Posts

Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

The other day, Ron Wyden gave a long speech on FISA Section 702, purportedly explaining why he was voting against Dan Coats to be Director of National Intelligence. Wyden voted against Coats because his former colleague would not commit to providing a number of the number of Americans swept up under Section 702. Given that it’s always a good idea to read Wyden closely, I wanted to summarize what he said. I’ll look at his complaints in a separate post, but for now I wanted to focus on Wyden’s description of the bogus explanations James Clapper and others gave Wyden in his past efforts to get the number of Americans sucked up in 702. I summarized the known exchanges that occurred on this issue before Clapper’s famous “not wittingly” lie here.

In 2011, both Wyden and John Bates were asking for numbers at the same time — NSA refused both

The first request for a count is temporally significant(update: I think I just missed this one in the past). In April 2011, Wyden and Mark Udall asked for the number.

In April of 2011, our former colleague, Senator Mark Udall, and I then asked the Director of National Intelligence, James Clapper, for an estimate.

According to Clapper’s response, they sent a written letter with the request on July 14, 2011. The timing of this request is critically important because it means Wyden and Udall made the request during the period when NSA and FISA Judge John Bates were discussing the upstream violations (see this post for a timeline). As part of that long discussion Bates had NSA do analysis of how often it collected US person communications that were completely unrelated to a targeted one (MCTs). Once Bates understood the scope of the problem, he asked how many US person communications it collected that were a positive hit on the target that were the only communication collected (SCTs).

But the timing demands even closer scrutiny. On July 8, John Bates went to DOJ to express “serious concerns” — basically, warning them he might not be able to reauthorize upstream surveillance. On July 14 — the same day Wyden and Udall asked Clapper for this information — DOJ asked Bates for another extension to respond to his questions, promising more information. Clapper blew off Wyden and Udall’s request in what must be record time — on July 26. On August 16, DOJ provided their promised additional information to Bates. That ended up being a count of how many Americans were affected in MCTs.

That means Clapper claimed he couldn’t offer a number even as NSA was doing precisely the kind of count that Wyden and Udall wanted, albeit for just one kind of 702 collection. And, as Wyden suggested in his speech, Clapper’s answer was non-responsive, answering how many US persons had their communications reviewed, rather than how many had their communications collected.

In July of that year, the director wrote back and said, and I quote, it was not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the authority of the Foreign Intelligence Surveillance Act. He suggested reviewing the classified number of disseminated intelligence reports containing a reference to a U.S. Person, but that is very different than the number of Americans whose communications have been collected in the first place. And that’s what this is all about.

Then, after the government presented the information on how many US persons were collected via MCTs to Bates in August, Bates asked them to go back and count SCTs.

NSA refused.

Both FISC and members of SSCI were asking for this information in the same time period, and NSA refused to provide the count.

Since NSA wouldn’t help him, Bates invented an estimate himself, calculating that some 46,000 entirely domestic communications were collected under upstream collection each year.

NSA’s manual review focused on examining the MCTs acquired through NSA’s upstream collection in order to assess whether any contained wholly domestic communications. Sept. 7, 2011 Hearing Tr. at 13-14. As a result, once NSA determined that a transaction contained a single discrete communication, no further analysis of that transaction was done. See Aug. 16 Submission at 3. After the Court expressed concern that this category of transactions might also contain wholly domestic communications, NSA conducted a further review. See Sept. 9 Submission at 4. NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13, 25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Presumably, Wyden learned that NSA had been doing such a count in October, well after Clapper had given his first non-responsive answer.

The 2012 privacy violation claim

Wyden skips the next request he made, when on May 4, 2012, he and Udall asked the Intelligence Community Inspector General Charles McCullough for a number (I laid out the timing of the request in this post). When they also tried to include language in the FAA reauthorization requiring the IGs to come up with a number, SSCI refused, citing their outstanding request to McCullough. Of course, McCullough did not get back to the Senators with his refusal to do such a count until after the bill had passed out of committee. He responded by saying NSA IG George Ellard didn’t have the capacity for such a review, and besides, it would violate the privacy of Americans to find out how much NSA was violating their privacy.

I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Clapper blows off 12 Senators

In response, Wyden rounded up some privacy minded Senators to sign onto a letter asking for an estimate of the number. In this week’s speech, Wyden noted that he said he’d be willing to take an estimate. He didn’t remind his listeners that he and his friends also asked whether such an estimate had been done.

  • Have any entities made any estimates — even imprecise estimates — about how many US communications have been collected under section 702 authorities?

The answer to that question — at least with regards to upstream collection — was yes. NSA had estimated the MCTs and Bates, using their estimate, had made an even rougher estimate of the SCTs. But as I noted here, members of Congress relying on the purported disclosure to Congress about the upstream violations wouldn’t know that — or that the upstream violations involved entirely US person collection. As Wyden noted in his speech, Congress didn’t get this information before the reauthorized FAA.

We still got no answer. And section 702 was reauthorized without this necessary information.

Clapper’s least untruthful answer

Wyden also doesn’t address Clapper’s famous March 2013 lie. Since the exposure of the phone dragnet, most discussions have assumed Wyden was probing only about that program. But the question, as asked, absolutely applied to incidental collection.

Wyden: Does the NSA collect any type of data, at all, on millions, or hundreds of millions of Americans?

Clapper: No sir.

Wyden: It does not?

Clapper: There are cases where they could inadvertently, perhaps, uh, collect, but not wittingly.

Indeed, several of Clapper’s many excuses claim he was thinking of content when he responded. Even if he were, his first answer would still be yes: the NSA collects on so many millions of Americans incidentally that it refuses to count it. But Clapper’s “not wittingly” response is almost certainly not a goof, since he gave it after Wyden had provided a day’s warning the question would be asked and after two different John Bates’ opinions that made it clear that he would forgive the collection of content so long as NSA didn’t know about it, but once they knew about it, then it would become illegal. The not wittingly response reinforces my firm belief that the reason the government refuses to count this is because then a great deal of their Section 702 collection would be deemed illegal under those two FISC precedents.

Clapper’s blow-off becomes Dan Coats’ blow-off

Which is where Wyden brings us up to date, with both house of Congress asking for such a number and — after promises it would be forthcoming — not getting it.

