Posts

Why I Left The Intercept: The Surveillance Story They Let Go Untold for 15 Months

The Intercept has a long, must-read story from James Risen about the government’s targeting of him for his reporting on the war on terror. It’s self-serving in many ways — there are parts of his telling of the Wen Ho Lee, the Valerie Plame, and the Jeffrey Sterling stories he leaves out, which I may return to. But it provides a critical narrative of DOJ’s pursuit of him. He describes how DOJ tracked even his financial transactions with his kids (which I wrote about here).

The government eventually disclosed that they had not subpoenaed my phone records, but had subpoenaed the records of people with whom I was in contact. The government obtained my credit reports, along with my credit card and bank records, and hotel and flight records from my travel. They also monitored my financial transactions with my children, including cash I wired to one of my sons while he was studying in Europe.

He also reveals that DOJ sent him a letter suggesting he might be a subject of the investigation into Stellar Wind.

But in August 2007, I found out that the government hadn’t forgotten about me. Penny called to tell me that a FedEx envelope had arrived from the Justice Department. It was a letter saying the DOJ was conducting a criminal investigation into “the unauthorized disclosure of classified information” in “State of War.” The letter was apparently sent to satisfy the requirements of the Justice Department’s internal guidelines that lay out how prosecutors should proceed before issuing subpoenas to journalists to testify in criminal cases.

[snip]

When my lawyers called the Justice Department about the letter I had received, prosecutors refused to assure them that I was not a “subject” of their investigation. That was bad news. If I were considered a “subject,” rather than simply a witness, it meant the government hadn’t ruled out prosecuting me for publishing classified information or other alleged offenses.

But a key part of the story lays out the NYT’s refusals to report Risen’s Merlin story and its reluctance — until Risen threatened to scoop him with his book — to publish the Stellar Wind one.

Glenn Greenwald is rightly touting the piece, suggesting that the NYT was corrupt for acceding to the government’s wishes to hold the Stellar Wind story. But in doing so he suggests The Intercept would never do the same.

That’s not correct.

One of two reasons I left The Intercept is because John Cook did not want to publish a story I had written — it was drafted in the content management system — about how the government uses Section 702 to track cyberattacks. Given that The Intercept thinks such stories are newsworthy, I’m breaking my silence now to explain why I left The Intercept.

I was recruited to work with First Look before it was publicly announced. The initial discussions pertained to a full time job, with a generous salary. But along the way — after Glenn and Jeremy Scahill had already gotten a number of other people hired and as Pierre Omidyar started hearing from friends that the effort was out of control — the outlet decided that they were going to go in a different direction. They’d have journalists — Glenn and Jeremy counted as that. And they’d have bloggers, who would get paid less.

At that point, the discussion of hiring me turned into a discussion of a temporary part time hire. I should have balked at that point. What distinguishes my reporting from other journalists — that I’m document rather than source-focused (though by no means exclusively), to say nothing of the fact that I was the only journalist who had read both the released Snowden documents and the official government releases — should have been an asset to The Intercept. But I wanted to work on the Snowden documents, and so I agreed to those terms.

There were a lot of other reasons why, at that chaotic time, working at The Intercept was a pain in the ass. But nevertheless I set out to write stories I knew the Snowden documents would support. The most important one, I believed, was to document how the government was using upstream Section 702 for cybersecurity — something it had admitted in its very first releases, but something that it tried to hide as time went on. With Ryan Gallagher’s help, I soon had the proof of that.

The initial hook I wanted to use for the story was how, in testimony to PCLOB, government officials misleadingly suggested it only used upstream to collect on things like email addresses.

Bob Litt:

We then target selectors such as telephone numbers or email addresses that will produce foreign intelligence falling within the scope of the certifications.

[snip]

It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.

[snip]

It is also however selector-based, i.e. based on particular phone numbers or emails, things like phone numbers or emails.

Raj De:

Selectors are things like phone numbers and email addresses.

[snip]

A term like selector is just an operational term to refer to something like an email or phone number, directive being the legal process by which that’s effectuated, and tasking being the sort of internal government term for how you start the collection on a particular selector.

[snip]

So all collection under 702 is based on specific selectors, things like phone numbers or email addresses.

Brad Wiegmann:

A selector would typically be an email account or a phone number that you are targeting.

[snip]

So that’s when we say selector it’s really an arcane term that people wouldn’t understand, but it’s really phone numbers, email addresses, things like that.

[snip]

So putting those cases aside, in cases where we just kind of get it wrong, we think the email account or the phone is located overseas but it turns out that that’s wrong, or it turns out that we think it’s a non-U.S. person but it is a  U.S. person, we do review every single one to see if that’s the case.

That PCLOB’s witnesses so carefully obscured the fact that 702 is used to collect cybersecurity and other IP-based or other code collection is important for several reasons. First, because collection on a chat room or an encryption key, rather than an email thread, has very different First Amendment implications than collecting on the email of a target. But particularly within the cybersecurity function, identifying foreignness is going to be far more difficult to do because cyberattacks virtually by definition obscure their location, and you risk collecting on victims (whether they are hijacked websites or emails, or actual theft victims) as well as the perpetrator.

Moreover, the distinction was particularly critical because most of the privacy community did not know — many still don’t — how NSA interpreted the word “facility,” and therefore was missing this entire privacy-impacting aspect of the program (though Jameel Jaffer did raise the collection on IP addresses in the hearing).

I had, before writing up the piece, done the same kind of iterative work (one, two, three) I always do; the last of these would have been a worthy story for The Intercept, and did get covered elsewhere. That meant I had put in close to 25 hours working on the hearing before I did other work tied to the story at The Intercept.

I wrote up the story and started talking to John Cook, who had only recently been brought in, about publishing it. He told me that the use of 702 with cyber sounded like a good application (it is!), so why would we want to expose it. I laid out why it would be questionably legal under the 2011 John Bates opinion, but in any case would have very different privacy implications than the terrorism function that the government liked to harp on.

In the end, Cook softened his stance against spiking the story. He told me to keep reporting on it. But in the same conversation, I told him I was no longer willing to work in a part time capacity for the outlet, because it meant The Intercept benefitted from the iterative work that was as much a part of my method as meetings with sources that reveal no big scoop. I told him I was no longer willing to work for The Intercept for free.

Cook’s response to that was to exclude me from the first meeting at which all Intercept reporters would be meeting. The two things together — the refusal to pay me for work and expertise that would be critical to Intercept stories, as well as the reluctance to report what was an important surveillance story, not to mention Cook’s apparent opinion I was not a worthy journalist — are why I left.

And so, in addition to losing the person who could report on both the substance and the policy of the spying that was so central to the Snowden archives, the story didn’t get told until 15 months later, by two journalists with whom I had previously discussed 702’s cybersecurity function specifically with regards to the Snowden archive. In the interim period, the government got approval for the Tor exception (which I remain the only reporter to have covered), an application that might have been scrutinized more closely had the privacy community been discussing the privacy implications of collecting location-obscured data in the interim.

As recently as November, The Intercept asked me questions about how 702 is actually implemented because I am, after all, the expert.

So by all means, read The Intercept’s story about how the NYT refused to report on certain stories. But know that The Intercept has not always been above such things itself. In 2014 it was reluctant to publish a story the NYT thought was newsworthy by the time they got around to publishing it 15 months later.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Five Reasons the 702 Reauthorization Transparency Provisions Are Bogus

I thought that, after Bob Litt left the Office of Director of National Intelligence, we might stop pushing transparency measures in surveillance bills that don’t provide transparency.

Nope.

For the most part, the added transparency in the bill is either already being accomplished (like counts of individual FISA orders or published minimization procedures) or useless. The exception is language requiring a real count of Pen Registers, which would fix a problem in the USA Freedom Act transparency provisions, which only counted Pen Registers that targeted communications, but not that targeted things like location data.

I’ll deal with two others — a declaration tied to Section 309 and a Comptroller General review of classification — separately.

