Posts

Wyden: We Proved that “Unique” and “Vital” Information Wasn’t in 2011

/7 Comments/in , /by

I should have some analysis on the documents James Clapper released yesterday.

But it’s worth pointing to Ron Wyden’s analysis. He notes that the two documents on bulk collection programs — one from 2009 and one from 2011, both of which covered the Internet and phone metadata programs — both boasted of how unique and valuable the information was.

The briefing documents that were provided to Congress in December 2009 and February 2011 clearly stated that both the bulk email records and bulk phone records collection programs were “unique in that they can produce intelligence not otherwise available to NSA.” The 2009 briefing document went on to state that the two programs “provide a vital capability to the Intelligence Community,” and the 2011 briefing document stated that they provided “an important capability.”

The problem is, by the end of 2011, Wyden and Mark Udall had been able to prove that the Intelligence Community had oversold the value of the Internet metadata program, which led to its termination.

Senator Mark Udall and I have long been concerned about the impact of bulk collection on Americans’ privacy and civil liberties, and we spent a significant portion of 2011 pressing the Intelligence Community to provide evidence to support the claims that they had made about the bulk email records program. They were unable to do so, and the program was shut down due to a lack of operational value, as senior intelligence officials have now publicly confirmed.

This experience demonstrated that intelligence agencies’ assessments of the usefulness of particular collection programs – even significant ones – are not always accurate.

So while the government thought these documents would prove how controlled these programs are (aspects of them don’t), Wyden demonstrates that they show the IC lies about the usefulness of programs when they talk to Congress about them.

Which is, Patrick Leahy suggested in yesterday’s hearing, what the IC appears to be doing when invoking 54 plots to justify the 215 phone dragnet, which has only been tied to 12 plots.

Which is an interesting dynamic to proceed today’s meeting between Obama, Wyden, Udall, Dianne Feinstein, Saxby Chambliss, Bob Goodlatte, James Sensenbrenner, Dutch Ruppersberger, and Mike Rogers.

The presence of Sensenbrenner is key: to the extent they still exist, he’s a mainstream Republican. And he’s furious about the 215 program that he himself shepherded through Congress in 2006. So I would assume today’s meeting is an effort to develop the White House’s plan to phase out the dragnet.

All that said, Obama has clearly gamed the results, by inviting more of the surveillance champions than he did critics (and apparently House Democrats don’t count anymore).

Obama probably won’t see this through his bubble, but the day before this meeting Wyden demonstrated that the basis for the rosy tales DiFi and the other Gang of Four members are telling are claims from the IC that have since been discredited.

What will John Brennan do, Suspend his operations?

/15 Comments/in /by

Brennan with Torture

These with a thousand small deliberations

Protract the profit of their chilled delirium,

Excite the membrane, when the sense has cooled,

With pungent sauces, multiply variety

In a wilderness of mirrors. What will the spider do,

Suspend its operations, will the weevil

Delay?

–T.S. Eliot, Gerontian

This image — captioned, “President Barack Obama talks with CIA Director John Brennan, center, and Chief of Staff Denis McDonough in a West Wing hallway of the White House, May 10, 2013” — may officially be my new favorite official White House photograph.

I first learned of it when Katherine Hawkins pointed to this MuckRock FOIA request, which noted that the document in Brennan’s hand was titled, “The Central Intelligence Agency’s Response to The Senate Select Committee on Intelligence Study of the CIA’s Detention and Interrogation Program.”

In other words, John Brennan was speaking to Obama and the Chief of Staff about CIA’s complaints about the SSCI Torture Report on May 10. And White House photographer Pete Souza had framed the event amidst reflections and dark lighting that would make even James Jesus Angleton weep.

I’m fond of the photo, too, for what it shows.

As you recall, SSCI’s torture report was completed last December. CIA was initially supposed to respond to SSCI about the report by February 15, but that got held up, in part, because of Brennan’s confirmation, during which he appeared to avoid reading the report to avoid saying anything about it before being confirmed. Almost immediately after Brennan was confirmed, the CIA started leaking about how much they didn’t like it (even while claiming they still hadn’t finished reviewing the document). It turns out those leaks were factually incorrect. On April 11, Brennan was still stalling about the content of the review and completely ignoring any possibility it would be released publicly (though had spoken with Dianne Feinstein and Saxby Chambliss earlier that week about it). On May 1, Mark Udall got shrill, advising the President he could “excise the demons” of torture by releasing the report. On May 7, CIA was still compiling its “defiant” response to the report; National Security Council Spokesperson Caitlin Hayden told me the White House was still reviewing the document. Also on May 7, a collection of human rights organizations called on the White House to appoint someone to oversee the release of the report.

3 days later, Brennan was in the White House with a report on CIA’s complaints about the report, all written up.

But here’s the thing: that meeting was May 10. It was almost 7 weeks later before Brennan would present that report (again with leaks about how inaccurate millions of CIA cables are) — in the company of Joe Biden — to Dianne Feinstein and Saxby Chambliss (though there were reports that they ended up discussing other issues instead).