So last year looking at the prospect of the law coming up, there was a renewed effort to find out how many law-abiding Americans are getting swept up in these searches of foreigners. In April 2016 a bipartisan letter from members of the House Judiciary Committee asked the Director of National Intelligence for a public estimate of the number of communications or transactions involving United States persons are collected under section 702 on an annual basis. This letter coming from the House Democrats and Republicans, again asked for a rough estimate. This bipartisan group suggested working with director clapper to determine the methodology to get this estimate.

In December there were hints in the news media that something might be forthcoming, but now we’re here with a new administration considering the nomination of the next head of the intelligence community who has said that reauthorizing section 702 is his top legislative priority and that there is no answer in sight to the question Democrats and Republicans have been asking for over six years. How many innocent law-abiding Americans are getting swept up in these searches under a law that targets foreigners overseas?

There’s one tiny tidbit he doesn’t mention here. Coats never answered that he wouldn’t provide an answer. Rather, he said he didn’t understand the technical difficulties behind providing one (not even after participating in the 2012 vote where this was discussed). In his confirmation hearing, Coats explained one reason why he couldn’t learn what the technical difficulties were before he was confirmed. When he resigned the Senate, his clearance had lapsed, and during his confirmation process, his new clearance was being processed. That meant that for this — and any other classified question that Coats might want to consider anew — he was unable to get information.

The Senate doesn’t seem to care about this serial obstruction, however. Coats was confirmed with an 85-12 vote, with the following Senators voting against confirmation.

Baldwin (D-WI)
Booker (D-NJ)
Duckworth (D-IL)
Gillibrand (D-NY)
Harris (D-CA)
Markey (D-MA)
Merkley (D-OR)
Paul (R-KY)
Sanders (I-VT)
Udall (D-NM)
Warren (D-MA)
Wyden (D-OR)

Given how hard the IC is trying to hide this, the actual exposure of US persons must be fairly significant. We’ll see whether Congress finds another way to force this information out of the IC.

Updated with more granular timing on the 2011 exchange.

The CIA Is Preventing Congress from Learning that the Worst Allegations against Hillary Pertain to Drones

You probably heard that Jim Comey testified to the House Oversight Committee for over four hours today. You’ll see far less coverage of the second panel in that hearing, the testimony of Inspector Generals Steve Linick (from State) and Charles McCullough (from the IC).

In addition to OGR Chair Jason Chaffetz suggesting the committee convene a secrecy committee akin to the one Senator Daniel Patrick Moynihan convened back in the 1990s (which would be very exciting), McCullough revealed something rather startling regarding a letter he sent to Congress back in January (this was first reported by Fox). The letter was his official notice to Congress that some of the information in Hillary’s emails was claimed by an agency he didn’t name to be Special Access.

To date, I have received two sworn declarations from one IC element. These declarations cover several dozen emails containing classified information determined by the IC element to be at the CONFIDENTIAL, SECRET, and TOP SECRET/SAP levels. According to the declarant, these documents contain information derived from classified IC element sources. Due to the presence of TOP SECRET/SAP information, I provided these declarations under separate cover to the Intelligence oversight committees and the Senate and House leadership.

By sending the email, McCullough made the SAP information very public, without providing information about whether the claim was very credible.

Shortly after the Fox report, Politico reported that the emails pertained to CIA drone strikes and related fallout in Pakistan.

However, the emails now deemed to contain “top secret, special access program” information are in addition to the messages previously disputed between State and the Director of National Intelligence, according to a spokesperson for McCullough. The official said the intelligence community review group is wrapping up its look into the documents and is putting these documents in the SAP category.

The Central Intelligence Agency is the agency that provided the declarations about the classified programs, another U.S. official familiar with the situation told POLITICO Wednesday.

The official, who spoke on condition of anonymity, said some or all of the emails deemed to implicate “special access programs” related to U.S. drone strikes. Those who sent the emails were not involved in directing or approving the strikes, but responded to the fallout from them, the official said.

The information in the emails “was not obtained through a classified product, but is considered ‘per se’ classified” because it pertains to drones, the official added. The U.S. treats drone operations conducted by the CIA as classified, even though in a 2012 internet chat Presidential Barack Obama acknowledged U.S.-directed drone strikes in Pakistan.

WSJ reported last month that what are presumably the same emails included discussions among State Department officials about upcoming drone strikes.

The vaguely worded messages didn’t mention the “CIA,” “drones” or details about the militant targets, officials said.

The still-secret emails are a key part of the FBI investigation that has long dogged Mrs. Clinton’s campaign, these officials said.

They were written within the often-narrow time frame in which State Department officials had to decide whether or not to object to drone strikes before the CIA pulled the trigger, the officials said.

Law-enforcement and intelligence officials said State Department deliberations about the covert CIA drone program should have been conducted over a more secure government computer system designed to handle classified information.

State Department officials told FBI investigators they communicated via the less-secure system on a few instances, according to congressional and law-enforcement officials. It happened when decisions about imminent strikes had to be relayed fast and the U.S. diplomats in Pakistan or Washington didn’t have ready access to a more-secure system, either because it was night or they were traveling.

In other words, there has been a great deal of reporting on what are almost surely the emails in question, revealing that the key dispute pertains to an issue that CIA likes to pretend we don’t all know about, drone strikes in Pakistan.

In today’s hearing, McCullough reported that these emails — in addition to being a Special Access Program — are also classified Originator Controlled, ORCON, and the CIA (which he still didn’t name) has been refusing to distribute the emails or the statement beyond the original dissemination, the Intel committees and congressional leadership. So, in spite of the fact that numerous members of Congress have asked for more information (including, in today’s hearing, Chaffetz), they’ve been denied it. McCullough explained he had had to get his own staffers read into this, and he has gone back to the CIA (again, which he didn’t name) several times, only to have them refuse further distribution.

It may well be that the actual language used in the most sensitive emails revealed highly classified information — or it may be, as the WSJ reported, that State aides used a kind of code hiding the jist of their conversations.

Or it may be that State discussed a particularly controversial drone strike, such as the time CIA launched a drone strike right after Ray Davis was freed from Pakistani custody, which Jim White wrote about in a longer post suggesting CIA used drone strikes to retaliate against Pakistani action we don’t like.

Drone strikes in Pakistan by the US have occasionally been interrupted by various diplomatic issues. For example, there was a lull of over a month at the height of negotiations over the release of Raymond Davis. One of the most notorious US drone strikes was on March 17, 2011, the day after Raymond Davis was released. This signature strike killed over 40, and despite US claims (was that you, John Brennan?), that those killed “weren’t gathering for a bake sale” it was later determined that the majority of those killed were indeed civilians at a jirga to discuss local mineral rights. Because it was so poorly targeted, this strike always stood out in my mind as the product of an attitude where high-level US personnel demanded a target, no matter how poorly developed, simply to have something to hit since drone strikes had been on hold over the Davis negotiations and there was a need to teach Pakistan a lesson.

