Colleen Kollar-Kotelly Archives - Page 5 of 5

Posts

The Five Year Parade of Internet Dragnet Violations

November 20, 2013/9 Comments/in FISA /by emptywheel

Monday’s document release provided mounting evidence that when the hospital confrontation “heroes” moved the Internet dragnet they had deemed to be illegal under the auspices of the FISA Court, neither they, nor Judge Colleen Kollar-Kotelly believed it was legally sound. But they traded those truly crummy legal claims to bring the program under court oversight. Since then, boosters of the scheme have claimed the oversight serves to eliminate violations quickly.

We already knew that’s not true.

Still, Monday’s release — particularly this John Bates opinion written around July 2010 — makes that even more clear. After Kollar-Kotelly sacrificed judicial wisdom for court oversight on July 14, 2004, the government continued breaking the court’s rules for five years, until Reggie Walton shut the program down, sometime in fall 2009.

First, let’s lay out the dates. I’ve done a rough timeline below, based on the known start-date (July 14, 2004) and the rough end point with John Bates’ opinion (around July 2010). The bulk of the other dates impose the timeline laid out in the Bates opinion on a few known dates taken from the phone dragnet production (plus, the geniuses at ODNI not only left the date of the June 22 Internet dragnet order in its URL (CLEANED101.%20Order%20and%20Supplemental%20Order%20%286-22-09%29-sealed.pdf), but it’s the same document as the June 22 phone dragnet order, which has different redactions but most dates intact — see the three bolded entries below).

As you’ll see, there were two known violations in the Internet dragnet before the before the discoveries of the problems started in earnest in 2009. That’s not that big a deal — there was at least one phone violation before 2009 too, except in the case of the Internet dragnet, NSA overcollected from the very start.

The examination of the Internet dragnet started in response to the first phone dragnet disclosures in January 2009 (with the change in Administration, it should be remembered). Reggie Walton told NSA to see if the Internet dragnet had the same compliance problems as the phone dragnet did.

From that point until June 2009, the discoveries seemed to work in parallel (the NSA was working on End-to-End reports for both programs at the same time, and they share some common databases). But with the discovery that both dragnet programs were sharing information freely with other agencies, it became clear the violations were much worse on the Internet dragnet side, with reports going out with US person information that did not even remotely comply with minimization requirements.

Then sometime after that — and after Walton issued what would be the last Internet dragnet order for a year (that was sometime after June 22, 2009) — NSA discovered they had been receiving “metadata” far outside the permitted scope, which surely included content. Note this may have happened around the same time as NSA reported that one phone provider had overproduced (including international data in addition to domestic, I think) on July 9, 2009, so I wonder if they were only then reviewing returned data on receipt.

In any case, it was around that time that NSA “discovered” the Internet metadata program had never ever been in compliance. From Bates:

Notwithstanding this and many similar prior representations [made on the summer 2009 reauthorization] there in fact had been systemic overcollection since [redacted]. On [redacted] the government provided written notice of yet another form of substantial non-compliance discovered by NSA OGC on [redacted] this time involving the acquisition of information beyond the [redacted] authorized categories.

[snip]

This overcollection, which had occurred continuously since the initial authorization in [redacted] included the acquisition of [long redaction]. [my emphasis]

Never.

If my math is correct, the application the NSA withdrew was submitted not long after September 20. There are briefings for the Intelligence Committees that likely alerted them to the scale of the Internet dragnet problems around that time. But as of October 5, some of the most assertive House Judiciary members seem to have had no idea about the problems with the Internet dragnet. If they found out about it with the notice to Congress on December 17, 2009, it explains why the PATRIOT Act reauthorization process stalled.

There’s one more very important thing in this timeline. You’ll see below that almost at exactly the same time as NSA “realized” it had never complied with program requirements, it started a pilot project that would be rolled out on January 3, 2011, analyzing metadata with no special protections for US persons or limit for use only on counterterrorism.

Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.)

[snip]

In the second place it enables large-scale graph analysis on very large sets of communications metadata vwithout having to check foreignness of every node or address in the graph. Analysts in S2 have used this to great benefit over the past year and a half under a pilot program. [emphasis original]

In other words, at the moment they were coming clean with the FISC that they had never ever complied with the PR/TT orders, they were beginning the pilot project that would move metadata collection overseas, under EO 12333. (This document goes back to this NYT story on social network analysis.)

So much for the notion that putting all this under court oversight would accomplish a damn thing. All it did was degrade the law and provide NSA cover until they developed the technology to do all this overseas.

Update, 11/22: More dates added to timeline.

Update, 11/26: More dates added to timeline. Read more →

Freedom of Association: From Six Degrees of Kevin Bacon to Three Degrees of Terry Stop

November 19, 2013/4 Comments/in FISA, PATRIOT /by emptywheel

One thing the July 24, 2004 Colleen Kollar-Kotelly opinion and the May 23, 2006 phone dragnet application reveal is that the government and the court barely considered the First Amendment Freedom of Association implications of the dragnets.

