitted under subsection (a), the Director of the Federal Bureau of Investigation shall submit to the congressional committees specified in such sub-section, and make publicly available, a report containing, with respect to the period covered by the report, the number of queries made by the Federal Bureau of Investigation described in subsection (j)(1) of section 702 that resulted in communications being accessed or disseminated pursuant to such subsection.

The section requires the FBI Director to count how many queries are made under the new court order queries that — as I’ve already pointed out — are utterly meaningless. Whereas last year there was one equivalent count, in the future there will be none, because it will be a pain in the ass to get a criminal search order and it will remain easy as pie to treat any query as an assessment to use criminal evidence for foreign intelligence purposes. So this requirement is like dividing by zero: it doesn’t get you anywhere.

Then there’s the sham count of US persons sucked in by 702.

(c) INCIDENTALLY COLLECTED COMMUNICATIONS AND OTHER INFORMATION.—Together with the semi-annual report submitted under subsection (a), the Director of National Intelligence shall submit to the congressional committees specified in such subsection a report on incidentally collected communications and other information regarding United States persons under section 702. Each such report shall include, with respect to the 6-month period covered by the report, the following:

(1) Except as provided by paragraph (2), the number, or a good faith estimate, of communications acquired under subsection (a) of such section of known United States persons that the National Security Agency positively identifies as such in the ordinary course of its business, including a description of any efforts of the intelligence community to ascertain such number or good faith estimate.

(2) If the Director determines that calculating the number, or a good faith estimate, under paragraph (1) is not achievable, a detailed explanation for why such calculation is not achievable.

(3) The number of—

(A) United States persons whose information is unmasked pursuant to subsection (e)(4) of such section;

(B) requests made by an element of the Federal Government, listed by each such element, to unmask information pursuant to such subsection; and

(C) requests that resulted in the dissemination of names, titles, or other identifiers potentially associated with individuals pursuant to such subsection, including the element of the intelligence community and position of the individual making the request.

(4) The number of disseminations of communications acquired under subsection (a) of section 702 to the Federal Bureau of Investigation for cases not pertaining to national security or foreign intelligence.

(5) The number of instances in which evidence of a crime not pertaining to national security or foreign intelligence that was identified in communications acquired under subsection (a) of section 702 was disseminated from the national security branch of the Bureau to the criminal investigative division of the Bureau (or from such successor branch to such successor division).

Here’s why this is meaningless:

Under 702 precedent, it’s unclear whether the most intrusive collection is “incidental” or “intentional”

First, note what they call this? “Incidentally collected” communications.

One of the most concerning groups of Americans collected under 702 are, at least according to John Bates’ 2011 702 opinionnot incidental. Those are the entirely domestic communications believed to be foreign and targeted intentionally, such as the old MCT emails.

That’s important because what likely happens with a good deal of Americans communications — those collected under the 2014 exception — will mostly be purged in the post-tasking process. When NSA did a count of collections in 2011, they tried to hide how much they’re purging — and likely did hide a good bit even from the final count. The language of this provision, which only requires a count of Americans it “positively identifies as such in the ordinary course of its business,” would certainly invite NSA to do the same again.

At the very least, this provision should include both a definition of incidental and a definition of “ordinary course of business.”

An “ordinary course of business” at NSA will miss where most interaction with US person data occurs in the “ordinary course of business”

Then consider what it means that NSA — and not CIA or FBI, both of whom do a lot more searches on Americans collected under 702 — is asked to do this count. The other agencies are going to come across a lot more Americans because they’re looking for them, but that ordinary course of business exposure of Americans won’t ever be counted if the only count happens at NSA.

If DNI won’t be asked for a real count, don’t permit him to say a count is impossible

And even there, the DNI can balk and — as he and others have been saying for 6 years — claim they can’t come up with a number. This provision should either demand a real number and permit this cop out, or use the “ordinary course” number and demand a real number.

The obsession with unmasking represents an elite person’s focus on impact

Unsurprisingly, there’s several requirements on unmasking (as well as another entire section of this focusing on procedures for unmasking and a dedicated report on it, which I’m ignoring).

I know that certain Republicans have discovered the impact of surveillance by learning that they or their friends can be swept up having sensitive conversations with Russians. But the focus on unmasking really reflects an elite concern. That’s because the people who are most likely to be swept up in intercepts but masked because the political sensitivity of collecting on them outweighs the intelligence value are elites — people like Devin Nunes and Jeff Sessions, not people like Mohammed Mohamud or other brown people. Those non-elite people are the ones who’ll be prosecuted for being swept up in a 702 intercept, rather than warned off by the FBI.

So along with the boredom of having Republicans continue to pretend this is the most dangerous impact on Americans, understand that believing that is largely about elites worrying about elites.

Tracking disseminations that don’t happen

Finally, the transparency provisions track two kinds of sharing with FBI criminal investigators, that don’t track how Americans might be affected in criminal investigations.

First, it asks for “The number of disseminations of communications acquired under subsection (a) of section 702 to the Federal Bureau of Investigation for cases not pertaining to national security or foreign intelligence.” It doesn’t define “national security” (elsewhere, the bill invites the IC to define foreign intelligence). It doesn’t say “dissemination” from whom? Is this just crimes like kiddie porn (which can be a foreign intelligence if owned by a Boeing engineer, under the Gartenlaub precedent) identified by the NSA and handed over?

But the entire item is pretty meaningless, given that FBI gets raw data, which is where evidence of a crime is most likely to be IDed.

Then there’s the question about how much gets disseminated from FBI’s National Security Division to FBI’s criminal division. But at least as I understand it from Semiannual reports, access to FISA data has all been decentralized to the field office. Already, that creates problems for oversight, because ODNI and DOJ aren’t doing visits to all field offices (contrary to what was claimed in congressional testimony this year). But that also means it doesn’t (as far as I know) take a dissemination from NSD to criminal to result in the dissemination of information, because Agents with FISA clearance are going to be able to access that data from the comfort of their own office.

For both these counts, then, HJC seems to be pretending that no raw 702 data is shared with FBI. But it is. And that’s the stuff that matters.

Which is why that’s the stuff we’ll never be able to count.

Congress keeps pretending they want counts of the impact of this. The NSA count they’re refusing to do is one thing — they can at least claim privacy considerations.