CIA has had its complaints all typed up for over two months now. And the only sign of any discussion about declassifying the report that describes how many lies CIA told about this program is Feinstein’s request to Jim Comey in his confirmation hearing that he would read it, why by itself seems a concession that we all won’t get to.

So did the White House decide not to release the report two months ago and just never tell us all?

Dianne Feinstein Suggests President Obama Personally Violating Our Treaty Obligations

/10 Comments/in , , /by

As I noted the other day, in her ruling that she could not halt the force-feeding at Gitmo, Gladys Kessler described the treatment as “degrading,” potentially invoking our obligations under Article 16 of the Convention again Torture to prevent degrading treatment. Kessler actually explicitly invoked International Covenant on Civil and Political Rights, which includes a similar prohibition on degrading treatment.

Dianne Feinstein and Dick Durbin sent Obama a letter yesterday, using Kessler’s ruling to connect the two explicitly.

U.S. District Court for the District of Columbia Judge Gladys Kessler also expressed concern about the force-feeding of Guantanamo Bay detainees. The Court denied detainee Jihad Dhiab’s motion for a preliminary injunction to stop force-feeding due to lack of jurisdiction, but in her order, Judge Kessler noted that Dhiab has set out in great detail in his court filings “what appears to be a consensus that force-feeding of prisoners violates Article 7 of the International Covenant on Civil and Political Rights (ICCPR) which prohibits torture or cruel, inhumane, and degrading treatment.” The United States has ratified the ICCPR and is obligated to comply with its provisions. Judge Kessler also wrote, “it is perfectly clear from the statements of detainees, as well as the statements from the [medical] organizations just cited, that force-feeding is a painful, humiliating, and degrading process.” (emphasis added).

The judge concluded by correctly pointing out that you, as Commander in Chief, have the authority to intercede on behalf of Dhiab, and other similarly-situated detainees at Guantanamo. The court wrote: “Article II, Section 2 of the Constitution provides that ‘[t]he President shall be the Commander in Chief of the Army and Navy of the United States. …’ It would seem to follow, therefore, that the President of the United States, as Commander-in-Chief, has the authority—and power—to directly address the issue of force-feeding of the detainees at Guantanamo Bay.”

Feinstein only by association makes the next part of her argument. We comply with these treaties by complying with our Eighth Amendment prohibition on cruel or unusual punishment. And the government has long said that if we can do something elsewhere in a our gulag system, we can do it in Gitmo.

In a letter to Chuck Hagel last month — which Feinstein noted in yesterday’s letter but did not quote from — she laid out how our force-feeding at Gitmo differs from that used in the Bureau of Prisons.

In addition to the allegation that the Department of Defense’s force-feeding practices are out of sync with international norms, they also appear to deviate significantly from U.S. Bureau of Prison practices. Based on a review by Intelligence Committee staff, the significant differences between force-feedings at Guantanamo Bay and within the U.S. Bureau of Prisons relate to the manner in which the detainees are force-fed, how often detainees are force-fed, and the safeguards and oversight in place during force-feedings.

Within the Bureau of Prisons, force-feeding is exceedingly rare. The Intelligence Committee staff has been told that no inmate within the Bureau of Prisons has been force-fed in more than six months. When force-feedings do occur within the Bureau of Prisons, we have been told that nearly 95% of the time they are conducted with a fully compliant inmate requiring no restraints. At Guantanamo Bay, on the other hand, all detainees being force-fed–regardless of their level of cooperation–are placed in chairs where they are forcibly restrained. The visual impression is one of restraint: of arms, legs, and body. Further, at Guantanamo Bay, detainees are fed twice a day in this manner, potentially over a substantial period of time. This also is inconsistent with the practice of the U.S. Bureau of Prisons.

Additionally, the U.S. federal prison guidelines for force-feedings include several safeguards and oversight mechanisms that are not in place at Guantanamo Bay. These guidelines require the warden to notify a sentencing judge of the involuntary feeding, with background and an explanation of the reasons for involuntary feeding. Further, the Bureau of Prisons requires an individualized assessment of an inmate’s situation to guide how force-feedings are administered, a practice that I found largely absent at Guantanamo Bay. Finally, all force-feedings must be videotaped within the Bureau of Prisons.

It’s almost as if DiFi knows or suspects there’s an OLC memo that — parallel to the ones that found torture to be legal because it vaguely resembled practices elsewhere (as when they noted that members of the military undergo SERE training, so reverse-engineered SERE techniques used in different situations were legal) — finds our force-feeding at Gitmo to be legal because judges have approved the way we force-feed people in federal prisons. In any case, Gitmo officials have said their treatment is similar with BOP treatment.

Between these two letters, she has laid out why that is not the case. Indeed, that’s the import of Kessler’s language, a federal judge finding the treatment we use in Gitmo to violate our obligations under ICCPR.