The Kollar-Kotelly opinion reveals the judge sent a letter asking the government about “First Amendment issues.” (3) Way back on 57, she begins to consider First Amendment issues, but situates the in the querying of data, not the creation of a dragnet showing all relationships in the US.

In this case, the initial acquisition of information is not directed at facilities used by particular individuals of investigative interest, but meta data concerning the communications of such individuals’ [redacted]. Here, the legislative purpose is best effectuated at the querying state, since it will be at a point that an analyst queries the archived data that information concerning particular individuals will first be compiled and reviewed. Accordingly, the Court orders that NSA apply the following modification of its proposed criterion for querying the archived data: [redacted] will qualify as a seed [redacted] only if NSA concludes, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable articulable suspicion that a particularly known [redacted] is associated with [redacted] provided, however, that an [redacted] believed to be used by a U.S. person shall not be regarded as associated with [redacted] solely on the basis of activities that are protected by the First Amendment to the Constitution. For example, an e-mail account used by a U.S. person could not be a seed account if the only information thought to support the belief that the account is associated with [redacted] is that, in sermons or in postings on a web site, the U.S. person espoused jihadist rhetoric that fell short of “advocacy … directed to inciting or producing imminent lawless action and … likely to incite or produce such action.” Brandnberg v. Ohio

By focusing on queries rather than collection, Kollar-Kotelly completely sidesteps the grave implications for forming databases of all the relationships in the US.

Then, 10 pages later, Kollar-Kotelly examines the First Amendment issues directly. She cites Reporters Committee for Freedom of the Press v. AT&T to lay out that in criminal investigations the government can get reporters’ toll records. Predictably, she says that since this application is “in furtherance of the compelling national interest of identifying and tracking [redacted terrorist reference], it makes it an easier case. Then, finally, she cites Paton v. La Prade to distinguish this from an much less intrusive practice, mail covers.

The court in Paton v. La Prade held that a mail cover on a dissident political organization violated the First Amendment because it was authorized under a regulation that was overbroad in its use of the undefined term “national security.” In contrast, this pen register/trap and trace surveillance does not target a political group and is authorized pursuant to statute on the grounds of relevance to an investigation to protect against “international terrorism,” a term defined at 50 U.S.C. § 1801(c). This definition has been upheld against a claim of First Amendment overbreadth. [citations omitted]

Of course, a mail cover is not automated and only affects the targeted party. This practice, by contrast, affects the targeted party (the selector) and anyone three hops out from him. Thus, even if those people are, in fact, a dissident organization (perhaps a conservative mosque), they in effect become criminalized by the association to someone only suspected — using the Terry Stop standard (the same used with stop-and-frisk) — of ties (but not even necessarily organizational ties) to terrorism.

Here’s how it looks in translation, in the 2006 application:

It bears emphasis that, given the types of analysis the NSA will perform, no information about a telephone number will ever be accessed or presented in an intelligible form to any person unless either (i) that telephone number has been in direct contact with a reasonably suspected terrorist-associated number or is linked to such a number through one or two intermediaries. (21)

So: queries require only a Terry Stop standard, and from that, mapping out everyone who is three degrees of association — whose very association with the person should be protected by the First Amendment — is fair game too.

Imagine if Ray Kelly had the authority to conduct an intrusive investigation into every single New Yorker who was three degrees of separation away from someone who had ever been stop-and-frisked. That’s what we’re talking about, only it happens in automated, secret fashion.

Colleen Kollar-Kotelly Ate the Serpent’s Fruit of Judicial “Oversight” in Lieu of Law

November 19, 2013/8 Comments/in FISA, PATRIOT /by emptywheel

Sometime next week, I will have a post on what known documents the government chose not to release in yesterday’s dump — a significant chunk, for example, almost certainly show how the dragnet programs are tied inextricably to the content programs.

But for now, we’re getting increased clarity on the phone and Internet dragnet program.

One thing that seems clear is that there is no opinion authorizing the phone dragnet, as I suggested two months ago.

What passes as the government’s application for the phone dragnet — it is described as “Production to Congress of a May 23, 2006 Government Memorandum of Law,” but for a number of reasons, I have my doubts we’ve gotten even precisely that, which I’ll lay out at a future time — is dated May 23, 2006, the day before Malcom Howard approved the application. That doesn’t leave time for Howard to have written a fulsome opinion on the practice (and indeed, the timing makes me wonder whether this was approved because of urgent legal deadlines facing the telecoms). [Update: And when John Bates cites the “precedent” in his June-July 2010 opinion (75) he doesn’t cite an opinion.]