But they biannual charade of pretending we’re getting FBI to examine the impact of their actions when in fact we’re letting them operate without any such metrics is getting old.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

702 Reauthorization Bill: The “About” Fix (What Is A Person?)

I’m going to do a series of posts on the draft 702 reauthorization bill, which is here. The bill makes a number of improvements to the status quo, but it’s not clear whether it fixes the biggest problems with Section 702.

Take the “about” fix, which is a short and sweet change to the targeting procedures.

(4) LIMITATION.—During the period preceding September 30, 2023, the procedures adopted in accordance with paragraph (1) shall require that the targeting of a person is limited to communications to or from the targeted person.

As a reminder, “about” collection targeted the content of “communications” — perhaps searching on something like Osama bin Laden’s phone number in the content of email. It posed a problem because sometimes NSA obtains upstream communications in bundles, meaning they’ll get a number of unrelated communications at the same time. In such a case, if an email in a bundle included the target (OBL’s phone number), then all the emails would be collected, which also might include emails to other people. In a small number of cases, such collection would result in the collection of entirely domestic communications that had no foreign intelligence value; it resulted in a larger number of entirely domestic, unbundled communications that were of foreign intelligence value because they mentioned the selector.

The legislative fix largely parallels the fix Rosemary Collyer approved in April. She accomplished this (relying on an Administration memo that, unlike almost everything else from the reauthorization process, has not been released) this way:

Finally, upstream collection of Internet transaction [redacted] for communications to or from a targeted person, but “abouts” communication may no longer be acquired. The NSA Targeting Procedures are amended to state that “[a]cquisitions conducted under these procedures will be limited to communications to or from persons targeted in accordance with these procedures. [citation removed], and NSA’s Minimization Procedures now state that Internet transactions acquired after March 17, 2017, “that are not to or from a person targeted in accordance with NSA’s section 702 targeting procedures are unauthorized acquisitions and therefore will be destroyed upon recognition.” [citation removed]

Here’s how it looks in practice, in the current targeting procedures.

In both cases, I have a similar concern, one which is made more obvious in the targeting procedures. They start by suggesting that all acquisitions under 702 will be limited to “communications to or from persons targeted in accordance with these procedures.” But then its discussion of upstream collection defines “Internet transaction” in such a way to treat it only as a communication.

The draft bill similarly suggests the possibility that there is the targeting of persons — for whom the active user rule much hold, but if there were some other kind of targeting, it might not hold.

What is a person, in this situation? Does this language prevent NSA from targeting a group (a point raised by John Bates on precisely this point in 2011)? Can NSA target — say — an encryption product used by a corporate group (ISIS’s shitty encryption product, for example), and if so are all users of that product assumed to be part of the group? What happens if the collection is targeting the command and control server of a botnet; any communications back and forth from it are, technically speaking, communications, but not involving a human person.

In other words, both versions of this prohibition seem to operate under they fiction that NSA is just collecting emails, traditional communications between traditional people. I’m actually not sure how the language would apply to other stuff. I’m also not sure if the possible exceptions would have privacy concerns.

Which is why I’m not certain whether the prohibition actually eliminates the privacy threat in question.

Not least, because directly after the introduction of the prohibition in her opinion, Collyer acknowledges that NSA will still obtain entirely domestic comms.

As I’ve said elsewhere, I think this prohibition does fix the email (and other kinds of Internet messaging) MCT problem. But given that even Collyer admits NSA will still obtain domestic communications, there’s still the problem that those domestic comms will be sucked up in the newly permitted back door searches of upstream communications.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Curious Timing of Flynn Events and EO 13769

The crew here has been seasonally busy; there are graduations, returns from college, business and vacation travel, many other demands keeping us away from the keyboard. Bear with us.

That’s not to say we’re not stewing about — well, everything. EVERYTHING. Pick a subject and it’s probably on fire if it’s not smoldering. Touch it and it may burst into flame, kind of like James Comey’s job.

Yesterday’s Senate Judiciary Committee hearing with testimony from Sally Yates and James Clapper is one such topic utterly ablaze. How to even start with what went wrong — like Ted ‘Zodiac Killer’ Cruz and his sidling up to ‘But her emails!’. Or John Kennedy’s [string a bunch of expletives together and insert here] questions which did nothing to further any investigation.

I’m glad Sally Yates laid one across Cruz on the Immigration and Nationality Act of 1965 (INA); he deserved it for his particularly egregious mansplaining.

As you can see from their tweets, I know my fellow contributors have much they wish they could post about the hearing. I know after the closing gavel I had many more questions, not fewer.

Like timing. Timing seemed so inter-related on seemingly disparate issues.

What about the timing of Yates’ discussion with White House Counsel Don McGahn about Lt. Gen. Michael Flynn (ret.) and the timing of the Muslim travel ban, Executive Order 13769?

10-NOV-2017 — First warning about Flynn to Trump by Obama during post-election meeting.

18-NOV-2017 — Flynn named National Security Adviser by Trump.

25-DEC-2017 — Flynn allegedly sends text messages to Russian ambassador Sergei Kislyak including holiday greetings.

29-DEC-2017 — New sanctions announced by Obama, including eviction of 35 Russians (including family members) from two compounds.

29-DEC-2017 — Michael Flynn talks with Kislyak more than once on the same day.

30-DEC-2017 — Trump tweeted positively about Russian president Vladimir Putin’s refusal to retaliate against the new sanctions.

12-JAN-2017 — The Washington Post reported on the Flynn-Kislyak conversations; source cited is “a senior U.S. government official.”

15-JAN-2017 — VP Mike Pence says in a TV interview that he had talked with Flynn about contact with Kislyak:

JOHN DICKERSON: Let me ask you about it was reported by David Ignatius that the incoming national security advisor Michael Flynn was in touch with the Russian ambassador on the day the United States government announced sanctions for Russian interference with the election. Did that contact help with that Russian kind of moderate response to it? That there was no counter-reaction from Russia. Did the Flynn conversation help pave the way for that sort of more temperate Russian response?

MIKE PENCE: I talked to General Flynn about that conversation and actually was initiated on Christmas Day he had sent a text to the Russian ambassador to express not only Christmas wishes but sympathy for the loss of life in the airplane crash that took place. It was strictly coincidental that they had a conversation. They did not discuss anything having to do with the United States’ decision to expel diplomats or impose censure against Russia.