Say what you will about DiFi (lord knows I’ve often said the same, where I thought it appropriate), but she has just told a President from her own party that he’s breaking the law.

In These Times We Can’t Blindly Trust Government to Respect Freedom of Association

/39 Comments/in , , , /by

One of my friends, who works in a strategic role at American Federation of Teachers, is Iranian-American. I asked him a few weeks ago whom he called in Iran; if I remember correctly (I’ve been asking a lot of Iranian-Americans whom they call in Iran) he said it was mostly his grandmother, who’s not a member of the Republican Guard or even close. Still, according to the statement that Dianne Feinstein had confirmed by NSA Director Keith Alexander, calls “related to Iran” are fair game for queries of the dragnet database of all Americans’ phone metadata.

Chances are slim that my friend’s calls to his grandmother are among the 300 identifiers the NSA queried last year, unless (as is possible) they monitored all calls to Iran. But nothing in the program seems to prohibit it, particularly given the government’s absurdly broad definitions of “related to” for issues of surveillance and its bizarre adoption of a terrorist program to surveil another nation-state. And if someone chose to query on my friend’s calls to his grandmother, using the two-degrees-of-separation query they have used in the past would give the government — not always the best friend of teachers unions — a pretty interesting picture of whom the AFT was partnering with and what it had planned.

In other words, nothing in the law or the known minimization rules of the Business Records provision would seem to protect some of the AFT’s organizational secrets just because they happen to employ someone whose grandmother is in Iran. That’s not the only obvious way labor discussions might come under scrutiny; Colombian human rights organizers with tangential ties to FARC is just one other one.

When I read labor organizer Louis Nayman’s “defense of PRISM,” it became clear he’s not aware of many details of the programs he defended. Just as an example, Nayman misstated this claim:

According to NSA officials, the surveillance in question has prevented at least 50 planned terror attacks against Americans, including bombings of the New York City subway system and the New York Stock Exchange. While such assertions from government officials are difficult to verify independently, the lack of attacks during the long stretch between 9/11 and the Boston Marathon bombings speaks for itself.

Keith Alexander didn’t say NSA’s use of Section 702 and Section 215 have thwarted 50 planned attacks against Americans; those 50 were in the US and overseas. He said only around 10 of those plots were in the United States. That works out to be less than 20% of the attacks thwarted in the US just between January 2009 and October 2012 (though these programs have existed for a much longer period of time, so the percentage must be even lower). And there are problems with three of the four cases publicly claimed by the government — from false positives and more important tips in the Najibullah Zazi case, missing details of the belated arrest of David Headley, to bogus claims that Khalid Ouazzan ever planned to attack NYSE. The sole story that has stood up to scrutiny is some guys who tried to send less than $10,000 to al-Shabaab.

While that doesn’t mean the NSA surveillance programs played no role, it does mean that the government’s assertions of efficacy (at least as it pertains to terrorism) have proven to be overblown.

Yet from that, Nayman concludes these programs have “been effective in keeping us safe” (given Nayman’s conflation of US and overseas, I wonder how families of the 166 Indians Headley had a hand in killing feel about that) and defends giving the government legal access (whether they’ve used it or not) to — among other things — metadata identifying the strategic partners of labor unions with little question.

And details about the success of the program are not the only statements made by top National Security officials that have proven inaccurate or overblown. That’s why Nayman would be far better off relying on Mark Udall and Ron Wyden as sources for whether or not the government can read US person emails without probable cause than misstating what HBO Director David Simon has said (Simon said that entirely domestic communications require probable cause, which is generally but not always true). And not just because the Senators are actually read into these programs. After the Senators noted that Keith Alexander had “portray[ed] protections for Americans’ privacy as being significantly stronger than they actually are” — specifically as it relates to what the government can do with US person communications collected “incidentally” to a target — Alexander withdrew his claims.

Nayman says, “As people who believe in government, we cannot simply assume that officials are abusing their lawfully granted responsibility and authority to defend our people from violence and harm.” I would respond that neither should we simply assume they’re not abusing their authority, particularly given evidence those officials have repeatedly misled us in the past.

Nayman then admits, “We should do all we can to assure proper oversight any time a surveillance program of any size and scope is launched.” But a big part of the problem with these programs is that the government has either not implemented or refused such oversight. Some holes in the oversight of the program are:

  • NSA has not said whether queries of the metadata dragnet database are electronically  recorded; both SWIFT and a similar phone metadata program queries have been either sometimes or always oral, making them impossible to audit
  • Read more

On the Meanings of “Dishonor” and “Hack”

/22 Comments/in , , /by

The former NSA IG (and current affiliate of the Chertoff Group profiteers, though he didn’t disclose that financial interest) Joel Brenner has taken to the pages of Lawfare to suggest anyone trying to force some truth out of top Intelligence Community officials is dishonorable.

On March 12 of this year, Senator Ron Wyden asked James Clapper, the director of national intelligence, whether the National Security Agency gathers “any type of data at all on millions or hundreds of millions of Americans.”