And the application makes it clear it relies on Kollar-Kotelly’s opinion as its legal justification. The first instance of doing so, tellingly, makes it clear FISC approval is designed primarily to give legal sanction for the program, not to assess whether the program actually is legal.

The Application is completely consistent with this Court’s ground breaking and innovative decision [redacted] in [redacted]. In that case, the Court authorized the installation and use of pen registers and trap and trace devices to collect bulk e-mail metadata [redacted]. The Court found that all of “the information likely to be obtained” from such collection is “relevant to an ongoing investigation to protect against international terrorism.” 50 U.S.C. § 1842(c)(2); [redacted] 25-54. The Court explained that “the bulk collection of meta data–i.e., the collection of both a huge volume and high percentage of unrelated communications–is necessary to identify the much smaller number of [redacted] communications.” Id. at 49. Moreover, as was the case in [redacted], this Application promotes both the twin goals of FISA: facilitating the foreign-intelligence collection needed to protect American lives while at the same time providing judicial oversight to safeguard American freedoms.

Let’s pause and reflect on this point for a moment.

We can now say with some certainty that a great many dragnet applications stem from the Kollar-Kotelly opinion. That’s because we have almost certainly identified the two opinions named in Claire Eagan’s opinion from earlier this year.

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.”

An earlier reference in Eagan quotes the Kollar-Kotelly opinion directly (and the page number lines up), and while I have not found the citation from this passage in the Bates opinion also released yesterday yet (I think it may appear in the redactions on page 76), that opinion discusses relevance at length and was clearly written between 2009 and 2011. [~~Update: the quote appears to be a rough transcription of Bates’ cherry picked quote from Kollar-Kotelly that appears on page 9.~~ Update 2: The quote comes from page 73, which is Bates’ own transcription of his citation of K-K, but Eagan missed the word “analytic” before tools.]

[Update] Another thing suggests the Bates opinion dates to 2010. The language in the December 2009 notice to Congress suggests ongoing problems, and includes the Internet metadata problems, whereas the February 2011 notice includes far more redacted discussion (yet still treats an active Internet metadata program.

In addition, we know from the geolocation materials that the government didn’t get an opinion dedicated to that application before they started.

DOJ advised in February 2010 that obtaining the data for the described testing purposes was permissible based upon the current language of the Court’s BR FISA order requiring the production of’ all ca11 detail records.’ It is our understanding that DOJ also orally advised the FISC, via its staff, that we had obtained a limited set of test data sampling of cellular mobility data (cell site location information) pursuant to the Court-authorized program and that we were exploring the possibility of acquiring such mobility data under the BR FISA program in the near future based upon the authority currently granted by the Court.

There are ~~2004~~, 2006, 2008, 2010, and 2013 opinions that relate to Section 215 (and, I suspect, other activities as well; updated with typo fixed). But at the very least, Kollar-Kotelly’s opinion authorized gathering substantially all the phone and (by 2010) Internet metadata in the country, as well as (starting in 2010) some subset of geolocation data).

Kollar-Kotelly, then, is the primary analysis the government has always relied on to construct maps charting the relationships of every American.

Which is why I find it so troubling that the application here is unashamed that the point of the opinion is not to assess the legality of a practice, but instead to “provid[e] judicial oversight to safeguard American freedoms.” (Side note: these opinions argue these practices are “necessary” to protect American lives, but the phone dragnet has never once done so, as far as we know, and the government has since purportedly canceled the Internet dragnet program because it was unnecessary, though that is almost certainly a lie.)

Guaranteeing the government doesn’t violate the Constitution was supposed to safeguard American freedoms. But with the Kollar-Kotelly opinion and all that follows from it, impotent oversight has came to substitute for defending the Constitution.

The “Heroes” of the Hospital Confrontation Brief the FISC

November 19, 2013/6 Comments/in FISA, PATRIOT /by emptywheel

I’m going to have several posts on the documents released yesterday, starting with the Internet dragnet opinion and the phone dragnet application.

But to give those two background, I want to look at a passage in the Internet dragnet opinion, in which Colleen Kollar-Kotelly describes a fascinating briefing that she received in advance of authoring what Orin Kerr describes as a “quite strange” opinion.

After describing some declarations she received (including one from a person whose title remains redacted) and some questions she posed, she describes this briefing.

The Court also relies on information and arguments presented in a briefing to the Court on [redacted] which addressed the current and near-term threats posed by [redacted reference to Al Qaeda and others], investigations conducted by the Federal Bureau of investigation (FBI) to counter those threats, the proposed collection activities of the NSA (now described in the instant application), the expected analytical value of information so collected in efforts to identify and track operatives [redacted] and the legal bases for conducting these collection activities under FISA’s pen register/trap and trace provisions. 4

4 This briefing was attended by (among others) the Attorney General; [redacted] the DIRNSA; the Director of the FBI; the Counsel to the President; the Assistant Attorney General for the Office of Legal Counsel; the Director of the Terrorist Threat Integration Center (TTIC); and Counsel for Intelligence Policy.