JOHN DICKERSON: So did they ever have a conversation about sanctions ever on those days or any other day?

MIKE PENCE: They did not have a discussion contemporaneous with U.S. actions on—

JOHN DICKERSON: But what about after—

MIKE PENCE: —my conversation with General Flynn. Well, look. General Flynn has been in touch with diplomatic leaders, security leaders in some 30 countries. That’s exactly what the incoming national security advisor—

JOHN DICKERSON: Absolutely.

MIKE PENCE: —should do. But what I can confirm, having spoken to him about it, is that those conversations that happened to occur around the time that the United States took action to expel diplomats had nothing whatsoever to do with those sanctions.

JOHN DICKERSON: But that still leaves open the possibility that there might have been other conversations about the sanctions.

MIKE PENCE: I don’t believe there were more conversations.

20-JAN-2017 — Inauguration Day

21-JAN-2017 — Flynn has a follow-up call with Kislyak with regard to a future phone call between Trump and Putin.

23-JAN-2017 — Answers to questions during a press briefing with White House Press Secretary Sean Spicer didn’t match what Pence said in the 15-JAN interview. Spicer said, “There’s been one call. I talked to Gen. Flynn about this again last night. One call, talked about four subjects. … During the transition, I asked Gen. Flynn that – whether or not there were any other conversations beyond the ambassador and he said no.”(Come on, Spicey. Come the fuck on. Pure sloppiness; this isn’t the time for disinformation.)

24-JAN-2017 — Flynn is interviewed by the FBI and without a lawyer present. Yates informed McGahn about Flynn’s interview.

25-JAN-2017 — Yates reviews Flynn’s interview.

25-JAN-2017 — Draft of the travel ban EO leaked and published by WaPo

A provision about safe zones in Syria appears in this draft. It will not appear in the final EO.

26-JAN-2017 — Yates called McGahn that morning and asked for an in-person meeting about a sensitive topic she could not discuss on the phone. They met later that afternoon at McGahn’s office:

…We began our meeting telling him that there had been press accounts of statements from the vice president and others that related conduct that Mr. Flynn had been involved in that we knew not to be the truth.”

A senior member of the DOJ’s National Security Division accompanied Yates. Yates explained why Flynn was compromised and how his actions set Pence up to make unknowingly false statements to the public.

Spicer has said McGahn immediately notified and briefed Trump after meeting with Yates.

27-JAN-2017 — McGahn called Yates and asked for a second in-person meeting. Yates met him at his office. During their conversation, McGahn asked, “Why does it matter to DOJ if one White House official lies to another?” Yates re-reviews the FBI’s concerns shared the previous day. (I want to ask if McGahn got his JD out of a box of Cracker Jacks.) McGahn asked,

“And there was a request made by Mr. McGahn, in the second meeting as to whether or not they would be able to look at the underlying evidence that we had that we had described for him of General Flynn’s conduct.” (Bold mine; who is ‘they’?)

Yates indicated she would work with FBI team and “get back with him on Monday morning.”

27-JAN-2017 — Travel ban EO signed and distributed. Rex Tillerson has not yet appeared before the Senate in a confirmation hearing. Defense Department’s James Mattis did not see the EO until morning of January 27; the EO is signed later in the day after Mattis was sworn in just before 3:00 p.m. Homeland Security Secretary John Kelly said he saw final EO draft not long before it was signed. Office of Legal Counsel issued a determination about the EO that day, “the proposed order is approved with respect to form and legality.” According to Yates’ SJC testimony the OLC’s determination goes to the form and not the content of the EO.

28-JAN-2017 — Federal Judge Ann Donnelly issued a stay late Saturday on deportations of persons with valid visas.

29-JAN-2017 — Though not yet confirmed as Secretary of State, Tillerson involved in cabinet-level meetings in pre-dawn hours regarding the travel ban.

30-JAN-2017 — Yates called McGahn that morning and told him he could go to FBI to look at “underlying evidence.” McGahn does not reply until the afternoon. Yates didn’t know whether McGahn looked at evidence because “because that was my last day with DOJ.” Yates ordered DOJ not to defend the EO in court

30-JAN-2017 — Yates is fired by the White House Monday night. White House statement said,

“The acting Attorney General, Sally Yates, has betrayed the Department of Justice by refusing to enforce a legal order designed to protect the citizens of the United States … This order was approved as to form and legality by the Department of Justice Office of Legal Counsel. … Ms. Yates is an Obama Administration appointee who is weak on borders and very weak on illegal immigration. It is time to get serious about protecting our country. Calling for tougher vetting for individuals travelling from seven dangerous places is not extreme. It is reasonable and necessary to protect our country.”

08-FEB-2017 — WaPo reports Flynn denied twice discussing Russian sanctions with Kislyak.

09-FEB-2017 — Allegedly, Pence learned this day Flynn was not straight with him about his interactions with Kislyak. WaPo reported Flynn had discussed sanctions with Kislyak prior to the inauguration.

10-FEB-2017 — ABC News reported Flynn wasn’t certain he talked about the sanctions with Kislyak. Pence spoke with Flynn twice this day.

12-FEB-2017 — Stephen Miller dodges questions about Flynn’s status during Sunday morning TV interviews.

13-FEB-2017 — Flynn resigns, 18 days after Yates raised questions with the White House about his vulnerability to compromise.

Yates’ directive not to enforce the illegal travel ban EO is the prima facie reason why she was fired a week after the EO was pushed. But was it really the travel ban or the fact she had not only warned the White House about Flynn’s compromised status but the implication there might be more at stake?

The rushed timing of the EO — pushed out on a Friday night after business hours — and its inception generate more questions about the travel ban.

Who really wrote the travel ban? Some reports say the ‘major architects’ were Stephen Miller and Steve Bannon, neither of whom have law degrees or any experience in legal profession. Wikipedia entry for Bannon indicates he has a master’s in national security studies from Georgetown, but there’s no indication about the date this was conferred and it’s still not a law degree. Miller has a BA from Duke and a bunch of cred from writing conservative stuff, much of it with a white nationalist bent. (Yeah, stuff, because none of it provided adequate background to write effective executive orders.)

There were reports a week after the first travel ban EO was issued which indicated Congressional aides actually wrote the executive order — aides from Rep. Bob Goodlatte’s office.