One way or another, though, these are topics that Congress (especially the Foreign Affairs Committees, which almost certainly have been denied these details) should be able to review.

But CIA is — as is their wont — playing classification games to ensure that a broader cross-section of Congress can’t assess how egregious this particular classification violation was.

Which, given CIA’s history, tends to mean either it wasn’t — or CIA has something to hide.

A Whole Lot of Inspector General Scrutiny on Intelligence Community Networks

Between this report, released today, on DOD Inspector General’s ongoing work and the Intelligence Community’s Inspector General Semiannual report, released in mid-January, the Intelligence Community is doing a whole bunch of audits and inspections of its own network security, some of them mandated by Congress. And there are at least hints that all is not well in the networks that enable the Intelligence Community to share profusely.

The most interesting description of a report from ICIG’s Semiannual review, for example, suggests that, given the IC’s recent move to share everything on an Amazon-run cloud, the bad security habits of some elements of the IC are exposing other elements within the IC.

AUD-2015-006: Transition to the Intelligence Community Cloud Audit

The DNI, along with Intelligence Community leadership, determined that establishing a common IT architecture across the IC could advance intelligence integration, information sharing, and enhance security while creating efficiencies. This led to the Intelligence Community Information Technology Enterprise, an IC-wide initiative coordinated through the Office of the Intelligence Community Chief Information Officer. IC ITE’s sharing capability is enabled by a cloudbased architecture known as the IC Cloud – a secure resource delivering IT and information services and capabilities to the entire community. The cloud will allow personnel to share data, systems, and applications across the IC. The IC elements’ effective transition to the IC ITE cloud environment is key to achieving the initiative’s overarching goals and as such, systems working together in a cloud environment creates potential security concerns.

In particular, information system security risks or vulnerabilities to one IC element operating within IC ITE may put all IC elements at risk. Information from a joint IG survey of 10 IC elements suggested that the elements may have the differing interpretations of policies and requirements, or are not fully aware of their responsibilities for transitioning to the IC Cloud. As a result of these preliminary observations, IC IG initiated an audit that will: 1. Assess how the IC elements are planning to transition to the IC ITE Cloud environment; 2. Determine IC elements’ progress in implementing cloud transition plans; and, 3. Compare how IC elements are applying the risk management framework to obtain authorizations to operate on the IC Cloud. We plan to issue a report by the end of the first quarter of FY 2017. [my emphasis]

The IC is banking quite a bit on being able to share safely within the cloud. I would imagine that fosters a culture of turf war and recriminations for any vulnerabilities. It certainly seems that this report arises out of problems — or at least the identification of potential problems — arising from the move to the cloud. Note that this report won’t be completed until the end of this calendar year.

Then there’s this report, which was mandated in a classified annex of the Intelligence Authorization passed in December and, from the looks of things, started immediately.

Audit of Controls Over Securing the National Security Agency Network and Infrastructure (Project No. D2016-DOOORC-0072.000)

We plan to begin the subject audit in January 2016. Our objective is to determine whether initiatives implemented by the National Security Agency are effective to improve security over its systems, data, and personnel activities. Specifically, we will determine whether National Security Agency processes and technical controls are effective to limit privileged access to National Security Agency systems and data and to monitor privileged user actions for unauthorized or inappropriate activity. The classified annex to accompany H.R. 2596, the Intelligence Authorization Act for Fiscal Year 2016, contained a Department of Defense Inspector General classified reporting requirement. This audit is the first in a series. We will consider suggestions from management on additional or revised objectives.

It seems to be an assessment — the first in a series — of whether limits on privileged access to NSA systems are working. This may well be a test of whether the changes implemented after the Snowden leak (such as requiring two parties to be present when performing functions in raw data, such as required on dragnet intake) have mitigated what were some obviously huge risks.

I’m mostly curious about the timing of this report. You would have thought the implementation of such controls would come automatically with some kind of audit, but they’re just now, 2.5 years later, getting around to that.

Here are some other reports from the ICIG report, the latter three of which indicate a real focus on information sharing.

AUD-2015-007: FY 2015 Consolidated Federal Information Security Modernization Act of 2014 Capstone Reports for Intelligence Community Elements’ Inspectors General

This project will focus on FY 2015 FISMA report submissions from the OIGs for the IC elements operating or exercising control of national security systems. We will summarize 11 IC elements’ information security program strengths and weaknesses; identify the cause of the weaknesses in these programs, if noted by the respective OIGs; and provide a brief summary of the recommendations made for IC information security programs. To perform this evaluation, we will apply the Department of Homeland Security FY 2015 IG FISMA metrics for ten information security program areas.

1. Continuous Monitoring Management 2. Security Configuration Management 3. Identity and Access Management 4. Incident Response and Reporting 5. Risk Management 6. Security Training 7. Plan of Action and Milestones 8. Remote Access Management 9. Contingency Planning 10. Contractor Systems We will issue our report by the end of the first quarter of FY 2016

INS-2015-004: Inspection: Office of the Intelligence Community Chief Information Officer

The IC CIO is accountable for overall formulation, development, and management of the Intelligence Community Information Technology Enterprise. The scope of our review was limited and informed by a concurrent IC IG Audit survey of IC ITE, as well as an ongoing evaluation of IC ITE progress by the ODNI Systems and Resources Analyses office. Additional details of this report are in the classified annex.

INS-2015-005: Joint Evaluation of Field Based Information Sharing Entities

Along with our OIG partners at the Departments of Justice and Homeland Security, we are evaluating federally supported entities engaged in field-based domestic counterterrorism, homeland security, and information sharing activities in conjunction with state, tribal, and local law enforcement agencies. This review is in response to a request from Senate committees on Intelligence, Judiciary, Homeland Security and Governmental Affairs. We will issue our report during FY 2016.

INS-2015-006: Inspection: ODNI Office of the Program Manager–Information Sharing Environment

We last inspected the ODNI PM-ISE office in 2013 and are conducting a follow-up review with a focus on resource management.

What Agency Is Claiming Hillary Received SAP Emails?