“No, sir,” replied the director, visibly annoyed. “Not wittingly.”

Wyden is a member of the Senate Select Committee on Intelligence and had long known about the court-approved metadata program that has since become public knowledge. He knew Clapper’s answer was incorrect. But Wyden, like Clapper, was also under an oath not to divulge the story. In posing this question, he knew Clapper would have to breach his oath of secrecy, lie, prevaricate, or decline to reply except in executive session—a tactic that would implicitly have divulged the secret. The committee chairman, Senator Diane Feinstein, may have known what Wyden had in mind. In opening the hearing she reminded senators it would be followed by a closed session and said,  “I’ll ask that members refrain from asking questions here that have classified answers.” Not dissuaded, Wyden sandbagged he [sic] director.

This was a vicious tactic, regardless of what you think of the later Snowden disclosures. Wyden learned nothing, the public learned nothing, and an honest and unusually forthright public servant has had his credibility trashed.

Brenner of course doesn’t mention that Clapper had had warning of this question, so should have provided a better non-answer. Later in his post, he understates how revealing telephone metadata can be (and of course doesn’t mention it can also include location). He even misstates how often the phone metadata collection has been queried (it was queried on 300 selectors, not “accessed only 300 times”).

But the really hackish part of his argument is in pretending this whole exchange started on March 12.

It didn’t. It started over a year ago and continued through last week when Keith Alexander had to withdraw a “fact sheet” purporting to lay out the “Section 702 protections” Americans enjoy (see below for links to these exchanges).

The exchange didn’t start out very well, with two Inspectors General working to ensure that Wyden and Mark Udall would not get their unclassified non-answer about how many Americans are surveilled under Section 702’s back door until after the Intelligence Committee marked up the bill.

But perhaps the signature exchange was this October 10, 2012 Wyden letter (with 3 other Senators) to Keith Alexander and Alexander’s November 5, 2012 response.

On July 27, 2012, Alexander put on a jeans-and-t-shirt costume and went to DefCon to suck up to hackers. After giving a schmaltzy speech including lines like, “we can protect the networks and have civil liberties and privacy,” DefCon founder Jeff Moss asked Alexander about recent Bill Binney allegations that the NSA was collecting communications of all Americans. Wired reported the exchange here.

It was this exchange — Keith Alexander’s choice to make unclassified statements to a bunch of hackers he was trying to suck up to — that underlies Wyden’s question. And Wyden explicitly invoked Alexander’s comments in his March 12 question to Clapper.

In Wyden’s letter, he quoted this, from Alexander.

We may, incidentally, in targeting a bad guy hit on somebody from a good guy, because there’s a discussion there. We have requirements from the FISA Court and the Attorney General to minimize that, which means nobody else can see it unless there’s a crime that’s been committed.

Wyden then noted,

We believe that this statement incorrectly characterized the minimization requirements that apply to the NSA’s FISA Amendments Act collection, and portrays privacy protections for Americans’ communications as being stronger than they actually are.

This is almost precisely the exchange that occurred last week, when Wyden and Udall had to correct Alexander’s public lies about Section 702 protections again. 8 months later and Alexander is reverting to the same lies about protections for US Persons.

In the letter, Wyden quoted from Alexander again,

You also stated, in response to the same question, that “…the story that we have millions or hundreds of millions of dossiers on people is absolutely false. We are not entirely clear what the term “dossier” means in this context, so we would appreciate it if you would clarify this remark.

And asked,

Are you certain that the number of American communications collected is not “millions or hundreds of millions”? If so, then clearly you must have some ability to estimate the scale of this number, at least some range in which you believe it falls. If this is the case, how large could this number possibly be? How small could it possibly be?

Does the NSA collect any type of data at all on “millions or hundreds of millions of Americans”?

This last question was precisely the question Wyden asked Clapper 5 months later on March 12 (Alexander’s response in November didn’t even acknowledge this question — he just blew it off entirely).

As Wyden emphasized, Alexander is the one who chose to make misleading assertions in unclassified form, opening up the door for demands for an unclassified response.

Since you made your remarks in an unclassified forum, we would appreciate an unclassified response to these questions, so that your remarks can be properly understood by Congress and the public, and not interpreted in a misleading way.

In other words, Brenner presents the context of Wyden’s question to Clapper completely wrong. He pretends this exchange was about one cleared person setting up another cleared person to answer a question. But Brenner ignores (Wyden’s clear invocation of it notwithstanding) that this exchange started when a cleared person, General Alexander, chose to lie to the public.

And now that we’ve seen the minimization standards, we know just how egregious a lie Alexander told to the hackers at DefCon. It’s bad enough that Alexander didn’t admit that anything that might possibly have a foreign intelligence purpose could be kept and, potentially, disseminated, a fact that would affect all Americans’ communications.

But Alexander was talking to high level hackers, probably the group of civilians who encrypt their online communications more than any other.

