Posts

On Solidarity in the Face of Muslim Registry Plans

In this post, I suggest you might donate to CAIR. Please consider a donation for this work, as well

Yesterday, Carl Higbie pointed to the Supreme Court decision in Korematsu in claiming that President Trump could legally establish a registry of Muslims.

A spokesman for a major super PAC backing Donald Trump said Wednesday that the mass internment of Japanese Americans during World War II was a “precedent” for the president-elect’s plans to create a registry for immigrants from Muslim countries.

During an appearance on Megyn Kelly’s Fox News show, Carl Higbie said a registry proposal being discussed by Trump’s immigration advisers would be legal and would “hold constitutional muster.”

This came after Kris Kobach said Trump were considering a formal proposal for such a registry.

Higbie’s remarks came a day after a key member of Trump’s transition team, Kansas Secretary of State Kris Kobach, said Trump’s policy advisers were weighing whether to send him a formal proposal for a national registry of immigrants and visitors from Muslim countries.

Kobach, a possible candidate for attorney general, told Reuters that the team was considering a reinstatement of a similar program he helped design after the Sept. 11, 2001, terrorist attacks while serving in the Justice Department under President George W. Bush.

Kobach was talking about a rule actually imposed during the Bush administration requiring — among other things — that men from Muslim countries (and North Korea) register, practice that led to huge lines outside of immigration facilities during freezing cold weather to dutifully sign up.

Today, a lot of really well-meaning people have promised to also register on any such registry, which would have the intended effect of creating a group far too large to marginalize.

The underlying intent of those promising to sign up is great. But there are a couple of problems in theory.

First, note what the Reuters report cited above says about the registry.

Under NSEERS, people from countries deemed “higher risk” were required to undergo interrogations and fingerprinting on entering the United States. Some non-citizen male U.S. residents over the age of 16 from countries with active militant threats were required to register in person at government offices and periodically check in.

NSEERS was abandoned in 2011 after it was deemed redundant by the Department of Homeland Security and criticized by civil rights groups for unfairly targeting immigrants from Muslim- majority nations.

NSEERS was shut down in 2011 because DHS was already creating the list via other means. That is, the list tracking Muslim already exists. In notable form, it exists in the form of the No Fly and Terrorist Watch Lists. In addition, DHS tracks the movement of international travelers closer than ever. Customs and Border Protection currently collects more metadata from incoming non-citizens — including permanent residents — than INS did of registered men at its inception, and automated CBP kiosks collect some of what they used to collect for people on the registry from everyone, including US citizens.

While in its heyday, NSEERS served to provide suspicion free excuses to stop Muslim-appearing men, it’s not like authorities currently lack that (and I’d say that for Muslims, African Americans, or Latinos). And the rush to include social media registration at immigration will provide another way to prosecute people who inadvertently provide incomplete information at the border to be deported.

But there’s a far bigger hurdle to getting a large group of people to register in solidarity with any Muslim registry. Unless Trump and Kobach dramatically reverse from the perverse logic established under Bush and continued under Obama, these lists are designed to be arbitrary and secret. The current No Fly list includes children. At one point it included Ted Kennedy. Because they are secret, these lists been difficult to challenge them — and before the work of lawyers at ACLU and Center for Constitutional Rights and a few lonely others — impossible.

So long as DHS retains the ability to create such registries in secret, no one will have the affirmative ability to just volunteer to sign up. Maybe Kobach will change that — and undermine the bureaucratic efficacy of the current list. But I’m not yet convinced.

If you want to get yourself on a list of for expressing solidarity with Muslims, a good way to do that may be to donate to the Council on American-Islamic Relations. CAIR is like the ACLU of the Muslim world, one of they key defenders of Muslim civil rights. For that (and discredited allegations of ties to Hezbollah and Hamas) it has been targeted for both surveillance and denormalization (FBI issued guidance prohibiting outreach cooperation with it, for example). But they do absolutely critical work helping Muslims assert their civil rights. And a number of their state offices have already been targeted with hate speech or crimes since the election.

One final point: Just months ago, many Democrats were applauding banning people on the No Fly List from owning guns. I’d like to make gun ownership in this country safer, but using this arbitrary list to do so only encourages the expansion of such lists in the future.

FISC Still Sitting on Government Proposal for EFF Data

When last we checked in with the new-and-improved post USA Freedom Act FISA Court, amicus Preston Burton had helped the Court finish off the Section 215 dragnet with a strong hand, in part by asking a bunch of questions that should have been asked 9 years earlier. And in a reply to the government (the reply was released belatedly), Burton made an argument that led first to a hearing on the issue and then a briefing order for ways the government might stipulate to something in the EFF lawsuits so as to permit the FISC to lift the protection order requiring all Americans’ phone records to be kept indefinitely.

Back before it was clear why FISA Judge Michael Mosman appointed him to serve as amicus addressing the issue of retention of phone dragnet data, I suggested it might have been an effort to undermine EFF’s lawsuit against the government. After all, EFF plaintiff (in the First Unitarian Church suit challenging the dragnet) CAIR surely has standing to not only sue, but sue because of the way the dragnet chaining process subjected a bunch of CAIR’s associates to further NSA analysis solely because of their First Amendment protected affiliation with CAIR. But if the government gets to destroy all the dragnet data without first admitting that fact, then it will be hard to show how CAIR got injured.

In Burton’s reply to the government’s response to his initial brief on this question, he did the opposite, pressuring the government to find some way to accord the EFF plaintiffs standing. That led — we as we saw last week  — to an order from Mosman for briefing, due on January 8, on whether there’s a way to get rid of the data. That may not end up helping EFF, but it sure has put the government in a bad mood.

That brief would have been due last Friday, but thus far it has not shown up in the FISC docket. And we don’t even know what the process from here would be, such as whether one of the newly appointed amici will be asked to help Michael Mosman determine the outcome of the EFF data, or whether the government will be able to argue whether it should have to accommodate this lawsuit without adversary. EFF did send a letter laying out what they’d like to happen, which the government submitted along with its response.

But since then we’ve heard nothing.

