Former Presiding FISA Judge John Bates’ Curious Treatment of White Person Terrorism

By chance of logistics, the men and women who have presided over a two decade war on Islamic terrorism are now presiding over the trials of those charged in January 6.

To deal with the flood of defendants, the Senior Judges in the DC District have agreed to pick up some cases. And because FISA mandates that at least three of the eleven FISA judges presiding at any given time come from the DC area, and because the presiding judge has traditionally been from among those three, it means a disproportionate number of DC’s Senior Judges have served on the FISA Court, often on terms as presiding judge or at the very least ruling over programmatic decisions that have subjected millions of Americans to collection in the name of the war on terror. Between those and several other still-active DC judges, over 60 January 6 cases will be adjudicated by a current or former FISA judge.

Current and former FISA judges have taken a range of cases with a range of complexity and notoriety:

  • Royce Lamberth served as FISC’s presiding judge from 1995 until 2002 and failed in his effort to limit the effect of the elimination of the wall between intelligence and criminal collection passed in the PATRIOT Act. And during a stint as DC’s Chief Judge he dealt with the aftermath of the Boumediene decision and fought to make the hard won detention reviews won by Gitmo detainees more than a rubber stamp. Lamberth is presiding over 10 cases with 14 defendants. A number of those are high profile cases, like that of Jacob Chansley (the Q Shaman), Zip Tie Guy Eric Munchel and his mother, bullhorn lady and mask refusenik Rachel Powell, and Proud Boy assault defendant Christopher Worrell.
  • Colleen Kollar-Kotelly is still an active DC District judge, but she served as FISC presiding judge starting way back in 2002, inheriting the difficulties created by Stellar Wind from Lamberth. She’s the one who redefined “relevant to” in an effort to bring the Internet dragnet back under court review. She is presiding over ten January 6 cases with 12 defendants. That includes Lonnie Coffman, who showed up to the insurrection with a truck full of Molotov cocktails, as well as some other assault cases.
  • John Bates took over as presiding judge of FISC on May 19, 2009. In 2010, he redefined “metadata” so as to permit the government to continue to use the Internet dragnet; the government ultimately failed to make that program work but FISC has retained that twisted definition of “metadata” nevertheless. In 2011, he authorized the use of “back door searches” on content collected under FISA’s Section 702. In 2013, Bates appears to have ruled that for Islamic terrorists, the FBI can get around restrictions prohibiting surveillance solely for First Amendment reasons by pointing to the conduct of an American citizen suspect’s associates, rather than his or her own. And while not a FISA case, Bates also dismissed Anwar al-Awlaki’s effort to require the government to give him some due process before executing him by drone strike; at the time, the government had presented no public evidence that Awlaki had done more than incite violence. Bates has eight January 6 cases with nine defendants (as well as some unrelated cases), but he is presiding over several high profile ones, including the other Zip Tie Guy, Larry Brock, the scion of a right wing activist family, Leo Bozell IV, and former State Department official Freddie Klein.
  • Reggie Walton, who took over as presiding judge in 2013 but who, even before that, oversaw key programmatic decisions starting in 2008, showed a willingness both on FISC and overseeing the Scooter Libby trial to stand up to the Executive. That includes his extended effort to clean up the phone and Internet dragnet after Bush left in 2009, during which he even shut down part or all of the two dragnets temporarily. Walton is presiding over six cases with eight defendants, most for MAGA tourism.
  • Thomas Hogan was DC District’s head judge in the 2000s. In that role, he presided over the initial Gitmo detainees’ challenges to their detention (though many of the key precedential decisions on those cases were made by other judges who have since retired). Hogan then joined FISC and ultimately took over the presiding role in 2014 and in that role, affirmatively authorized the use of Section 702 back door searches for FBI assessments. Hogan is presiding over 13 cases with 18 defendants, a number of cases involving multiple defendants (including another set of mother-son defendants, the Sandovals). The most important is the case against alleged Brian Sicknick assailants, Julian Khater and George Tanios.
  • James Boasberg, who took over the presiding position on FISC on January 1, 2020 but had started making initial efforts to rein in back door searches even before that, is presiding over about eight cases with ten defendants, the most interesting of which is the case of Aaron Mostofsky, who is himself the son of a judge.
  • Rudolph Contreras, who like Kollar-Kotelly and Boasberg is not a senior judge, is currently a FISC judge. He has six January 6 cases with seven defendants, most MAGA tourists accused of trespassing. There’s a decent chance he’ll take over as presiding judge when Boasberg’s term on FISC expires next month.

Of the most important FISA judges since 9/11, then, just Rosemary Collyer is not presiding over any January 6 cases.

Mind you, it’s not a bad thing that FISA judges will preside over January 6 cases. These are highly experienced judges with a long established history of presiding over other cases, ranging the gamut and including other politically charged high profile cases, as DC District judges do.

That said, in their role as FISA judges — particularly when reviewing programmatic applications — most of these judges have been placed in a fairly unique role on two fronts. First, most of these judges have been forced to weigh fairly dramatic legal questions, in secret, in a context in which the Executive Branch routinely threatens to move entire programs under EO 12333, thereby shielding those programs from any oversight by a judge. These judges responded to such situations with a range of deference, with Royce Lamberth and Reggie Walton raising real stinks and — the latter case — hand-holding on oversight over the course of most of a year, to John Bates and to a lesser degree Thomas Hogan, who often complained at length about abuses before expanding the same programs being abused. Several — perhaps most notably Kollar-Kotelly when she was asked to bring parts of Stellar Wind under FISA — have likewise had to fight to affirm the authority of the entire Article III branch, all in secret.

Ruling on these programmatic FISA applications also involved hearing expansive government claims about the threat of terrorism, the difficulty and necessity of identifying potential terrorists before they attack, and the efficacy of the secret programs devised to do that (the judges who also presided over Gitmo challenges, which includes several on this list, also fielded similar secret claims about the risk of terrorism). Some of those claims — most notably, about the efficacy of the Section 215 phone dragnet — were wildly overblown. In other words, to a degree unmatched by most other judges, these men and women were asked to balance the rights of Americans against secret government claims about the risks of terrorism.

Now these same judges are part of a group being asked to weigh similar questions, but about a huge number of predominantly white, sometimes extremist Christian, defendants, but to do so in public, with defense attorneys challenging their every decision. Here, the balance between extremist affiliation and First Amendment rights will play out in public, but against the background of a two decade war on terror where similar affiliation was criminalized, often in secret.

Generally, the District judges in these cases have not done much on the cases yet, as either Magistrates (on initial pre-indictment appearances) or Chief Judge Beryl Howell (on initial detention disputes) have handled some of the more controversial issues, and in a few cases, Ketanji Brown Jackson presided over arraignments before she started handing off cases in anticipation of her Circuit confirmation process.

But several of the judges have written key opinions on detention, opinions that embody how differently the conduct of January 6 defendants looks to different people.

Lamberth, for example, authored the original detention order for “Zip Tie Guy” Eric Munchel and his mom, Lisa Eisenhart. Even while admitting that Munchel made efforts to limit any vandalization during the riot, Lamberth nevertheless deemed Munchel’s actions a threat to our constitutional government.

The grand jury charged Munchel with grave offenses. In charging Munchel with “forcibly enter[ing] and remain[ing] in the Capitol to stop, delay, and hinder Congress’s certification of the Electoral College vote,” Indictment 1, ECF No. 21, the grand jury alleged that Munchel used force to subvert a democratic election and arrest the peaceful transfer of power. Such conduct threatens the republic itself. See George Washington, Farewell Address (Sept. 19, 1796) (“The very idea of the power and the right of the people to establish government presupposes the duty of every individual to obey the established government. All obstructions to the execution of the laws, all combinations and associations, under whatever plausible character, with the real design to direct, control, counteract, or awe the regular deliberation and action of the constituted authorities, are destructive of this fundamental principle, and of fatal tendency.”). Indeed, few offenses are more threatening to our way of life.

Munchel ‘s alleged conduct demonstrates a flagrant disregard for the rule of law. Munchel is alleged to have taken part in a mob, which displaced the elected legislature in an effort to subvert our constitutional government and the will of more than 81 million voters. Munchel’ s alleged conduct indicates that he is willing to use force to promote his political ends. Such conduct poses a clear risk to the community.

Defense counsel’s portrayal of the alleged offenses as mere trespassing or civil disobedience is both unpersuasive and detached from reality. First, Munchel’s alleged conduct carried great potential for violence. Munchel went into the Capitol armed with a taser. He carried plastic handcuffs. He threatened to “break” anyone who vandalized the Capitol.3 These were not peaceful acts. Second, Munchel ‘s alleged conduct occurred while Congress was finalizing the results of a Presidential election. Storming the Capitol to disrupt the counting of electoral votes is not the akin to a peaceful sit-in.

For those reasons, the nature and circumstances of the charged offenses strongly support a finding that no conditions of release would protect the community.


Munchel gleefully entered the Capitol in the midst of a riot. He did so, the grand jury alleges, to stop or delay the peaceful transfer of power. And he did so carrying a dangerous weapon. Munchel took these actions in front of hundreds of police officers, indicating that he cannot be deterred easily.

Moreover, after the riots, Munchel indicated that he was willing to undertake such actions again. He compared himself-and the other insurrectionists-to the revolutionaries of 1776, indicating that he believes that violent revolt is appropriate. See Pullman, supra. And he said “[t]he point of getting inside the building is to show them that we can, and we will.” Id. That statement, particularly its final clause, connotes a willingness to engage in such behavior again.

By word and deed, Munchel has supported the violent overthrow of the United States government. He poses a clear danger to our republic.