And Alexander knows that the NSA keeps encrypted communications indefinitely, and with his say-so, can keep them even if they’re known to be entirely domestic communications.

In other words, in speaking to the group of American civilians whose communications probably get the least protections from NSA (aside from the encryption they themselves give it), Alexander suggested their communications would only be captured if they were talking to bad guys. But the NSA defines “those who encrypt their communications” as bad guys by default.

He was trying to suck up to the hackers, even as he lied about the degree to which NSA defines most of them as bad guys.

Brenner gets all upset about his colleagues being “forced” to lie in public. But that’s not what’s going on here: James Clapper and, especially, Keith Alexander are choosing to lie to the public.

And if it is vicious for an intelligence overseer to call IC officials on willful lies to the public, then we’ve got a very basic problem with democracy. Read more

On the Refusal to Exercise Oversight over Vast Surveillance Programs, Episode 117

/6 Comments/in , /by

The Joint IG Report on the illegal wiretap program left out all discussion of what happened to the Internet and (to a lesser extent) phone metadata collection that got moved into Pen Register/Trap&Trace and Section 215 collection, respectively, as described by the NSA Draft IG Report (see page 39 ff).

The transition of certain PSP-authorized activities to FISC orders is described in detail in Section 5 of the classified report and Chapter Five of the DOJ OIG Report. Further details regarding this transition are classified and therefore cannot be addressed in this unclassified report.

But the report did make it clear that Glenn Fine, then DOJ’s Inspector General, had recommended DOJ and other Intelligence Committee agencies track whether these programs were useful in their new form.

As noted above, certain activities that were originally authorized as part of the PSP have subsequently been authorized under orders issued by the FISC. The DOJ OIG believes that DOJ and other IC agencies should continue to assess the value of information derived from such activities to the government’s counterterrorism efforts.

[snip]

Finally, the collection activities pursued under the PSP, and under FISA following the PSP’s transition to that authority, involved unprecedented collection activities. We believe the retention and use by IC organizations of information collected under the PSP and FISA should be carefully monitored.

The Joint IG Report came out in July 2009. The debate over extending the PATRIOT Act started in earnest in September 2009.

Yet not only wasn’t that review baked into the extension, but when Patrick Leahy tried to include additional oversight that would include, among other things,

  • Mandate further audits of some of these provisions, such as the use of pen registers
  • Give the Court oversight over the minimization procedures for the use of Section 215 and pen register and trap and trace devices
  • Require that Section 215 and pen registers only be granted if authorities can show that the requested information has ties to terrorism

Dianne Feinstein got Leahy to take much of that out in a substitute bill, and then Jeff Sessions, seemingly working on behalf of the Administration, gutted things further in the Senate markup. It was fairly clear then that the IC — if not the Administration personally — wanted to make sure this oversight did not get added to the PATRIOT Act.

And it didn’t.

The next year, Glenn Fine — who, of course, was the guy who recommended increased oversight in the first place — said he’d do the reviews anyway.

We intend to initiate another review examining the FBI’s use of NSLs and Section 215 orders for business records. Among other issues, our review will assess the FBI’s progress in responding to the OIG’s recommendations in the prior reports. In addition, we intend to examine the number of NSLs issued by the FBI from 2007 through 2009, and we will closely examine the automated system to generate and track NSLs that the FBI implemented to address the deficiencies identified in the OIG reports.

In addition, our review will cover the FBI’s use of Section 215 orders for business records. It will examine the number of Section 215 applications filed from 2007 through 2009, how the FBI is using the tool today, and describe any reported improper or illegal uses of the authority. Our review will also examine the progress the FBI has made in addressing recommendations contained our prior reports that the FBI draft and implement minimization procedures specifically for information collected under Section 215 authority.

We also intend to conduct a programmatic review of the FBI’s use of its pen register and trap and trace authority under the FISA. That part of the review will examine issues such as how the FBI uses the authority to collect information, what the FBI does with the information it collects, and whether there have been any improper or illegal uses of the authority either reported by the FBI or identified by the OIG. [my emphasis]

Writing in 2010, when both metadata collection programs were still ongoing under these authorities, this basically laid out a plan to review all the secret metadata collection hidden inside these authorities.

Fine wrote that in June; in November of that year, he announced his resignation, saying he wanted to pursue new professional challenges.

Read more

Shorter Mark Udall: Why Can’t John Brennan “Honor the Oath”?

/15 Comments/in , /by

Still reading the NSA IG Report, so I’ll just quote right from Mark Udall’s release:

As a member of the Senate Intelligence Committee, I am concerned to see news reports about the CIA’s response to the Committee’s Study of the CIA’s Detention and Interrogation Program before the information was provided to the committee. Committee members have not yet seen this response, which we have been expecting for nearly six months.