That is, right at the beginning of her opinion, Kollar-Kotelly tells us that she had a briefing with:

AG John Ashcroft
[redacted]
DIRNSA Michael Hayden
FBI Director Robert Mueller
Counsel to the President Alberto Gonzales
AAG for OLC Jack Goldsmith
TTIC Director John Brennan
Counsel for OIPR James Baker

On page 30, Kollar-Kotelly seems to refer to the same redacted person again, which in the context of the reference to CIA v. Sims in that footnote, seems to suggest this is a reference to CIA Director George Tenet, which suggests the redacted author of the brief she relied on was authored by Tenet. (I leave open the more tantalizing possibility that it’s someone like Dick Cheney, but highly doubt it.)

So before she approved the use of FISA’s Pen Register to collect much of the Internet metadata in the US, she had a meeting with at least one of the villains — Alberto Gonzales — of the hospital confrontation at which DOJ refused to reauthorize the Internet metadata program that was part of the President’s illegal wiretap program, and at least three of its “heroes:” Ashcroft, Mueller, and Goldsmith.

Interestingly, this meeting does not appear — at least not described as such — in the Draft NSA IG Report description of the transition to a FISC order.

After extensive coordination, DoJ and NSA devised the PRITT theory to which the Chief Judge of the FISC seemed amenable. DoJ and NSA worked closely over the following months, exchanging drafts of the application, preparing declarations, and responding to questions from court advisers. NSA representatives explained the capabilities that were needed to recreate the Authority, and DoJ personnel devised a workable legal basis to meet those needs. In April 2004, NSA briefed Judge Kollar-Kotelly and a law clerk because Judge Kollar-Kotelly was researching the impact of using PSP-derived information in FISA applications. In May 2004, NSA personnel provided a technical briefmg on NSA collection of bulk Internet metadata to Judge Kollar-Kotelly. In addition, General Hayden said he met with Judge Kollar-Kotelly on two successive Saturdays during the summer of 2004 to discuss the on-going efforts.

Was this “briefing” one of the Saturday meetings Hayden had with FISC’s Presiding Judge?

Remember, David Kris described the genesis of the bulk collection programs this way, in a paper emphasizing the role of the Internet dragnet.

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]

The Internet dragnet was illegal. At least 3 of the people who conveyed the importance of authorizing this program had said so — in very dramatic fashion — less than four months before she would do so.

And yet she wrote a memo saying it was legal.

Update, 8/12/14: This application confirms that George Tenet was the redacted declaration submitter.

The FISC Opinion Dance

October 14, 2013/2 Comments/in FISA, PATRIOT /by emptywheel

Andrea Peterson calls attention to this cryptic Ron Wyden quote in WaPo’s story on extant FISA Court opinions on bulk collection.

“The original legal interpretation that said that the Patriot Act could be used to collect Americans’ records in bulk should never have been kept secret and should be declassified and released,” Sen. Ron Wyden (D-Ore) said in a statement to The Washington Post. “This collection has been ongoing for years and the public should be able to compare the legal interpretation under which it was originally authorized with more recent documents.”

Before I speculate about what Wyden might be suggesting, let’s review what opinions the article says exist.

There’s the original Colleen Kollar-Kotelly opinion.

In the recent stream of disclosures about National Security Agency surveillance programs, one document, sources say, has been conspicuously absent: the original — and still classified — judicial interpretation that held that the bulk collection of Americans’ data was lawful.

That document, written by Colleen Kollar-Kotelly, then chief judge of the Foreign Intelligence Surveillance Court (FISC), provided the legal foundation for the NSA amassing a database of all Americans’ phone records, say current and former officials who have read it.

[snip]

Kollar-Kotelly’s interpretation served as the legal basis for a court authorization in May 2006 that allowed the NSA to gather on a daily basis the phone records of tens of millions of Americans, sources say. Her analysis, more than 80 pages long, was “painstakingly thorough,” said one person who read it. The date of the analysis has not been disclosed.

There’s a 2006 one pertaining to Section 215 not written by Kollar-Kotelly.

The Justice Department also is reviewing a 2006 court opinion related to the Section 215 provision to determine whether it can be released, said Alex Abdo, an ACLU staff lawyer. (A senior department official told The Post that no 2006 Kollar-Kotelly opinion is based on that provision.)

There are two more on Section 215 the government has disclosed the existence of to ACLU.

Government lawyers have told the ACLU that they are withholding at least two significant FISC opinions — one from 2008 and one from 2010 — relating to the Patriot Act’s Section 215, or “business records” provision.

Now compare how these map up with the two opinions referenced by Claire Eagan in her recent opinion.