This is the opinion that the DC Circuit remanded, finding that Lamberth had not sufficiently considered whether Munchel and his mother would pose a grave future threat absent the specific circumstances present on January 6. They contrasted the mother and son with those who engaged in violence or planned in advance.

[W]e conclude that the District Court did not demonstrate that it adequately considered, in light of all the record evidence, whether Munchel and Eisenhart present an identified and articulable threat to the community. Accordingly, we remand for further factfinding. Cf. Nwokoro, 651 F.3d at 111–12.


Here, the District Court did not adequately demonstrate that it considered whether Munchel and Eisenhart posed an articulable threat to the community in view of their conduct on January 6, and the particular circumstances of January 6. The District Court based its dangerousness determination on a finding that “Munchel’s alleged conduct indicates that he is willing to use force to promote his political ends,” and that “[s]uch conduct poses a clear risk to the community.” Munchel, 2021 WL 620236, at *6. In making this determination, however, the Court did not explain how it reached that conclusion notwithstanding the countervailing finding that “the record contains no evidence indicating that, while inside the Capitol, Munchel or Eisenhart vandalized any property or physically harmed any person,” id. at *3, and the absence of any record evidence that either Munchel or Eisenhart committed any violence on January 6. That Munchel and Eisenhart assaulted no one on January 6; that they did not enter the Capitol by force; and that they vandalized no property are all factors that weigh against a finding that either pose a threat of “using force to promote [their] political ends,” and that the District Court should consider on remand. If, in light of the lack of evidence that Munchel or Eisenhart committed violence on January 6, the District Court finds that they do not in fact pose a threat of committing violence in the future, the District Court should consider this finding in making its dangerousness determination. In our view, those who actually assaulted police officers and broke through windows, doors, and barricades, and those who aided, conspired with, planned, or coordinated such actions, are in a different category of dangerousness than those who cheered on the violence or entered the Capitol after others cleared the way. See Simpkins, 826 F.2d at 96 (“[W]here the future misconduct that is anticipated concerns violent criminal activity, no issue arises concerning the outer limits of the meaning of ‘danger to the community,’ an issue that would otherwise require a legal interpretation of the applicable standard.” (internal quotation and alteration omitted)). And while the District Court stated that it was not satisfied that either appellant would comply with release conditions, that finding, as noted above, does not obviate a proper dangerousness determination to justify detention.

The District Court also failed to demonstrate that it considered the specific circumstances that made it possible, on January 6, for Munchel and Eisenhart to threaten the peaceful transfer of power. The appellants had a unique opportunity to obstruct democracy on January 6 because of the electoral college vote tally taking place that day, and the concurrently scheduled rallies and protests. Thus, Munchel and Eisenhart were able to attempt to obstruct the electoral college vote by entering the Capitol together with a large group of people who had gathered at the Capitol in protest that day. Because Munchel and Eisenhart did not vandalize any property or commit violence, the presence of the group was critical to their ability to obstruct the vote and to cause danger to the community. Without it, Munchel and Eisenhart—two individuals who did not engage in any violence and who were not involved in planning or coordinating the activities— seemingly would have posed little threat. The District Court found that appellants were a danger to “act against Congress” in the future, but there was no explanation of how the appellants would be capable of doing so now that the specific circumstances of January 6 have passed. This, too, is a factor that the District Court should consider on remand. [my emphasis]

The DC Circuit opinion (joined by Judith Rogers, who ruled for Gitmo detainees in Bahlul and a Boumediene dissent) was absolutely a fair decision. But it is also arguably inconsistent with the way that the federal government treated Islamic terrorism, in which every time the government identified someone who might engage in terrorism (often using one of the secret programs approved by this handful of FISA judges, and often based off far less than waltzing into the Senate hoping to prevent the certification of an election while wielding zip ties and a taser), the FBI would continue to pursue those people as intolerably dangerous threats. Again, that’s not the way it’s supposed to work, but that is how it did work, in significant part with the approval of FISA judges.

That is, with Islamic terrorism, the government treated potential threats as threats, whereas here CADC required Lamberth to look more closely at what could make an individual predisposed to an assault on our government — a potential threat — as dangerous going forward. Again, particularly given the numbers involved, that’s a better application of due process than what has been used for the last twenty years, but it’s not what happened during the War on Terror (and in weeks ahead, this will be relitigated with consideration of whether Trump’s continued incitement makes these defendants an ongoing threat).

Now compare Lamberth’s order to an order John Bates issued in the wake of and specifically citing the CADC ruling, releasing former State Department official Freddie Klein from pretrial detention. Klein is accused of fighting with cops in the Lower West Terrace over the course of half an hour.

Bates found that Klein, in using a stolen riot shield to push against cops in an attempt to breach the Capitol, was eligible for pre-trial detention, though he expressed skepticism of the government’s argument that Klein had wielded the shield as a dangerous weapon).

The Court finds that Klein is eligible for pretrial detention based on Count 3. Under the BRA, a “crime of violence” includes “an offense that has as an element of the offense the use, attempted use, or threatened use of physical force against the person or property of another.” 18 U.S.C. § 3156(a)(4)(A). The Supreme Court in Johnson v. United States defined “physical force” as “force capable of causing physical pain or injury to another person.” 559 U.S. 133, 140 (2010); see also Def.’s Br. at 9.


6 The Court has some doubts about whether Klein “used” the stolen riot shield as a dangerous weapon. The BRA does not define the term, but at least for purposes of § 111(b), courts have held that a dangerous weapon is any “object that is either inherently dangerous or is used in a way that is likely to endanger life or inflict great bodily harm.” See United States v. Chansley, 2021 WL 861079, at *7 (D.D.C. Mar. 8, 2021) (Lamberth, J.) (collecting cases). A plastic riot shield is not an “inherently dangerous” weapon, and therefore the question is whether Klein used it in a way “that is likely to endanger life or inflict great bodily harm.” The standard riot shield “is approximately forty-eight inches tall and twenty-four inches wide,” see Gov’t’s Br. at 13, and the Court disagrees with defense counsel’s suggestion that a riot shield might never qualify as a dangerous weapon, even if swung at an officer’s head, Hr’g Tr. 18:18–25, 19:1–11. See, e.g., United States v. Johnson, 324 F.2d 264, 266 (4th Cir. 1963) (finding that metal and plastic chair qualified as a dangerous weapon when “wielded from an upright (overhead) position and brought down upon the victim’s head”). But it is a close call whether Klein’s efforts to press the shield against officers’ bodies and shields were “likely to endanger life or inflict great bodily harm.” See Chansley, 2021 WL 861079, at *7.

But Bates ruled that there were certain things about the case against Klein — that he didn’t come prepared for combat, that he didn’t bring a weapon with him and instead just made use of what he found there, that any coordination he did involved ad hoc cooperation with other rioters rather than leadership throughout the event — that distinguished him from other defendants who (he suggested) should be detained, thereby limiting the guidelines laid out by CDC.

Bates’ decision on those points is absolutely fair. He has distinguished Klein from other January 6 defendants who, he judges, contributed more to the violence.

But there are two aspects of Bates’ decision I find shocking, especially from the guy who consistently deferred to Executive Authority on matters of national security and who sacrificed all of our communicative privacy in the service of finding hidden terrorist threats to the country. First, Bates dismissed the import of Klein’s sustained fight against cops because — he judged — Klein was only using force to advance the position of the mob, not trying to injure anyone.

The government’s contention that Klein engaged in “what can only be described as hand-to-hand combat” for “approximately thirty minutes” also overstates what occurred. See Gov’t’s Br. at 6. Klein consistently positioned himself face-to-face with multiple officers and also repeatedly pressed a stolen riot shield against their bodies and shields. His objective, as far as the Court can tell, however, appeared to be to advance, or at times maintain, the mob’s position in the tunnel, and not to inflict injury. He is not charged with injuring anyone and, unlike with other defendants, the government does not submit that Klein intended to injure officers. Compare Hr’g Tr. 57:12–18 (government conceding that the evidence does not establish Klein intended to injure anyone, only that “there was a disregard of care whether he would injure anyone or not” in his attempt to enter the Capitol), with Gov’t’s Opp’n to Def.’s Mot. to Reopen Detention Hearing & For Release on Conditions, ECF No. 30 (“Gov’t’s Opp’n to McCaughey’s Release”), United States v. McCaughey, III, 21-CR-040-1, at 11 (D.D.C. Apr. 7, 2021) (government emphasizing defendant’s “intent to injure” an officer who he had pinned against a door using a stolen riot shield as grounds for pretrial detention). And during the time period before Klein obtained the riot shield, he made no attempts to “battle” or “fight” the officers with his bare hands or other objects, such as the flagpole he retrieved. That does not mean that Klein could not have caused serious injury— particularly given the chaotic and cramped atmosphere inside the tunnel. But his actions are distinguishable from other detained defendants charged under § 111(b) who clearly sought to incapacitate and injure members of law enforcement by striking them with fists, batons, baseball bats, poles, or other dangerous weapons.


Klein’s conduct was forceful, relentless, and defiant, but his confrontations with law enforcement were considerably less violent than many others that day, and the record does not establish that he intended to injure others. [my emphasis]

Bates describes that Klein wanted to use force in the service of occupying the building, not harming individual cops.

Of course, using force to occupy a building in service of halting the vote count is terrorism, but Bates doesn’t treat it as such.

Even more alarmingly, Bates flips how Magistrate Zia Faruqui viewed a government employee like Klein turning on his own government. The government had argued — and Faruqui agreed — that when a federal employee with Top Secret clearance attacks his own government, it is not just a crime but a violation of the Constitutional oath he swore to protect the country against enemies foreign and domestic.

Bates — after simply dismissing the import of Klein’s admittedly limited criminal history that under any other Administration might have disqualified him from retaining clearance — describes what Klein did as a “deeply concerning breach of trust.”