The political world is a-twitter over the latest in the Hillary email scandal, Fox News’ report that there were emails sent to Hillary classified at the Special Access Program level. To Fox’s credit, Catherine Herridge liberated the letter itself.

To date, I have received two sworn declarations from one IC element. These declarations cover several dozen emails containing classified information determined by the IC element to be at the CONFIDENTIAL, SECRET, and TOP SECRET/SAP levels. According to the declarant, these documents contain information derived from classified IC element sources. Due to the presence of TOP SECRET/SAP information, I provided these declarations under separate cover to the Intelligence oversight committees and the Senate and House leadership.

Note, the letter makes clear that those reporting Hillary had two SAP emails may not be correct: Charles McCullough’s letter doesn’t say how many emails were SAP and how many were CONFIDENTIAL. And the letter is conveniently written in a form that can be shared with the press without key information that would allow us to test the claims made in it.

For example, one critical detail in assessing claims about classification pertains to which IC element claims Hillary received SAP email.

That’s relevant because some agencies have more credibility in their classification claims than others. If this is CIA making the claim, for example, we should assume it’s bogus, because CIA — and its Chief of Litigation Support, Martha Lutz — routinely makes bogus claims.

I described, for example, how Lutz shamelessly claimed documents dating to 1987 on dialing a rotary phone were appropriately retroactively classified SECRET after 2006 to back the only piece of evidence admitted at trial that Jeffrey Sterling mishandled classified information.

Martha Lutz, the CIA’s Chief of Litigation Support and the bane of anyone who has FOIAed the CIA in the last decade, was on the stand, a tiny woman with a beehive hairdo and a remarkably robust voice. After having Lutz lay out the Executive Orders that have governed classified information in the last two decades and what various designations mean, the government introduced four documents into evidence — three under the silent witness rule — and showed them to Lutz.

“When originally classified were these documents properly classified as secret,” the prosecution asked of the three documents.

“They weren’t,” Lutz responded.

“But they are now properly classified secret?”

“Yes,” Lutz answered.

[snip]

[T]he defense explained a bit about what these documents were. Edward MacMahon made it clear the date on the documents was February 1987 — a point which Lutz apparently missed. MacMahon then revealed that the documents explained how to use rotary phones when a CIA officer is out of the office.

That’s a big part of why Sterling is sitting in prison right now: because Lutz was willing to claim, under oath, that a 28-year old document on dialing rotary phones still (rather, newly) needed to be protected as SECRET.

But it’s not just this one case: pretty much everyone who has FOIAed CIA in recent years has a Martha Lutz story, because the agency has such a consistent history of making transparently false classification claims to hide CIA’s activities, even those that are widely known.

Just as an example, the torture program was (and possibly the still-classified aspects continue to be) a SAP.  Keep that — and the many publicly known details, such as that Alfreda Bikowsky was central to some of the biggest abuses about torture, that CIA managed to bury in the Torture Report not because they’re secret but because having them officially discussed puts CIA at legal risk — in mind as everyone wags around that SAP label. If CIA is making the SAP claim, the claim itself should be suspect, because there’s such an extensive history of CIA making such claims when they were transparently bogus. Earlier in this FOIA, CIA claimed that Hillary’s staffers could only learn about the Pakistani drone program from classified information, when you’re actually better off learning about such things from Pakistani and NGO reporting; in the end McCullough sided with CIA, not because it made sense, but because that’s how classification works.

I’m on the record as thinking Hillary’s home brew server was an abuse of power and really stupid to boot. But I’m also really hesitant to make blind claims from unnamed Original Classification Authorities on faith, because the record shows that those claims are often completely bogus.

Hillary receiving a SAP email may say terrible things about her aides. Alternately, it may reinforce the case that the CIA is an out-of-control agency that makes ridiculous claims of secrecy to avoid accountability. We don’t know which of those things this story supports yet.

Update: Told ya.

The Central Intelligence Agency is the agency that provided the declarations about the classified programs, another U.S. official familiar with the situation told POLITICO Wednesday.

The official, who spoke on condition of anonymity, said some or all of the emails deemed to implicate “special access programs” related to U.S. drone strikes. Those who sent the emails were not involved in directing or approving the strikes, but responded to the fallout from them, the official said.

The information in the emails “was not obtained through a classified product, but is considered ‘per se’ classified” because it pertains to drones, the official added. The U.S. treats drone operations conducted by the CIA as classified, even though in a 2012 internet chat Presidential Barack Obama acknowledged U.S.-directed drone strikes in Pakistan.

The source noted that the intelligence community considers information about classified operations to be classified even if it appears in news reports or is apparent to eyewitnesses on the ground.

Update: I meant to link this earlier. It’s a complaint submitted to ISOO from Katherine Hawkins detailing all the things CIA kept classified in the Torture Report that aren’t, or were improperly classified.

Confirmed: Intelligence Community Claimed Credit and Top Secret Status for Open Source Intelligence

Back when the beltway first declared that Hillary Clinton’s emails (by which they meant, but often didn’t specify, emails received by Hillary) included two Top Secret emails, I warned about being snookered by CIA claims their drone program was secret.

This is CIA claiming secrecy for its drone operations!!! The ongoing FOIAs about CIA’s acknowledged role in the drone war are evidence that even independent appellate judges don’t buy CIA’s claims that their drone activities are secret. Just yesterday, in fact, DC Judge Amit Mehta ordered DOJ to provide Jason Leopold more information about its legal analysis on CIA drone-killing Anwar al-Awlaki, information the CIA had claimed was classified. Indeed, Martha Lutz, the woman who likely reviewed the emails turned over, is fairly notorious for claiming things are classified that pretty obviously aren’t. It’s her job!

I’m all in favor of doing something to ensure all people in power don’t hide their official business on hidden email servers — right now, almost all people in power do do that.

But those who take CIA’s claims of drone secrecy seriously should be mocked,

On Friday, Josh Gerstein confirmed I was right to warn against taking such claims seriously.

Intelligence Community Inspector General I. Charles McCullough III made the claim that two of the emails contained top-secret information; the State Department publicly stated its disagreement and asked Clapper’s office to referee the dispute. Now, that disagreement has been resolved in State’s favor, said the source, who spoke on condition of anonymity.

Intelligence officials claimed one email in Clinton’s account was classified because it contained information from a top-secret intelligence community “product” or report, but a further review determined that the report was not issued until several days after the email in question was written, the source said.