This Court had reason to analyze this distinction in a similar context in [redacted]. In that case, this Court found that “regarding the breadth of the proposed surveillance, it is noteworthy that the application of the Fourth Amendment depends on the government’s intruding into some individual’s reasonable expectation of privacy.” Id. at 62. The Court noted that Fourth Amendment rights are personal and individual, see id. (citing Steagald v. United States, 451 U.S. 204, 219 (1981); Rakas v. Illinois, 439 U.S. 128, 133 (1978) (“‘Fourth Amendment rights are personal rights which … may not be vicariously asserted.,) (quoting Alderman v. United States, 394 U.S. 165, 174 (1969))), and that “[s]o long as no individual has a reasonable expectation of privacy in meta data, the large number of persons whose communications will be subjected to the … surveillance is irrelevant to the issue of whether a Fourth Amendment search or seizure will occur.” Id. at 63. Put another way, where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.

[snip]

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. Read more →

Espionage: Now, with No Damage Envisioned

July 29, 2013/6 Comments/in Leak Investigations /by emptywheel

A recently unsealed decision from Colleen Kollar-Kotelly just changed the interpretation of the Espionage Act for Washington DC to cover leaks that wouldn’t even harm the US.

Judge Colleen Kollar-Kotelly ruled that the prosecution in the pending case of former State Department contractor Stephen Kim need not show that the information he allegedly leaked could damage U.S. national security or benefit a foreign power, even potentially. Her opinion was a departure from a 30 year old ruling in the case of U.S. v. Morison, which held that the government must show that the leak was potentially damaging to the U.S. or beneficial to an adversary. (In that case, Samuel L. Morison was convicted of unauthorized disclosure of classified intelligence satellite photographs, which he provided to Jane’s Defence Weekly. He was later pardoned by President Clinton.)

“The Court declines to adopt the Morison court’s construction of information relating to the ‘national defense’ insofar as it requires the Government to show that disclosure of the information would be potentially damaging to the United States or useful to an enemy of the United States,” Judge Kollar-Kotelly wrote in a May 30 opinion. The opinion was redacted and unsealed (in partially illegible form) last week.

The prosecution must still show that the defendant “reasonably believed” that the information “could be used to the injury of the United States or to the advantage of a foreign nation” and that the defendant “willfully” communicated it to an unauthorized person. But it would no longer be necessary for prosecutors to demonstrate that the information itself could potentially damage national security or benefit an adversary.

Imagine how this ruling could empower prosecutors in the AP UndieBomb 2.0 investigation, in which the AP’s story reported only that the US had thwarted an UndieBomb plot. They didn’t report it until after the White House said they had cleared up a sensitive issue relating to the plot (which in practice ended up being the drone death of Fahd al-Quso).

This would make it easier for the government to prosecute AP’s sources for leaking information that even the government had suggested, to the AP, wouldn’t harm US interests.

And of course, all that builds on top of the now routine treatment of leaks to the press as Espionage, something fairly unusual before the Obama Administration.

Frightening.

FISC Opinions as Legal Cover

July 8, 2013/7 Comments/in PATRIOT /by emptywheel

WSJ has a story on how the FISA Court came to render the phrase “related to” — which has been used for 7 years to collect the phone records of almost all Americans — entirely meaningless.

The history of the word “relevant” is key to understanding that passage. The Supreme Court in 1991 said things are “relevant” if there is a “reasonable possibility” that they will produce information related to the subject of the investigation. In criminal cases, courts previously have found that very large sets of information didn’t meet the relevance standard because significant portions—innocent people’s information—wouldn’t be pertinent.

But the Foreign Intelligence Surveillance Court, FISC, has developed separate precedents, centered on the idea that investigations to prevent national-security threats are different from ordinary criminal cases. The court’s rulings on such matters are classified and almost impossible to challenge because of the secret nature of the proceedings. According to the court, the special nature of national-security and terrorism-prevention cases means “relevant” can have a broader meaning for those investigations, say people familiar with the rulings.

The story specifically says FISC issued the decision authorizing the use of Section 215 to collect phone records in May 2006, in the wake of the exposure of Dick Cheney’s illegal dragnet (and after Congress had included the “relevant to” language in the PATRIOT Act reauthorization).

But in May 2006, the secret court agreed that, even with the addition of the word “relevant,” bulk phone records could also be collected under the law.

The legal interpretations required to make this change were “aggressive,” says Timothy Edgar, a former top privacy lawyer at the Office of the Director of National Intelligence and the National Security Council in the Bush and Obama administrations. Still, considering that the program previously had less congressional or court oversight, many lawmakers saw this as a step forward, he says.

“It wasn’t seen that we’re pushing the boundaries of surveillance law here,” Mr. Edgar says. “It was the very opposite. You’re starting from a huge amount of unilateral surveillance and putting it on a much sounder legal basis.”