The government also argues that “Klein abdicated his responsibilities to the country and the Constitution” on January 6 by violating his oath of office as a federal employee to “support and defend the Constitution of the United States against all enemies, foreign and domestic.” Id. at 24–25 (quoting 5 U.S.C. § 3331). The fact that, as a federal employee, Klein actively participated in an assault on our democracy to thwart the peaceful transfer of power constitutes a substantial and deeply concerning breach of trust. More so, too, because he had been entrusted by this country to handle “top secret” classified information to protect the United States’ most sensitive interests. In light of his background, Klein had, as Magistrate Judge Faruqui put it, every “reason to know the acts he committed” on January 6 “were wrong,” and yet he took them anyway. Order of Detention Pending Trial at 4. Klein’s position as a federal employee thus may render him highly culpable for his conduct on January 6. But it is less clear that his now-former employment at the State Department heightens his “prospective” threat to the community. See Munchel, 2021 WL 1149196, at *4. Klein no longer works for or is affiliated with the federal government, and there is no suggestion that he might misuse previously obtained classified information to the detriment of the United States. Nor, importantly, is he alleged to have any contacts—past or present—with individuals who might wish to take action against this country. [my emphasis]

Bates then argues that Klein’s ability to obtain clearance proves not that he violates oaths he takes (the government argument adopted by Faruqui), but that he has the potential to live a law-abiding life.

Ultimately, Klein’s history—including his ability to obtain a top-level security clearance—shows his potential to live a law-abiding life. His actions on January 6, of course, stand in direct conflict with that narrative. Klein has not—unlike some other defendants who have been released pending trial for conduct in connection with the events of January 6—exhibited remorse for his actions. See, e.g., United States v. Cua, 2021 WL 918255, at *7–8 (D.D.C. Mar. 10, 2021) (Moss, J.) (weighing defendant’s deep remorse and regret in favor of pretrial release). But nor has he made any public statements celebrating his misconduct or suggesting that he would participate in similar actions again. And it is Klein’s constitutional right to challenge the allegations against him and hold the government to its burden of proof without incriminating himself at this stage of the proceedings. See United States v. Lawrence, 662 F.3d 551, 562 (D.C. Cir. 2011) (“[A] district court may not pressure a defendant into expressing remorse such that the failure to express remorse is met with punishment.”). Hence, despite his very troubling conduct on January 6, the Court finds on balance that Klein’s history and characteristics point slightly toward release.

In short, Bates takes the fact that Klein turned on the government he had sworn to protect and finds that that act weighs in favor of release.

Bates judges that this man, whom he described as having committed violence to advance the goal of undermining an election, nevertheless finds that — having already done that — Klein does not pose an unmanageable prospective threat.

Therefore, although it is a close call, the Court ultimately does not find that Klein poses a substantial prospective threat to the community or any other person. He does not pose no continuing danger, as he contends, given his demonstrated willingness to use force to advance his personal beliefs over legitimate government objectives. But what future risk he does present can be mitigated with supervision and other strict conditions on his release.

Again, it’s not the decision itself that is troubling. It’s the thought process Bates used, both for the way Bates flips Klein’s betrayal of his oath on its head, and for the way that Bates views the threat posed by a man who already used force in an attempt to coerce a political end. And it’s all the more troubling knowing how Bates has deferred to the Executive’s claims about the nascent threat posed even by people who have not, yet, engaged in violence to coerce a political end.

Bates similarly showed no deference to the government’s argument that Larry Brock, a retired Lieutenant Colonel who also brought zip ties into the Senate chamber, should have no access to the Internet given really inflammatory statements on social media, including a call for “fire and blood” as early as November. Bates decided on his own that Probation could sufficiently monitor Brock’s Internet use, comparing Brock to (in my opinion) two unlike defendants to justify the decision. Again, the decision itself is absolutely reasonable, but for the guy who decided the government could monitor significant swaths of transnational Internet traffic out of a necessity to identify potential terrorists, for a guy who okayed the access of US person’s content with no warrant, it’s fairly remarkable that he hasn’t deferred to the government about the danger Brock poses on the Internet (to say nothing of Brock’s likely sophistication at evading surveillance).

Again, I’m not complaining about any of these opinions. The outcomes are all reasonable. It is genuinely difficult to fit the events of January 6 into our existing framework (and perhaps that’s a good thing). Plus, there is such a range of fact patterns that even in the Munchel opinion give force to the mob even while trying to adjudicate individuals’ actions.

But either because these discussions are public, or because we simply think about white person terrorism differently, less foreign, perhaps, than we do Islamic terrorism, the very same judges who’ve grappled with these questions for the past two decades don’t necessarily have the ready answers they had in the past.

FISA Judges January 6 cases








A Dragnet of emptywheel’s Most Important Posts on Surveillance, 2007 to 2017

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten this week.

To celebrate, the emptywheel team has been sharing some of our favorite work from the last decade. This is my massive dragnet of surveillance posts.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.


Whitehouse Reveals Smoking Gun of White House Claiming Not to Be Bound by Any Law

Just days after opening the new digs, I noticed Sheldon Whitehouse entering important details into the Senate record — notably, that John Yoo had pixie dusted EO 12333 to permit George Bush to authorize the Stellar Wind dragnet. In the ten years since, both parties worked to gradually expand spying on Americans under EO 12333, only to have Obama permit the sharing of raw EO 12333 data in its last days in office, completing the years long project of restoring Stellar Wind’s functionalities. This post, from 2016, analyzes a version of the underlying memo permitting the President to change EO 12333 without providing public notice he had done so.


McConnell and Mukasey Tell Half Truths

In the wake of the Protect America Act, I started to track surveillance legislation as it was written, rather than figure out after the fact how the intelligence community snookered us. In this post, I examined the veto threats Mike McConnell and Michael Mukasey issued in response to some Russ Feingold amendments to the FISA Amendments Act and showed that the government intended to use that authority to access Americans’ communication via both what we now call back door searches and reverse targeting. “That is, one of the main purposes is to collect communications in the United States.”

9 years later, we’re still litigating this (though, since then FISC has permitted the NSA to collect entirely domestic communications under the 2014 exception).


FISA + EO 12333 + [redacted] procedures = No Fourth Amendment

The Government Sez: We Don’t Have a Database of All Your Communication

After the FISCR opinion on what we now know to be the Yahoo challenge to Protect American Act first got declassified, I identified several issues that we now have much more visibility on. First, PAA permitted spying on Americans overseas under EO 12333. And it didn’t achieve particularity through the PAA, but instead through what we know to be targeting procedures, including contact chaining. Since then we’ve learned the role of SPCMA in this.

In addition, to avoid problems with back door searches, the government claimed it didn’t have a database of all our communication — a claim that, narrowly parsed might be true, but as to the intent of the question was deeply misleading. That claim is one of the reasons we’ve never had a real legal review of back door searches.

Bush’s Illegal Domestic Surveillance Program and Section 215

On PATRIOTs and JUSTICE: Feingold Aims for Justice

During the 2009 PATRIOT Act reauthorization, I continued to track what the government hated most as a way of understanding what Congress was really authorizing. I understood that Stellar Wind got replaced not just by PAA and FAA, but also by the PATRIOT authorities.

All of which is a very vague way to say we probably ought to be thinking of four programs–Bush’s illegal domestic surveillance program and the PAA/FAA program that replaced it, NSLs, Section 215 orders, and trap and trace devices–as one whole. As the authorities of one program got shut down by exposure or court rulings or internal dissent, it would migrate to another program. That might explain, for example, why Senators who opposed fishing expeditions in 2005 would come to embrace broadened use of Section 215 orders in 2009.

I guessed, for example, that the government was bulk collecting data and mining it to identify targets for surveillance.

We probably know what this is: the bulk collection and data mining of information to select targets under FISA. Feingold introduced a bajillion amendments that would have made data mining impossible, and each time Mike McConnell and Michael Mukasey would invent reasons why Feingold’s amendments would have dire consequences if they passed. And the legal information Feingold refers to is probably the way in which the Administration used EO 12333 and redacted procedures to authorize the use of data mining to select FISA targets.

Sadly, I allowed myself to get distracted by my parallel attempts to understand how the government used Section 215 to obtain TATP precursors. As more and more people confirmed that, I stopped pursuing the PATRIOT Act ties to 702 as aggressively.


Throwing our PATRIOT at Assange

This may be controversial, given everything that has transpired since, but it is often forgotten what measures the US used against Wikileaks in 2010. The funding boycott is one thing (which is what led Wikileaks to embrace Bitcoin, which means it is now in great financial shape). But there’s a lot of reason to believe that the government used PATRIOT authorities to target not just Wikileaks, but its supporters and readers; this was one hint of that in real time.


The March–and April or May–2004 Changes to the Illegal Wiretap Program

When the first iteration of the May 2004 Jack Goldsmith OLC memo first got released, I identified that there were multiple changes made and unpacked what some of them were. The observation that Goldsmith newly limited Stellar Wind to terrorist conversations is one another reporter would claim credit for “scooping” years later (and get the change wrong in the process). We’re now seeing the scope of targeting morph again, to include a range of domestic crimes.

Using Domestic Surveillance to Get Rapists to Spy for America

Something that is still not widely known about 702 and our other dragnets is how they are used to identify potential informants. This post, in which I note Ted Olson’s 2002 defense of using (traditional) FISA to find rapists whom FBI can then coerce to cooperate in investigations was the beginning of my focus on the topic.


FISA Amendments Act: “Targeting” and “Querying” and “Searching” Are Different Things

During the 2012 702 reauthorization fight, Ron Wyden and Mark Udall tried to stop back door searches. They didn’t succeed, but their efforts to do so revealed that the government was doing so. Even back in 2012, Dianne Feinstein was using the same strategy the NSA currently uses — repeating the word “target” over and over — to deny the impact on Americans.