“The initial determination was based on a flawed process,” the source said. “There was an intelligence product people thought [one of the emails] was based on, but that actually postdated the email in question.”

[snip]

In an Aug. 11 memo to 17 lawmakers, McCullough said the two emails “include information classified up to TOP SECRET//SI/TK/NOFORN.” The subject of the emails has never been publicly confirmed, but published reports have said one refers to North Korea’s nuclear program and another to U.S. drone operations. The acronym “SI” in the classification marking refers to “signals intelligence,” and a footnote in McCullough’s memo references the work of the National Geospatial Intelligence Agency, which oversees U.S. spy satellites. [link to memo added]

Here’s the AP’s earlier description of the two emails, which seems to indicate the drone information was commonly known, whereas the email to Hillary included information on North Korea that preceded by days the Top Secret report providing the same information.

The drone exchange, the officials said, begins with a copy of a news article about the CIA drone program that targets terrorists in Pakistan and elsewhere. While that program is technically top secret, it is well-known and often reported on. Former CIA director Leon Panetta and Sen. Dianne Feinstein of California, the top Democrat on the Senate Intelligence Committee, have openly discussed it.

The copy makes reference to classified information, and a Clinton adviser follows up by dancing around a top secret in a way that could possibly be inferred as confirmation, the officials said. Several people, however, described this claim as tenuous.

But a second email reviewed by Charles McCullough, the intelligence community inspector general, appears more problematic, officials said. Nothing in the message is “lifted” from classified documents, they said, though they differed on where the information in it was sourced. Some said it improperly points back to highly classified material, while others countered that it was a classic case of what the government calls “parallel reporting” — receiving information the government considers secret through “open source” channels.

While (as Steven Aftergood argues in Gerstein’s article), the implications of this admission for Hillary’s campaign are significant, consider what it also means about the intelligence our spooks claim to Top Secret: it’s often readily available from alternate (unclassified, at least in the case of the CIA’s drones) sources.

What then, is the value of the ~$70 billion a year we spend on intelligence if some of the purportedly most secret intelligence can be gleaned from the press? And to what degree is all this secrecy about hiding that fact?

The intelligence community does have secrets worth keeping. But all too frequently, it has secret shortcomings protected by a classification system it controls.

The SEKRIT Drones in Hillary’s [Staffers’] Emails

From the start of the Hillary Clinton email scandal, I’ve maintained that there are real reasons to be critical of her use of a private email.

There are big governance reasons to be concerned that Clinton has been in control of all her official emails, including that the emails will get destroyed or hidden from FOIA and Congressional requests.

But there’s also the question of whether whatever sensitive communications she had — potentially including classified information — were safe on a server run out of her Chappaqua home. While the State Department’s own emails have been notoriously unreliable — they have been compromised both in the WikiLeaks leak and in persistent hacks in recent years– if foreign adversaries learned of her private server (and remember, it’s very hard to hide metadata from someone who is looking), her communications would be even easier to compromise.

[snip]

[T]he system is also broken because it has been permitted to become a tool the powerful use to control their own image (and thereby accrue more power). After the years-long witch hunts under her spouse’s Presidency, Clinton might be forgiven for wanting to maintain complete control over her own communications (except for that whole bit about democratic accountability). But she is of course doing it to serve her own Presidential aspirations.

Not only are there real governance reasons it was wrong, but it was an own-goal given that she knew Republicans would pounce on anything that hints of corruption (even though most GOP presidential candidates have done the same thing). In the grand scheme of things, however, I’m most interested in fixing the email and accountability problem, because it has been a recurrent problem since Poppy Bush tried to destroy some PROFs notes to cover up the Iran-Contra scandal.

That said, much — though not all — of the reporting on it took a decidedly irresponsible turn when Intelligence Community Inspector General Charles McCullough revealed that two emails from the emails on Hillary’s server had been determined to contain Top Secret information. Such reporting was led by former NSA official John Schindler whose piece in the Daily Beast bore this headline.

Screen Shot 2015-08-14 at 8.40.08 AM

Schindler might be excused for a headline editors gave his piece to drive clicks and scandal — and indeed, in some parts of his article he was more disciplined in specifying whose emails these were — but he nevertheless used the formulation “Clinton’s emails” when claiming she had satellite-derived information on her servers.

Most seriously, the Inspector General assessed that Clinton’s emails included information that was highly classified—yet mislabeled as unclassified. Worse, the information in question should have been classified up to the level of “TOP SECRET//SI//TK//NOFORN,” according to the Inspector General’s report.

This left the suggestion that as Secretary of State Hillary Clinton sat down with some SIGINT reporting, transcribed it, and then sent it off to her staffers. That, in spite of repeated clarifications from official sources that Hillary was in no way a target of the FBI inquiry into this.

Dianne Feinstein clarified the point yesterday: the issue is that Hillary received emails that had information claimed to be classified, not that she sent them.

There has been a lot of press coverage recently of allegations regarding Secretary Clinton’s email. Unfortunately, much of the coverage has missed key points.

First, none of the emails alleged to contain classified information were written by Secretary Clinton.

The questions are whether she received emails with classified information in them, and if so, whether information in those emails should have been classified in the first place. Those questions have yet to be answered. However, it is clear that Secretary Clinton did not write emails containing classified information.

Again, nothing obviates all the blame that Hillary chose to rely on an unclassified email system, but it’s one thing if Hillary were sending Top Secret information across an unprotected server, and yet another thing if she received emails that might have been derived from Top Secret information, but were not marked as such or even evidently sourced from Top Secret information. Or even — given that some of the people and agencies in question aren’t entirely trustworthy when they make claims of secrecy — that publicly available information was deemed Top Secret.

At least according to the AP (in a story sourced to US officials, so potentially some people in DiFi’s immediate vicinity), that’s what happened.

The two emails on Hillary Rodham Clinton’s private server that an auditor deemed “top secret” include a discussion of a news article detailing a U.S. drone operation and a separate conversation that could point back to highly classified material in an improper manner or merely reflect information collected independently, U.S. officials who have reviewed the correspondence told The Associated Press.

[snip]

The drone exchange, the officials said, begins with a copy of a news article that discusses the CIA drone program that targets terrorists in Pakistan and elsewhere. While a secret program, it is well-known and often reported on. The copy makes reference to classified information, and a Clinton adviser follows up by dancing around a top secret in a way that could possibly be inferred as confirmation, they said. Several officials, however, described this claim as tenuous.