Who were those aides?

Why Goodlatte’s aides? Was it because Goodlatte is the Chairman of the House Judiciary Committee?

Was it because of Goodlatte’s immigration bills circa 2013:

H.R. 2278, the “Strengthen and Fortify Enforcement Act” (The SAFE Act)
H.R. 1773, the “Agricultural Guestworker Act”
H.R. 1772, the “Legal Workforce Act”
H.R. 2131, the “SKILLS Visa Act”

In other words, did the aides who wrote those bills also assist with and/or write the EO?

If these aides helped the ‘major architects’, why did the travel ban EO look so clearly illegal?

Did these aides ever refer the ‘major architects’ to the Office of Legal Counsel for assistance with the EO’s wording?

Did media try to interview the aides in question? If not, why? If not permitted to do so, why?

Did those aides sign a non-disclosure agreement with the White House? (Why the hell are there NDAs for ANY government employee anyhow, especially those with security clearance of any level? This is OUR government, not the Trump holding company.) Did the aides limit their work to transition team support, or were they working on the EO post-inauguration? Did they take vacation time to do the work? Or were they performing work for the White House on Congress’ dime?

In spite of his iffy-sounding support for their work, did Goodlatte kick those aides in the ass for moonlighting while puncturing the separation between the Executive Branch and the Legislative Branch, making it appear (if tenuously) there was a degree of concurrence between the two branches?

Did Michael Flynn talk about the EO with these aides?

And was Flynn one of the ‘major architects’ of the travel ban EO along with Miller and Bannon as reported in some outlets?

Assuming Flynn was a co-architect/co-author of the EO, was the EO pushed through in a hurry to effect Flynn’s work before he might be terminated and/or prosecuted?

Was the execution of a travel ban EO part of a quid pro quo with a foreign entity?
Is this the reason why Trump reduced the role of chairman of the Joint Chiefs of Staff and the director of national intelligence to “an as-needed basis” on National Security Council — to reduce potential interference by seasoned security professionals who might stop the EO?

Was Miller’s role in the creation of the travel ban EO less about any experience he has but instead related to his former work during 113th Congress with the Gang of Eight on immigration reform? (We come full circle – see Goodlatte’s bills above.)

How might this travel ban EO — banning Muslims from specific countries — help a foreign entity?

Or was the Muslim travel ban EO simply launched early — before the administration even had a Secretary of State, before its content was reasonably defensible — to distract Yates and the DOJ and derail further investigation into Flynn’s compromised status?

I’m sure if I spend any more time re-reading the SJC’s hearing transcript I’ll come up with even more questions. But as events around Flynn and the travel ban EO unfolded as if knit together, I can’t help wondering if they really were of a piece.

How odd that the first thing the first SJC non-chair member did, before asking witnesses any questions, was hand out a timeline of events to all the participants.

And how convenient FBI Director James Comey screwed up his last testimony before congress enough that his firing this evening by the White House would look entirely justified — immediately removing him not only from the next FBI flight from Los Angeles to DC but from any further investigation into Michael Flynn.

What timing.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

What Secrets Are the Spooks Telling HJC about Section 702?

There’s a paper that has been making waves, claiming it has found a formula to debunk conspiracies based on the likelihood if they were real, they would have already been leaked. Never mind that people have already found fault with the math, the study has another glaring flaw. It treats the PRISM program — and not, say, the phone dragnet — as one of its “true” unknown conspiracies.

PRISM — one part of the surveillance program authorized by Section 702 of the FISA Amendments Act — was remarkable in that it was legislated in public. There are certainly parts of Section 702 that were not widely known, such as the details about the “upstream” collection from telecom switches, but even that got explained to us back in 2006 by Mark Klein. There are even details of how the PRISM collection worked — its reliance on network mapping, the full list of participants. There are details that were exposed, such as that the government was doing back door searches on content collected under it, but even those were logical guesses based on the public record of the legislative debates.

Which is why it is so remarkable that — as I noted here and here — House Judiciary Committee Chair Bob Goodlatte has scheduled a classified hearing to cover the program that has been the subject of open hearings going back to at least 2008.

The hearing is taking place as we speak with the following witnesses.

  • Mr. Robert S. Litt
    General Counsel
    Office of the Director of National Intelligence
  • Mr. Jon Darby
    Deputy Director for Analysis and Production, Signals Intelligence Directorate
    National Security Agency
  • Mr. Stuart J. Evans
    Deputy Assistant Attorney General for Intelligence, National Security Division
    U.S. Department of Justice
  • Mr. Michael B. Steinbach
    Assistant Director for Counterterrorism
    Federal Bureau of Investigation

This suggests there is either something about the program we don’t already know, or that the government is asking for changes to the program that would extend beyond the basic concept of spying on foreigners in the US using US provider help.

I guess we’re stuck wildarseguessing what those big new secrets are, given the Intelligence Community’s newfound secrecy about this program.

Some observations about the witnesses. First, between Litt and Evans, these are the lawyers that would oversee the yearly certification applications to FISC. That suggests the government may, in fact, be asking for new authorities or new interpretations of authorities.

Darby would be in charge of the technical side of this program. Since the PRISM as it currently exists is so (technologically) simple, that suggests the new secrets may involve a new application of what the government will request from providers. This might be an expansion of upstream, possibly to bring it closer to XKeyscore deployment overseas, possibly to better exploit Tor. Remember, too, that under USA Freedom Act, Congress authorized the use of data collected improperly, provided that it adheres to the new minimization procedures imposed by the FISC. This was almost certainly another upstream collection, which means there’s likely to be some exotic new upstream application that has caused the government some problems of late.

Note that the sole FBI witness oversees counterterrorism, not cybersecurity. That’s interesting because it would support my suspicions that the government is achieving its cybersecurity collection via other means now. But also that any new programs may be under the counterterrorism function. Remember, the NatSec bosses, including Jim Comey, just went to Silicon Valley to ask for help applying algorithms to identify terrorism content. Remember, too, that such applications would have been useless to prevent the San Bernardino attack if they were focused on the public social media content. So it may be that NSA and FBI want to apply algorithms identifying radicalizers to private content.