The truly insulting “transparency” provisions, however, are the ones that pretend to count US person impact but do anything but. There are two parts to them. First, the bill mandates semiannual reports from the FBI (which, remember, got exempted from everything meaningful in the USA Freedom Act transparency provisions).

(d) SEMIANNUAL FBI REPORTS.—Together with the semiannual report submitted under subsection (a), the Director of the Federal Bureau of Investigation shall submit to the congressional committees specified in such sub-section, and make publicly available, a report containing, with respect to the period covered by the report, the number of queries made by the Federal Bureau of Investigation described in subsection (j)(1) of section 702 that resulted in communications being accessed or disseminated pursuant to such subsection.

The section requires the FBI Director to count how many queries are made under the new court order queries that — as I’ve already pointed out — are utterly meaningless. Whereas last year there was one equivalent count, in the future there will be none, because it will be a pain in the ass to get a criminal search order and it will remain easy as pie to treat any query as an assessment to use criminal evidence for foreign intelligence purposes. So this requirement is like dividing by zero: it doesn’t get you anywhere.

Then there’s the sham count of US persons sucked in by 702.

(c) INCIDENTALLY COLLECTED COMMUNICATIONS AND OTHER INFORMATION.—Together with the semi-annual report submitted under subsection (a), the Director of National Intelligence shall submit to the congressional committees specified in such subsection a report on incidentally collected communications and other information regarding United States persons under section 702. Each such report shall include, with respect to the 6-month period covered by the report, the following:

(1) Except as provided by paragraph (2), the number, or a good faith estimate, of communications acquired under subsection (a) of such section of known United States persons that the National Security Agency positively identifies as such in the ordinary course of its business, including a description of any efforts of the intelligence community to ascertain such number or good faith estimate.

(2) If the Director determines that calculating the number, or a good faith estimate, under paragraph (1) is not achievable, a detailed explanation for why such calculation is not achievable.

(3) The number of—

(A) United States persons whose information is unmasked pursuant to subsection (e)(4) of such section;

(B) requests made by an element of the Federal Government, listed by each such element, to unmask information pursuant to such subsection; and

(C) requests that resulted in the dissemination of names, titles, or other identifiers potentially associated with individuals pursuant to such subsection, including the element of the intelligence community and position of the individual making the request.

(4) The number of disseminations of communications acquired under subsection (a) of section 702 to the Federal Bureau of Investigation for cases not pertaining to national security or foreign intelligence.

(5) The number of instances in which evidence of a crime not pertaining to national security or foreign intelligence that was identified in communications acquired under subsection (a) of section 702 was disseminated from the national security branch of the Bureau to the criminal investigative division of the Bureau (or from such successor branch to such successor division).

Here’s why this is meaningless:

Under 702 precedent, it’s unclear whether the most intrusive collection is “incidental” or “intentional”

First, note what they call this? “Incidentally collected” communications.

One of the most concerning groups of Americans collected under 702 are, at least according to John Bates’ 2011 702 opinionnot incidental. Those are the entirely domestic communications believed to be foreign and targeted intentionally, such as the old MCT emails.

That’s important because what likely happens with a good deal of Americans communications — those collected under the 2014 exception — will mostly be purged in the post-tasking process. When NSA did a count of collections in 2011, they tried to hide how much they’re purging — and likely did hide a good bit even from the final count. The language of this provision, which only requires a count of Americans it “positively identifies as such in the ordinary course of its business,” would certainly invite NSA to do the same again.

At the very least, this provision should include both a definition of incidental and a definition of “ordinary course of business.”

An “ordinary course of business” at NSA will miss where most interaction with US person data occurs in the “ordinary course of business”

Then consider what it means that NSA — and not CIA or FBI, both of whom do a lot more searches on Americans collected under 702 — is asked to do this count. The other agencies are going to come across a lot more Americans because they’re looking for them, but that ordinary course of business exposure of Americans won’t ever be counted if the only count happens at NSA.

If DNI won’t be asked for a real count, don’t permit him to say a count is impossible

And even there, the DNI can balk and — as he and others have been saying for 6 years — claim they can’t come up with a number. This provision should either demand a real number and permit this cop out, or use the “ordinary course” number and demand a real number.

The obsession with unmasking represents an elite person’s focus on impact

Unsurprisingly, there’s several requirements on unmasking (as well as another entire section of this focusing on procedures for unmasking and a dedicated report on it, which I’m ignoring).

I know that certain Republicans have discovered the impact of surveillance by learning that they or their friends can be swept up having sensitive conversations with Russians. But the focus on unmasking really reflects an elite concern. That’s because the people who are most likely to be swept up in intercepts but masked because the political sensitivity of collecting on them outweighs the intelligence value are elites — people like Devin Nunes and Jeff Sessions, not people like Mohammed Mohamud or other brown people. Those non-elite people are the ones who’ll be prosecuted for being swept up in a 702 intercept, rather than warned off by the FBI.

So along with the boredom of having Republicans continue to pretend this is the most dangerous impact on Americans, understand that believing that is largely about elites worrying about elites.

Tracking disseminations that don’t happen

Finally, the transparency provisions track two kinds of sharing with FBI criminal investigators, that don’t track how Americans might be affected in criminal investigations.

First, it asks for “The number of disseminations of communications acquired under subsection (a) of section 702 to the Federal Bureau of Investigation for cases not pertaining to national security or foreign intelligence.” It doesn’t define “national security” (elsewhere, the bill invites the IC to define foreign intelligence). It doesn’t say “dissemination” from whom? Is this just crimes like kiddie porn (which can be a foreign intelligence if owned by a Boeing engineer, under the Gartenlaub precedent) identified by the NSA and handed over?

But the entire item is pretty meaningless, given that FBI gets raw data, which is where evidence of a crime is most likely to be IDed.

Then there’s the question about how much gets disseminated from FBI’s National Security Division to FBI’s criminal division. But at least as I understand it from Semiannual reports, access to FISA data has all been decentralized to the field office. Already, that creates problems for oversight, because ODNI and DOJ aren’t doing visits to all field offices (contrary to what was claimed in congressional testimony this year). But that also means it doesn’t (as far as I know) take a dissemination from NSD to criminal to result in the dissemination of information, because Agents with FISA clearance are going to be able to access that data from the comfort of their own office.

For both these counts, then, HJC seems to be pretending that no raw 702 data is shared with FBI. But it is. And that’s the stuff that matters.

Which is why that’s the stuff we’ll never be able to count.

Congress keeps pretending they want counts of the impact of this. The NSA count they’re refusing to do is one thing — they can at least claim privacy considerations.

But they biannual charade of pretending we’re getting FBI to examine the impact of their actions when in fact we’re letting them operate without any such metrics is getting old.

12333 Info Sharing Working Thread

Last week, the government released the long-awaited procedures permitting the intelligence community to share raw 12333 collected information more widely. This will be a working thread on those procedures.

(1) The procedures bill themselves as procedures to govern the sharing of information under 2.3 of EO 12333, which basically permits the IC to share info so IC elements can see if they need the info.

(1) The procedures exclude NSA SIGINT activities, which I think has the effect of making sure those don’t operate with these limits.

(2) The procedures also exclude activities undertaken under NSCID-5 and NSCID-6, which I think has the effect of excluding joint NSA-CIA activities that already take place.

(2) Note the reference to PPD-28 (which reappears) refers to PPD-28 “and implementing procedures and any successor documents.” That suggests there may be a lot more about PPD-28 we’re not seeing, and that this Administration anticipates it will be changed.

(2-3) This section lays out what it claims to be limits on any info sharing agreements, which is basically a requirement that any entity getting NSA data must adopt procedures akin to those NSA adopts.

(3) Even if NSA tells another element of intelligence that would interest them, the element must make a formal request to get it. I suspect this is done so NSA can pretend it is not affirmatively giving away entire swaths of data.