But a second email reviewed by Charles McCullough, the intelligence community inspector general, appears more suspect. Nothing in the message is “lifted” from classified documents, the officials said, though they differed on where the information in it was sourced. Some said it improperly points back to highly classified material, while others countered that it was a classic case of what the government calls “parallel reporting” — different people knowing the same thing through different means.

This is CIA claiming secrecy for its drone operations!!! The ongoing FOIAs about CIA’s acknowledged role in the drone war are evidence that even independent appellate judges don’t buy CIA’s claims that their drone activities are secret. Just yesterday, in fact, DC Judge Amit Mehta ordered DOJ to provide Jason Leopold more information about its legal analysis on CIA drone-killing Anwar al-Awlaki, information the CIA had claimed was classified. Indeed, Martha Lutz, the woman who likely reviewed the emails turned over, is fairly notorious for claiming things are classified that pretty obviously aren’t. It’s her job!

I’m all in favor of doing something to ensure all people in power don’t hide their official business on hidden email servers — right now, almost all people in power do do that.

But those who take CIA’s claims of drone secrecy seriously should be mocked, as should those who deliberately obscure the difference between receiving an unmarked email with information claimed to be classified and those who transcribe information from a properly marked classified document.

US Persons on Military Intelligence Sharing Databases

Steven Aftergood catches Charles McCullough, the Intelligence Community Inspector General who has resisted exercising oversight over spying, doing his job.

“A civilian employee with the Army Intelligence and Security Command made an IC IG Hotline complaint alleging an interagency data repository, believed to be comprised of numerous intelligence and non-intelligence sources, improperly included U.S. person data,” the IC IG wrote. “The complainant also reported he conducted potentially improper searches of the data repository to verify the presence of U.S. persons data. We are researching this claim.”

Given prior reports about ICREACH — which purportedly focuses on foreign collected data but therefore would include US person data collected overseas — this is not that surprising. (I don’t think this should be ICREACH, however, because that’s not explained as a repository.)

But I find it particularly interesting that this complaint comes from someone at INSCOM, the Army intelligence outfit where Keith Alexander tried to ingest US person data in 2001, only to have Mikey Hayden refuse (!).

The heartburn first flared up not long after the 2001 terrorist attacks. Alexander was the general in charge of the Army’s Intelligence and Security Command (INSCOM) at Fort Belvoir, Virginia. He began insisting that the NSA give him raw, unanalyzed data about suspected terrorists from the agency’s massive digital cache, according to three former intelligence officials. Alexander had been building advanced data-mining software and analytic tools, and now he wanted to run them against the NSA’s intelligence caches to try to find terrorists who were in the United States or planning attacks on the homeland.

By law, the NSA had to scrub intercepted communications of most references to U.S. citizens before those communications can be shared with other agencies. But Alexander wanted the NSA “to bend the pipe towards him,” says one of the former officials, so that he could siphon off metadata, the digital records of phone calls and email traffic that can be used to map out a terrorist organization based on its members’ communications patterns.

“Keith wanted his hands on the raw data. And he bridled at the fact that NSA didn’t want to release the information until it was properly reviewed and in a report,” says a former national security official. “He felt that from a tactical point of view, that was often too late to be useful.”

Hayden thought Alexander was out of bounds. INSCOM was supposed to provide battlefield intelligence for troops and special operations forces overseas, not use raw intelligence to find terrorists within U.S. borders. But Alexander had a more expansive view of what military intelligence agencies could do under the law.

“He said at one point that a lot of things aren’t clearly legal, but that doesn’t make them illegal,” says a former military intelligence officer who served under Alexander at INSCOM.

In November 2001, the general in charge of all Army intelligence had informed his personnel, including Alexander, that the military had broad authority to collect and share information about Americans, so long as they were “reasonably believed to be engaged” in terrorist activities, the general wrote in a widely distributed memo.

Indeed, given the timing (IC IG’s report describes this as happening in the fourth quarter of calendar year 2013, so in the months after this Shane Harris report), it’s possible this report is what led the tipster to check whether US person data was available in repositories available to INSCOM.

While INSCOM focuses on battlefield intelligence, it also does cybersecurity and force protection, the kind of thing that has, in the past, targeted Americans (even Americans peddling porn!). So while this might just reflect oversharing, it also might reflect a return to the mentality of Keith Alexander.

The Black Holes in USA Freedumber’s Inspector General Reports

I’m still working on understanding all the crud that is included in the USA Freedumber Act. And for the first time, I have looked really closely at the language on Inspector General Reports, which effectively modifies Section 106 of the 2005 PATRIOT Act Reauthorization. Not only does the language add a DOJ IG Report roughly parallel to the ones mandated for the years through 2006 for 2012 through 2014, but it adds an Intelligence Community IG Report for those 3 years.

I’ve long noted that that seems to leave 2010 and 2011 unexamined. That might be covered in the IG report Pat Leahy requested of the Intelligence Committee IG, Charles McCullough, though the dates are different and McCullough said he didn’t really have the time. So 2010 and 2011 may or may not currently being reviewed; they’re not required to be by the bill, however.

But upon closer review I’m just as interested in some holes the two reports will likely have, in combination.

What I realized when I reviewed the actual language, below, is that USA Freedumber is exploiting the fact that Section 215 was originally written exclusively for the FBI, even if the NSA and CIA and probably a bunch of other agencies are using it too (they’re doing this with minimization procedures elsewhere in the bill, too). Thus, they can leave language that applies specifically to FBI, and pretend that it applies to other agencies.

In practice, that leaves the DOJ IG to investigate general things about Section 215 use, including:

  • any noteworthy facts or circumstances relating to orders under such section, including any improper or illegal use of the authority provided under such section; and

  • the categories of records obtained and the importance of the information acquired to the intelligence activities of the Federal Bureau of Investigation or any other Department or agency of the Federal Government;

So long as FBI retains a role in the application process, it will have access to and can review the categories of records obtained, which is critical because this is one of the ways Congress will learn what those categories are.

But only the DOJ IG assesses whether Section 215 is adhering to law (as opposed to protecting Americanas’ constitutional rights). At one level, I’d much rather have DOJ IG perform this review, because we’ve never seen anything out of the IC IG resembling real oversight. Plus, under Glenn Fine, DOJ’s IG did point to real legal problems with the dragnet (which DOJ largely refused to fix, but which may have led to addition FISC opinions on those subjects). But I have questions whether DOJ’s IG would get enough visibility into what NSA and CIA and other agencies are doing with this data to perform a real review of the legality of it.