Finally, and critically, remember the Apple debate. In a public court case, Apple and the FBI are fighting over whether Apple can be required to decrypt its customers’ smart device communications. The government has argued this is within the legal notion of “assistance to law enforcement.” Apple disagrees. I think it quite possible that the FBI would try to ask for decryption help to be included under the definition of “assistance” under Section 702. Significantly, these witnesses are generally those (including Bob Litt and FBI counterterrorism) who would champion such an interpretation.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Jim Sensenbrenner Flip-Flops Wildly on Value of Classified Hearings

Jenna McLaughlin has a report on what I noted here — House Judiciary Committee Chair Bob Goodlatte has scheduled a classified hearing to talk about Section 702 of the FISA Amendments Act on February 2. In it, she includes this unbelievable quote from Jim Sensenbrenner.

“Closed briefings are necessary for members of Congress to ask questions about classified information,” said Judiciary Committee member Jim Sensenbrenner, R-Wisc., in a statement to The Intercept. “However, I would support a subsequent open hearing on Section 702 of the Foreign Intelligence Surveillance Act because transparency and public discussion are critical to the reform and reauthorization of Section 702.”

It’s unbelievable because, after Sensenbrenner made some horseshit claims of ignorance immediately after Edward Snowden revealed the phone dragnet that had been authorized by legislation Sensenbrenner had authored, people started asking why he hadn’t gone to the classified hearings, at which DOJ briefed members about the dragnet (and FBI later lied about the abuses carried out in executing that dragnet).

Sensenbrenner’s spokesperson explained back in 2013 that he didn’t go to those classified hearing because he didn’t want to be restrained by confidentiality.

Asked whether his boss had attended any of those sessions during that period, Sensenbrenner spokesperson Ben Miller said the congressman “does not want to be limited by the restraints of confidentiality. Therefore, he believes in an open dialogue by which legislative solutions can be constructed and passed into law before the public.” Miller said Sensenbrenner had “attended confidential briefings in the past,” but didn’t say how many, which ones, or whether any dealt directly with the “sensitive” application of section 215.

[snip]

“While some members of Congress were briefed, particularly those on the intelligence committees, most, including myself, were not,” Sensenbrenner wrote in a column for The Guardian newspaper. Sensenbrenner did not disclose, as his spokesperson did for this story, that he chooses not to attend the briefings.

So back in 2013, when Sensenbrenner was disclaiming any responsibility for a dragnet, he didn’t to be restrained by what he gets told in a classified hearing.

But now, at a time when Congress might consider stopping FBI from doing its uncounted back door searches of people it has no evidence against, Sensenbrenner says “closed briefings are necessary.”

Given what 2013 Sensenbrenner said about the importance of conducting these discussions in the light of day, and given that Section 702 has always been debated in public, I would suggest Sensenbrenner’s support for closed hearings now suggests the fix is in.

One wonders what squeals of outrage Sensenbrenner will make in 2023 after new abuses of Section 702 get disclosed?

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

After Lying in a Closed Surveillance Briefing in 2011, Intelligence Community Plans Another Closed Briefing

On May 18, 2011, 48 members of the House (mostly Republicans, but also including MI’s Hansen Clarke) attended a closed briefing given by FBI Director Robert Mueller and General Counsel Valerie Caproni on the USA PATRIOT Act authorities up for reauthorization. The hearing would serve as the sole opportunity for newly elected members to learn about the phone and Internet dragnets conducted under the PATRIOT Act, given Mike Rogers’ decision not to distribute the letter provided by DOJ to inform members on the secret dragnets they were about to reauthorize.

During the hearing, someone asked,

Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

One of the briefers — the summary released under FOIA does not say who — responded,

To the FBI’s knowledge, those authorities have not been abused.

As a reminder, hearing witness Robert Mueller had to write and sign a declaration for the FISC two years earlier to justify resuming full authorization for the phone dragnet because, as Judge Reggie Walton had discovered, the NSA had conducted “daily violations of the minimization procedures” for over two years. “The minimization procedures proposed by the government in each successive application and approved and adopted as binding by the orders of the FISC have been so frequently and systemically violated that it can fairly be said that this critical element of the overall BR regime has never functioned effectively,” Walton wrote in March 2009.

Now, I can imagine that whichever FBI witness claimed the FBI didn’t know about any “abuses” rationalized the answer to him or herself using the same claim the government has repeatedly made — that these were not willful abuses. But Walton stated then — and more evidence released since has made clear he was right since — that the government simply chose to subject the vast amount of US person data collected under the PATRIOT Act to EO 12333 standards, not more stringent PATRIOT Act ones. That is, the NSA, operating under FBI authorizations, made a willful choice to ignore the minimization procedures imposed by the 2006 reauthorization of the Act.

Whoever answered that question in 2011 lied, and lied all the more egregiously given that the questioner had no way of phrasing it to get an honest answer about violations of minimization procedures.

Which is why the House Judiciary Committee should pointedly refuse to permit the Intelligence Committee to conduct another such closed briefing, as they plan to do on Section 702 on February 2. Holding a hearing in secret permits the IC to lie to Congress, not to mention disinform some members in a venue where their colleagues can not correct the record (as Feingold might have done in 2011 had he learned what the FBI witnesses said in that briefing).

I mean, maybe HJC Chair Bob Goodlatte wants to be lied to? Otherwise, there’s no sound explanation for scheduling this entire hearing in closed session.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The FISC Purportedly Continues to Have Problems with “Relevant” and “All”

Amid posts bewailing Rand Paul because the Senator’s substantial discussions of the problems with EO 12333 and Section 702 spying aren’t the substantial discussions he wants (I’ll return to these once more pressing matters have passed), Steve Vladeck has returned to the USA F-ReDux topic on which he doesn’t keep contradicting himself: the amicus.

As he notes (and I noted here), Mitch McConnell is (as we speak) attempting to water down the already flimsy FISC amicus via amendment. And Vladeck — as he has before — exposed the false claims that the objections to the amicus comes from the judiciary, this time as represented in the letter from Director of the Administrative Offices of US Courts James Duff.

Why is such a radical amendment to a provision in the House bill that was negotiated very carefully so necessary? According to the memo, “Amendment 1451 is responsive to the judiciary’s continual opposition to the amicus structure of the USA Freedom Act,” as manifested in “a letter to Congress from the director of the Administrative Office of the U.S. Courts.”