How FISC Amicus Preston Burton Helped Michael Mosman Shore up FISC’s Authority

On November 24, Judge Michael Mosman approved the government’s request to hold onto the Section 215 phone dragnet data for technical assurance purposes for three months, as well as to hold the data to comply with a preservation order in EFF’s challenge to the phone dragnet (though as with one earlier order in this series, Thomas Hogan signed the order for Mosman, who lives in Oregon). While the outcome of the decision is not a surprise, the process bears some attention, as it’s the first time a truly neutral amicus has been involved in the FISC process (though corporations, litigants, and civil rights groups have weighed in various decisions as amici).

In addition to Mosman’s opinion, the FISC released amicus Preston Burton’s memo and the government’s response on December 2; I suspect there may be a Burton reply they have not released.

Minimization procedures

As I noted in September when Mosman first appointed Burton, it wasn’t entirely clear what the FISC was asking him to review. In his order, Mosman explains that he “directed him to address whether the government’s above-described requests to retain and use BR metadata after November 28, 2015, are precluded by section 103 of the USA FREEDOM Act or any other provision of that Act.”

Burton took this to be largely a question about minimization procedures.

Instead, the Act provides that the Court shall decide issues concerning the use, retention, dissemination, and eventual destruction of the tangible things collected under the FISA business records statute as part of its oversight of the statutorily mandated minimization procedures.

He then pointed to a number of the FISC’s more assertive oversight moments over the NSA to argue that the FISC has fairly broad authorities to review minimization procedures.

Although the government is required to enumerate minimization procedures addressing the use, retention, dissemination, and (now) ultimate destruction of the metadata in its applications to the Court, the Court’s review of those procedures is not simply ministerial. And, indeed, Judge Walton’s 2009 orders, cited above, addressing deficiencies in the administration of the call detail record program made clear that the FISA Court may impose more robust minimization procedures. See also Kris, Bulk Collection at 15-17 (discussing FISA Court’s imposition of new restrictions to the telephony program). Likewise, the Court may decline to endorse procedures sought by the government See Opinion at 11-2, In re Application of the FBI for an Order Requiring the Production of Tangible Things, Docket No. BR 14-01 (March 7, 2014) (denying the government’s motion to modify the minimization procedures), amended, Opinion at S, Jn re Application of the FBI/or an Order Requiring the Production a/Tangible Things, Docket No. BR 14-01(March12, 2014). Similarly, Judge Bates found substantial deficiencies in the NSA’ s minimization procedures in Jn Re [Redacted}, 2011 WL l 0945618, at *9 (FISA Ct. Oct. 3, 2011) (Bates J.) (fmding NSA minimization procedures insufficient and inconsistent with the Fourth Amendment). As a result, the NSA amended its procedures, including reducing the data retention in issue in that case (under a differentFISA statute) from five to two years. See In Re [Redacted], 2011WL10947772, at •s (FISA Ct. Nov. 30, 2011) (Bates J.).

Particularly in the case of the two PRTT orders, the government has actually challenged FISC’s roles in imposing minimization procedures (though admittedly FISC’s role under that authority is less clear cut than under Section 215).

Burton argued that USA Freedom Act (which he abbreviated USFA) made that role even stronger.

But the USFA augmented this minimization review authority even more and dispels any suggestion that the Court may not modify the minimization procedures articulated in the government’s application. The statute’s fortification of Judicial Review provisions makes clear that Congress intended for the FISA Court to oversee these issues in the context of imposing minimization procedures that balance the government’s national security interests with privacy interests, including specifically providing for the prompt destruction of tangible things produced under the business records provisions.10 Significantly, USF A § 104 empowers the Court to assess and supplement the government’s proposed minimization procedures:

Nothing in this subsection shall limit the authority of the court established under section 103(a) to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination of nonpublicly available information concerning unconsenting United States persons, including additional particularized procedures related to the destruction of information within a reasonable time period. USFA § 104 (a)(3) (now codified at 50 U.S.C. §1861(g)(3)(emphasis supplied).

That provision applies to all information the government obtains under the business records procedure, not just call detail records. u Moreover, that amendment, set forth in USFA § 104, went into effect immediately, unlike the 180-day transition period for the revisions to the business records sections. See USFA § 109 (amendments made by §§ 101-103 take effect 180 days after enactment).12

As I said, that’s the kind of argument the government has been arguing against for 11 years, most notably in the two big Internet dragnet reauthorizations (admittedly, FISC’s role in minimization procedures there is less clear, but there is similar language about not limiting the authority of the court).

Burton sneaks in some real privacy questions

Having laid out the (as he sees it) expansive authority to review minimization procedures, Burton then does something delightful.

He poses a lot of questions that should have been asked 9 years ago.

Because of the significant privacy concerns that motivated Congress to amend the bulk collection provisions of the statute, however, the undersigned respectfully submits that, the Court should consider requiring the government to answer more fully fundamental questions regarding:

  • The current conditions, location, and security for the data archive.
  • The persons and entities to whom the NSA has given access to information provided under this program and whether that shared information will also be destroyed under the NSA destruction plan (and, if not, why not?).
  • What oversight is in place to ensure that access to the database is not “analytical” and what the government means by “non-analytical.”
  • Why testing of the adequacy of new procedures was not completed by the NSA (and whether it was even initiated) during the 180-day transition period.
  • How the government intends to destroy such information after February 29, 2016, (its proposed extinction date for the database) independent of the resolution of any litigation holds.
  • Whether the contemplated destruction will include only data that the government has collected or will include all data that it has analyzed in some fashion.

Remember, by the time Burton wrote this, he had read at least the application for the final dragnet order, and the answers to these questions were not clear from that (which is where the government lays out its more detailed minimization procedures). Public releases have made me really concerned about some of them, such as how to protect non-analytical queries from being used for analytical purposes. NSA has had tech people do analytical queries in the past, and it doesn’t audit tech activities. Similarly, when the NSA destroyed the Internet dragnet data in 2011, NSA’s IG wasn’t entirely convinced it all got destroyed, because he couldn’t see the intake side of things. So these are real issues of concern.

Burton also asked questions about the necessity behind keeping data for the EFF challenges rather than just according the plaintiffs standing.