Sheldon Whitehouse Confirms FISA Amendments Act Permits Unwarranted Access to US Person Content

As part of the 2012 702 reauthorization, Sheldon Whitehouse said that requiring warrants to access the US person content collected incidentally would “kill the program.” I took that as confirmation of what Wyden was saying: the government was doing what we now call back door searches.


20 Questions: Mike Rogers’ Vaunted Section 215 Briefings

After the Snowden leaks started, I spent a lot of time tracking bogus claims about oversight. After having pointed out that, contrary to Administration claims, Congress did not have the opportunity to be briefed on the phone dragnet before reauthorizing the PATRIOT Act in 2011, I then noted that in one of the only briefings available to non-HPSCI House members, FBI had lied by saying there had been no abuses of 215.

John Bates’ TWO Wiretapping Warnings: Why the Government Took Its Internet Dragnet Collection Overseas

Among the many posts I wrote on released FISA orders, this is among the most important (and least widely understood). It was a first glimpse into what now clearly appears to be 7 years of FISA violation by the PRTT Internet dragnet. It explains why they government moved much of that dragnet to SPCMA collection. And it laid out how John Bates used FISA clause 1809(a)(2) to force the government to destroy improperly collected data.

Federated Queries and EO 12333 FISC Workaround

In neither NSA nor FBI do the authorities work in isolation. That means you can conduct a query on federated databases and obtain redundant results in which the same data point might be obtained via two different authorities. For example, a call between Michigan and Yemen might be collected via bulk collection off a switch in or near Yemen (or any of the switches between there and the US), as well as in upstream collection from a switch entering the US (and all that’s assuming the American is not targeted). The NSA uses such redundancy to apply the optimal authority to a data point. With metadata, for example, it trained analysts to use SPCMA rather than PATRIOT authorities because they could disseminate it more easily and for more purposes. With content, NSA appears to default to PRISM where available, probably to bury the far more creative collection under EO 12333 for the same data, and also because that data comes in structured form.

Also not widely understood: the NSA can query across metadata types, returning both Internet and phone connection in the same query (which is probably all the more important now given how mobile phones collapse the distinction between telephony and Internet).

This post described how this worked with the metadata dragnets.

The Purpose(s) of the Dragnet, Revisited

The government likes to pretend it uses its dragnet only to find terrorists. But it does far more, as this analysis of some court filings lays out.


The Corporate Store: Where NSA Goes to Shop Your Content and Your Lifestyle

There’s something poorly understood about the metadata dragnets NSA conducts. The contact-chaining isn’t the point. Rather, the contact-chaining serves as a kind of nomination process that puts individuals’ selectors, indefinitely, into the “corporate store,” where your identity can start attracting other related datapoints like a magnet. The contact-chaining is just a way of identifying which people are sufficiently interesting to submit them to that constant, ongoing data collection.

SPCMA: The Other NSA Dragnet Sucking In Americans

I’ve done a lot of work on SPCMA — the authorization that, starting in 2008, permitted the NSA to contact chain on and through Americans with EO 12333 data, which was one key building block to restoring access to EO 12333 analysis on Americans that had been partly ended by the hospital confrontation, and which is where much of the metadata analysis affecting Americans has long happened. This was my first comprehensive post on it.

The August 20, 2008 Correlations Opinion

A big part of both FBI and NSA’s surveillance involves correlating identities — basically, tracking all the known identities a person uses on telephony and the Internet (and financially, though we see fewer details of that), so as to be able to pull up all activities in one profile (what Bill Binney once called “dossiers”). It turns out the FISC opinion authorizing such correlations is among the documents the government still refuses to release under FOIA. Even as I was writing the post Snowden was explaining how it works with XKeyscore.

A Yahoo! Lesson for USA Freedom Act: Mission Creep

This is another post I refer back to constantly. It shows that, between the time Yahoo first discussed the kinds of information they’d have to hand over under PRISM in August 2007 and the time they got directives during their challenge, the kinds of information they were asked for expanded into all four of its business areas. This is concrete proof that it’s not just emails that Yahoo and other PRISM providers turn over — it’s also things like searches, location data, stored documents, photos, and cookies.

FISCR Used an Outdated Version of EO 12333 to Rule Protect America Act Legal

Confession: I have an entire chapter of the start of a book on the Yahoo challenge to PRISM. That’s because so much about it embodied the kind of dodgy practices the government has, at the most important times, used with the FISA Court. In this post, I showed that the documents that the government provided the FISCR hid the fact that the then-current versions of the documents had recently been modified. Using the active documents would have shown that Yahoo’s key argument — that the government could change the rules protecting Americans anytime, in secret — was correct.


Is CISA the Upstream Cyber Certificate NSA Wanted But Didn’t Really Get?

Among the posts I wrote on CISA, I noted that because the main upstream 702 providers have a lot of federal business, they’ll “voluntarily” scan on any known cybersecurity signatures as part of protecting the federal government. Effectively, it gives the government the certificate it wanted, but without any of the FISA oversight or sharing restrictions. The government has repeatedly moved collection to new authorities when FISC proved too watchful of its practices.

The FISA Court’s Uncelebrated Good Points

Many civil libertarians are very critical of the FISC. Not me. In this post I point out that it has policed minimization procedures, conducted real First Amendment reviews, taken notice of magistrate decisions and, in some cases, adopted the highest common denominator, and limited dissemination.

How the Government Uses Location Data from Mobile Apps

Following up on a Ron Wyden breadcrumb, I figured out that the government — under both FISA and criminal law — obtain location data from mobile apps. While the government still has to adhere to the collection standard in any given jurisdiction, obtaining the data gives the government enhanced location data tied to social media, which can implicate associates of targets as well as the target himself.

The NSA (Said It) Ate Its Illegal Domestic Content Homework before Having to Turn It in to John Bates

I’m close to being able to show that even after John Bates reauthorized the Internet metadata dragnet in 2010, it remained out of compliance (meaning NSA was always violating FISA in obtaining Internet metadata from 2002 to 2011, with a brief lapse). That case was significantly bolstered when it became clear NSA hastily replaced the Internet dragnet with obtaining metadata from upstream collection after the October 2011 upstream opinion. NSA hid the evidence of problems on intake from its IG.

FBI Asks for at Least Eight Correlations with a Single NSL

As part of my ongoing effort to catalog the collection and impact of correlations, I showed that the NSL Nick Merrill started fighting in 2004 asked for eight different kinds of correlations before even asking for location data. Ultimately, it’s these correlations as much as any specific call records that the government appears to be obtaining with NSLs.


What We Know about the Section 215 Phone Dragnet and Location Data

During the lead-up to the USA Freedom Debate, the government leaked stories about receiving a fraction of US phone records, reportedly because of location concerns. The leaks were ridiculously misleading, in part because they ignored that the US got redundant collection of many of exactly the same calls they were looking for from EO 12333 collection. Yet in spite of these leaks, the few figured out that the need to be able to force Verizon and other cell carriers to strip location data was a far bigger reason to pass USAF than anything Snowden had done. This post laid out what was known about location data and the phone dragnet.

While It Is Reauthorizing FISA Amendments Act, Congress Should Reform Section 704

When Congress passed FISA Amendments Act, it made a show of providing protections to Americans overseas. One authority, Section 703, was for spying on people overseas with help of US providers, and another was for spying on Americans overseas without that help. By May 2016, I had spent some time laying out that only the second, which has less FISC oversight, was used. And I was seeing problems with its use in reporting. So I suggested maybe Congress should look into that?

It turns out that at precisely that moment, NSA was wildly scrambling to get a hold on its 704 collection, having had an IG report earlier in the year showing they couldn’t audit it, find it all, or keep it within legal boundaries. This would be the source of the delay in the 702 reauthorization in 2016, which led to the prohibition on about searches.

The Yahoo Scan: On Facilities and FISA

The discussion last year of a scan the government asked Yahoo to do of all of its users was muddled because so few people, even within the privacy community, understand how broadly the NSA has interpreted the term “selector” or “facility” that it can target for collection. The confusion remains to this day, as some in the privacy community claim HPSCI’s use of facility based language in its 702 reauthorization bill reflects new practice. This post attempts to explain what we knew about the terms in 2016 (though the various 702 reauthorization bills have offered some new clarity about the distinctions between the language the government uses).


Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

Ron Wyden has been asking for a count of how many Americans get swept up under 702 for years. The IC has been inventing bogus explanations for why they can’t do that for years. This post chronicles that process and explains why the debate is so important.

The Kelihos Pen Register: Codifying an Expansive Definition of DRAS?

When DOJ used its new Rule 41 hacking warrant against the Kelihos botnet this year, most of the attention focused on that first-known usage. But I was at least as interested in the accompanying Pen Register order, which I believe may serve to codify an expansion of the dialing, routing, addressing, and signaling information the government can obtain with a PRTT. A similar codification of an expansion exists in the HJC and Lee-Leahy bills reauthorizing 702.

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

The title speaks for itself. I don’t even consider Rosemary Collyer’s 2017 approval of 702 certificates her worst FISA opinion ever. But it is part of the reason why I consider her the worst FISC judge.

It Is False that Downstream 702 Collection Consists Only of To and From Communications

I pointed out a number of things not raised in a panel on 702, not least that the authorization of EO 12333 sharing this year probably replaces some of the “about” collection function. Most of all, though, I reminded that in spite of what often gets claimed, PRISM is far more than just communications to and from a target.

UNITEDRAKE and Hacking under FISA Orders

A document leaked by Shadow Brokers reveals a bit about how NSA uses hacking on FISA targets. Perhaps most alarmingly, the same tools that conduct such hacks can be used to impersonate a user. While that might be very useful for collection purposes, it also invites very serious abuse that might create a really nasty poisonous tree.