[snip]

I don’t mean to belabor the point. If anything, as I suggested yesterday, section 401 of the House-passed USA FREEDOM Act is a terribly weak version of what should have been a very good (and unobjectionable) idea–allowing a security-cleared outside lawyer to participate in the tiny percentage of cases before the FISC that involve applications for anything besides individualized warrants (you know, the cases in which adversarial participation is already authorized).Part of why section 401 is so weak is because members of Congress have consistently allowed themselves to be snookered by (or have found it convenient to hide behind) the objections of the “judiciary.”

On the merits, though, these objections are patently unavailing. And they certainly aren’t the objections of the “judiciary.”

I’ve also tracked how others, like James Clapper, have been using these purported judiciary concerns to undercut the “advocate” that President Obama used to pretend to want.

What’s particularly interesting, however, is one of the recurrent problems the “judges” seem to keep having. Duff emphasizes that one problem with amici is the Executive would lie to the FISC if telling the truth might risk revealing useful information to an amici. And as one part of that, he focuses on USA F-ReDux’s intent to get

Designated amici are required to have access to “all relevant” legal precedent, as well as certain other materials “the court determines are relevant.

[snip]

We are concerned that a lack of parallel construction in proposed clause (6)(A)(i) (apparently differentiating between access to legal precedent as opposed to access to other materials) could lead to confusion in its application.

This is what Clapper seemed to be going after last September.

Clapper signals he will make the amicus curiae something different. First, he emphasized this amicus will not interfere with ex parte communications between the court and the government. That may violate this passage of Leahy’s bill, which guarantees the special advocate have access to anything that is “relevant” to her duties.

(A) IN GENERAL.—If a court established under subsection (a) or (b) designates a special advocate to participate as an amicus curiae in a proceeding, the special advocate—

[snip]

(ii) shall have access to all relevant legal precedent, and any application, certification, petition, motion, or such other materials as are relevant to the duties of the special advocate;

Given that in other parts of 50 USC 1861, “relevant” has come to mean “all,” it’s pretty amazing that Clapper says the advocate won’t have access to all communication between the government and the court.

But the really interesting thing — the reason McConnell’s as-we-speak attempt to gut the amicus further — is that the House already fixed some of this. In a manager’s amendment presented as technical clarifications (but which, on this issue, were not), Bob Goodlatte rewrote this passage:

(i) shall have access to all relevant legal precedent, and any application, certification, petition, motion, or such other materials that the court determines are relevant to the duties of the amicus curiae;

To read like this, to directly address one of Huff’s stated concerns:

(i) shall have access to any relevant legal precedent, and application, certification, petition, motion, or such other materials that the court determines are relevant to the duties of the amicus curiae;

That is, Goodlatte already gave the court complete discretion over what the amicus could access, up to and including underlying legal precedents.

Of course, all that assumes the courts will get all the information they need, which they have a long history of not doing.

Here’s the real takeaway though. The President likes to claim he supports this reform. But he has already made it clear he didn’t really want an advocate at the FISC, but would instead like the FISC to remain a rubber stamp.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Nine Members of Congress Vote to Postpone the Fourth Amendment

Broadcast live streaming video on Ustream

John Conyers, Jim Sensenbrenner, Darrell Issa, Steve Cohen, Jerry Nadler, Sheila Jackson Lee, Trey Gowdy,  John Ratcliffe, Bob Goodlatte all voted to postpone the Fourth Amendment today.

At issue was Ted Poe’s amendment to the USA Freedom Act (USA F-ReDux; see the debate starting around 1:15), which prohibited warrantless back door searches and requiring companies from inserting technical back doors.

One after another House Judiciary Committee member claimed to support the amendment and, it seems, agreed that back door searches violate the Fourth Amendment. Though the claims of support from John Ratcliffe, who confessed to using back door searches as a US Attorney, and Bob Goodlatte, who voted against the Massie-Lofgren amendment last year, are suspect. But all of them claimed they needed to vote against the amendment to ensure the USA Freedom Act itself passed.

That judgment may or may not be correct, but it’s a fairly remarkable claim. Not because — in the case of people like Jerry Nader and John Conyers — there’s any question about their support for the Fourth Amendment. But because the committee in charge of guarding the Constitution could not do so because the Intelligence Committee had the sway to override their influence. That was a point made, at length, by both Jim Jordan and Ted Poe, with the latter introducing the point that those in support of the amendment but voting against it had basically agreed to postpone the Fourth Amendment until Section 702 reauthorization in 2017.

(1:37) Jordan: A vote for this amendment is not a vote to kill the bill. It’s not a vote for a poison pill. It’s not a vote to blow up the deal. It’s a vote for the Fourth Amendment. Plain and simple. All the Gentleman says in his amendment is, if you’re going to get information from an American citizen, you need a warrant. Imagine that? Consistent with the Fourth Amendment. And if this committee, the Judiciary Committee, the committee most responsible for protecting the Bill of Rights and the Constitution and fundamental liberties, if we can’t support this amendment, I just don’t see I it. I get all the arguments that you’re making, and they’re all good and the process and everything else but only in Congress does that trump — I mean, that should never trump the Fourth Amendment.

(1:49) Poe; We are it. The Judiciary Committee is it. We are the ones that are protecting or are supposed to protect, and I think we do, that Constitution that we have. And we’re not talking about postponing an Appropriations amount of money. We’re not talking about postponing building a bridge. We’re talking about postponing the Fourth Amendment — and letting it apply to American citizens — for at least two years. This is our opportunity. If the politics says that the Intel Committee — this amendment may be so important to them that they don’t like it they’ll kill the deal then maybe we need to reevaluate our position in that we ought to push forward for this amendment. Because it’s a constitutional protection that we demand occur for American citizens and we want it now. Not postpone it down the road to live to fight another day. I’ve heard that phrase so long in this Congress, for the last 10 years, live to fight another day, let’s kick the can down the road. You know? I think we have to do what we are supposed to do as a Committee. And most of the members of the Committee support this idea, they agree with the Fourth Amendment, that it ought to apply to American citizens under these circumstances. The Federal government is intrusive and abusive, trying to tell companies that they want to get information and the back door comments that Ms. Lofgren has talked about. We can prevent that. I think we should support the amendment and then we should fight to keep this in the legislation and bring the legislation to the floor and let the Intel Committee vote against the Fourth Amendment if that’s what they really want to do. And as far as leadership goes I think we ought to just bring it to the floor. Politely make sure that the law, the Constitution, trumps politics. Or we can let politics trump the Constitution. That’s really the decision.