Indeed, the way Edgar justifies this crazy distortion of the term “relevant” is by pointing to Cheney’s illegal program, as if that made it right.

But WSJ also describes this May 2006 decision as one in a series of decisions starting in “mid-2000s.”

In classified orders starting in the mid-2000s, the court accepted that “relevant” could be broadened to permit an entire database of records on millions of people, in contrast to a more conservative interpretation widely applied in criminal cases, in which only some of those records would likely be allowed, according to people familiar with the ruling.

The timing is significant. Remember, FBI hadn’t used Section 215 in the post-9/11 era until the period Jack Goldsmith and Jim Comey started challenging the illegal program’s legality; FBI got their first Section 215 order approved — MIRACLES! — on May 21, 2004. FBI at least temporarily sidestepped DOJ’s Office of Intelligence Policy and Review to employ this standard.

On March 23, 2004 at noon, less than two weeks after the dramatic hospital confrontation and threats to quit reportedly got the Administration to agree to stop data mining Americans, FBI Director Robert Mueller had a meeting with Dick Cheney, at the Vice President’s request, in the Vice President’s office. In his notes, Mueller doesn’t describe what the VIce President wanted, nor am I aware that it has even been reported in the press.

The next day, the Chief Division Counsel of some Division of the FBI wrote a memo to the FBI General Counsel noting that FBI was using a “new standard” with Section 215 of the PATRIOT Act and indicating that a “recent decision” had been made to bypass the review of the Office of Intelligence Policy and Review on Section 215 applications.

In part, the apparent decision to bypass OIPR, which had rejected the premise of the previous Section 215 orders FBI had submitted in the past, reflected no more than a concerted effort on FBI’s part to make sure it could start using all the PATRIOT authorities it had been granted in 2001 in anticipation of renewal discussions that would take place the following year. Yet the timing of this change is particularly curious, given that we now know Section 215 has been used to collect data that could be used for data mining Americans, precisely the problem that had caused the hospital confrontation 12 days earlier.

At the very least, however, it shows that sometime around the same time as Jim Comey and others at DOJ tried to stop the data mining of Americans under NSA’s illegal program, FBI claimed to have eliminated one review step for Section 215 orders and changed the standard used for them. That reference notwithstanding, DOJ Inspector General at least reported that OIPR continued to have a role. (Note, the office that got cut out of the process, OIPR, is where one of the key whistleblowers on the illegal program, Thomas Tamm worked, though I have asked him if he knew whether they used Section 215 to accomplish the same program and he didn’t know anything about it.)

On May 21, 2004, just as the the confrontation was settling down, FBI got its first Section 215 order approved. MIRACLES! the memo subject line read. “We got our first business record order signed today. It only took two and a half years.”

And consider the other odd thing about all this. There is a part of FISA specifically designed to return phone records, the Pen Register/Trap & Trace procedure (the one used starting in 2004 for Internet metadata). So why didn’t they use that?

In any case, this increasingly appears to be the end result of an effort on the part of FISC to remain relevant by distorting law in secret, in the hopes that an unconstitutional expansion of the law in secret was better than actually stopping an illegal program conducted by bypassing the court altogether.

The reason the law is so twisted is because no one wanted to — or believed they had the ability to –rein in gross violations of law conducted by Dick Cheney.

The 2009 Draft NSA IG Report Makes No Mention of One Illegal Practice

June 30, 2013/11 Comments/in FISA, PATRIOT, state secrets /by emptywheel

The 2009 Draft NSA IG Report released by the Guardian last week — and related reporting from Barton Gellman — seem to clarify and confirm what I’ve long maintained (12/19/05; 7/29/07; 7/30/07): that one part of the illegal wiretap program that Jack Goldsmith and Jim Comey found “illegal” in 2004 was data-mining of Americans.

Eight days later on 19 March 2004, the President rescinded the authority to collect bulk Internet metadata and gave NSA one week to stop collection and block access to previously collected bulk Internet metadata. NSA did so on 26 March 2004. To close the resulting collection gap, DoJ and NSA immediately began efforts to recreate this authority in what became the PR/TT order.

Mind you, this bulk collection resumed after Colleen Kollar-Kotelly signed an order permitting NSA to collect the same data under a Pen Register/Trap & Trace order on July 14, 2004.

The FISC signed the first PR/TT order on 14 July 2004. ALthough NSA lost access to the bulk metadata from 26 March 2004 until the order was signed, the order essentially gave NSA the same authority to collect bulk Internet metadata that it had under the PSP, except that it specified the datalinks from which NSA could collect, and it limited the number of people that could access the data.

Indeed, we know the program was expanded again in 2007, to get 2 degrees of separation deep into US person Internet data. The Obama Administration claims it ended this in 2011, though there are also indications it simply got moved under a new shell.

Mystery solved, Scoob!

Not so fast.