(4) There’s an odd definition of “reasonableness,” which is the standard NSA always says it uses to comply with the Fourth Amendment. It includes these measures of impact on US persons:

e. (U) The likelihood that sensitive U.S. person information (USPI) will be found in the information and, if known, the amount of such information;

f. (U) The potential for substantial harm, embarrassment, inconvenience, or unfairness to U.S. persons if the USPI is improperly used or disclosed;

That is, the measure is not if information is improperly access, but if accessing it might cause the US person substantial embarrassment of inconvenience.

(4) After the long section on reasonableness, the procedures then say NSA doesn’t actually have to check the data set to make sure its measures of impact are valid.

(5) Those receiving NSA data are prohibited from tampering in politics.

Not engage in any intelligence activity authorized by these Procedures, including disseminations to the White House, for the purpose of affecting the political process in the United States.

(5) Sharing agreements are covered by memoranda of agreement that last 3 years. Given the discussion of whether or not this enables Trump, I think it worth noting that any data sharing can be expanded before Trump’s first term ends. Conversely, that implies that any president can impose new restrictions during a term.

(5) There’s a squabble resolution process that goes to Secretary of Defense, then DNI for military units, and DNI for non-military.

(5) The procedures provide 3 different options for data possession that can count as sharing (one that was laid out in the 5240.01 revision released last year): the data remains in NSA’s systems, it goes to the IC cloud, it goes to the receiving entity’s systems. The roll-out of the IC cloud in recent years was a technical precondition for this expanded sharing.

(6) Before the procedures talk about what the entities have to do with audits (that does come later), it has this to say about protecting audit records.

Auditing records. Protect auditing records against unauthorized access, modification, or deletion, and retain these records for a sufficient period of time to verify compliance with the requirements of these Procedures.

Did they need to include this because audit records have been altered in the past?

(6) I’ve written a lot about the times (especially at FBI) where elements choose not to mark the source for their data, which allows for a lot of negative outcomes (such as hiding evidence source from defendants). So this passage makes me really furious.

Marking o(files. Use reasonable measures to identify and mark or tag raw SIGINT files reasonably believed or known to contain USPI. Marking and tagging will occur regardless of the format or location of the information, or the method of storing it. When appropriate and reasonably possible, files and documents containing USPI will also be marked individually. In the case of certain electronic databases, if it is not reasonably possible to mark individual files containing USPI, a banner may be used before access informing users that they may encounter USPI.

There should be an initial requirement that all shared data retains its NSA SIGAD information, marking it both as NSA data and tracking how it was collected. But this only asks that recipients mark data if it includes USPI, and even there allows the requirement to slide.

(7) The section prohibiting the selection of domestic (that is, between entirely US persons) is worthwhile. Except they don’t tell you until later that metadata analysis (which for the purposes of this document is limited to contact chaining) is exempt from this. So this means law enforcement can use entirely NSA-collected raw data to do network analysis of entirely American communications.

(7) There are actually 3 different kinds of searches included in these procedures, which should get people to reconsider how they refer to “upstream” searches: searches on the identity of a communicant, searches mentioning a communicant, and searches on content (which comes a few pages later).  Also note, it all relies on a new definition of “foreign” communications to mean what “international” used to, meaning they can access communications of a US person via that US person identifier if it happens internationally.

(7) The procedures let IC elements use US person identifiers for “selection” (a term designed to avoid “search”) if that person is already approved for content spying with a FISA order, but not for metadata spying. Note they list 703 among the authorities in question, though at least until recently, they never used 703.

(7) One of the key prongs (of three) under which an element can spy on an American w/AG approval is redacted. I’ll come back to this.

(8) Some of the reasons why the IC can spy on Americans are redacted. Given the items that appear on page 12, at least one of these is almost certainly a counterintelligence focus. The other may be counternarcotics or transnational crime.

(9) After having laid out how you can spy on Americans via their identifiers, the procedures now lay out how they might be swept up via their content. Remember that this may mean “content of headers,” and likely includes selectors for things like encryption keys. The selection term based collection permits the selection of US person communications (possibly, given the redaction, even between two US based US persons) if there will be significant FI or CI value.

(9) Minor point but the procedures explicitly use the phrase “defeat,” which is a concept often redacted.

(9) There are no explicit protections for Attorney Client communications here, just a “call NSD for guidelines” rule, which is alarming.

(9) I’ll come back to F, which is basically SPCMA on steroids, and probably a significant part of these sharing goals anyway. Effectively, this institutes SPCMA analysis, across IC elements, without some of the protections that have long been in place.

(10) Note, there seems to be flux in what metadata can be included as metadata (though there are reasonable definitions for metadata later). Also, ZERO of the oversight involves DOD.

(10) Retention is 5 years, so consistent with Section 309, which it cites.

(10) Note the reference to “data related to” communications to, from, or about US persons.

(10) The IC can only keep domestic communications in case of threat of death or bodily harm (but remember they include bodily harm to corporate persons in that).

(11) This is confusing. Right after saying it has to destroy domestic comms, it says that it can keep them if there is significant CI or FI value, and or anomalies showing a vulnerability to US comm service. This is sort of consistent with upstream 702, but not quite.

(11) The procedures treat government employee comes differently based on who they’re talking to, which is a tribute to how much this is about counterintelligence.

(11) The immediate notice of destruction incorporates a lesson they learned during 702, when such notices took time and US person stuff remained in the system in NSA even if destroyed at FBI.

(12) Note US person info can be disseminated for a non-exclusive list, though the list is quite extensive in any case.

(12) Info can be disseminated if someone is the target of hostile intelligence activities of a foreign power. This might make it easier for DHS to disseminate warnings.

(13) The auditing function described does not include an explicit exception for techs, whereas it would at NSA.

(14) Note the distinction between queries and retrievals. Added to selection, and we’ve got another set of not entirely sensical terms that are new.

(14) Note that throughout, the oversight mechanisms avoid any body that is statutorily independent, including both PCLOB and the IGs. So it should not be taken as credible.

(15) The first paragraph of VIII makes it clear they’re parallel constructing this. No notice to defendants basically makes this unconstitutional, but the ID doesn’t care.

(16) Throughout, there are designees allowed that will make it a cinch to put some of these sharing relationships in a box where no one will find them.

(16) The departures from procedures section doesn’t include any deadlines for how long until notifications have to go out. Again, another easily exploited loophole.

(17) They added language to Obama’s standard “does not create any rights” language to include “nor do they place any limitation on otherwise lawful investigative and litigative prerogatives of the United States.” Which sounds like even more parallel construction.

(17) As we’ll see, “contact chaining” is defined to mean two hops. But because it isn’t tied to anything, and because the definition of foreign power includes 3 degrees of separate for most things (engages in, aids or abets, or conspires), it really amounts to about 5 degrees of separation from any baddie.

(18) The definitions of metadata here are interesting (and different from the SPCMA one). First, on telephony metadata, they don’t comment about location. The Internet metadata description is more descriptive than any I’ve seen, including routers passed during delivery. But there’s so much that’s not addressed in the definition, because it pretends to be exclusively about email.

(19) The definition of contact chaining does not include, as USAF chaining does, connection chaining. This reinforces my belief that the latter primarily serves a complimentary function, that of IDing all associated identities known by a provider. The contact chaining definition only permits two hops, but there’s no limitation on target, which permits at least 5 and really an infinite number of hops.

(19) If just one recipient in a threat is not a USP, it does not count as domestic. Also, circumstances where someone doesn’t have a REOP, like Twitter, does not count as domestic either.

(19) There used to be two distinct definitions: International, which was one end US, and foreign, which is both-ends foreign. I’m not sure why they’ve changed it such that any end foreign counts as foreign, but that seems problematic.

(20) Public info includes that which is available on request, or by purchase, meaning this may includes a lot of brokered lists and the like (including advertising information).

(20) Definition of “selection” includes “cable address,” which seems like it could be very broadly interpreted.

(21) The definition of “selection term” is very useful (basically a boolean selection term), and should have been made public before.

(22) The USPI definition is notable both for its inclusions and exclusions. “Unique biometric records” is included, which seems like could be very broadly interpreted (and makes clear they’re throwing all the biometrics they have into this pot of analysis. There’s no specific mention of online identities (“names” and “unique titles” may incorporate that, but should be stated publicly). There’s also no mention of cookies or other session identifiers (which is especially notable given the silence about location data).