Nevertheless, only Louie Gohmert, Raul Labrador, Zoe Lofgren, Suzan DelBene, Hakeem Jeffries, David Cicilline, and one other Congressman–possibly Farenthold–supported the amendment.

The committee purportedly overseeing the Intelligence Community and ensuring it doesn’t violate the Constitution has instead dictated to the committee that guards the Constitution it won’t be permitted to do its job.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

About HR 3361, the NSA Surveillance Efficiency Act, AKA USA Freedom Act

The House Intelligence Committee passed a bill out of its committee Thursday, HR 3361, that will reportedly solve a problem (or problems) the NSA has been struggling with since 2009. The bill will now move to the full House for a vote.

The public — and surely a great majority of members of Congress — have no idea precisely what problem this bill will solve is: planted leaks suggest it has to do with difficulties dealing with cell phone records, perhaps because they include location data. If that is part of the problem, then it’s a fairly recent development, perhaps arising after US v. Jones raised new concerns about the legality of collecting location data without a warrant. There’s also the presumably-related issue of an automated query function; NSA has been struggling to resume that function since its alert function got shut down as a legal violation in 2009. The ability to tie multiple identities from the same person together as NSA runs those alerts may be a related issue.

The bill has not been reported as a fix for NSA’s long-term legal and technical struggles (though LAT’s Ken Dilanian has asked why civil liberties groups are so happy about this given that it will expose more data to NSA collection). Rather, it has been called the USA Freedom Act and reported as a reform of the phone dragnet program, a successful effort to “end” “bulk collection.”

The bill does have the critically important effect of ending the government’s practice of collecting and storing some significant portion of all US call records, beyond whatever US person call records it collects overseas. That, by itself, is the equivalent of defusing a nuclear bomb. It is a very important improvement on the status quo.

It remains entirely unclear — and unexamined, as far as I can tell — whether the bill will increase or decrease the number of entirely innocent Americans who will be subjected to the full range of NSA’s analytical tradecraft because they got swept up based on the guilt by association principle behind contact-chaining, or whether the bill will actually expose more kinds of US person records to the scrutiny of the NSA.

The bill the press is calling USA Freedom Act may also — though we don’t know this either — have the salutary benefit of changing the way the NSA currently collects data under other Section 215, Pen Register, and NSL collection efforts.  The bill requires that all Section 215 (both call record and otherwise), Pen Register, and NSL queries be based on a specific selection term that remains vaguely defined (a definition the House Intelligence Committee considered eliminating before Thursday’s hearing). But it remains unclear how much that rule — even ignoring questions about the definition — will limit any current practices. At Wednesday’s hearing Bob Goodlatte said the bill “preserves the individual use of Section 215 under the existing relevancy standard for all business records,” and at least for several NSL authorities, the new “restrictions” almost certainly present no change (and another NSL authority, the Right to Financial Privacy Act, uses the same “entity” language the bill definition does, suggesting it is unlikely to change either). Plus, at least according to DOJ’s public claims and court filings, it ended the bulk domestic collection under PRTT in 2011. So the language “ending” “bulk collection” may do no more than make it harder for FBI to construct its own phone books of phone company and ISP subscribers using NSLs, if it does even that.

What the bill doesn’t do — because this part of the bill was stripped as part of the compromise — is provide the Intelligence Community’s oversight committees detailed reports of what kind of records the government obtains under Section 215 (and for what agencies), and how many Americans are subject to all the FISA authorities, including Section 215. That is, the compromise eliminated the one thing that could measure whether the bill really did “end” “bulk collection” as you or I would understand it. In its stead, the bill largely codifies an existing reporting agreement that AT&T has already demonstrated to be completely deceptive. In Wednesday’s hearing, Zoe Lofgren called provider reporting “the canary in the coal mine” the committee would rely on to understand what collection occurred.

So this bill that “ends” “bulk collection” still prevents us, or even the oversight committees working in our name, from learning whether it does so.

It does, however, have some interesting features, given its other purpose of solving one or more challenges facing the NSA.

The first of those is immunity.

No cause of action shall lie in any court against a person who produces tangible things or provides information, facilities, or technical assistance pursuant to an  order issued or an emergency production required under this section. 

This is another part of the bill the underlying reasons for which the public, and probably much of Congress, doesn’t understand. At one level, it seems to immunize the process that may have telecoms playing a role the NSA previously did, analyzing the data; it may also pertain to providing NSA access to the telecoms’ physical facilities. But given the background to the move to telecoms — NSA’s legal-technical problems dealing with cell phone data because it ties to location — it is possible the immunity gives the telecoms protection if they use but don’t turn over data they have already, such as location data or even Internet metadata, to perform the interim analysis.

Consider how the bill describes the call record query process.

[T]he Government  may require the production of call detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using the results of the production under subclause (I) as the basis for production;

So a 2-hop query goes from a “specific selection term” to “the results of the production” to the “call detail record” handed over to the government. While the definition of call detail records clearly prohibits the final production to the government of either content or cell location, nothing in this process description prevents the telecoms from using such things (most Internet metadata is legally content to the telecoms) in that interim hop; indeed, the “results of the production under subclause (I)” available to the telecoms almost certainly would include some of this information, particularly for smart phones. We know the Hemisphere program (the AT&T-specific program for the DEA) uses cell location in its analysis. Remember, too, how NSA is gobbling up smart phone data (including things like address books) in overseas programs; this may permit analysis of similar data — if not collection of it — domestically.  So at the very least, this scheme seems to give the NSA access to cell location and possibly a whole lot more data for analysis they otherwise couldn’t get (which David Sanger’s sources confirm).

And consider two more details from Wednesday’s House Judiciary hearing. At it, Lofgren repeated a list of business records the government might obtain under Section 215 she got Deputy Attorney General James Cole to confirm at an earlier hearing. It includes:

  • ATM photos
  • location where phone calls made
  • credit card transactions
  • cookies
  • Internet searches
  • pictures captured by CCTV cameras

So long as the word “entity” in the definition of specific selection term remains undefined, so long as FISC precedents permit the tapping of entire circuits in the name of collecting on an entity, the government may still be able to collect massive amounts of this data, not actually targeted at a suspect but rather something defined as an entity (in both the existing 215 program and the new call records one the bill retains the “relevant to” language that has been blown up beyond meaning).