The American people’s trust in intelligence agencies requires transparency and strong congressional oversight. This latest leak–the latest incident in a long string of leaks from unnamed intelligence officials who purport to be familiar with the Committee’s Study and the CIA’s official response to it–is wholly unacceptable. Even as these reports emerged today and over the past several months, the CIA and the White House have repeatedly rejected requests to discuss the Committee’s report with Members or Committee staff.

The continual leaks of inaccurate information from unnamed intelligence officials are embarrassing to the agency and have only hardened my resolve to declassify the full Committee Study, which is based on a review of more than six million pages of CIA records, comprises more than 6,000 pages in length and includes more than 35,000 footnotes. The report is based on CIA records including internal memoranda, cables, emails, as well as transcripts of interviews and Intelligence Committee hearings. The Study is fact-based, and I believe, indisputable.

I am confident the American people will agree once they have the opportunity to read the Study, as well as the CIA’s official response, that this program was a failure and a tragic moment in America’s history. The only way to correct the inaccurate information in the public record on this program is through the sunlight of declassification.

The other thing that leaked in the last day, in addition to CIA’s claim that millions of its reports are inaccurate, is this news:

CIA Director John Brennan is launching a new campaign aimed at pressuring CIA officers to keep the intelligence agency’s secrets secret, after a series of leaks to the media.

In a memo to the CIA workforce this week, Brennan says the “Honor the Oath,” campaign is intended to “reinforce our corporate culture of secrecy” through education and training.

Some leadership on “our corporate culture of secrecy” Brennan is showing, huh?

BREAKING: CIA Admits to SSCI Millions of Its Official Records Are Badly Inaccurate

/11 Comments/in , /by

As I noted in this post, today John Brennan will try to convince Dianne Feinstein and Saxby Chambliss that their (well, really McCain and the Democrats’) 6,000 page report documenting that torture didn’t work and CIA lied to Congress (and the White House and DOJ and the public) about it not working.

Here’s the basis on which Brennan will stake his claim that SSCI’s report is wrong.

The CIA report catalogues errors that teams of agency analysts found in the committee’s research. It also questions the panel’s methodology, noting that the committee collected millions of internal CIA cables and other documents on the interrogation program, but it did not interview anyone directly involved.

Never mind that the CIA chose not to make its officials available to the committee. Never mind that John Kiriakou made it clear that the cables describing Abu Zubaydah’s torture, at least, both downplayed the number of times he had been waterboarded and exaggerated how effectively it worked.

The CIA will make the case that if you were to read millions of their cables recording their intelligence programs, you would have a grossly distorted understanding of those programs. CIA will make the case that nothing true they do is written down.

Or something like that.

Now, there’s abundant evidence the conclusions of the SSCI report are actually correct, no matter what torturers would say if asked.

But I do think it ought to raise at least as many concerns to be told that the millions of CIA cables and other documentation SSCI read doesn’t convey the truth about what CIA is doing.

Hell, I think John Brennan just made the case that the lawyers for Gitmo detainees who were held by the CIA need to interview all of the CIA personnel in person.

The FBI and CIA Unminimized Collections and the Holes in Article III Review of FISA Amendments Act

/5 Comments/in , /by

In my piece confirming that the NSA can search on US person data collected incidentally in Section 702 collection, I pointed to these two paragraphs from the minimization procedures.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures  adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

It’s not clear what this entails.

But Dianne Feinstein once defended the FISA Amendments Act authorization to search on US person information by pointing to Nidal Hasan. Remember, his emails were picked up on a generalized collection of Anwar al-Awlaki’s communications, which should have been a traditional FISA warrant, but may have been conducted via the same software tools as FAA collection. In which case, the kind of access described in the Webster report would provide one idea of what this looks like from the FBI side. That process has almost certainly been streamlined, given that the god-awlful software the FBI used prevented it from pulling the entire stream of Hasan’s emails to Awlaki.

First, the FBI’s database of intercepts sucked. When the first Hasan intercepts came in, it allowed only keyword searches; tests the Webster team ran showed it would have taken some finesse even to return all the contacts between Hasan and Awlaki consistently. More importantly, it was not until February 2009 that the database provided some way to link related emails, so the Awlaki team in San Diego relied on spreadsheets, notes, or just their memory to link intercepts. (91) But even then, the database only linked formal emails; a number of Hasan’s “emails” to Awlaki were actually web contacts, (100) which would not trigger the database’s automatic linking function. In any case, it appears the Awlaki team never pulled all the emails between Hasan and Awlaki and read them together, which would have made Hasan seem much more worrisome (though when the San Diego agent set the alert for the second email, he searched and found the first one).

Even before this was streamlined, the collection seemed to lack real minimization. Though to be fair, the Agents spending a third of their days reading Awlaki’s emails were drowning and really had an incentive to get reports out as quickly as possible. But they seemed to be in the business of sending out reports with IDs, not the reverse.

In addition, we know that subsequent to that time, the FBI started using this collection (and, I’m quite certain, Samir Khan’s), as a tripwire — what they call “Strategic Collections.”