(22) The overhead reconnaissance language means they can use drone footage against us, so long as they don’t target it at us. Though some DirtBox uses would be problematic.

 

The Dragnet Donald Trump Will Wield Is Not Just the Section 215 One

I’ve been eagerly anticipating the moment Rick Perlstein uses his historical work on Nixon to analyze Trump. Today, he doesn’t disappoint, calling Trump more paranoid than Nixon, warning of what Trump will do with the powerful surveillance machine laying ready for his use.

Revenge is a narcotic, and Trump of all people will be in need of a regular, ongoing fix. Ordering his people to abuse the surveillance state to harass and destroy his enemies will offer the quickest and most satisfying kick he can get. The tragedy, as James Madison could have told us, is that the good stuff is now lying around everywhere, just waiting for the next aspiring dictator to cop.

But along the way, Perlstein presents a bizarre picture of what happened to the Section 215 phone dragnet under Barack Obama.

That’s not to say that Obama hasn’t abused his powers: Just ask the journalists at the Associated Press whose phone records were subpoenaed by the Justice Department. But had he wanted to go further in spying on his enemies, there are few checks in place to stop him. In the very first ruling on the National Security Administration’s sweeping collection of “bulk metadata,” federal judge Richard Leon blasted the surveillance as downright Orwellian. “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary’ invasion than this collection and retention of personal data,” he ruled. “Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment.”

But the judge’s outrage did nothing to stop the surveillance: In 2015, an appeals court remanded the case back to district court, and the NSA’s massive surveillance apparatus—soon to be under the command of President Trump—remains fully operational. The potential of the system, as former NSA official William Binney has described it, is nothing short of “turnkey totalitarianism.”

There are several things wrong with this.

First, neither Richard Leon nor any other judge has reviewed the NSA’s “sweeping collection of ‘bulk metadata.'” What Leon reviewed — in Larry Klayman’s lawsuit challenging the collection of phone metadata authorized by Section 215 revealed by Edward Snowden — was just a small fraction of NSA’s dragnet. In 2013, the collection of phone metadata authorized by Section 215 collected domestic and international phone records from domestic producers, but even there, Verizon had found a way to exclude collection of its cell records.

But NSA collected phone records — indeed, many of the very same phone records, as they collected a great deal of international records — overseas as well. In addition, NSA collected a great deal of Internet metadata records, as well as financial and anything else records. Basically, anything the NSA can collect “overseas” (which is interpreted liberally) it does, and because of the way modern communications works, those records include a significant portion of the metadata of Americans’ everyday communications.

It is important for people to understand that the focus on Section 215 was an artificial creation, a limited hangout, an absolutely brilliant strategy (well done, Bob Litt, who has now moved off to retirement) to get activists to focus on one small part of the dragnet that had limitations anyway and NSA had already considered amending. It succeeded in pre-empting a discussion of just what the full dragnet entailed.

Assessments of whether Edward Snowden is a traitor or a saint always miss this, when they say they’d be happy if Snowden had just exposed the Section 215 program. Snowden didn’t want the focus to be on just that little corner of the dragnet. He wanted to expose the full dragnet, but Litt and others succeeded in pretending the Section 215 dragnet was the dragnet, and also pretending that Snowden’s other disclosures weren’t just as intrusive on Americans.

Anyway, another place where Perlstein is wrong is in suggesting there was just one Appeals Court decision. The far more important one is the authorized by Gerard Lynch in the Second Circuit, which ruled that Section 215 was not lawfully authorized. It was a far more modest decision, as it did not reach constitutional questions. But Lynch better understood that the principle involved more than phone records; what really scared him was the mixing of financial records with phone records, which is actually what the dragnet really is.

That ruling, on top of better understanding the import of dragnets, is important because it is one of the things that led to the passage of USA Freedom Act, a law that, contrary to Perlstein’s claim, did change the phone dragnet, both for good and ill.

The USA Freedom Act, by imposing limitations on how broadly dragnet orders (for communications but not for financial and other dragnets) can be targeted, adds a check at the beginning of the process. It means only people 2 degrees away from a terrorism suspect will be collected under this program (even while the NSA continues to collect in bulk under EO 12333). So the government will have in its possession far fewer phone records collected under Section 215 (but it will still suck in massive amounts of phone records via EO 12333, including massive amounts of Americans’ records).

All that said, Section 215 now draws from a larger collection of records. It now includes the Verizon cell records not included under the old Section 215 dragnet, as well as some universe of metadata records deemed to be fair game under a loose definition of “phone company.” At a minimum, it probably includes iMessage, WhatsApp, and Skype metadata, but I would bet the government is trying to get Signal and other messaging metadata (note, Signal metadata cannot be collected retroactively; it’s unclear whether it can be collected with standing daily prospective orders). This means the Section 215 collection will be more effective in finding all the people who are 2 degrees from a target (because it will include any communications that exist solely in Verizon cell or iMessage networks, as well as whatever other metadata they’re collecting). But it also means far more innocent people will be impacted.

To understand why that’s important, it’s important to understand what purpose all this metadata collection serves.

It was never the case that the collection of metadata, however intrusive, was the end goal of the process. Sure, identifying someone’s communications shows when you’ve been to an abortion clinic or when you’re conducting an affair.

But the dragnet (the one that includes limited Section 215 collection and EO 12333 collection limited only by technology, not law) actually serves two other primary purposes.

The first is to enable the creation of dossiers with the click of a few keys. Because the NSA is sitting on so much metadata — not just phone records, but Internet, financial, travel, location, and other data — it can put together a snapshot of your life as soon as they begin to correlate all the identifiers that make up your identity. One advantage of the new kind of collection under USAF, I suspect, is it will draw from the more certain correlations you give to your communications providers, rather than relying more heavily on algorithmic analysis of bulk data. Facebook knows with certainty what email address and phone number tie to your Facebook account, whereas the NSA’s algorithms only guess that with (this is an educated guess) ~95+% accuracy.

This creation of dossiers is the same kind of analysis Facebook does, but instead of selling you plane tickets the goal is government scrutiny of your life.

The Section 215 orders long included explicit permission to subject identifiers found via 2-degree collection to all the analytical tools of the NSA. That means, for any person — complicit or innocent — identified via Section 215, the NSA can start to glue together the pieces of dossier it already has in its possession. While not an exact analogue, you might think of collection under Section 215 as a nomination to be on the equivalent of J Edgar Hoover’s old subversives list. Only, poor J Edgar mostly kept his list on index cards. Now, the list of those the government wants to have a network analysis and dossier on is kept in massive server farms and compiled using supercomputers.

Note, the Section 215 collection is still limited to terrorism suspects — that was an important win in the USA Freedom fight — but the EO 12333 collection, with whatever limits on nominating US persons, is not. Plus, it will be trivial for Trump to expand the definition of terrorist; the groundwork is already being laid to do so with Black Lives Matter.

The other purpose of the dragnet is to identify which content the NSA will invest the time and energy into reading. Most content collected is not read in real time. But Americans’ communications with a terrorism suspect will probably be, because of the concern that those Americans might be plotting a domestic plot. The same is almost certainly true of, say, Chinese-Americans conversing with scientists in China, because of a concern they might be trading US secrets. Likewise it is almost certainly true of Iranian-Americans talking with government officials, because of a concern they might be dealing in nuclear dual use items. The choice to prioritize Americans makes sense from a national security perspective, but it also means certain kinds of people — Muslim immigrants, Chinese-Americans, Iranian-Americans — will be far more likely to have their communications read without a warrant than whitebread America, even if those whitebread Americans have ties to (say) NeoNazi groups.

Of course, none of this undermines Perlstein’s ultimate categorization, as voiced by Bill Binney, who created this system only to see the privacy protections he believed necessary get wiped away: the dragnet — both that authorized by USAF and that governed by EO 12333 — creates the structure for turnkey totalitarianism, especially as more and more data becomes available to NSA under EO 12333 collection rules.