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

In response to Glenn Gerstell’s claims that Article III courts have exercised oversight by approving FISA practices (though the reality on back door searches is not so cut and dry), I point to the case of Reaz Qadir Khan where, as Michael Mosman (who happens to serve on FISC) moved towards providing a CIPA review for surveillance techniques, Khan got a plea deal.

The NSA’s 5-Page Entirely Redacted Definition of Metadata

In 2010, John Bates redefined metadata. That five page entirely redacted definition became codified in 2011. Yet even as Congress moves to reauthorize 702, we don’t know what’s included in that definition (note: location would be included).

FISA and the Space-Time Continuum

This post talks about how NSA uses its various authorities to get around geographical and time restrictions on its spying.

The Senate Intelligence Committee 702 Bill Is a Domestic Spying Bill

This is one of the most important posts on FISA I’ve ever written. It explains how in 2014, to close an intelligence gap, the NSA got an exception to the rule it has to detask from a facility as soon as it identifies Americans using the facility. The government uses it to collect on Tor and, probably VPN, data. Because the government can keep entirely domestic communications that the DIRNSA has deemed evidence of a crime, the exception means that 702 has become a domestic spying authority for use with a broad range of crimes, not to mention anything the Attorney General deems a threat to national security.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

In a response to a rare good faith defense of FBI’s back door searches, I pointed out that the FBI is obliged to consider the least intrusive means of investigation. Yet, even while it admits that accessing content like that obtained via 702 is extremely intrusive, it nevertheless uses the technique routinely at the assessment level.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

10 Years of emptywheel: Jim’s Dimestore

How the FISC Takes Notice of Magistrate Decisions and DOJ Tries to Hide That

Since it’s fashionable to debate whether the FISA Court is a rubber stamp or not, I wanted to point to this document, released to EFF under FOIA yesterday. Is is an August 7, 2006 order from Colleen Kollar-Kotelly for additional briefing on whether the government can retain the Post Cut Through Dialed Digits collected as part of a pen register. In this release, the government has redacted the date. We know the date — and the general circumstances of the request — from documents released in 2014 and another earlier EFF FOIA. I covered it here.

During this period, on August 7, 2006, Colleen Kollar-Kotelly ordered briefing in docket PRTT 06-102 on how FBI was fulfilling its obligation, apparently under the 2002 DOJ directive FBI maintained did not apply to FISA, not to affirmatively use PCTDD for any investigative purpose.  PDF 39-40

Judge Kotelly has ordered the FBI to submit a report no later than September 25 (2006). This report must contain:

(1) an explanation of how the FBI is implementing its obligation to make no affirmative investigative use, through pen register authorization, of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information, except in a rare case in order to prevent an immediate danger of death, serious physical injury or harm to the National Security, addressing in particular: a) whether post-cut-through digits obtained via FISA pen register surveillance are uploaded into TA, Proton, IDW, EDMS, TED, or any other FBI system; and b) if so what procedures are in place to ensure that no affirmative investigative use is made of postcut-through digits that do not constitute call dialing, routing, addressing or signaling information, including whether such procedures mandate that this information be deleted from the relevant system.

(2) an explanation of what procedures are in place to ensure that the Court is notified, as required pursuant to the Courts Order in the above captioned matter, whenever the government decides to make affirmative investigative use of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information in order to prevent an immediate danger of death, serious physical injury, or harm to the national security.

At the time, at least some of FBI’s lawyers believed that for FISA Pen Registers, FBI retained all the PCTDD. PDF 38

When DSC 3000 is used for a FISA collection, doesn’t the DCS 3000 pass all to the [redacted](DSC 5000) including the PCTDD–in other words for FISAs the DCS3000 does NOT use the default of not recoding [sic] the PCTTD???? [sic]

This report — dated September 25, 2006 — appears to be the report Kollar-Kotelly requested. It implores her not to follow [redacted], which appears to is a reference the EDNY court Texas decision.

That report is followed by this one — which was submitted on November 1, 2006 — which appears to propose new procedures to convince her to permit the FBI to continue to collect and retain PCTDD.

This new document, the briefing order, adds almost nothing to the discussion.

Except for this: it reveals that FISC — not DOJ — raised Stephen Smith’s opinion.

This is why I defend the FISC against claims it’s a rubber stamp. It has, on at least some occasions, done the work an adversary would normally do. And for at least 3 years, DOJ has tried to hide that FISC had to do so here.

Note what has happened in the interim? The government didn’t release this in FOIA in 2013-2014, though it was responsive to those earlier FOIA requests.

It did, however, release it now.

In the interim, DOJ gamed the new FISCR fast-track process, so as to be able to get an appellate decision approving the broader retention that Kollar-Kotelly first questioned back in 2006. Now, with that FISCR decision in pocket, DOJ has all of a sudden decided this order is no longer too classified to release (even while it still hides the timing of it).

The FISC is not perfect. But when weighing whether the FISC or DOJ (saddled, perhaps, with incomplete disclosure from NSA) has more often resulted in questionable decisions, I would almost always blame DOJ and NSA over the FISC.

Domestic Collection and Stellar Wind

I’m in the middle of comparing John Yoo’s May 17, 2002 letter to Colleen Kollar-Kotelly (which is largely the November 2, 2001 justification he wrote for Stellar Wind) with Jack Goldsmith’s May 6, 2004 memo on Stellar Wind, which reined in some aspects of Stellar Wind. And I realized something about the authorization process.

On page 17 of his memo, Goldsmith describes the previous opinions issued by OLC. The discussion is largely redacted, but it does describe say the October 4, 2001 memo “evaluated the legality of a hypothetical electronic surveillance program,” whereas the November 2, 2001 memo “examined the authorities granted by the President in the November 2, 2001 Authorization of STELLAR WIND and concluded that they were lawful.”

Already, that’s an interesting assertion given that the Yoo letter doesn’t do that entirely. First, at least in the letter to Kollar-Kotelly, Yoo also treated the program as hypothetical.

Electronic surveillance techniques would be part of this effort. The President would order warrantless surveillance in order to gather intelligence that would be used to prevent and deter future attacks on the United States. Given that the September 11 attacks were launched and carried out from within the United States itself, an effective surveillance program might include individuals and communications within the continental United States. This would be novel in two respects. Without access to any non-public sources, it is our understanding that generally the National Security Agency (NSA) only conducts electronic surveillance outside the United States that do not involve United States persons. Usually, surveillance of communications by United States persons within the unites states is conducted by the FBI pursuant to a warrant obtained under the Foreign Intelligence Surveillance Act (“FISA”). Second, interception could include electronic messages carried through the internet, which again could include communications within the United States involving United States persons. Currently, it is our understanding that neither the NSA nor law enforcement conducts broad monitoring of electronic communications in this matter within the United States, without specific authorization under FISA.


Thus, for example, all communications between United States persons, whether in the United States or not, and individuals in [redacted–likely Afghanistan] might be intercepted. The President might direct the NSA to intercept communications between suspected terrorists, even if one of the parties is a United States person and the communication takes place between the United States and abroad. The non-content portion of electronic mail communications also might be intercepted, even if one of parties is within the United States, or one or both of the parties are non-citizen U.S. persons (i.e., a permanent resident alien). Such operations would expand the NSA’s functions beyond the monitoring only of international communications of non-U.S. persons. [my emphasis]

Importantly, these hypothetical descriptions come from the section of Yoo’s letter before it appears to begin tracking his earlier memo closely. So it’s unclear whether this description of Stellar Wind matches the one in the November 2 memo. It’s certainly possible that Yoo gave an incomplete version of what he had in the earlier memo or even pulled in (hypothetical) language from the October 4 memo. It’s possible, too, that language on domestic content collection reflected a retroactive review Yoo did of the first authorization. (An extended discussion of how Yoo’s early memos track the Authorizations — including discussion of another hypothetical memo Yoo wrote on September 17 — starts at PDF 361.)

Of particular interest, this hypothetical description includes the possibility of intercepting entirely domestic Internet communications (see emphasized language). We know — from the unredacted NSA Stellar Wind IG Report and even from the redacted Joint IG Report — that was something included in the first presidential Authorization, but not the subsequent ones.

The wording of the first authorization could have been interpreted to allow domestic content collection where both communicants were located in the U.S. or were U.S. persons. General Hayden recalled that when the Counsel to the Vice President pointed this out, General Hayden told him that NSA would not collect domestic communications because 1) NSA was a foreign intelligence agency, 2) NSA infrastructure did not support domestic collection, and 3) his personal standard was so high that there would be no problem getting a FISC order for domestic collection.

We also know NSA did collect some domestic collection — on about 3,000 selectors, possibly triggered to non-US persons within the US — at least until Stellar Wind got transitioned to FISA in 2009.

This is a minor, but potentially important one. Yoo was writing hypothetical authorizations for stuff the NSA later pretended not to be authorized to do, but was doing. Those earlier hypothetical authorizations didn’t go away. And therefore, no matter what the authorizations said, there’d still be that authorization sitting there.

The Obama Administration Almost Doubled Down on Yoo’s Illegality

Over at JustSecurity the other day, ACLU’s Patrick Toomey argued that the Administration’s current interpretation of FISA — especially its embrace of upstream surveillance — means the Obama Administration has gone beyond John Yoo’s thinking on surveillance as exhibited in his May 17, 2002 letter to FISC judge Colleen Kollar-Kotelly.