If this Court chooses to follow Judge Walton’s approach and defer to the preservation orders issued by the other courts, the Court nonetheless should address a number of questions before deciding whether to grant the government’s preservation request:

  • Why has the government been unable to reach some stipulation with the plaintiffs to preserve only the evidence necessary for plaintiffs to meet their standing burden? Consider whether it is appropriate for the government to retain billions of irrelevant call detail records involving millions of people based on, what undersigned understands from counsel involved in that litigation, the government’s stubborn procedural challenges to standing — a situation that the government has fostered by declining to identify the particular telecommunications provider in question and/or stipulate that the plaintiff is a customer of a relevant provided.
  • As Judge Walton identified when he first denied the modification of the minimization procedures to extend the duration of preservation, the continued retention of the data at issue subjects it to risk of misuse and improper dissemination. The government should have to satisfy the Court of the security of this information in plain and meaningful terms.

(Notice how he assumes the plaintiffs might have standing which, especially for First Unitarian Church plaintiff CAIR, they should.)

Finally, perhaps channeling the justified complaint of all the tech people who review these kinds of policy questions, Burton suggested the FISC really ought to be consulting with a tech person.

This case, due to the relatively limited period of time sought by the government to accomplish its stated narrow purpose, likely does not require a difficult assessment of the reasonableness of the government’s technical retention request. To evaluate even such a limited request, however, the Court may wish to consider availing itself of technical expertise from national security experts or computer technology experts. Technical expertise is an amicus category contemplated by Congress in its reform of the FISA statutes. 50 U.S.C. § 1803 (i)(2)(B), as amended by USF A Section 401. That section alone suggests congressional expectation of greater judicial oversight of the government’s surveillance program and requests. See USF A § 401; see also Kris, Bulk Collection at 3 7 (contemplating theoretical procedures for cross-examining NSA engineers as one example of the challenges in implementing a more adversarial system for the FISA Court).

Burton ended his memo reiterating his recommendation that FISC get more information.

In light of the significant privacy interests affected by the creation and retention of the database, the undersigned urges the Court as part of its statutory oversight of the minimization procedures to demand full and meaningful information concerning the condition of the data at issue, the data’s security, and its contemplated destruction as a condition of any retention beyond November 28, 2015.

The government is not amused

Predictably, the government balked at Burton’s invitation to use his expansive reading of the authority of the FISC to review minimization procedures to bolster the current ones.

Amicus curiae’ s analysis of Section 104 of the USA FREEDOM Act could be interpreted as suggesting an opportunity for the Court to re-examine the minimization procedures applicable for other business records productions in this proceeding. Consistent with the Court’s order appointing amicus curiae, the Government has limited its response to the issue identified in that order.

Frankly, I’m not sure what the government distinguishes between Burton’s proposal to reexamine existing minimization procedures and what is covered by the order in question, because they do respond to a number of the questions he raised in his brief.

For example, they provide these details about where the dragnet lives (which, as it turns out, is at Fort Meade, not the UT data center).

As described in the Application in docket number BR 15-99 and prior docket numbers, NSA stores and processes the bulk call detail records in repositories within secure networks under NSA’ s control. Those repositories (servers, networked storage devices, and backup tapes in locked containers) are located in NSA’s secure, access-controlled facilities at Fort George G. Meade, Maryland. As further described in those applications, NSA restricts access to the records to authorized personnel who have received appropriate and adequate training. Electronic access to the call detail records requires a user authentication credential. Physical access to the location where NSA stores and processes the call detail records requires an approval by NSA management and must be conducted in teams of no less than two persons.

Also note that there is currently a requirement that techs access the raw data in two person teams. That is likely a change that post-dates Snowden.

Curiously, the NSA says they can destroy all the phone dragnet data in a month.

NSA anticipates it can complete destruction of the bulk call detail records and related chain summaries within one month of being relieved of its litigation preservation obligations.

They appear to have taken far less time to destroy the Internet dragnet data, further supporting the appearance they did it very hastily to avoid having to report back to John Bates on the status of their dragnet.

Finally, they make clear what had already been clear to me: the existing query results will remain at NSA.

Information obtained or derived from call detail records which has been previously disseminated in accordance with approved minimization procedures will not be recalled or destroyed.2 Also, select query results generated by pre-November 29, 2015, queries of the bulk records that formed the basis of a dissemination in accordance with approved minimization procedures will not be destroyed.

2 This practice does not differ from similar circumstances where, for example Court-authorized electronic surveillance and/or physical search authorities under Title I or III expire. While raw (unminimized) information is handled and destroyed in accordance with applicable minimization procedures, prior authorized disseminations and the material underpinning those disseminations are not recalled or otherwise destroyed.

This means that everyone within two or three degrees of a target that the NSA has found interesting — potentially over the last decade — will remain available and subject to NSA’s analytical toys from here on out.

Let’s hope CAIR gets standing to challenge what has happened to their IDs then.

Which may be why the government gets snippiest in response to Burton’s question about why they’re going to keep billions of phone records rather than just reach some accommodation with EFF.

The suggestions by amicus curiae that this Court address (or perhaps even resolve) significant substantive questions at issue in underlying civil litigation,, see Amicus Mem. of Law at 27, are exactly the kinds of inquiries the Court previously recognized were inappropriate for it to resolve. Opinion and Order, docket number BR 14-01at5 (“it is appropriate for [the district court for the Northern District of California], rather than the FISC, to determine what BR metadata is relevant to that litigation”). This Court should adopt the same view. In particular, the suggestion that the Government disclose national security information concerning the identity of providers, information subject to a pending state secrets privilege assertion, is inappropriate, and the suggestion by amicus that the government stipulate to Article III standing in those cases is unfounded as a matter of law. Finally, the suggestion that preservation of bulk call detail records can be limited solely to the plaintiffs in multiple pending putative class actions is entirely unworkable. For the reasons more particularly set out above, until the Government is relieved of its preservation obligations, the data is secure.

Which leads me to the detail that makes me suspect there’s a second Burton filing the government hasn’t released (I’ve asked NSD but gotten no answer, and in his opinion Mosman says only “Mr. Burton and the government submitted briefs addressing this question,” leaving open the possibility Burton submitted two): After finding no reason to hold a hearing on the issue of restarting the dragnet during the summer, Mosman did hold a hearing here (though it’s not clear whether Burton attended or not). At the hearing, Mosman ordered the government to try to come up with a way to destroy the dragnets, which it will do by January 8.