Finally, consider what happened with Lofgren’s last attempted amendment. After having submitted a number of other failed amendments, Lofgren submitted an amendment to fix what she called an inadvertent error in the manager’s amendment specifically prohibiting the collection of content under Section 215.

I believe this amendment fixes — at least I hope — an error that was created in the manager’s amendment that I cannot believe was intended. As you know we have specified that the content is not included in business records. This amendment clarifies that business records do not include the content of communication. We specify that in the new section about call detail records, but but the specification that content was not included somehow got dropped out of the business records section. It was included in your original bill but it didn’t make it into the manager’s amendment. I think this amendment clarifies the ambiguity that could be created and I hope it was not intentional.

This is a problem I pointed out here.

Almost without missing a beat after she introduced this, Jim Sensenbrenner recessed the hearing, citing votes. While there were, in fact, votes, Luis Pierluisi (who cast the decisive vote in favor of an amendment to redefine counterintelligence) and possibly Lofgren got a lecture at the break about how any such amendments might blow up the deal the Committee had with Mike Rogers and HPSCI. After the break, Lofgren withdrew the amendment, expressing hope it could be treated as a clerical fix.

That purported error was not fixed before HPSCI (which explicitly permitted the collection of content under its bill) voted out the bill.

Perhaps it will be “fixed” before it comes to the floor.

But if it doesn’t, it may expand (or, given Lofgren’s stated concerns about what records Section 215 might cover, sustain) the use of Section 215 to collect content, not just metadata. Imagine the possibility this gets yoked to expanded analysis at telecoms under the new CDR program?

We don’t know. This bill has gotten past two committees of Congress (we didn’t get to see any of the debate at HPSCI) without these details becoming clear. But the questions raised by this bill when you consider it as the fix to one or more problems the NSA has been struggling with, it does raise real questions.

Again, I don’t want to make light of the one thing we know this bill will do — take a database showing all phone-based relationships in the country out of NSA’s hands. That eliminates an intolerably risky program. That is an important fix.

But that shouldn’t lead us to ignore the potential expansion of spying that may come with this bill.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

USA Freedumb Act and RuppRoge Both Adopt Intelligence Community Definition of “Bulk Collection”

Update: An updated version of the Managers Amendment does define the term:

(2) SPECIFIC SELECTION TERM.—The term  ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

This is far better than nothing. Though I have concerns about “entity” and I suspect there will be some pushback here, since not even phone numbers “uniquely describe a person,” much less IPs. (Update: see my post on my concerns about the definition.)

As I noted in this post, USA Freedumb Act (what I’ve renamed the compromised USA Freedom Act) purports to limit bulk collection by tying all collection to specific selection terms. It does this for Section 215.

No order issued under this subsection may authorize the collection of tangible things without the use of a specific selection term that meets the requirements of subsection (b)(2).

It does it for Pen Register/Trap and Trace.

(3) a specific selection term to be used as the basis for selecting the telephone line or other facility to which the pen register or trap and trace device is to be attached or applied;

And it does for all four NSL types, as here with call records under ECPA.

COUNTERINTELLIGENCE ACCESS TO TELEPHONE TOLL AND TRANSACTIONAL RECORDS.—Section 2709(b) of title 18, United States Code, is amended in the matter preceding paragraph (1) by striking ‘‘may’’ and inserting ‘‘may, using a specific selection term as the basis for a request’’.

In fact, that’s the same mechanism RuppRoge (the House Intelligence Committee’s bill) uses to prevent bulk collection — though it limits bulk collection for fewer categories of things.

It does so for electronic communications records.

Notwithstanding any other provision of law, the Federal Government may not acquire under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) records of any electronic communications without the use of specific identifiers or selection terms.

And it does so for sensitive business records.

Notwithstanding any other provision of law, the Federal Government may not acquire under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) library circulation records, library patron lists, book sales records, book customer lists, firearm sales records, tax return records, education records, or medical records containing information that would identify a person without the use of specific identifiers or selection terms.

And this limitation, both bills proclaim, will prevent bulk collection.

Neither bill defines what they mean by selection term or specific identifier.

Before I consider whether these bills will, in fact, prevent what you and I might consider bulk collection, note what has happened: both of these bills — the crappy Intelligence Committee wish list bill and the allegedly less crappy “reform” bill — have adopted the definition of “bulk collection” used by the notoriously Orwellian Intelligence Community.

This is perhaps best explained in Obama’s President’s Policy Directive on surveillance.

References to signals intelligence collected in “bulk” mean the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).

Now, we’re at a huge disadvantage to be able to assess whether this definition of bulk collection bears any resemblance to what ordinary humans might understand bulk collection to mean, because the government is being very disingenuous about what they claim it to mean.

The government often publicly claims selectors are things “like telephone numbers or email addresses,” as they did repeatedly at the last PCLOB hearing.

I can assure you, however, that when they refer to “selectors like email or telephone,” they’re downplaying their use of things like other IDs (phone handset and SIM card IDs, credit card numbers, Internet IDs or even passwords, IP address, and site cookies). And nothing in the definition says selection terms have to have anything to do with actual people (as the evidence they use malware code as a selector would indicate). Plus, I could envision many things — such as “Area Code 202” or “Western Union transfers over $100”  — that would seem to qualify as selection terms.

But we can measure whether limits to selectors or search terms prohibits bulk collection via another means — by looking at the program about which we’ve gotten most details on selector searches: upstream 702 collection.

While we can’t assess how many “innocent” Americans get sucked up in this purportedly non-bulk collection (and I doubt NSA can either!), we do have an idea how many American communications get sucked up who shouldn’t according to the one-end foreign rule on the collection.

Up to 56,000 American communications a year, according to FISC Judge John Bates’ estimate (because the NSA refused to provide him the real numbers).

56,000 American communications that should not, under the law, have been targeted, sucked up using “identifiers” and “selection terms.”

And the government doesn’t consider that bulk collection at all.

That, my friends, is the standard two different Committees in Congress have adapted as well, doing the intelligence community’s bidding, claiming they’ve solved the bulk collection problem.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.