Perhaps most remarkably, however, the Obama Justice Department has pressed legal theories even more expansive and extreme than Yoo himself was willing to embrace. Yoo rounded out his Stellar Wind memo with an effort to reassure Judge Kollar-Kotelly that the government’s legal interpretation had limits, saying: “Just to be clear in conclusion. We are not claiming that the government has an unrestricted right to examine the contents of all international letters and other forms of communication.” But that is essentially the power the NSA claims today when it conducts Upstream surveillance of Americans’ Internet communications. The NSA has installed surveillance equipment at numerous chokepoints on the Internet backbone, and it is using that equipment to search the contents of communications entering or leaving the country in bulk. As the ACLU recently explained in Wikimedia v. NSA, this surveillance is the digital analogue of having a government agent open every letter that comes through a mail processing center to read its contents before determining which letters to keep. In other words, today the Obama administration is defending surveillance that was a bridge too far for even John Yoo.

I’m not sure I’m convinced. After all, the Administration claims it is not examining the contents of all international letters, but rather only looking at those where selected identifiers show up in data packets. Yeah, I know it’s a bullshit argument, but they pretend that’s not searching the contents, really. Moreover we have substantial reason to believe they were doing (some) of this anyway.

But there is a curious relationship between a claim Yoo made in his letter and the Obama Administration’s views on FISA.

In the letter, Yoo writes,

FISA purports to be the exclusive means for conducting electronic surveillance for foreign intelligence, … FISA establishes criminal and civil sanctions for anyone who engages in electronic surveillance, under color of law, except as authorized by statute, warrant, or court order. 50 U.S.C. § 1809-10. It might be thought, therefore, that a warrantless surveillance program, even if undertaken to protect the national security, would violate FISA’s criminal and civil liability provisions.

Such a reading of FISA would be an unconstitutional infringement on the President’s Article II authorities. FISA can regulate foreign intelligence surveillance only to the extent permitted by the Constitution’s enumeration of congressional authority and the separation of powers.


[A]s we explained to Congress during the passage of the Patriot Act, the ultimate test of whether the government may engage in foreign surveillance is whether the government’s conduct is consistent with the Fourth Amendment, not whether it meets FISA.

This is especially the case where, as here, the executive branch possess [sic] the inherent constitutional power to conduct warrantless searches for national security purposes.

Effectively, Yoo is saying that even if they blow off FISA, they will be immune from the penalties under 50 USC §1809-10 so long as what they were doing fulfilled the Fourth Amendment, including an expansive reading of special needs that Yoo lays out in his memo. (Note, this was explained in the DOJ Stellar Wind IG Report — starting at PDF 47 — but this letter makes it more clear.)

As a reminder, on two occasions, John Bates disagreed with that interpretation, first in 2010 when he ruled NSA couldn’t continue to access the five years of data it overcollected under the PRTT Internet dragnet, and then again in 2011 when he said the government couldn’t disseminate the illegally collected upstream data (and Vaughn Walker disagreed in a series of rulings in the Al Haramain case in 2010, though the 9th Circuit partially overturned that in 2012). We know, thanks to Snowden, that the government considered appealing the order. And in his summary of the resolution of this issue, Bates made it clear that the government’s first response was to say that limits on illegally collected data don’t apply.

However, issues remained with respect to the past upstream collection residing in NSA’s databases. Because NSA’s upstream collection almost certainly included at least some acquisitions constituting “electronic surveillance” within the meaning of 50 U.S.C. § 1801 (f), any overcollection resulting from the government’s misrepresentation of the scope of that collection implicates 50 U.S.C. § 1809(a)(2). Section 1809(a)(2) makes it a crime to “disclose[] or use[] information obtained under color of law by electronic surveillance, knowing or having reason to know that the information was obtained through electronic surveillance not authorized” by statute. The Court therefore directed the government to make a written submission addressing the applicability of Section 1809(a), which the government did on November 22, 2011. See [redacted — probably a reference to Bates’ July 2010 opinion], Oct. 13, 2011 Briefing Order, and Government’s Response to the Court’s Briefing Order of Oct. 13, 2011 (arguing that Section 1809(a)(2) does not apply).

Ultimately, though, the government not only (said it) destroyed the illegal upstream data, but claims to have destroyed all its PRTT data in a big rush (so big a rush it didn’t have time to let NSA’s IG certify the intake collection of data).

And it replaced that PRTT program by searching data under SPCMA it claimed to have collected legally … somewhere.

I don’t pretend to understand precisely went on in those few weeks in 2011, though it’s clear that Obama’s Administration at least considered standing by the spirit of Yoo’s claim, even though the opinion itself had been withdrawn.

But I do know that at least through 2009, the government treated all its PRTT and Section 215 data as EO 12333 data, and in fact the providers appear not to have distinguished it either (more on this in upcoming days, hopefully). That is, it was collecting data with FISC sanction that it treated as data it collected outside of FISC sanction (that is, under EO 12333), and it was ignoring the rules FISC imposed.

Which leads me to wonder whether the government still doesn’t believe it remains immune from penalties laid out in FISA.

John Yoo’s Two Justifications for Stellar Wind

Because I’m a hopeless geek, I want to compare the what we can discern of the November 2, 2001 memo John Yoo wrote to authorized Stellar Wind with the letter he showed FISA Presiding Judge Colleen Kollar-Kotelly on May 17, 2002. The former is almost entirely redacted. But as I’ll show, the two appear to be substantially the same except for small variations within paragraphs (which possibly may reflect no more than citations). The biggest difference is that Yoo’s memo appears to have two pages of content not present in the letter to Kollar-Kotelly.

What follows is a comparison of every unredacted passage in the Yoo memo, every one of which appear in exactly the same form in the letter he wrote to Kollar-Kotelly.

The first unredacted line in Yoo’s memo — distinguishing between “electronic surveillance” covered by FISA and “warrantless searches” the President can authorize — appears in this paragraph in the letter.

FISA Safe Harbor

The line appears on page 7 of Yoo’s memo, but page 5 of his letter (which also includes some foofy introductory language for Kollar-Kotelly). That says there’s already 2 pages of information in Yoo’s memo that doesn’t appear in the letter. Yoo’s description of the surveillance program in the letter to Kollar-Kotelly is actually fairly short (and written entirely in the conditional voice), so there may be more of that in the actual memo. Also, anything that didn’t involve electronic surveillance — such as the collection of financial data — would not necessarily be relevant to FISC. But as I argue below, it’s also possible Yoo made claims about executive power in those two paragraphs that he rewrote as a two-page addition to for Kollar-Kotelly’s benefit.

The next unredacted passage in the memo consists of the first sentences of these two paragraphs.

Screen Shot 2016-04-05 at 5.34.32 PM

They appear on page 9 of Yoo’s memo and page 7 of the letter, and it appears that the space in between the two is consistent — suggesting that the interim content remains the same.

The next unredacted passage appears on page 12 of Yoo’s memo, page 10 of the letter.

FISA Restrict

While the general pagination still seems to be roughly tracking (again, suggesting the interim content is at least similar), the spacing of this paragraph is clearly different (note how the sentence begins in a different place in the column), suggesting Yoo may have made an even stronger defense of inherent authority in his memo, or perhaps that OLC has precedents for such a claim that Yoo thought inappropriate to share with the FISC. It’s possible this and later paragraph spacing differences arise from classification marks at the beginning of each paragraph, except the passages from the beginning of paragraphs seem to match up more closely than those from the middle of them.

Screen Shot 2016-04-05 at 7.30.51 PM

The next unredacted passage, on page 17 of Yoo’s memo and 15 of the letter, extend the claim that Congress can’t limit the President’s use of pen registers used to defend the nation. That’s followed closely by Yoo’s shift to arguing that intelligence gathering “in direct support” of military operations does not trigger the Fourth Amendment.

Intel Military Ops

Read more

The Government Spoliationing for a Fight with EFF

On November 6, 2007, Judge Vaughn Walker issued a preservation order in EFF’s challenge to what we now know to be Stellar Wind, the Shubert case (which would be applied to the Jewel case after that). Nevertheless, in spite of that order, in 2009 the NSA started destroying evidence that it had collected data outside of the categories Judge Colleen Kollar-Kotelly authorized way back in 2004.

Also in 2009, NSA shifted records showing 3,000 people — which highly likely included CAIR’s staff and clients — had been dragnetted without the First Amendment review mandated by Section 215 (CAIR wasn’t a plaintiff on EFF’s earlier suits but they are on EFF’s phone dragnet suit, First Unitarian United). When they did, the government even appeared to consider the existing protection order in the EFF case; I have FOIAed their deliberations on that issue, but thus far have been stonewalled.

Finally, in 2011, NSA destroyed — on very little notice and without letting their own IG confirm the destruction of data that came in through NSA’s intake process — all of its Internet dragnet data.

In other words, on three known occasions, the NSA destroyed data covered by the protection order in Northern California, one of them even after admitting a protection order might cover the data in question. In two of those cases, we know the data either exceeded FISA’s orders or violated the law.

In fact, it wasn’t until 2014, when the government started asking Judge Reggie Walton for permission to destroy the phone dragnet data and EFF complained mightily, that NSA started complying with the earlier protection order. Later that same year, it finally asked FISC to keep the Protect America Act and FISA Amendments Act data also included under that order in its minimization procedures.

These posts provide more background on this issue: postpost, post, post.

In other words, on three different occasions (even ignoring the content collection), NSA destroyed data covered by the protection order. spoiling the evidence related to EFF’s lawsuits.

Which is why I find this claim — in the January 8 filing I’ve been waiting to read, but which was just posted on March 4 (that is, 5 days after the NSA would have otherwise had to destroy everything on February 29 under USA Freedom Act).