It appears the bulk Internet metadata collection and mining is just one of two practices that Goldsmith and Comey forced Bush to at least temporarily halt in 2004. But the second one is not mentioned at all in the NSA IG Report.

I first noted that Bush made two modifications to the program in this post, where I noted that 6 pages (11-17) of Jack Goldsmith’s May 6, 2004 OLC opinion on the program described plural modifications made in March and one other month in 2004 (I correctly surmised that they had actually shifted parts of the program under parts of the PATRIOT Act, and that they had narrowed the scope somewhat, though over-optimistically didn’t realize that still included warrantless collection of known domestic content).

But there’s actually a far better authority than Goldsmith’s heavily redacted opinion that confirms Bush made two modifications to the program in this period.

Dick Cheney.

When his office disclosed to Patrick Leahy in 2007 what documents it had regarding authorizations for the illegal wiretap program, it listed two modifications to the program: the one on March 19 described in detail in the NSA IG Report, plus one on April 2.

[Cheney Counsel Shannen] Coffin’s letter indicates that Bush signed memos amending the program on March 19 and April 2 of that year.

But there’s no hint of a second modification in the NSA IG Report.

That could mean several things. It could mean the April 2 modification didn’t involve the NSA at all (and so might appear in a one of the other Agency IG Reports at the time — say, DNI — or might have been completed by an Agency, like some other part of DOD, that didn’t complete an IG Report). It could mean that part of the program was eliminated entirely on April 2, 2004. Or it could mean that in an effort to downplay illegality of the program, the IG simply didn’t want to talk about the worst prior practice eliminated in the wake of the hospital confrontation.

Goldsmith’s opinion does seem to indicate, however, that the modification pertained to an issue similar to the bulk metadata collection. He introduces that section, describing both modifications, by saying “it is necessary to understand some background concerning how the NSA accomplishes the collection activity authorized under” the program.

That may still pertain to the kind of data mining they were doing with the Internet metadata. After all, the fix of moving Internet metadata collection under the PR/TT order only eliminated the legal problem that the telecoms were basically permitting the government to steal Microsoft and Yahoo Internet content from their equipment. There still may have been a legal problem with the kind of data mining they were doing (perhaps arising out of Congress’ efforts in that year’s NDAA to prohibit funding for Total Information Awareness).

Whatever it is, one thing is clear. Even with the release of the unredacted Draft NSA IG Report, we still aren’t seeing all the details on what made the program so legally problematic.

Maybe it’s something the Senate Judiciary Committee might ask Jim Comey during his FBI Director confirmation hearing?

What Happened to that Third Branch Oversight?

June 30, 2013/21 Comments/in FISA, state secrets /by emptywheel

Judge Colleen Kollar-Kotelly is pissed.

After spending 2002 to 2006 as Chief Judge of the FISA Court struggling to keep parts of the American legal system walled off from a rogue surveillance program, she read the classified account the NSA’s Inspector General wrote of her efforts. And while that report does say Kollar-Kotelly was the only one who managed to sneak a peek at a Presidential Authorization authorizing the illegal program, she doesn’t believe it reflects the several efforts she made to reel in the program.

“In my view, that draft report contains major omissions, and some inaccuracies, regarding the actions I took as Presiding Judge of the FISC and my interactions with Executive Branch officials,” Kollar-Kotelly said in a statement to The Post.

[snip]

Kollar-Kotelly disputed the NSA report’s suggestion of a fairly high level of coordination between the court and the NSA and Justice in 2004 to re-create certain authorities under the Foreign Intelligence Surveillance Act, the 1978 law that created the court in response to abuses of domestic surveillance in the 1960s and 1970s.

“That is incorrect,” she said. “I participated in a process of adjudication, not ‘coordination’ with the executive branch. The discussions I had with executive branch officials were in most respects typical of how I and other district court judges entertain applications for criminal wiretaps under Title III, where issues are discussed ex parte.”

The WaPo story reporting on her objections makes no mention of the role one FISC law clerk — who got briefed into the program before any of the other FISC judges — played in this process, something I’m pretty curious about.

It does, however, recall two incidents where Kollar-Kotelly took measures to crack down on the illegal program, which Carol Leonnig reported back in 2006.

Both [Kollar-Kotelly and her predecessor Royce Lamberth] expressed concern to senior officials that the president’s program, if ever made public and challenged in court, ran a significant risk of being declared unconstitutional, according to sources familiar with their actions. Yet the judges believed they did not have the authority to rule on the president’s power to order the eavesdropping, government sources said, and focused instead on protecting the integrity of the FISA process.

[snip]

In 2004, [DOJ Office of Intelligence Policy and Review Counsel James] Baker warned Kollar-Kotelly he had a problem with [a “federal screening system that the judges had insisted upon to shield the court from tainted information”]. He had concluded that the NSA was not providing him with a complete and updated list of the people it had monitored, so Justice could not definitively know — and could not alert the court — if it was seeking FISA warrants for people already spied on, government officials said.