The Hasan attack (and presumably subsequent investigations, as well as the Umar Farouk Abdulmutallab attack) appears to have brought about a change in the way wiretaps like Awlaki’s are treated. Now, such wiretaps–deemed Strategic Collections–will have additional follow-up and management oversight.

The Hasan matter shows that certain [redacted] [intelligence collections] [redacted] serve a dual role, providing intelligence on the target while also serving as a means of identifying otherwise unknown persons with potentially radical or violent intent or susceptibilities. The identification and designation of Strategic Collections [redacted] will allow the FBI to focus additional resources–and, when appropriate, those of [redacted] [other government agencies]–on collections most likely to serve as “trip wires.” This will, in turn, increase the scrutiny of information that is most likely to implicate persons in the process of violent radicalization–or, indeed, who have radicalized with violent intent. This will also provide Strategic Collections [redacted] with a significant element of program management, managed review, and quality control that was lacking in the pre-Fort Hood [review of information acquired in the Aulaqi investigation] [redacted].

If implemented prior to November 5, 2009, this process would have [redacted] [enhanced] the FBI’s ability to [redacted] identify potential subjects for “trip wire” and other “standalone” counterterrorism assessments or investigations. (99)

Many many many of the aspirational terrorists the FBI rolled up in 2010 and afterwards were people who had communicated or followed Awlaki or Khan. And to the extent we’ve prosecuted a bunch of wayward youth who can’t pull together a plot without the FBI’s assistance, that ought to be a concern on many levels.

Because it would mean this unminimized production is part of the Terror Manufacturing Industry. (Mind you, the FBI was doing this with their own surveillance based off Hal Turner in the 00s, so it’s not an approach limited to Muslim radicals.)

To the extent that FAA collection might be sent to FBI as a way to identify non-criminal leads to criminalize, it’s a problem, particularly if the FISA Court doesn’t see what minimization the FBI uses.

Read more

NSA’s Querying of US Person Data, Take Two

/12 Comments/in , /by

Update: Alexander’s office has conceded Udall and Wyden’s point about the classified inaccuracy. It also notes:

With respect to the second point raised in your 24 June 2013 letter, the fact sheet did not imply nor was it intended to imply “that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.”

He then cites two letters from James Clapper’s office which I don’t believe have been published.

Joshua Foust tries to refute this post and in doing so proves once again he doesn’t understand the meaning of “target” under Section 702.

Out of courtesy to him, I’m going to rewrite this post to help him understand it. The issue is not whether the US can “target” a US person without a warrant. They can’t. The issue is what the US does with US person data they collect incidentally off a legal target (which must be a foreigner overseas collected for a legitimate intelligence purpose).

At issue is this sentence in the Mark Udall/Ron Wyden letter to Keith Alexander.

Separately, this same fact sheet states that under Section 702, “Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.” We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.

The passage says that the claim, “any inadvertently acquired communication of or concerning a US person must be promptly destroyed” is “somewhat misleading,” for two reasons:

  1. It implies that the NSA has the ability to determine how many American communications it has collected under section 702
  2. It implies that the law does not allow the NSA to deliberately search for the records of particular Americans

Now, before I get into bullet point 2, which is the one in question, note that this entire passage is talking about “inadvertently acquired communication of or concerning a US person.” This is not information on someone who has been targeted. It discusses what happens to information collected along with the communications of those who’ve been targeted (say, by emailing the target). Therefore, this entire passage is irrelevant to the issue of what happens with the targeted person’s communication. The Udall/Wyden claim is not about targeting in the least; it is about incidental collection.

Okay, bullet point 2: Udall and Wyden claim that Alexander’s fact sheet is misleading because it implies the law does not allow the NSA to deliberately search for the records of particular Americans. They could be wrong, but their claim is that it is misleading for Alexander to suggest that the law does not allow the NSA to deliberately search for the records of particular Americans. That means they believe the law does allow the NSA to deliberately search for the records of particular Americans, otherwise they wouldn’t think his statement was misleading.

Now, if it were just Udall and Wyden making this claim, it’d be a he-said/he-said. But  pointed out that this claim is not new at all. It’s not even one limited to Udall and Wyden. In the FAA report released by Dianne Feinstein last year, it said,

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession.

First, the report describes a debate the committee had:

The Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained.

The committee debated two things:

  1. Whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited.
  2. Whether querying information collected under Section 702 to find communications of a particular United States person should be more robustly constrained.

Bullet point 1 makes it clear they were debating whether they should prohibit this activity. If they had to consider that, it means that it is not prohibited (which is precisely what Udall and Wyden say–that the law allows it). Bullet point 2 says they also considered whether they should “more robustly constrain” it, which suggests (though does not prove) that it is going on now, otherwise there’d be nothing to constrain.

The IC IGs won’t tell us how much of this goes on–they claim they have no way of counting it, which ought to alarm you, because it says they’re not actually tracking it via some kind of auditing function.