The Government remains concerned that in these cases, absent relief from district courts or explicit agreement from the plaintiffs, the destruction of the BR Metadata, even pursuant to FISC Order, could lead the plaintiffs to accuse the Government of spoliation. In Jewel, the plaintiffs have already moved for spoliation sanctions, including an adverse inference against the Government on the standing issue, based on the destruction of aged-off BR Metadata undertaken in accordance with FISC Orders. See Jewel Pls.’ Brief Re: the Government’s Non-compliance with the Court’s Evidence Preservation Orders, ECF No. 233.

Gosh, after destroying data on at least three different occasions (again, ignoring at least two years of content they destroyed), the government is worried that if it destroyed more it might get in trouble? Please!

Elsewhere, the strategy in this filing seems to be to expand the possible universe they’d have to set aside under the three cases (plus Klayman) for which there is a protection order as to make it virtually impossible to set it aside so as to destroy the rest. In addition, having let the time when they could have set aside such data easily pass because they were still permitted to access the data (say, back in 2014, when they got caught violating their protection order), they now claim that the closure of the dragnet makes such a search virtually impossible now.

It’s a nifty gimmick. They can’t find a way to destroy the data because they already destroyed even legally suspect data. And we learn about it only now, after the data would otherwise be destroyed, but now can’t be because they didn’t find some better resolution 2 years ago.

Silencing Whistleblowers, 12 Years Later

As reported by Zoe Tillman, Thomas Tamm, the first whistleblower to go to Eric Lichtblau with reports of Stellar Wind, is being investigated for ethical violations by the DC Bar. The complaint alleges he failed to report that people within DOJ were violating their legal obligations to superiors, up to and including the Attorney General, and that he took confidences of his client (which the complaint defines as DOJ) to the press.

The question, of course, is why the Bar is pursuing this now, years after Tamm’s actions became public. Tillman describes the complaint as having had some kind of virgin birth, from Bar members reading the news accounts rather than someone complaining.

D.C. Disciplinary Counsel Wallace Shipp Jr. declined to comment on the charges against Tamm. The ethics case was opened in 2009, but the charges weren’t filed until late December. The disciplinary counsel’s office has working in recent years to clear a backlog of old cases.

Shipp said the disciplinary counsel’s office launched the investigation after reading about Tamm’s case in news reports. It was opened under the office’s name, which generally means there is no outside complainant.

That’s a funny explanation, given that the complaint doesn’t reference the press reports, most notably Michael Isikoff’s 2008 report on Tamm’s whistleblowing, which describes Tamm going to two of his superiors (though not, admittedly, all the way to Attorney General Ashcroft).

It’s unclear to what extent Tamm’s office was aware of the origins of some of the information it was getting. But Tamm was puzzled by the unusual procedures—which sidestepped the normal FISA process—for requesting wiretaps on cases that involved program intelligence. He began pushing his supervisors to explain what was going on. Tamm says he found the whole thing especially curious since there was nothing in the special “program” wiretap requests that seemed any different from all the others. They looked and read the same. It seemed to Tamm there was a reason for this: the intelligence that came from the program was being disguised. He didn’t understand why. But whenever Tamm would ask questions about this within OIPR, “nobody wanted to talk about it.”

At one point, Tamm says, he approached Lisa Farabee, a senior counsel in OIPR who reviewed his work, and asked her directly, “Do you know what the program is?” According to Tamm, she replied: “Don’t even go there,” and then added, “I assume what they are doing is illegal.” Tamm says his immediate thought was, “I’m a law-enforcement officer and I’m participating in something that is illegal?” A few weeks later Tamm bumped into Mark Bradley, the deputy OIPR counsel, who told him the office had run into trouble with Colleen Kollar-Kotelly, the chief judge on the FISA court. Bradley seemed nervous, Tamm says. Kollar-Kotelly had raised objections to the special program wiretaps, and “the A.G.-only cases are being shut down,” Bradley told Tamm. He then added, “This may be [a time] the attorney general gets indicted,” according to Tamm. (Told of Tamm’s account, Justice spokesman Boyd said that Farabee and Bradley “have no comment for your story.”)

Compare that version with how the complaint describes Tamm doing precisely what the complaint says he failed to do.

Respondent learned that these applications involved special intelligence obtained from something referred to as “the program.” When he inquired about “the program” of other members of the Office of Intelligence Policy and Review, he was told by his colleagues that it was probably illegal.

Isikoff describes Tamm going to two of his superiors, “a senior counsel in OIPR who reviewed his work,” and “the deputy OIPR counsel,” the former of one of whom is the one who told him “I assume what they are doing is illegal.” The complaint rewrites that story — what ostensibly is the source of the complaint — and turns these superiors into “colleagues.”

Mind you, according to this story, there is one superior within OIPR to whom Tamm didn’t go: Counsel James Baker. He was the guy who was laundering applications to the FISC in ways Colleen Kollar-Kotelly found unacceptable.

Baker, of course, is currently the General Counsel of FBI, someone who reviews a slew of applications for larger programs, including those that go to FISC.

So 12 years after Tamm leaked DOJ’s secrets to the NYT, he is being investigated by the Bar because he didn’t go to the right superiors with his complaints, one of who just happens to be the FBI General Counsel.

The Internet Dragnet Was a Clusterfuck … and NSA Didn’t Care

Here’s my best description from last year of the mind-boggling fact that NSA conducted 25 spot checks between 2004 and 2009 and then did a several months’ long end-to-end review of the Internet dragnet in 2009 and found it to be in pretty good shape, only then to have someone discover that every single record received under the program had violated rules set in 2004.

Exhibit A is a comprehensive end-to-end report that the NSA conducted in late summer or early fall of 2009, which focused on the work the agency did in metadata collection and analysis to try and identify people emailing terrorist suspects.

The report described a number of violations that the NSA had cleaned up since the beginning of that year — including using automatic alerts that had not been authorized and giving the FBI and CIA direct access to a database of query results. It concluded the internet dragnet was in pretty good shape. “NSA has taken significant steps designed to eliminate the possibility of any future compliance issues,” the last line of the report read, “and to ensure that mechanisms are in place to detect and respond quickly if any were to occur.”

But just weeks later, the Department of Justice informed the FISA Court, which oversees the NSA program, that the NSA had been collecting impermissible categories of data — potentially including content — for all five years of the program’s existence.

The Justice Department said the violation had been discovered by NSA’s general counsel, which since a previous violation in 2004 had been required to do two spot checks of the data quarterly to make sure NSA had complied with FISC orders. But the general counsel had found the problem only after years of not finding it. The Justice Department later told the court that “virtually every” internet dragnet record “contains some metadata that was authorized for collection and some metadata that was not authorized for collection.” In other words, in the more than 25 checks the NSA’s general counsel should have done from 2004 to 2009, it never once found this unauthorized data.

The following year, Judge John Bates, then head of FISC, emphasized that the NSA had missed the unauthorized data in its comprehensive report. He noted “the extraordinary fact that NSA’s end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired.” Bates went on, “[I]t must be added that those responsible for conducting oversight at NSA failed to do so effectively.”

Even after these details became public in 2014 (or perhaps because the intelligence community buried such disclosures in documents with dates obscured), commentators have generally given the NSA the benefit of the doubt in its good faith to operate its dragnet(s) under the rules set by the FISA Court.

But an IG Report from 2007 (PDF 24-56) released in Charlie Savage’s latest FOIA return should disabuse commentators of that opinion.

This is a report from early 2007, almost 3 years after the Stellar Wind Internet dragnet moved under FISA authority and close to 30 months after Judge Colleen Kollar-Kotelly ordered NSA to implement more oversight measures, including those spot checks. We know that rough date because the IG Report post-dates the January 8, 2007 initiation of the FISC-spying compartment and it reflects 10 dragnet order periods of up to 90 days apiece (see page 21). So the investigation in it should date to no later than February 8, 2007, with the final report finished somewhat later. It was completed by Brian McAndrew, who served as Acting Inspector General from the time Joel Brenner left in 2006 until George Ellard started in 2007 (but who also got asked to sign at least one document he couldn’t vouch for in 2002, again as Acting IG).

The IG Report is bizarre. It gives the NSA a passing grade on what it assessed.

The management controls designed by the Agency to govern the collection, dissemination, and data security of electronic communications metadata and U.S. person information obtained under the Order are adequate and in several aspects exceed the terms of the Order.

I believe that by giving a passing grade, the IG made it less likely his results would have to get reported (for example, to the Intelligence Oversight Board, which still wasn’t getting reporting on this program, and probably also to the Intelligence Committees, which didn’t start getting most documentation on this stuff until late 2008) in any but a routine manner, if even that. But the report also admits it did not assess “the effectiveness of management controls[, which] will be addressed in a subsequent report.” (The 2011 report examined here identified previous PRTT reports, including this one, and that subsequent report doesn’t appear in any obvious form.) Then, having given the NSA a passing grade but deferring the most important part of the review, the IG notes “additional controls are needed.”

And how.

As to the issue of the spot checks, mandated by the FISA Court and intended to prevent years of ongoing violations, the IG deems such checks “largely ineffective” because management hadn’t adopted a methodology for those spot checks. They appear to have just swooped in and checked queries already approved by an analyst’s supervisor, in what they called a superaudit.

Worse still, they didn’t write anything down.

As mandated by the Order, OGC periodically conducts random spot checks of the data collected [redaction] and monitors the audit log function. OGC does not, however document the data, scope, or results of the reviews. The purpose of the spot checks is to ensure that filters and other controls in place on the [redaction] are functioning as described by the Order and that only court authorized data is retained. [snip] Currently, an OGC attorney meets with the individuals responsible [redaction] and audit log functions, and reviews samples of the data to determine compliance with the Order. The attorney stated that she would formally document the reviews only if there were violations or other discrepancies of note. To date, OGC has found no violations or discrepancies.