During the hearing held on November 20, 2015, the Court directed the government to submit its assessment of whether the cessation of bulk collection on November 28, 2015, will moot the claims of the plaintiffs in the Northern District of California litigation relating to the BR Metadata program and thus provide a basis for moving to lift the preservation orders. The Court further directed the government to address whether, even if the California plaintiffs’ claims are not moot, there might be a basis for seeking to lift the preservation orders with respect to the BR Metadata that is not associated with the plaintiffs. The government intends to make its submission on these issues by January 8, 2016.

And, as Mosman’s opinion makes clear, he ordered them to write up a free-standing copy of the minimization procedures that will govern the dragnet data retained from here on out.

The minimization procedures that the government proposes using after the production ceases on November 28, 2015 are in important respects substantially more restrictive than those currently in effect. The procedures that will apply after November 28, which were initially included as part of the broader set of procedures set forth in the application, were resubmitted by the government in a standalone document on November 24, 2015 (“November 24, 2015 Minimization Procedures”).

They would have submitted them on the day Mosman (via Hogan’s signature) approved the request to keep the data. In other words, Mosman made the government generate a document to make it crystal clear the more restrictive rules apply to the dragnet going forward.

The value of the amicus

Whether it was Mosman’s intent when he appointed Burton or not (remember, for better and worse, under USAF the amicus has to do what the FISC asks), his appointment served several purposes.

First, it set Mosman up to make it very clear that the FISC sees the minimization procedures required under USAF do give the FISC expanded authority.

The USA FREEDOM Act made several minimization-related changes to Section 1861. For instance, Section 1861 now provides that, before granting a business records application, the Court must expressly find that the minimization procedures put forth by the government “meet the definition ofminimiz.ation procedures under subsection (g).” See Pub. L. No. 114-23, § 104(a)(l), 129 Stat. at 272. This change is not substantive, however, as such a finding was previously implicit in the broader finding required by Section 1861 ( c )(1) – i.e, “that the application meets the requirements of subsection (a) and (b).” Among the requirements of subsection (b) was – and still is – the requirement that the application include an enumeration of Attorney General-approved minimization procedures that meet the definition set forth in subsection (g). Another change is the addition of a “rule of construction” confirming the Court’s authority “to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination” of certain information regarding United States persons, including “procedures related to the destruction of information within a reasonable time period.” See id. § 104(a)(2), 129 Stat. at 272. A third new provision that takes effect on November 29, 2015, states that orders compelling the ongoing, targeted production of “call detail records” must direct the government to adopt minimization procedures containing certain requirements relating to the destruction of such records. See id Pub. L. No. 114-23, § 10l(b)(3)(F)(vii), 129 Stat. at 270-71.

Remember, it took 7 years — including 4 years of FISC-imposed minimization requirements and reviews — before the government met the requirements of the law as passed in 2006. Significantly, Burton got a classified version of the IG report laying out that delay to read, so he surely knows more about that delay than we do.

In addition, Burton set up the FISC to demand more assurances from the government and — potentially — to push it to come to some more reasonable accommodation with EFF than they otherwise might. Remember, when presiding over the criminal case of Raez Qadir Khan, Mosman was going to grant CIPA discovery on the surveillance used to catch Khan, some of which almost certainly included one (Stellar Wind) or another (the PRTT Internet dragnet) of the illegal dragnets, which led almost immediately to a plea deal.

I’m, frankly, pleasantly surprised. Whether it was Mosman’s intent or not, even picking someone without an obvious brief for privacy, Burton helped Mosman shore up the authority of the FISC to ride herd over government spying (and given Judge Hogan’s involvement along the way, he presumably did so with the assent of the presiding FISC judge).

In any case, Mosman was happy with how it all worked out, as he included this footnote in his opinion.

The Court wishes to thank Mr. Burton for his work in this matter. His written and oral presentations were extremely informative to the Court’s consideration of the issues addressed herein. The Court is grateful for his willingness to serve in this capacity.

John Bates, speaking inappropriately on behalf of the FISA Court during USAF debates, squealed mightily about the role an amicus had. Admittedly, the current form is closer to what Bates (who I’ve always suspected was speaking on behalf of John Roberts more than the court) wanted than what reformers wanted.

But at least in this instance, the amicus helped the FISC shore up its authority vis a vis the government.

Update: Richard Posey notes the reference to Burton’s “oral” presentations in the thank you footnote, which suggests he was at the November 20 hearing.  Read more

I Con the Record: Drop the Lawsuits and We’ll Release the Data Hostages

I Con the Record just announced that the NSA will make the phone dragnet data it has “analytically unavailable” after the new system goes live in November, and unavailable even to techs three months later.

On June 29, 2015, the Foreign Intelligence Surveillance Court approved the Government’s application to resume the Section 215 bulk telephony metadata program pursuant to the USA FREEDOM Act’s 180-day transition provision. As part of our effort to transition to the new authority, we have evaluated whether NSA should maintain access to the historical metadata after the conclusion of that 180-day period.

NSA has determined that analytic access to that historical metadata collected under Section 215 (any data collected before November 29, 2015) will cease on November 29, 2015.  However, solely for data integrity purposes to verify the records produced under the new targeted production authorized by the USA FREEDOM Act, NSA will allow technical personnel to continue to have access to the historical metadata for an additional three months.

Separately, NSA remains under a continuing legal obligation to preserve its bulk 215 telephony metadata collection until civil litigation regarding the program is resolved, or the relevant courts relieve NSA of such obligations. The telephony metadata preserved solely because of preservation obligations in pending civil litigation will not be used or accessed for any other purpose, and, as soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations.

As I understand it, whatever data has been found to be two or three degrees of separation from a baddie will remain in NSA’s maw, but the data that has never returned off a search will not.

I’m pleasantly surprised by this, as I suspect it reflects a decision to accept the Second Circuit verdict in ACLU v. Clapper and to move to shut down other lawsuits.