But it is important to understand Obama’s history with this dragnet. Because while Obama did tweak the dragnet, two facts about it remain. First, while there are more protections built in on the domestic collection authorized by Section 215, that came with an expansion of the universe of people that will be affected by it, which must have the effect of “nominating” more people to be on this late day “Subversives” list.

Obama also, in PPD-28, “limited” bulk collection to a series of purposes. That sounds nice, but the purposes are so broad, they would permit bulk collection in any area of the world, and once you’ve collected in bulk, it is trivial to then call up that data under a more broad foreign intelligence purpose. In any case, Trump will almost certainly disavow PPD-28.

Which makes Perlstein’s larger point all the more sobering. J Edgar and Richard Nixon were out of control. But the dragnet Trump will inherit is far more powerful.

The Story About Judicial Dysfunction Behind the Comey Whiplash

I’ve been home from Europe for less than a day and already I’m thinking of sporting a neck collar for the whiplash I’ve gotten watching the wildly varying Jim Comey opinions.

I’m speaking, of course, of the response to Jim Comey’s highly unusual announcement to sixteen Chairs and Ranking Members of congressional committees (at least some of which Comey did not testify to) that the investigative team — presumably on the Clinton case — briefed him Thursday that FBI discovered additional emails in an unrelated case — now known to be the investigation into Anthony Weiner allegedly sexting a 15 year old — and he approved their request to take the steps necessary to be able to review those emails.

Effectively, the Weiner investigators, in reviewing the content from devices seized in that investigation, found emails from Huma Abedin, told the Hillary investigative team, and they’re now obtaining a warrant to be able to review those emails.

So of course the Republicans that had been claiming Comey had corruptly fixed the investigation for Hillary immediately started proclaiming his valor and Democrats that had been pointing confidently to his exoneration of Hillary immediately resumed their criticism of his highly unusual statements on this investigation. Make up your minds, people!

For the record, I think his initial, completely inappropriate statements made this inevitable. He excuses Friday’s statement as formally correcting the record of his testimony. The claim is undermined by the fact that not all recipients of the letter had him testify. But I think once you start the process of blabbing about investigations, more blabbing likely follows. I don’t mean to excuse this disclosure, but the real sin comes in the first one, which was totally inappropriate by any measure. I’m also very unsympathetic with the claim —  persistently offered by people who otherwise cheer Comey — that he released his initial statement to help Loretta Lynch out of the jam created by her inappropriate meeting with Bill Clinton; I think those explanations stem from a willful blindness about what a self-righteous moralist Comey is.

Of course I’ve been critical of Comey since long before it was cool (and our late great commenter Mary Perdue was critical years before that).

But I’d like to take a step back and talk about what this says about our judicial system.

Jim Comey doesn’t play by the rules

Jamie Gorelick (who worked with Comey when she was in DOJ) and Larry Thompson (who worked with Comey when Comey was US Attorney and he was Deputy Attorney General, until Comey replaced him) wrote a scathing piece attacking Comey for violating the long-standing prohibition on doing anything in an investigation pertaining to a political candidate in the 60 days leading up to an election. The op-ed insinuates that Comey is a “self-aggrandizing crusader[] on [a] high horse” before it goes on to slam him for making himself the judge on both the case and Hillary’s actions.

James B. Comey, put himself enthusiastically forward as the arbiter of not only whether to prosecute a criminal case — which is not the job of the FBI — but also best practices in the handling of email and other matters. Now, he has chosen personally to restrike the balance between transparency and fairness, departing from the department’s traditions. As former deputy attorney general George Terwilliger aptly put it, “There’s a difference between being independent and flying solo.”

But the real meat is that there’s a rule against statements like the one Comey made, and Comey broke it.

Decades ago, the department decided that in the 60-day period before an election, the balance should be struck against even returning indictments involving individuals running for office, as well as against the disclosure of any investigative steps. The reasoning was that, however important it might be for Justice to do its job, and however important it might be for the public to know what Justice knows, because such allegations could not be adjudicated, such actions or disclosures risked undermining the political process. A memorandum reflecting this choice has been issued every four years by multiple attorneys general for a very long time, including in 2016.

If Comey is willing to break this rule in such a high profile case, then what other rules is he breaking? What other judgements has Comey made himself arbiter of? Particularly given Comey’s persistent discussion of FBI’s work in terms of “good guys” and “bad guys” — as opposed to criminal behavior — that seems a really pertinent question.

As with James Clapper, Loretta Lynch can’t control Comey

Gorelick (who has been suggested among potential Clinton appointees) and Thompson go easier on Lynch, however, noting that she didn’t order him to stand down here, but ultimately blaming Comey for needing to be ordered.

Attorney General Loretta E. Lynch — nominally Comey’s boss — has apparently been satisfied with advising Comey but not ordering him to abide by the rules. She, no doubt, did not want to override the FBI director in such a highly political matter, but she should not have needed to. He should have abided by the policy on his own.

But since John Cornyn confronted Lynch in March about who would make decisions in this case — “Everyone in the Department of Justice works for me, including the FBI, sir,” Lynch forcefully reminded Cornyn — it has been clear that there’s a lot more tension than the org chart would suggest there should be.

The NYT provides more details on how much tension there is.

The day before the F.B.I. director, James B. Comey, sent a letter to Congress announcing that new evidence had been discovered that might be related to the completed Hillary Clinton email investigation, the Justice Department strongly discouraged the step and told him that he would be breaking with longstanding policy, three law enforcement officials said on Saturday.

Senior Justice Department officials did not move to stop him from sending the letter, officials said, but they did everything short of it, pointing to policies against talking about current criminal investigations or being seen as meddling in elections.

And it’s not just Lynch that has problems managing FBI.

In a response to a question from me in 2014 (after 56:00), Bob Litt explained that FBI’s dual role creates “a whole lot of complications” and went on to admit that the office of Director of National Intelligence — which is supposed to oversee the intelligence community — doesn’t oversee the FBI as directly.

Because FBI is part of the Department of Justice, I don’t have the same visibility into oversight there than I do with respect to the NSA, but the problems are much more complicated because of the dual functions of the FBI.

Litt said something similar to me in May when we discussed why FBI can continue to present bogus numbers in its legally mandated NSL reporting.

Now these are separate issues (though the Clinton investigation is, after all, a national security investigation into whether she or her aides mishandled classified information). But if neither the DNI nor the AG really has control over the FBI Director, it creates a real void of accountability that has repercussions for a whole lot of issues and, more importantly, people who don’t have the visibility or power of Hillary Clinton.

The FBI breaks the rules all the time by leaking like a sieve

Underlying this entire controversy is another rule that DOJ and FBI claim to abide by but don’t, at all: FBI is not supposed to reveal details of ongoing investigations.

Indeed, according to the NYT, Comey pointed to the certainty that this would leak to justify his Friday letter.

But although Mr. Comey told Congress this summer that the Clinton investigation was complete, he believed that if word of the new emails leaked out — and it was sure to leak out, he concluded — he risked being accused of misleading Congress and the public ahead of an election, colleagues said.

Yet the US Attorney’s Manual, starting with this language on prejudicial information and continuing into several more clauses, makes it clear that these kinds of leaks are impermissible.

At no time shall any component or personnel of the Department of Justice furnish any statement or information that he or she knows or reasonably should know will have a substantial likelihood of materially prejudicing an adjudicative proceeding.

Comey, the boss of all the FBI Agents investigating this case, had another alternative, one he should have exercised months ago when it was clear those investigating this case were leaking promiscuously: demand that they shut up, conduct investigations of who was leaking, and discipline those who were doing so. Those leaks were already affecting election year concerns, but there has been little commentary about how they, too, break DOJ rules.

But instead of trying to get FBI Agents to follow DOJ guidelines, Comey instead decided to violate them himself.

Again, that’s absolutely toxic when discussing an investigation that might affect the presidential election, but FBI’s habitual blabbing is equally toxic for a bunch of less powerful people whose investigative details get leaked by the FBI all the time.