So this IG review was done more than two years after Kollar-Kotelly had ordered these spot checks, during which period 18 spot checks should have been done. Yet at that point, NSA had no documentary evidence a single spot check had been done, just the say-so of the lawyer who claimed to have done them.

Keep in mind, too, that Oversight and Control were, at this point, implementing a new-and-improved spot-check process. That’s what the IG reviewed, the new-and-improved process, because (of course) reviewers couldn’t review the past process because there was no documentation of it. It’s the new-and-improved process that was inadequate to the task.

But that’s not the only problem the IG found in 2007. For example, the logs used in auditing did not accurately document what seed had been used for queries, which means you couldn’t review whether those queries really met the incredibly low bar of Reasonable Articulable Suspicion or that they were pre-approved.  Nor did they document how many hops out analysts chained, which means any given query could have sucked in a great deal of Americans (which might happen by the third or fourth hop) and thrown them into the corporate store for far more intrusive anlaysis. While the IG didn’t point this out directly, the management response made clear log files also didn’t document whether a seed was a US person and therefore entitled to a First Amendment review. In short, NSA didn’t capture any — any!!! — of the data that would have been necessary to assess minimal compliance with FISC orders.

NSA’s lawyers also didn’t have a solid list of everyone who had access to the databases (and therefore who needed to be trained or informed of changes to the FISC order). The Program Management Office had a list that it periodically compared to who was actually accessing the data (though as made clear later in the report, that included just the analysts). And NSA’s Office of General Counsel would also periodically review to ensure those accessing the data had the information they needed to do so legally. But “the attorney conducting the review relie[d] on memory to verify the accuracy and completeness of the list.” DOD in general is wonderfully neurotic about documenting any bit of training a given person has undergone, but with the people who had access to the Internet metadata documenting a great deal of Americans’ communication in the country, NSA chose just to work from memory.

And this non-existent manner of tracking those with database access extended to auditing as well. The IG reported that NSA also didn’t track all queries made, such as those made by “those that have the ability to query the PRTT data but are not on the PMO list or who are not analysts.” While the IG includes people who’ve been given new authorization to query the data in this discussion, it’s also talking about techs who access the data. It notes, for example, “two systems administrators, who have the ability to query PRTT data, were also omitted from the audit report logs.” The thing is, as part of the 2009 “reforms,” NSA got approval to exempt techs from audits. I’ve written a lot about this but will return to it, as there is increasing evidence that the techs have always had the ability — and continue to have the ability — to bypass limits on the program.

There are actually far more problems reported in this short report, including details proving that — as I’ve pointed out before — NSA’s training sucks.

But equally disturbing is the evidence that NSA really didn’t give a fuck about the fact they’d left a database of a significant amount of Americans’ communications metadata exposed to all sorts of control problems. The disinterest in fixing this problem dates back to 2004, when NSA first admitted to Kollar-Kotelly they were violating her orders. They did an IG report at the time (under the guidance of Joel Brenner), but it did “not make formal recommendations to management. Rather, the report summarize[d] key facts and evaluate[d] responsibility for the violation.” That’s unusual by itself: for audits to improve processes, they are supposed to provide recommendations and track whether those are implemented. Moreover, while the IG (who also claimed the clusterfuck in place in 2007 merited a passing grade) assessed that “management has taken steps to prevent recurrence of the violation,” it also noted that NSA never really fixed the monitoring and change control process identified as problems back in 2004. In other words, it found that NSA hadn’t fixed key problems IDed back in 2004.

As to this report? It did make recommendations and management even concurred with some of them, going so far as to agree to document (!!) their spot checks in the future. With others — such as the recommendation that shift supervisors should not be able to make their own RAS determinations — management didn’t concur, they just said they’d monitor those queries more closely in the future. As to the report as a whole, here’s what McAndrew had to say about management’s response to the report showing the PRTT program was a clusterfuck of vulnerabilities: “Because of extenuating circumstances, management was unable to provide complete responses to the draft report.”

So in 2007, NSA’s IG demonstrated that the oversight over a program giving NSA access to the Internet metadata of a good chunk of all Americans was laughably inadequate.

And NSA’s management didn’t even bother to give the report a full response.

The FISA Court’s Uncelebrated Good Points

I’m working on a post responding to this post from Chelsea Manning calling to abolish the FISA Court. Spoiler alert: I largely agree with her, but I think the question is not that simple.

As background to that post, I wanted to shift the focus from a common perception of the FISC — that it is a rubber stamp that approves all requests — to a better measure of the FISC — the multiple ways it has tried to rein in the Executive. I think the FISC has, at times, been better at doing so than often given credit for. But as I’ll show in my larger post, those efforts have had limited success.

Minimization procedures

The primary tool the FISC uses is in policing the Executive is minimization procedures approved by the court. Royce Lamberth unsuccessfully tried to use minimization procedures to limit the use of FISA-collected data in prosecutions (and also, tools for investigation, such as informants). Reggie Walton was far more successful at using and expanding very detailed limits on the phone — and later, the Internet — dragnet to force the government to stop treating domestically collected dragnet data under its own EO 12333 rules and start treating it under the more stringent FISC-imposed rules. He even shut down the Internet dragnet in fall (probably October 30) 2009 because it did not abide by limits imposed 5 years earlier by Colleen Kollar-Kotelly.

There was also a long-running discussion (that involved several briefs in 2006 and 2009, and a change in FISC procedure in 2010) about what to do with Post Cut Through Dialed Digits (those things you type in after a call or Internet session has been connected) collected under pen registers. It appears that FISC permitted (and probably still permits) the collection of that data under FISA (that was not permitted under Title III pen registers), but required the data get minimized afterwards, and for a period over collected data got sequestered.

Perhaps the most important use of minimization procedures, however, came when Internet companies stopped complying with NSLs requiring data in 2009, forcing the government to use Section 215 orders to obtain the data. By all appearances, the FISC imposed and reviewed compliance of minimization procedures until FBI, more than 7 years after being required to, finally adopted minimization procedures for Section 215. This surely resulted in a lot less innocent person data being collected and retained than under NSL collection. Note that this probably imposed a higher standard of review on this bulky collection of data than what existed at magistrate courts, though some magistrates started trying to impose what are probably similar requirements in 2014.

Such oversight provides one place where USA Freedom Act is a clear regression from what is (today, anyway) in place. Under current rules, when the government submits an application retroactively for an emergency search of the dragnet, the court can require the government to destroy any data that should not have been collected. Under USAF, the Attorney General will police such things under a scheme that does not envision destroying improperly collected data at all, and even invites the parallel construction of it.

First Amendment review

The FISC has also had some amount — perhaps significant — success in making the Executive use a more restrictive First Amendment review than it otherwise would have. Kollar-Kotelly independently imposed a First Amendment review on the Internet dragnet in 2004. First Amendment reviews were implicated in the phone dragnet changes Walton pushed in 2009. And it appears that in the government’s first uses of the emergency provision for the phone dragnet, it may have bypassed First Amendment review — at least, that’s the most logical explanation for why FISC explicitly added a First Amendment review to the emergency provision last year. While I can’t prove this with available data, I strongly suspect more stringent First Amendment reviews explain the drop in dragnet searches every time the FISC increased its scrutiny of selectors.

In most FISA surveillance, there is supposed to be a prohibition on targeting someone for their First Amendment protected activities. Yet given the number of times FISC has had to police that, it seems that the Executive uses a much weaker standard of First Amendment review than the FISC. Which should be a particularly big concern for National Security Letters, as they ordinarily get no court review (one of the NSL challenges that has been dismissed seemed to raise First Amendment concerns).

Notice of magistrate decisions

On at least two occasions, the FISC has taken notice of and required briefing after magistrate judges found a practice also used under FISA to require a higher standard of evidence. One was the 2009 PCTDD discussion mentioned above. The other was the use of combined orders to get phone records and location data. And while the latter probably resulted in other ways the Executive could use FISA to obtain location data, it suggests the FISC has paid close attention to issues being debated in magistrate courts (though that may have more to do with the integrity of then National Security Assistant Attorney General David Kris than the FISC itself; I don’t have high confidence it is still happening). To the extent this occurs, it is more likely that FISA practices will all adjust to new standards of technology than traditional courts, given that other magistrates will continue to approve questionable orders and warrants long after a few individually object, and given that an individual objection isn’t always made public.

Dissemination limits

Finally, the FISC has limited Executive action by limiting the use and dissemination of certain kinds of information. During Stellar Wind, Lamberth and Kollar-Kotelly attempted to limit or at least know which data came from Stellar Wind, thereby limiting its use for further FISA warrants (though it’s not clear how successful that was). The known details of dragnet minimization procedures included limits on dissemination (which were routinely violated until the FISC expanded them).

More recently John Bates twice pointed to FISA Section 1809(a)(2) to limit the government’s use of data collected outside of legal guidelines. He did so first in 2010 when he limited the government’s use of illegally collected Internet metadata. He used it again in 2011 when he used it to limit the government’s access to illegally collected upstream content. However, I think it likely that after both instances, the NSA took its toys and went elsewhere for part of the relevant collection, in the first case to SPCMA analysis on EO 12333 collected Internet metadata, and in the second to CISA (though just for cyber applications). So long as the FISC unquestioningly accepts EO 12333 evidence to support individual warrants and programmatic certificates, the government can always move collection away from FISC review.

Moreover, with USAF, Congress partly eliminated this tool as a retroactive control on upstream collection; it authorized the use of data collected improperly if the FISC subsequently approved retention of it under new minimization procedures.

These tools have been of varying degrees of usefulness. But FISC has tried to wield them, often in places where all but a few Title III courts were not making similar efforts. Indeed, there are a few collection practices where the FISC probably imposed a higher standard than TIII courts, and probably many more where FISC review reined in collection that didn’t have such review.