As I noted, two weeks ago, the ACLU moved for an injunction against the dragnet, which not only might have led to the Second Circuit ordering the government to purge ACLU’s data right away (and possibly, to stop collecting all data), but also basically teed up the Second Circuit to remind the FISC it is not an appellate court. I worried that would lead the FISC to ask FISCR to review its dragnet decisions under a provision newly provided under the USA F-ReDux.

Shortly after ACLU filed its request for an injunction, the government asked for an extension to … today, which the court granted.

So I assume we’ll shortly see that filing arguing that, since the government has voluntarily set a purge date for all the dragnet data, ACLU should not get its injunction.

That doesn’t necessarily rule out a FISCR fast track request, but I think it makes it less likely.

The other player here, however, is the EFF.

I believe both ACLU and EFF’s phone dragnet client Council on American Islamic Relations, had not only standing as clients of dragnetted companies, but probably got swept up in the two-degree dragnet. But CAIR probably has an even stronger case, because it is public that FISC approved a traditional FISA order against CAIR founder Nihad Awad. Any traditional FISA target has always been approved as a RAS seed to check the dragnet, and NSA almost certainly used that more back when Awad was tapped, which continued until 2008. In other words, CAIR has very good reason to suspect the entire organization has been swept up in the dragnet and subjected to all of NSA’s other analytical toys.

EFF, remember, is the one NGO that has a preservation order, which got extended from its earlier NSA lawsuits (like Jewel) to the current dragnet suit. So when I Con the Record says it can’t destroy all the data yet, it’s talking EFF, and by extension, CAIR. So this announcement — in addition to preparing whatever they’ll file to get the Second Circuit off its back — is likely an effort to moot that lawsuit, which in my opinion poses by far the biggest threat of real fireworks about the dragnet (not least because it would easily be shown to violate a prior SCOTUS decision prohibiting the mapping of organizations).

We’ll see soon enough. For the moment, though, I’m a bit surprised by the cautious approach this seems to represent.

Update: Timeline on data availability fixed.

Update: Here’s the government’s brief submitted today. I’m rather intrigued by how often the brief claims USA F-ReDux was about bulk “telephony” data when it was supposed to be about all bulk collection. But I guess I can return to that point.

Update: They depart from describing USA F-ReDux as a ban bulk collection of telephony when they describe it as a ban on collection of bulk collection under Section 215, also not what the bill says.

Part of the compromise on which Congress settled, which the President supported, was to add an unequivocal ban on bulk collection under Section 215 specifying that “[n]o order issued under” Section 215(b)(2) “may authorize collection of tangible things without the use of a specific selection term that meets the requirements” of that subsection.

Update: This is key language — and slightly different from what they argued before FISC. I will return to it.

Plaintiffs assert that, by not changing the language of Section 215 authorizing the collection of business records during the transition period, Congress implicitly incorporated into the USA FREEDOM Act this Court’s opinion holding that Section 215 did not authorize bulk collection. See Pls.’ Mot. 7- 8. Plaintiffs rely on language providing that the legislation does not “alter or eliminate the authority of the Government to obtain an order under” Section 215 “as in effect prior to the effective date” of the statute. USA FREEDOM Act § 109, 129 Stat. at 276. That language does not advance plaintiffs’ argument, however, because the statute says nothing expressly about what preexisting authority the government had under Section 215 to obtain telephony metadata in bulk. It is implausible that Congress employed the  word “authority” to signify that the government lacked authority to conduct the Section 215 bulk telephony-metadata program during the 180-day transition period, contrary to the FISC’s repeated orders and the Executive Branch’s longstanding and continuing interpretation and application of the law, and notwithstanding the active litigation of that question in this Court. That is especially so because language in the USA FREEDOM Act providing for the 180-day transition period has long been a proposed feature of the legislation. It is thus much more plausible that the “authority” Congress was referring to was not the understanding of Section 215 reflected in this Court’s recent interpretation of Section 215, but rather the consistent interpretation of Section 215 by 19 different FISC judges: to permit bulk collection of telephony metadata.

All These Muslim Organizations Have Probably Been Associationally Mapped

The Intercept has published their long-awaited story profiling a number of Muslim-American leaders who have been targeted by the FBI and NSA. It shows that:

  • American Muslim Council consultant Faisal Gill was surveilled from April 17, 2006 to February 8, 2008
  • al-Haramain lawyer Asim Ghafoor was surveilled under FISA (after having been surveilled illegally) starting March 9, 2005; that surveillance was sustained past March 27, 2008
  • American Muslim Alliance founder Agha Saeed was surveilled starting June 27, 2007; that surveillance was sustained past May 23, 2008
  • CAIR founder Nihad Awad was surveilled from July 17, 2006 to February 1, 2008
  • American Iranian Council founder Hooshang Amirahmadi was surveilled from August 17, 2006 to May 16, 2008

In other words, the leaders of a number of different Muslim civil society organizations were wiretapped for years under a program that should require a judge agreeing they represent agents of a foreign power.

But they probably weren’t just wiretapped. They probably were also used as seeds for the phone and Internet dragnets, resulting in the associational mapping of their organizations’ entire structure.

On August 18, 2006, the phone dragnet primary order added language deeming “telephone numbers that are currently the subject of FISA authorized electronic surveillance … approved for meta data querying without approval of an NSA official due to the FISA authorization.”

Given the way the phone and Internet dragnet programs parallel each other (and indeed, intersect in federated queries starting at least by 2008), a similar authorization was almost certainly included in the Internet dragnet at least by 2006.

That means as soon as these men were approved for surveillance by FISA, the NSA also had the authority to run 3-degree contact chaining on their email and phone numbers. All their contacts, all their contacts’ contacts, and all their contacts’ contacts’ contacts would have been collected and dumped into the corporate store for further NSA analysis.

Not only that, but all these men were surveilled during the period (which continued until 2009) when the NSA was running automated queries on people and their contacts, to track day-to-day communications of RAS-approved identifiers.

So it is probably reasonable to assume that, at least for the period during which these men were under FISA-authorized surveillance, the NSA has an associational map of their organizations and their affiliates.

Which is why I find it interesting that DOJ refused to comment on this story, but told other reporters that FBI had never had a FISA warrant for CAIR founder Nihad Awad specifically.