Then there are some somewhat parallel things both DOJ’s and IC’s IG would review, including:

  • the importance (IC IG) or effectiveness (DOJ IG) of Section 215

  • the manner in which that information was collected, retained, analyzed, and disseminated by the intelligence community;

  • the minimization procedures used by elements of the intelligence community under such title and whether the minimization procedures adequately protect the constitutional rights of United States persons; and

  • any minimization procedures proposed by an element of the intelligence community under such title that were modified or denied by the FISC

These are all well and good, and there’s the possibility that an IC IG review of how NSA analyzes and disseminates Section 215 data would find any of the most concerning potential practices.

I find the last two things DOJ’s IG would review at FBI but not even at DEA (if DEA uses Section 215), and which the IC IG would not review at all, the most telling.

  • whether, and how often, the Federal Bureau of Investigation used information acquired pursuant to an order under section 501 of such Act to produce an analytical intelligence product for distribution within the Federal Bureau of Investigation, to the intelligence community or to other Federal, State, local, or tribal government Departments, agencies, or instrumentalities; and
  • whether, and how often, the Federal Bureau of Investigation provided such information to law enforcement authorities for use in criminal proceedings

That is, the DOJ IG reports on how often the FBI uses Section 215 for finished intelligence products and how often it serves supports criminal proceedings. But it doesn’t track how often NSA uses Section 215 for finished intelligence products, nor does it track how often NSA uses Section 215 to investigate an American further.

The latter fact — that NSA isn’t counting how many Americans its targets because of Section 215 derived information — is not all that surprising. NSA has worked hard to obscure how many Americans have been sucked up in its analytical maw. Still, if we were serious about providing some transparency to the corporate store — where anyone 2 or 3 degrees from a RAS approved selector can get dumped and subjected to all of NSA’s analytical tradecraft forever — we’d require the IC IG to count this number, too.

And the fact that no one asks NSA and CIA how many finished intelligence reports they’re generating out of Section 215 is problematic both because it doesn’t identify how often NSA and CIA are sharing intelligence with FBI or National Counterterrorism Center or other agencies like DEA (which was one of the big problems with both the phone and Internet dragnet in 2009-10). But it also makes it harder for Congress to get a real understanding of how effective these tools are.

You can’t judge the efficacy of something you don’t measure.

To understand how important this is, consider the discussions about the phone dragnet we’ve had since last year. Everything has been measured in terms of reporting to FBI, which not only doesn’t disclose how many people are stuck in NSA’s maw, but to outsiders made the program look totally useless. We still don’t know precisely how the government is using the phone dragnet, because the data they’ve shared to describe its efficacy is probably not the most significant way it is used.

It seems the intelligence community would like to keep it that way. Read more

The NSA’s Retroactive Discovery of Tamerlan Tsarnaev

In the days after the Boston Marathon attack last year, NSA made some noise about expanding its domestic surveillance so as to prevent a similar attack.

But in recent days, we’ve gotten a lot of hints that NSA may have just missed Tamerlan Tsarnaev.

Consider the following data points.

First, in a hearing on Wednesday, Intelligence Community Inspector General Charles McCullough suggested that the forensic evidence found after the bombing might have alerted authorities to Tamerlan Tsarnaev’s radicalization.

Senator Tom Carper: If the Russians had not shared their initial tip, would we have had any way to detect Tamerlan’s radicalization?

[McCullough looks lost.]

Carper: If they had not shared their original tip to us, would we have had any way to have detected Tamerlan’s radicalization? What I’m getting at here is just homegrown terrorists and our ability to ferret them out, to understand what’s going on if someone’s being radicalized and what its implications might be for us.

McCullough: Well, the Bureau’s actions stemmed from the memo from the FSB, so that led to everything else in this chain of events here. You’re saying if that memo didn’t exist, would he have turned up some other way? I don’t know. I think, in the classified session, we can talk about some of the post-bombing forensics. What was found, and that sort of thing. And you can see when that radicalization was happening. So I would think that this would have come up, yes, at some point, it would have presented itself to law enforcement and the intelligence community. Possibly not as early as the FSB memo. It didn’t. But I think it would have come up at some point noting what we found post-bombing.

Earlier in the hearing (around 11:50), McCullough described reviewing evidence “that was within the US government’s reach before the bombing, but had not been obtained, accessed, or reviewed until after the bombing” as part of the IG Report on the attack. So some of this evidence was already in government hands (or accessible to it as, for example, GCHQ data might be).

We know some of this evidence not accessed until after the bombing was at NSA, because the IG Report says so. (See page 20)

Screen Shot 2014-04-12 at 12.37.13 PM

That may or may not be the same as the jihadist material Tamerlan posted to YouTube in 2012, which some agency claims could have been identified as Tamerlan even though he used a pseudonym for some of the time he had the account.

The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.” After reviewing a draft of this report, the FBI commented that Tsarnaev’s YouTube display name changed from “muazseyfullah” to “Tamerlan Tsarnaev” on or about February 12, 2013, and suggested that therefore Tsarnaev’s YouTube account could not be located using the search term “Tamerlan Tsarnaaev” before that date.20 The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.

20 In response to a DOJ OIG request for information supporting this statement, the FBI produced a heavily redacted 3-page excerpt from an unclassified March 19, 2014, EC analyzing information that included information about Tsarnaev’s YouTube account. The unredacted portion of the EC stated that YouTube e-mail messages sent to Tsarnaev’s Google e-mail account were addressed to “muazseyfullah” prior to February 12, 2013, and to “Tamerlan Tsarnaev” beginning on February 14, 2013. The FBI redacted other information in the EC about Tsarnaev’s YouTube and Google e-mail accounts.

The FBI may not have been able to connect “muazseyfullah” with Tamerlan, but that’s precisely what the NSA does with its correlations process; it has a database that does just that (though it’s unclear whether it would have collected this information, especially given that it postdated the domestic Internet dragnet being shut down).

Finally, there’s the matter of the Anwar al-Awlaki propaganda.

An FBI analysis of electronic media showed that the computers used by Tsarnaev contained a substantial amount of jihadist articles and videos, including material written by or associated with U.S.-born radical Islamic cleric Anwar al-Aulaqi. On one such computer, the FBI found at least seven issues of Inspire, an on-line English language magazine created by al-Aulaqi. One issue of this magazine contained an article entitled, “Make a Bomb in the Kitchen of your Mom,” which included instructions for building the explosive devices used in the Boston Marathon bombings.