[Update: Jeffrey Toobin addresses the role of leaks more generally here, though he seems to forget that the Hillary investigation is technically a national security investigation. I think it’s important to remember that, especially given Hillary’s campaign focus on why FBI isn’t leaking about the investigation into Trump’s ties to Russia, which would also be a national security investigation.]

Warrantless back door searches do tremendous amounts of damage

Finally, think about the circumstances of the emails behind this latest disclosure.

Reports are currently unclear how much the FBI knows about these emails. The NYT describes that the FBI seized multiple devices in conjunction with the Weiner investigation, including the laptop on which they found these emails.

On Oct. 3, F.B.I. agents seized several electronic devices from Mr. Weiner: a laptop, his iPhone and an iPad that was in large measure used by his 4-year-old son to watch cartoons, a person with knowledge of the matter said. Days later, F.B.I. agents also confiscated a Wi-Fi router that could identify any other devices that had been used, the person said.

While searching the laptop, the agents discovered the existence of tens of thousands of emails, some of them sent between Ms. Abedin and other Clinton aides, according to senior law enforcement officials. It is not clear if Ms. Abedin downloaded the emails to the laptop or if they were automatically backed up there. The emails dated back years, the officials said. Ms. Abedin has testified that she did not routinely delete her emails.

Presumably, the warrant to seize those devices permits the FBI agents to go find any evidence of Weiner sexting women (or perhaps just the young woman in question).

And admittedly, the details NYT’s sources describe involve just metadata: addressing information and dates.

But then, Comey told Congress these emails were “pertinent” to the Clinton investigation, and other details in reports, such as they might be duplicates of emails already reviewed by the FBI, suggest the Weiner investigators may have seen enough to believe they might pertain to the inquiry into whether Clinton and her aides (including Huma) mishandled classified information. Moreover, the FBI at least thinks they will be able to prove there is probable cause to believe these emails may show the mishandling of classified information.

Similarly, there are conflicting stories about whether the Hillary investigation was ever closed, which may arise from the fact that if it were (as Comey had suggested in his first blabby statements), seeking these emails would require further approval to continue the investigation.

The point, though, is that FBI would have had no idea these emails existed were it not for FBI investigators who were aware of the other investigation alerting their colleagues to these emails. This has been an issue of intense litigation in recent years, and I’d love for Huma, after the election, to submit a serious legal challenge if any warrant is issued.

But then, in this case, Huma is being provided far more protection than people swept up in FISA searches, where any content with a target can be searched years into the future without any probable cause or even evidence of wrong-doing. Here, Huma’s emails won’t be accessible for investigative purpose without a warrant (in part because of recent prior litigation in the 2nd Circuit), whereas in the case of emails acquired via FISA, FBI can access the information — pulling it up not just by metadata but by content — with no warrant at all.

[Update: Orin Kerr shares my concerns on this point — with the added benefit that he discusses all the recent legal precedents that may prohibit accessing these emails.]

This is a good example of the cost of such investigations. Because the FBI can and does sweep so widely in searches of electronic communications, evidence from one set of data collection can be used to taint others unrelated to the crime under investigation.

All the people writing scathing emails about Comey’s behavior in this particular matter would like you to believe that this issue doesn’t reflect on larger issues at DOJ. They would like you to believe that DOJ was all pure and good and FBI was well-controlled except for this particular investigation. But that’s simply not the case, and some of these issues go well beyond Comey.

Update: Minor changes were made to this post after it was initially posted.

In Spying, “Things like phone numbers or emails” Turn Out to Be Far More

According to Reuters, the Intelligence Community doesn’t intend to share any details of the Yahoo scan revealed several weeks back with anyone outside of the FISA oversight committees — the House and Senate Intelligence and Judiciary Committees.

Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters’ disclosure of the massive search.

But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said.

On its face, it’s a stupid stance, as I think the scan probably fits within existing legal precedents that have already been made public, even if it stretches those precedents from “packet content as content” to “email content as content” (and it may not even do that).

In addition, given that the scan was approved by a judge (albeit one working within the secret FISA court and relying on prior decisions that were issued in secrecy), by releasing more details about the scan the government could at least claim that a judge had determined the scan was necessary and proportionate to obtain details about the (as described to NYT) state-sponsored terrorist group targeted by the scan. This decision presumably relies on a long line of decisions finding warrantless surveillance justified by special needs precedents, which began to be laid out for FISC in In Re Sealed Case in 2002.

Nevertheless, even given the toll the government’s secrecy is having on Yahoo (and presumably on other providers’ willingness to cooperate with the IC), the government thus far has remained intransigent in its secrecy.

Which suggests that the IC believes it would risk more by releasing more data than by its continued, damaging silence.

I’ve already explained one of the risks they might face: that their quick anonymous description of this as a “state-sponsored terrorist group” might (this is admittedly a wildarsed guess) really mean they hacked all of Yahoo’s users to get to Iranian targets, something that wouldn’t have the same scare power as terrorists like ISIS, especially in Europe, which has a markedly different relationship with Iran than the US has.

But I also think ODNI risks losing credibility because it appears to conflict with what ODNI specifically and other spook officials generally have said in the past, both to the US public and to the international community. As I note here, the definition of “facility” has been evolving at FISC since at least 2004. But the privacy community just released a letter and a quote to Reuters that seems unaware of the change. The letter asserts,

According to reports, the order was issued under Title I of FISA, which requires the government to demonstrate probable cause that its target is a foreign power or an agent of a foreign power (such as a spy or a terrorist), and probable cause that the “facility” at which the surveillance is conducted will carry the target’s communications. If reports are true, this authority to conduct a particularized search has apparently been secretly construed to authorize a mass scan.

Traditional FISA orders haven’t been limited to particularized targets since 2007, when an order targeting Al Qaeda was used to temporarily give Stellar Wind legal sanction. If one order requiring a scan of traffic at  telecom switches could target Al Qaeda in 2007, then surely one order can target Iran’s Revolutionary Guard or a similar organization in 2016. The problem is in the execution of the order, requiring Yahoo to scan all its incoming email, but it’s not clear the legal issues are much worse than in the 2007 execution.

A Reuters source goes even further, suggesting that all of Yahoo is the facility, rather than the specific code tied to the targeted group.

The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a “facility” in such a case: instead, the word usually refers to a phone number or an email account.

Never mind that under the phone dragnet, Verizon was counted as the targeted selector (which was used by terrorists and everyone else), though admittedly that was just for metadata. Had Yahoo been designed the “place” at which a physical search were conducted this usage might be correct (that said, we know very little about how physical searches, including for stored communication, work in practice), but as Semiannual reports have made clear (admittedly in the Section 702 context), facility has come to be synonymous with selector.

[T]argeting is effectuated by tasking communication facilities (also referred to as “selectors”), including but not limited to telephone numbers and electronic communications accounts, to Section 702 electronic communication service providers.

Facilities are selectors, and here FBI got a selector tied to a kind of usage of email — perhaps an encryption signature — approved as a selector/facility.

In spite of the fact that somewhere among 30 NGOs someone should have been able to make this argument (and ACLU’s litigation side surely could do so), there is good reason for them to believe this.

That’s because the IC has very deliberately avoided talking about how what are called “about” scans but really should be termed signature scans really work.

This is most striking in a March 19, 2014 Privacy and Civil Liberties Oversight Board hearing, which was one of the most extensive discussions of how Section 702 work. Shortly after this hearing, I contacted PCLOB to ask whether they were being fully briefed, including on the non-counterterrorism uses of 702, such as cyber, which use (or used) upstream selectors in a  different way.

Several different times in the hearing, IC witnesses described selectors as “selectors such as telephone numbers or email addresses” or “like telephone numbers or email addresses,” obscuring the full extent of what might be included (Snowden tweeted a list that I included here). Bob Litt did so while insisting that Section 702 (he was referring both to PRISM and upstream here) was not a bulk collection program:

I want to make a couple of important overview points about Section 702. First, there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.