The Justice Department did not respond to repeated requests for comment on this story, or for clarification about why the five men’s email addresses appear on the list. But in the weeks before the story was published, The Intercept learned that officials from the department were reaching out to Muslim-American leaders across the country to warn them that the piece would contain errors and misrepresentations, even though it had not yet been written.

Prior to publication, current and former government officials who knew about the story in advance also told another news outlet that no FISA warrant had been obtained against Awad during the period cited. When The Intercept delayed publication to investigate further, the NSA and the Office of the Director of National Intelligence refused to confirm or deny the claim, or to address why any of the men’s names appear on the FISA spreadsheet.

Awad’s organization, CAIR, is a named plaintiff in the EFF’s suit challenging the phone dragnet. They are suing about the constitutionality of a program that — the EFF suit also happens to allege — illegally mapped out associational relations that should be protected by the Constitution.

CAIR now has very good reason to believe their allegations in the suit — that all their relationships have been mapped — are absolutely correct.

Update: EFF released this statement on the Intercept story, reading, in part,

Surveillance based on First Amendment-protected activity was a stain on our nation then and continues to be today. These disclosures yet again demonstrate the need for ongoing public attention to the government’s activities to ensure that its surveillance stays within the bounds of law and the Constitution. And they once again demonstrate the need for immediate and comprehensive surveillance law reform.

We look forward to continuing to represent CAIR in fighting for its rights, as well as the rights of all citizens, to be free from unconstitutional government surveillance.

EFF represents CAIR Foundation and two of its regional affiliates, CAIR-California and CAIR-Ohio, in a case challenging the NSA’s mass collection of Americans’ call records. More information about that case is available at: First Unitarian Church of Los Angeles v. NSA.

Phone and Internet Associations Are Both Terror Group Membership and a Chance Encounter in a Dance Hall

Screen shot 2013-11-25 at 12.59.34 PM

The sole discussion of First Amendment considerations in this undated training (it’s probably between early 2008 and 2011) is one page with a list of protected activities.

As I noted last week, from the start of the dragnet programs, neither the Court nor the government appear to have considered the implications dragnet analysis had for Freedom of Association.

Several of the training documents released last week — notably this August 29, 2008 NSA Memo — suggest the NSA reconsidered the associational implications of the dragnet in 2008. Nevertheless, in a document that appears to reflect an August 20, 2008 effort to protect associations, the NSA continued to use at least some associations as evidence of terrorist affiliation.

The rules on dragnet queries changed on August 20, 2008

As I noted some weeks ago, the government has withheld at least 3 FISC opinions pertaining to Section 215; one of the withheld opinions is dated August 20, 2008. This memo, written 9 days later, lays out the legal standard for contact-chaining for both the phone and Internet dragnet programs as described in two 2008 dockets.

Specifically, the memo elaborates on the legal standard applicable to the contact-chaining activities in which SID offices engage pursuant to Business Records Order 08-08 (as well as subsequent Orders for the production of telephony records)1 as well as to the contact chaining activities in which SID analysts engage pursuant to the Pen Register and Trap and Trace Order 08-110 (as well as subsequent Pen/Trap Orders ).

The documents must be the most recent, given the way the memo applies this standard to orders going forward. And it replaces an earlier memo, written just months after the start of the phone dragnet.

OGC memorandum dated October 13, 2006, same subject, is canceled. This memorandum updates the prior memorandum to reflect changes in the Foreign Intelligence Surveillance Court (FISC) authorizations specifically authorizing access to the data acquired under the Orders for analysis related to [redacted — probably describes terrorism subjects] The substantive guidance concerning the application of the “reasonable articulable suspicion” standard with respect to the authorizations remains unchanged.

All of which strongly suggests this memo served to incorporate whatever changes the August 2008 opinion made into NSA practice.

The change in the rules pertain to the treatment of association

The structure of the memo — along with the footnote’s explanation that the standards for Reasonable Articulable Suspicion  (cited above) have not changed — suggest that what did change pertains to Association.

After an introductory section, the memo has this structure:

A. Summary of the [RAS] Standard

B. Association with [redacted — probably terrorist targets]

C. First Amendment Considerations

D. Summary

In other words, the memo seems to assess the impact of an August 20, 2008 FISC opinion commenting on the degree to which First Amendment protected activity may serve as proof of a tie (an association) to a terrorist organization.

Regardless of what the FISC said, association is the same thing as membership

Before I lay out the logic dismissing any associational concerns presented by using phone contacts to assume a tie to terrorism, let me get to the punch line. After explaining that simply lobbying a member of Congress to “cut off funding for U.S. troops in Iraq” does not prove an association with terrorism (though some other NSA documents suggest it may have been regarded as such at one time), the memo explains that in some circumstances direct contact can do so.

But, as we have already made clear, we do not read the Order to preclude under all circumstances the conclusion that a number is associated with [redacted — probably terrorist groups] solely on the basis of its communications [redacted] and, more specifically, based on its contacts with numbers about which NSA has the appropriate level of suspicion. Our conclusion is supported by First Amendment law, as we discuss below.

In a footnote on that same page, the memo makes a breathtaking conflation of “member” and “associated with” a terrorist group.

We note also that the very object of the overall effort supported by these Orders is to determine whether or not particular individuals are members of or are associated with the terrorist organizations named in the Orders. Thus, under these Orders, simply by being a member of a named group one becomes subject to government scrutiny. [my emphasis]

That is, NSA sets out to argue that, regardless of whatever that FISC opinion states, association with a terrorist group (provided that they engage in direct contact) amounts to membership in it.

And here’s how that analysis ends up. Read more

Guidance Directive [Redacted]”'>The FBI’s Official “CAIR Has Cooties Guidance Directive [Redacted]”

I had just about come to the conclusion that Michael Horowitz, DOJ’s Inspector General who took over after Glenn Fine retired in 2010, was a worthy successor. In recent weeks, Horowitz has released reports critical of DOJ’s handling of classified information, its refusal to account for drones’ unique risks to privacy, and the Bureau of Alcohol, Tobacco, and Firearms’ use of “churning” (money-making) operations.

But then I read this report — on the FBI’s Interactions with the Council on American-Islamic Relations — and I got literally sick to my stomach.