Information learned through the exploitation of the Tsarnaev’s computers was obtained through a method that may only be used in the course of a full investigation, which the FBI did not open until after the bombings.

The FBI claims they could only find the stuff on Tamerlan’s computer using methods available in full investigations (this makes me wonder whether the FBI uses FISA physical search warrants to remotely search computer hard drives).

But that says nothing about what NSA (or even FBI, back in the day when they had the full time tap on Awlaki, though it’s unclear what kind of monitoring of his content they’ve done since the government killed him) might have gotten via a range of means, including, potentially, upstream searches on the encryption code for Inspire.

In other words, there’s good reason to believe — and the IC IG seems to claim — that the government had the evidence to know that Tamerlan was engaging in a bunch of reprehensible speech before he attacked the Boston Marathon, but they may not have reviewed it.

Let me be clear: it’s one thing to know a young man is engaging in reprehensible but purportedly protected speech, and another to know he’s going to attack a sporting event.

Except that this purportedly protected speech is precisely — almost exactly — the kind of behavior that has led FBI to sic multiple informants and/or undercover officers on other young men, including Adel Daoud and Mohamed Osman Mohamud, even in the absence of a warning from a foreign government.

And they didn’t here.

Part of the issue likely stems from communication failures between FBI and NSA. The IG report notes that “the relationship between the FBI and the NSA” was one of the most relevant relationships for this investigation. Did FBI (and CIA) never tell the NSA of the Russian warning? And clearly they never told NSA of his travel to Russia.

But part of the problem likely stems from the way NSA identifies leads — precisely the triaging process I examined here. That is, NSA is going to do more analysis on someone who communicates with people who are already targeted. Obviously, the ghost of Anwar al-Awlaki is one of the people targeted (though the numbers of young men who have Awlaki’s propaganda is likely huge, making that a rather weak identifier). The more interesting potential target would be William Plotnikov, the Canadian-Russian boxer turned extremist whom Tamerlan allegedly contacted in 2012 (and it may be this communication attempt is what NSA had in its possession but did not access until after the attacks). But I do wonder whether the NSA didn’t prioritize similar targets in countries of greater focus, like Yemen and Somalia.

It’d be nice to know the answer to these questions. It ought to be a central part of the debate over the NSA and its efficacy or lack thereof. But remember, in this case, the NSA was specifically scoped out of the heightened review (as happened after 9/11, which ended up hiding the good deal of warning the NSA had before the attack).

We’ve got a system that triggers on precisely the same kind of speech that Tamerlan Tsarnaev engaged in before he attacked the Marathon. But it didn’t trigger here.

Why not?

Surprise! DOJ IG’s 1,403 Day Old Section 215 Investigation Had a Baby!

As longtime readers know, I have long tracked a DOJ Inspector General investigation into FBI’s use of Section 215 and other PATRIOT Act authorities.

  • June 2010: Then DOJ IG Glenn Fine lays out investigation
  • June 2013: Transition to Michael Horowitz stalls PATRIOT investigation
  • August 2013: The investigation has been ongoing
  • September 2013: Pat Leahy calls for an IC IG investigation into 215 and 702; IC IG Charles McCullough declines
  • December 2013: Horowitz states current investigation limited by AG/DNI declassification of earlier reports

A good healthy obsession!

Since it’s been a while — the investigation is now 1,403 days old — yesterday I decided to nag the IG office.

They were mum on when we might finally see the report. Instead of offering details, they directed me to their new (apparently brand spanking new) “in the interest of transparency” page on their ongoing work.

It shows the long-promised report, still focusing on Section 215 use through 2009, as well as NSLs and pen register.

Use of National Security Letters, Section 215 Orders, and Pen Register and Trap-and-Trace Authorities under FISA from 2007 through 2009

The OIG is again examining the FBI’s use of NSLs and Section 215 orders for business records. This review is assessing the FBI’s progress in responding to the OIG’s recommendations in its first and second reports on the FBI’s use of NSLs and its report on the FBI’s improper use of exigent letters and other informal means to obtain telephone records. A focus of this review is the NSL subsystem, an automated workflow system for NSLs that all FBI field offices and headquarters divisions have been required to use since January 1, 2008, and the effectiveness of the subsystem in reducing or eliminating noncompliance with applicable authorities. The current review is also examining the number of NSLs issued and Section 215 applications filed by the FBI between 2007 and 2009, and any improper or illegal uses of these authorities. In addition, the review is examining the FBI’s use of its pen register and trap-and-trace authority under FISA.

But it also shows a report not mentioned in Michael Horowitz’ last report.

A report on the dragnet.

Bulk Telephony Review

The OIG is reviewing the FBI’s use of information derived from the National Security Agency’s (NSA) collection of telephony metadata obtained from certain telecommunications service providers under Section 215 of the Patriot Act. The review will examine the FBI’s procedures for receiving, processing, and disseminating leads the NSA develops from the metadata, and any changes that have been made to these procedures over time. The review will also examine how FBI field offices respond to leads, and the scope and type of information field offices collect as a result of any investigative activity that is initiated. In addition, the review will examine the role the leads have had in FBI counterterrorism efforts.

In truth, this investigation may not be all that distinct from the known PATRIOT authorities investigation. The minimization procedures for both — and therefore the way the information gets used, an issue central to both investigations — appear to be the same. And to the extent that the number of 215 orders with minimization procedures has been growing since 2010 indicates the FBI is collecting other information in bulk, the programs may well interrelate.

At first, I thought that this investigation, with the very significant exception of the way the dragnet serves to identify informants, might not reveal anything that problematic. Upon review, I’m not so sure. I’ll explain why in a follow-up report.

The one big difference between the two investigations, however (and I’ll discuss this at more length in the follow-up), is that dragnet investigation, unlike the PATRIOT Authority one, appears not to be time delimited. Whereas the older investigation only looks at practices through 2009, the dragnet investigation appears to be examining on-going practices. It seems to be investigating all the 215-related issues identified by Pat Leahy that the IC IG should investigate that come under DOJ’s jurisdiction.

So bad news good news! DOJ is still, 1,403 days later, investigating how the FBI used PATRIOT Act authorities 5 years ago, meaning more recent developments are not getting much attention.

But there is a potentially related investigation looking at what the FBI ingests from the phone dragnet (at least the small part relating to Section 215) right now.