I just want to repeat that Section 702 is not a bulk collection program.

Then-Deputy Assistant Attorney General Brad Weigmann said selectors were “really phone numbers, email addresses, things like that” when he defined selector.

A selector would typically be an email account or a phone number that you are targeting. So this is the, you get, you know, terrorists at Google.com, you know, whatever. That’s the address that you have information about that if you have reason to believe that that person is a terrorist and you would like to collect foreign intelligence information, I might be focusing on that person’s account.

[snip]

So that’s when we say selector it’s really an arcane term that people wouldn’t understand, but it’s really phone numbers, email addresses, things like that.

And when then-NSA General Counsel Raj De moved from describing Section 702 generally (“selectors are things like”), to discussing upstream, he mistakenly said collection was based on “particularly phone numbers or emails” then immediately corrected himself to say, “things like phone numbers or emails.”

So there’s two types of collection under Section 702. Both are targeted, as Bob was saying, which means they are both selector-based, and I’ll get into some more detail about what that means. Selectors are things like phone numbers and email addresses.

[snip]

It is also however selector-based, i.e. based on particular phone numbers or emails, things like phone numbers or emails. This is collection to, from, or about selectors, the same selectors that are used in PRISM selection. This is not collection based on key words, for example.

 

That language would — and apparently did — create the false impression that about collection really did just use emails and phone numbers (which is why I called PCLOB, because I knew they were or had also targeted cyber signatures).

Here’s how all that evasiveness appeared in the PCLOB 702 report:

Although we cannot discuss the details in an unclassified public report, the moniker “about” collection describes a number of distinct scenarios, which the government has in the past characterized as different “categories” of “about” collection. These categories are not predetermined limits that confine what the government acquires; rather, they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them.

That certainly goes beyond the linguistic game the IC witnesses were playing, but stops well short of explaining that this really isn’t all about emails and phone numbers.

Plus, there’s one exchange from that March 2014 hearing that might be taken to rule out about collection from a PRISM provider. In reply to specific prodding from Elisabeth Collins Cook, De said about collection cannot be made via PRISM.

MS. COLLINS COOK: I wanted to ask one additional question about abouts. Can you do about collection through PRISM?

MR. DE: No.

MS. COLLINS COOK: So it is limited to upstream collection?

MR. DE: Correct. PRISM is only collection to or from selectors.

Of course, De was referring to warrantless collection under Section 702. He wasn’t talking at all about what is possible under Title I. But it may have left the impression that one couldn’t order a PRISM provider to do an about scan, even though in 2007 FISA ordered telecoms to do about scans.

Ultimately, though, the IC is likely remaining mum about these details because revealing it would make clear what publicly released opinions do, but not in real detail: that these about scans have gotten far beyond a collection of content based off a scan of readily available metadata. These scans likely replicate the problem identified in 2004, in that the initial scan is not of things that count as metadata to the provider doing the scan.

The IC may have FISC approval for that argument. But they also had FISC approval for the Section 215 dragnet. And that didn’t live up to public scrutiny either.

Yahoo to Clapper: Global, Global, Beyond our Borders, Global

I joked when Yahoo first released its letter to James Clapper the other day, asking that he release details about the 2015 scan first revealed by Reuters. It has the tone of a young woman who is justifiably upset because, after sleeping with her, some jerk is pretending he doesn’t even know her.

But as it happens, I’m in Europe, trying to learn more about Privacy Shield and related issues. So I thought I would call attention to the emphasis Yahoo lawyer Ronald Bell (who was the guy who decided not to challenge this) puts on the international impact of Clapper’s decision, thus far, to remain silent.

As you know, Yahoo consistently campaigns for government transparency about national security requests and for the right to share the number and nature of the requests we receive from all governments. We apply a principled approach to handling government requests for user data, including in the national security context, articulated in our publicly-available Global Principles for Responding to Government Requests and regular transparency reports. Our company not only embraces its privacy and human rights responsibilities, we do so enthusiastically, passionately, and with a deep sense of global and moral responsibility. But transparency is not merely a Yahoo issue: Transparency underpins the ability of any company in the information and communications technology sector to earn and preserve the trust of its customers. Erosion of that trust online implicates the safety and security of people around the world and diminishes confidence and trust in U.S. businesses at home and beyond our borders.

Recent new stories have provoked broad speculation about Yahoo’s approach and about the activities and representations of the U.S. government, including those made by the Government in connection with negotiating Privacy Shield with the European Union. That speculation results in part from lack of transparency and because U.S. law significantly constrain–and severely punish–companies’ ability to speak for themselves about national security related orders even in ways that do not compromise U.S. government investigations.

We trust that the U.S. government recognizes the importance of clarifying the record in this case. On behalf of Yahoo and our global community of users, I respectfully request that the Office of the Director of National Intelligence expeditiously clarify this matter. [bold emphasis mine]

Folks here definitely followed the Yahoo story. Their understanding of what happened leads them to believe the scan violates European prohibitions on mass surveillance. Importantly, they’re not aware that this was done with an “individual” FISA order rather than under Section 702. As I’ve written, “individual” orders have been used for bulk scans since 2007, but in this case, an “individual” order would also mean that a judge had reviewed the scan and found it proportional, which would make a big difference here (at least to authorities; a number of other people are raring to challenge such judgements on whether it is an adequate court or not).

So yeah, by disclosing details of this scan, Yahoo may be in much better position vis a vis European authorities, if not consumers.

But there’s another reason why Clapper’s office — or rather ODNI General Counsel Bob Litt — may be so quiet.

Litt is the one who made many of the representations about US spying to authorities here. Someone — Litt, if he’s still around for a hearing that may take place under President Hillary — may also need to go testify under oath in an Irish court in conjunction with a lawsuit there. Whoever testifies will be asked about the kinds of surveillance implicating European users the government makes US companies do.

In other words, Bob Litt is the one who made certain representations to the European authorities. And now some of those same people are asking questions about how this scan complies with the terms Litt laid out.

Which makes his silence all the more instructive.

The IC Can’t Even Decide What Is Classified in Hillary’s Emails But They’re Attempting To Do Same on the Internet

Yesterday, Steven Aftergood noted that, rather than prosecute leakers, the Intelligence Community is instead taking administrative measures against people who leak information. We’ve know they were moving in that direction for some time (largely through Aftergood’s efforts). But he posts now de-classified testimony obtained via FOIA that Bob Litt gave in 2012 explaining the change.

“This Administration has been historically active in pursuing prosecution of leakers, and the Intelligence Community fully supports this effort,” said ODNI General Counsel Robert S. Litt in testimony from a closed hearing of the Senate Intelligence Committee in 2012 that was released last week in response to a Freedom of Information Act request.

But, he said, “prosecution of unauthorized disclosure cases is often beset with complications, including difficult problems of identifying the leaker, the potential for confirming or revealing even more classified information in a public trial, and graymail by the defense.”

Therefore, Mr. Litt said, in 2011 Director of National Intelligence James Clapper ordered intelligence agencies “to pursue administrative investigations and sanctions against identified leakers wherever appropriate. Pursuant to this DNI directive, individual agencies are instructed to identify those leak incidents that are ripe for an administrative disposition….”

As Aftergood notes, such measures sure didn’t dissuade Edward Snowden.

There are two more interesting details of note in the testimony Aftergood liberated. First, Litt provides a somewhat redacted assessment of whether IC elements have the ability to audit employee activities on their networks. Most members of the IC has some audit and monitoring in place. Whereas some are what Litt describes as “robust,” he admitted that “other agencies have less mature programs, but some ability to track employee online activity.”

I do hope for Litt’s sake he didn’t tell SSCI, a year before Snowden’s leaks, that the NSA was among the agencies with robust systems, because they ended up having no ability to track what he took, much less see him taking huge amounts of data in real time.

Perhaps most interesting, though, is Litt’s reference to the development of “automated systems … that will assist in identifying classified information published on the Internet.” By Litt’s testimony on February 9, 2012, an IC study had “concluded that it would be beneficial and feasible for ONCIX/S to implement a centralized and automated capability to identify potential unauthorized disclosures of classified information published electronically on the Internet.” The IC was looking for funding to develop a pilot program to do just that in 2012.