The report purports to determine whether the FBI complies with Agency guidance — the title and issuing authority for which are redacted in the report, which is why I am referring to it as the “Cooties Guidance Directive [Redacted]” throughout, even where it is redacted in direct quotes — that FBI personnel are not to engage in any community outreach with people from CAIR. For results, it shows that in three of five cases where FBI personnel did engage (or almost engage!) with people from CAIR, the personnel either didn’t consult with the FBI entity the IG deems to be in charge of this policy (which is probably the Counterterrorism Division, but the IG Report redacts that too), or consulted instead with the Office of Public Affairs, which is in charge of community outreach.

In response to these shocking (!!) results, Congressman Frank Wolf has already called for heads to roll.

But what the report actually shows is, first of all, how in response to two non-criminal pieces of evidence — a meeting between men who would go on to found CAIR and Hamas, which was not yet a designated a terrorist organization, and CAIR’s designation as an unindicted co-conspirator in the Holy Land Foundation case (the publication of which was subsequently deemed a violation of the group’s Fifth Amendment rights) — the FBI formulated a formal policy to treat that organization as if it has cooties.

And yet, even the language the IG repeats about this policy makes it clear that the FBI was operating on a policy of “guilty until proven innocent.”

The guidance specifically stated that, until the FBI could determine whether there continued to be a connection between CAIR or its executives and Hamas, “the FBI does not view CAIR as an appropriate liaison partner” for non-investigative activities.

That is, for the entire 5 year period versions of this policy have been in place, FBI has maintained that so long as it doesn’t develop evidence that CAIR has no ties to Hamas, then FBI will treat the organization and its officials as if they do have such ties by refusing to let them on FBI property or attend any CAIR-affiliated events. And we’re supposed to believe, I guess, that the FBI has used not a single one of their intrusive investigative methods to try to prove or disprove this allegation in the interim 5 years, and so it just will never know whether the allegation is correct or not, and so must operate on the playground Cooties standard.

Heck, in one of the “incidents” the report investigates, the local FBI office actually vetted an event participant to make sure his service on CAIR’s local board didn’t taint all his other community ties so badly that he should not participate in the event.

Yet whether or not a particular CAIR representative [redacted] is irrelevant to the Cooties Guidance Directive  [Redacted] to deny the organization access to the FBI in such non-investigative community-outreach activities.

And the IG Report — Michael Horowitz’ report — judges that vetting that found this gentleman to be innocent was not sufficient reason to ignore the Cooties Guidance Directive [Redacted]. The Report seems to endorse the view that vetting notwithstanding, this guy had a formal role in CAIR that made all his other roles in the Muslim community suspect and that’s the way things work in America.

Then there’s the underlying logic. The entire policy is premised on a bizarre belief that it is exploitative for a Muslim organization to advertise its willingness to work with the FBI.

The June 2011 EC also reiterated that CAIR was not prohibited from “maintaining a relationship with the FBI regarding civil rights or criminal violations; however, civil rights and criminal squads should be cognizant CAIR has exploited these relationships in the past.”

[snip]

The end result of this incident- CAIR posting on its website of a photograph showing the SAC speaking at the event and a description of CAIR’s Civil Rights Director moderating his speech is the sort of exploitation of contact with the FBI that the Cooties Guidance
Directive [Redacted] was intended to avoid.

I don’t get it. If CAIR really were a terrorist sleeper cell, wouldn’t advertising their willingness to associate with the FBI completely ruin all their terrorist Cred, and therefore neutralize whatever threat they presented?

In any case, on the one hand, the report chronicles how the federal agency in charge of investigating civil rights abuses basically treated an entire constitutionally protected civil rights organization as guilty without charging it with any crime.

But then there’s the fact that, after responding to a request to fear-mongers in Congress, this report saw the light of day in the fashion it appears.

As noted above, the IG Report seems to accept this premise of guilty until proven innocent without noting the problem underlying it. Like, you know, the Constitution. In places, the language of the report even echos that of a presumption of guilt, as in this passage where it berates OPA for actually treating an individual with multiple formal ties to the Muslim community as such, rather than as someone branded solely by his affiliation with CAIR.

It appears that OPA provided guidance that effectively reversed the presumption against CAIR participation in non-investigatory FBI activities in this instance. OPA indicated that it wanted to ensure that there was sufficient justification for excluding the CAIR participant apart from his role in CAIR.

Then there’s the way in which this was released. While the actual Cooties Guidance  Directive [Redacted] is classified, nothing else in the report seems like it should be (though the FBI has removed the classification marks from the paragraphs to hide the basis for their claims that this is classified). In particular, FBI or DOJ or OIG has chosen to redact anything that would make it clear whether this is an actual policy, or just guidance on which CTD and OPA disagree (in their complaint about the report, the ACLU notes that it doesn’t appear to have gone through the formal policy-making process). And yet, having hidden that information, the IG presents it as if the failure to implement the Cooties Guidance Directive [Redacted] is a graver problem than the upending of presumption of innocence.

Finally, there are a few tonal issues. For example, the report presents this view — from a Chicago SAC who twice blew off the Cootie Guidance Directive [Redacted] — as if his basic civility presents a problem.

He stated that if DHS considered CAIR officials to be part of the community and invited them to the Roundtable, the FBI was not going to deny them entry at the door.

In another instance, it quotes another violating SAC as using the term “Islamophobia” (PDF 22), but presents the term in scare quotes. This is borderline McCarthyist shit, treating the language of people fighting terrorists by treating Muslims as human beings as some kind of brand against them.

Finally, there’s the timing of this. The fear-mongers requested this report in March 2012 — over 20 months after after the Section 215 IG Report that we’ve been waiting for for 1,224 days got started. Three of four of what are probably interviews with those deemed in violation of this guidance took place over the course of 8 days in August and September of 2012 (the last took place in July, which makes me wonder whether that was added to beef up an otherwise thin report.)

But then the report didn’t get released until a second state CAIR affiliate starts challenging the FBI’s killing of a Muslim person. And the IG Report got released on the very same day that CAIR released a major report on Islamophobia (or, as the IG appears to treat it, “Islamophobia.”)