I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Now, as I already laid out, what we’re talking about is not targeting a US person–focusing collection on that person. What we’re talking about is what you can do with the US person data collected “incidentally” with the communications collected of that targeted person. That information–as the minimization guidelines describe–is lawfully collected. The big question is what you can do with it once you have collected it, and in many but not all cases there are restrictions against circulating that information before you’ve hidden the identity of the US person in question.

The last part of the passage from the SSCI says,

With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession.

Again, some amount of US person data is collected under Section 702 along with the data of the targeted person (if it weren’t, they wouldn’t need minimization procedures). It is lawfully collected. The question is what you’re allowed to do with it. And as part of the debate the committee had about whether they were going to “prohibit” or “more robustly constrain” the querying of US person data that was lawfully collected as incidental data, SSCI describes the Intelligence Community (which includes, in part, the NSA, the CIA, and the FBI) providing several reasons why it might need to conduct queries of this data. And the committee agreed that these reasons were “legitimate foreign intelligence needs.”

The minimization procedures from 2009, at least, require destruction of US person data if it is “clearly not relevant to the authorized purpose of the acquisition (e.g., the communication does not contain foreign intelligence information).” (3(b)(1)) What is not immediately destroyed may be kept for up to 5 years. But it only destroys the stuff that is “clearly not relevant,” not data that might be relevant to the purpose of the investigation.

Now, while the language is not exact, the SSCI report’s description of data that has a “legitimate foreign intelligence” surely includes “foreign intelligence information.” This is kind of backwards (which may be part of complaint from Udall and Wyden), but unless the information is clearly not relevant — and the intelligence community says some of this data has legitimate intelligence purposes — then it is retained. This is probably why Udall and Wyden think Alexander’s “must be promptly destroyed” is misleading, because if the IC thinks they might need to query it because it would serve a legitimate foreign intelligence purpose, then it is not.

So who makes this decision whether to keep the data? “NSA analyst(s) will determine whether it … is reasonably believed to contain foreign intelligence information.” (3(b)(4)) The NSA, not FBI or CIA.

And this data cannot just be retained. It can also be “forwarded to analytic personnel responsible for producing intelligence information from the collected data.” (3(b)(2))

Now, in most cases, that information must be anonymized (which is what Kurt Eichenwald discusses here, which Foust cites). But it has always been the case there are exceptions to that rule. Some exceptions are if:

  • The Director of NSA specifically determines, in writing, that the communication is reasonably believed to contain significant foreign intelligence information. (5(1)) In that case the information goes to the FBI. [Update: This distribution is permitted with domestic communication–that is, US to US person.]
  • A recipient requiring the identity of such person for the performance of official duties needs the identity of the United States person to understand foreign intelligence information or assess its importance. (6(b)(2) This sometimes, but not always, happens after an initial distribution.

There are actually a slew more exceptions but these two should suffice. Again, these rules on distribution (except as they affect technical data base information, which might be relevant here, but not necessary) are not new with FAA. They’ve long been in place.

Again, this is all about what happens to incidentally collected data, not the data of the person actually targeted. Which is why these two passages are irrelevant to the entire point (the second of which Foust thought I was leaving out because it hurt my point).

As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause.

[snip]

The Department of Justice and Intelligence Community reaffirmed that any queries made of Section 702 data will be conducted in strict compliance with applicable guidelines and procedures and do not provide a means to circumvent the general requirement to obtain a court order before targeting a U.S. person under FISA.

What they say is that the government is prohibited from targeting a US person without a warrant and that any other things done with incidentally collected data must be conducted in strict compliance with applicable guidelines, which are the minimization procedures I just reviewed (though again, those are from 2009 so they may have changed somewhat). The passage very clearly envisions making queries of the data and very clearly considers such queries to be distinct from the targeting of a US person.

And the minimization procedures make it clear that if data is not “clearly not foreign intelligence,” (that is, if it might be foreign intelligence, as this queried data is, according to the IC) then it is retained, at least through the initial (NSA-conducted) review. Where it can be queried, so long as the other minimization procedures are met.

One final thing. Foust is actually wrong when he suggests the IC asked for new authority (in any case, the only conclusion would be that they got it). Rather, in both the SSCI and the Senate Judiciary Committee, Senators tried to limit this authority. In SJC, Mike Lee,  Dick Durbin, and Chris Coons submitted an amendment to (among other things) prohibit,

the searching of the contents of communications acquired under this section [702] in an effort to find communications of a particular United States person…

…Except with an emergency authorization.

Dianne Feinstein fought the amendment by arguing such a prohibition would have made it harder to find Nidal Hasan (whom we didn’t find anyway, and whose communications with Anwar al-Awlaki may well have been traditional FISA collection). But at one level that makes sense.

Sheldon Whitehouse said that such a restriction would “kill this program.”

I may not like what Whitehouse stated. But I do trust his judgement about how central to this program is access to US person communications.

That doesn’t say how much of this stuff goes on (though it does seem to suggest it does). But it does say we ought to at least track it.