The example of Hillary’s email is testament to one of many problems with such a plan. Various intelligence agencies accused her aides of sharing classified information. But in at least some cases, the same information was available via open source (not to mention that it’s easy to suss out what the IC thinks its biggest secrets are).

So the IC will be scanning the Internet for stuff they think is theirs. But short of tracking classification markings, this will necessarily involved scanning for either known leaked information (so imagine them currently tracking everyone discussing a document Snowden leaked, anywhere in the world), or scanning for information that looks to have the particular syntax (heh) of an intelligence report.

There are a range of problems I can imagine that would result.

But that likely won’t stop the IC from trying to hold their glut of classified information inside their fences, or to hunt down people who seem to understand the same things the IC knows, in case that person can be caught talking to some person the IC would also like to enclose behind that fence.

Bob Litt Spins Sharing NSA-Collected Comms with DEA and FBI as Harmless

ODNI General Counsel Bob Litt has a pretty amusing post attempting to reassure us about the imminent change permitting the NSA to share intelligence it collects under EO 12333 more broadly. As part of it, he suggests that EO 12333 “imposes additional restrictions” (which amount to the procedures he is currently developing in secret) on the sharing of SIGINT.

Executive Order 12333 generally allows intelligence information to be shared within the Intelligence Community, in order to allow agencies to determine whether that information is relevant to their mission, but imposes additional restrictions on the sharing of signals intelligence, requiring that that be done only in accord with procedures established by the Director of National Intelligence in coordination with the Secretary of Defense, and approved by the Attorney General.

What Litt neglects to say is this was actually a change that the Bush Administration implemented in 2008, without fully consulting Congress. It likely wasn’t a change at all but instead a belated effort to change EO 12333 to reflect that the Executive really had secretly been doing since 2002. But it’s not something that even Saint Ronny thought necessary when he first implemented EO 12333.

Litt goes on to insist that we don’t need to worry our pretty little heads about this because the NSA will only [emphasis Litt’s] be sharing with elements of the intelligence community and only for foreign intelligence and CI purposes.

These procedures will thus not authorize any additional collection of anyone’s communications, but will only provide a framework for the sharing of lawfully collected signals intelligence information between elements of the Intelligence Community. Critically, they will authorize sharing only with elements of the Intelligence Community, and only for authorized foreign intelligence and counterintelligence purposes; they willnot authorize sharing for law enforcement purposes. They will require individual elements of the Intelligence Community to establish a justification for access to signals intelligence consistent with the foreign intelligence or counterintelligence mission of the element. And finally, they will require Intelligence Community elements, as a condition of receiving signals intelligence, to apply to signals intelligence information the kind of strong protections for privacy and civil liberties, and the kind of oversight, that the National Security Agency currently has.

As a threshold matter, both FBI and DEA are elements of the intelligence community. Counterterrorism is considered part of FBI’s foreign intelligence function, and cyber investigations can be considered counterintelligence and foreign intelligence (the latter if done by a foreigner). International narcotics investigations have been considered a foreign intelligence purpose since EO 12333 was written.

In other words, this sharing would fall squarely in the area where eliminating the wall between intelligence and law enforcement in 2001-2002 also happened to erode fourth amendment protections for alleged Muslim (but not white supremacist) terrorists, drug dealers, and hackers.

So make no mistake, this will degrade the constitutional protections of a lot of people, who happen to be disproportionately communities of color.

And without more details, you should be very skeptical of Litt’s assurances that the FBI and DEA and other receiving IC elements will have to, “apply to signals intelligence information the kind of strong protections for privacy and civil liberties, and the kind of oversight, that the National Security Agency currently has.” While both CIA and FBI had to adopt minimization procedures before receiving raw 702 data (the equivalent of what is being done here), those minimization procedures are actually more permissive than NSA’s. Significantly, both agencies are permitted to copy the metadata they receive in bulk, basically so they can dump that data into their own metadata databases. And, barring the publication of the newly more restrictive guidelines on FBI’s back door searches, we should assume EO 12333 back door searches, like FBI’s 702 back door searches at least until recently, aren’t even tracked closely, much less noticed to defendants.

I also suspect that Treasury will be a likely recipient of this data; as of February 10, Treasury still did not have written EO 12333 protections that were mandated 35 years ago (and DEA’s were still pending at that point).

All of which is to say Litt’s reassurances shouldn’t reassure you at all.

What Claims Did the Intelligence Community Make about the Paris Attack to Get the White House to Change on Encryption?

I’m going to do a series of posts laying out the timeline behind the Administration’s changed approach to encryption. In this, I’d like to make a point about when the National Security Council adopted a “decision memo” more aggressively seeking to bypass encryption. Bloomberg reported on the memo last week, in the wake of the FBI’s demand that Apple help it brute force Syed Rezwan Farook’s work phone.

But note the date: The meeting at which the memo was adopted was convened “around Thanksgiving.”

Silicon Valley celebrated last fall when the White House revealed it would not seek legislation forcing technology makers to install “backdoors” in their software — secret listening posts where investigators could pierce the veil of secrecy on users’ encrypted data, from text messages to video chats. But while the companies may have thought that was the final word, in fact the government was working on a Plan B.

In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.

The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement. [my emphasis]

That is, the meeting was convened in the wake of the November 13 ISIS attack on Paris.

We know that last August, Bob Litt had recommended keeping options open until such time as a terrorist attack presented the opportunity to revisit the issue and demand that companies back door encryption.

Privately, law enforcement officials have acknowledged that prospects for congressional action this year are remote. Although “the legislative environment is very hostile today,” the intelligence community’s top lawyer, Robert S. Litt, said to colleagues in an August e-mail, which was obtained by The Post, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

There is value, he said, in “keeping our options open for such a situation.”

Litt was commenting on a draft paper prepared by National Security Council staff members in July, which also was obtained by The Post, that analyzed several options. They included explicitly rejecting a legislative mandate, deferring legislation and remaining undecided while discussions continue.

It appears that is precisely what happened — that the intelligence community, in the wake of a big attack on Paris, went to the White House and convinced them to change their approach.

So I want to know what claims the intelligence community made about the use of encryption in the attack that convinced the White House to change approach. Because there is nothing in the public record that indicates encryption was important at all.

It is true that a lot of ISIS associates were using Telegram; shortly after the attack Telegram shut down a bunch of channels they were using. But reportedly Telegram’s encryption would be easy for the NSA to break. The difficulty with Telegram — which the IC should consider seriously before they make Apple back door its products — is that its offshore location probably made it harder for our counterterrorism analysts to get the metadata.

It is also true that an ISIS recruit whom French authorities had interrogated during the summer (and who warned them very specifically about attacks on sporting events and concerts) had been given an encryption key on a thumb drive.

But it’s also true the phone recovered after the attack — which the attackers used to communicate during the attack — was not encrypted. It’s true, too, that French and Belgian authorities knew just about every known participant in the attack, especially the ringleader. From reports, it sounds like operational security — the use of a series of burner phones — was more critical to his ability to move unnoticed through Europe. There are also reports that the authorities had a difficult time translating the dialect of (probably) Berber the attackers used.

From what we know, though, encryption is not the reason authorities failed to prevent the French attack. And a lot of other tools that are designed to identify potential attacks — like the metadata dragnet — failed.

I hate to be cynical (though comments like Litt’s — plus the way the IC used a bogus terrorist threat in 2004 to get the torture and Internet dragnet programs reauthorized — invite such cynicism). But it sure looks like the IC failed to prevent the November attack, and immediately used their own (human, unavoidable) failure to demand a new approach to encryption.

Update: In testimony before the House Judiciary Committee today, Microsoft General Counsel Brad Smith repeated a claim MSFT witnesses have made before: they provided Parisian law enforcement email from the Paris attackers within 45 minutes. That implies, of course, that the data was accessible under PRISM and not encrypted.