The whole thing seems designed not to make the FBI a more orderly place (if that were the purpose, then it might be better to focus on how the Cooties Guidance Directive
[Redacted] became formal policy — if it did — without going through formal policy channels). Rather, it seems designed to foment a kind of McCarthyism within FBI targeted at those counterterrorism investigators who believe the best way to fight Islamic extremists is to treat Muslims as partners in rooting out violence.

CAIR-FL Calls for Investigation into Ibragim Todashev’s Killing

Last Thursday afternoon, the President of the United States said this:

For the record, I do not believe it would be constitutional for the government to target and kill any U.S. citizen — with a drone, or with a shotgun — without due process, nor should any President deploy armed drones over U.S. soil.

Less than 40 hours earlier, an FBI Agent shot and killed Ibragim Todashev during a 5-hour interrogation with at least 4 other law enforcement officers. As I noted yesterday, law enforcement sources now concede that Todashev was unarmed when he was killed. According to a lawyer from CAIR representing his family, Todashev was shot 7 times, including once in the head.

An ethnically Chechen Russian, Todashev was not a US citizen. Though he reportedly obtained his Green Card in February and as such became a US person for spying and law enforcement purposes.

While the FBI claims that Todashev was in the process of confessing to involvement, with Boston Marathon killer Tamerlan Tsarnaev, in a 2011 triple murder in Waltham, MA, newly revealed details –such as that the other law enforcement officers had left the room when Todashev was shot — suggests they were pressuring Todashev to confess and/or (I suspect) turn informant and did or said something that made him either react badly or feel the need to defend himself. Given those details, no credible press should report without far more proof — as many still are — that the dead man was willingly confessing or had confessed at all.

Now, the local chapter of the Council on American-Islamic Relations is calling on DOJ’s Civil Rights division to investigate whether excessive force was used.

Recall that the MI chapter of CAIR conducted an extensive investigation of another Muslim (in that case, a US citizen) deprived of due process by quick FBI shotguns, Imam Abdullah Luqman, and is now suing for wrongful death.

Presumably, the FBI will maintain, as they have already claimed, that Todashev attacked the FBI Agent (who, according to reports, had been left alone with Todashev by the others), and he became an imminent threat to that now-exposed FBI Agent’s safety.

You know? Imminent threat? The same broad word game we use to target people with drones?

Defying the Rules of Gravity, Obama Directs Sanctions Solely against Israel’s Enemies

In conjunction with his speech at the Holocaust Museum yesterday and announcement of the Atrocities Prevention Board, President Obama also rolled out sanctions against those who use IT to repress human rights. The Treasury Department the sanctions GRAHVITY (I think they get it from “GRAve Human rights abuses Via Information TechnologY” or some such Orwellian acronym).

There’s a problem with that. We are all subject to gravity.

But only Israel’s enemies–Iran and Syria–are subject to GRAHVITY.

This exclusive application was set up in yesterday’s speech when Elie Wiesel suggested the point of remembering the Holocaust was to guarantee the strength of Israel and ensure its enemies–in this case, Syria and Iran–are removed from office (and deprived of the same weapons Israel stockpiles against them).

Have you learned anything from it? If so, how is it that Assad is still in power? How is it that the Holocaust Number 1 denier, Ahmadinejad, is still a President, he who threatens to use nuclear weapons–to use nuclear weapons–to destroy the Jewish state?

[snip]

Now, I hope you understand, in this place [the Museum], why Israel is so important, not only to the Jew that I am and the Jewish people, but to the world. Israel cannot not remember. And because it remembers, it must be strong, just to defend its own survival and its own destiny.

Obama’s focus was broader. In his speech, he listed Cambodia, Rwanda, Bosnia, Darfur, Côte d’Ivoire, Libya (with no mention of the civilian casualties NATO caused), the Lords Resistance Army.

But Obama, too, focuses primarily on Syria.

In this speech, the sole reason to ensure internet freedom, according to Obama, is to bring about regime change in Syria.

And when innocents suffer, it tears at our conscience. Elie alluded to what we feel as we see the Syrian people subjected to unspeakable violence, simply for demanding their universal rights. And we have to do everything we can. And as we do, we have to remember that despite all the tanks and all the snipers, all the torture and brutality unleashed against them, the Syrian people still brave the streets. They still demand to be heard. They still seek their dignity. The Syrian people have not given up, which is why we cannot give up.

Read more

Like NYPD, FBI Also Investigating How Many Times a Day Muslims Pray

Yesterday, the AP won a well-deserved Pulitzer for, among other things, revealing that the NYPD had sent an officer on a junket whitewater trip so he could count how many times a day the Muslim students on the trip prayed.

But the NYPD is not the only authority investigating Muslims based on whether they pray five times a day. A group of Muslims are suing FBI and CBP because they keep getting searched and asked how often they pray.

The four plaintiffs describe how, since 2008, all of them have been subjected to invasive searches and grilling about their religious practices during border crossings (most are talking about Canadian crossings, but this includes airports). All of the plaintiffs have had this occur on at least four different occasions.

Upon information and belief, Defendants began implementing a policy or a course of conduct under which Defendants ask Muslim American travelers attempting to re-enter the United States through the United States-Canada border at multiple international ports of entry a detailed list of questions about their religious beliefs and religious practices.

Upon information and belief, citizens of other faiths are not questioned about their religious beliefs and religious practices.

Defendants’ course of conduct or policy includes asking Muslim American travelers, at minimum, a fixed set of questions about their Islamic religious practices, which
include, but are not limited to the following:

a. Which mosque do you go to?
b. How many times a day do you pray?
c. Who is your religious leader?
d. Do you perform your morning prayer at the mosque?

When CAIR submitted a complaint to DHS, they said their “complaint process does not provide individuals with legal or procedural rights or remedies.”

This will be an interesting counterpart to David House’s suit, which recently was permitted to go forward; House argues the search was intended, in part, to access information on Bradley Manning’s supporters and therefore was an illegal abridgment of his First Amendment.

Treatment of Americans at the border has long been excepted from all First and Fourth Amendment protections. It will be interesting if, in light of clear targeting on First Amendment grounds, civil liberties supporters can start to chip away at the egregious exception.