Kollar-Kotelly complained to then-Attorney General John D. Ashcroft, and her concerns led to a temporary suspension of the program. The judge required that high-level Justice officials certify the information was complete — or face possible perjury charges.

In 2005, Baker learned that at least one government application for a FISA warrant probably contained NSA information that was not made clear to the judges, the government officials said. Some administration officials explained to Kollar-Kotelly that a low-level Defense Department employee unfamiliar with court disclosure procedures had made a mistake.

Though the NSA IG Report mentions violations that occurred before 2003, it makes no mention of these violations.

What good is an IG Report that gives no idea of how often and persistent violations are?

That said, today’s WaPo story provides this as the solution to our distorted view of the FISA Court’s role in rubber-stamping this massive dragnet.

A former senior Justice Department official, who spoke on the condition of anonymity because of the subject’s sensitivity, said he believes the government should consider releasing declassified summaries of relevant opinions.

“I think it would help” quell the “furor” raised by the recent disclosures, he said. “In this current environment, you may have to lean forward a little more in declassifying stuff than you otherwise would. You might be able to prepare reasonable summaries that would be helpful to the American people.”

Back in 2006, Leonnig noted that the judges didn’t believe they had the authority to intervene to stop the dragnet. So what good does a ruling — even two as broad and stunning as the ones that used Pen Registers and Business Records to collect the contact records of all Americans — do to depict the role the Court is in?

The Administration keeps pointing to this narrowly authorized court as real court review. But that’s not what it is. And until we have a better sense of how that manifested in the past (and continues to — I’ll bet you a quarter that they’ve moved the Internet data mining to some area outside of court purview), we’re not going to understand how to provide real oversight to this dragnet.

We’d be far better off having the FISC provide its own history of these surveillance programs.

Judge Kollar-Kotelly Sees No Evil, Hears No Evil

July 24, 2012/9 Comments/in Drones, Gitmo Show Trials, Indefinite Detention, state secrets, Terrorism, Torture /by emptywheel

Yesterday, Colleen Kollar-Kotelly upheld the government’s right to withhold cables already released via WikiLeaks under FOIA (see my earlier posts on this FOIA here and here). Her logic seems to have a fatal flaw: she says the State Department has proven (and the ACLU has not rebutted the claim) that the US Government owns the cables.

The ACLU simply offers no rejoinder to the State Department’s affirmative showing that all the information at issue (1) was classified by an original classification authority, (2) is owned, produced, or controlled by the United States, and (3) falls within one or more of the eight relevant categories. [my emphasis]

But then she says (noting that ACLU made no mention that these cables had also been released via WikiLeaks and therefore pretending that they might be different) that the government has not officially acknowledged these cables are authentic.

No matter how extensive, the WikiLeaks disclosure is no substitute for an official acknowledgement and the ACLU has not shown that the Executive has officially acknowledged that the specific information at issue was a part of the WikiLeaks disclosure.

I guess they should let Bradley Manning go free, then, since the State Department isn’t prepared to say the cables he is accused of leaking were authentic?

But that’s not the most troubling part of this ruling. As I lay out below–and as Kollar-Kotelly presumably knows well–the cables are full of admissions of crime, including murder, torture, and kidnapping. Thus, had she reviewed them to see whether the government’s claims that they were properly classified are valid, she would have seen that–in addition to information properly classified to protect foreign relations–a lot of the original classification and the government’s refusal to officially release them (which would presumably make them admissible in a court) serve to hide confessions of criminal activity.

So Kollar-Kotelly chose not to review these cables in camera, choosing instead to rely on the State Department declaration that makes no mention of the criminal admissions included in the cables.

In this case, because the State Department’s declarations are sufficiently detailed and the Court is satisfied that no factual dispute remains, the Court declines to exercise its discretion to review the embassy cables in camera.

It was a cowardly ruling. But all the more cowardly, given that Kollar-Kotelly prevented herself from officially reviewing a bunch of evidence of criminal wrong-doing.

Here are details on the cables Kollar-Kotelly doesn’t want to read:

The famous meeting at which Ali Abdullah Saleh promised to lie about our strikes in Yemen

Kollar-Kotelly agreed to keep what has become perhaps the most famous cable ever, in which David Petraeus and Ali Abdullah Saleh discuss the missile strikes we conducted in Yemen in late 2009.

Mind you, the government likely has a very good legal reason to keep this cable secret. The cable makes it clear we were targeting Anwar al-Awlaki (as well as Nasir al-Wuhayshi) in those strikes. And releasing that would constitute official acknowledgement of the targeting of Awlaki that the government has tried so hard to avoid. Furthermore, as I’ll show in a follow-up post, it also shows that we targeted Awlaki for death before we had evidence implicating him in a crime.