Posts

Is the Section 215 Dragnet Limited to Terrorism Investigations?

/28 Comments/in , , , /by

Unlike PRISM, most public discussions about the Section 215 dragnet program suggest that it is tied to terrorism. It’s a claim, for example, that Charlie Savage makes in this story, which he traces back to this statement from Director of National Security James Clapper.

And indeed, that statement does claim the program is limited to terrorism investigations.

The collection is broad in scope because more narrow collection would limit our ability to screen for and identify terrorism-related communications. Acquiring this information allows us to make connections related to terrorist activities over time. The FISA Court specifically approved this method of collection as lawful, subject to stringent restrictions.

The information acquired has been part of an overall strategy to protect the nation from terrorist threats to the United States, as it may assist counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities.

[snip]

By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program. All information that is acquired under this program is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization. Only specially cleared counterterrorism personnel specifically trained in the Court-approved procedures may even access the records.

All information that is acquired under this order is subject to strict restrictions on handling and is overseen by the Department of Justice and the FISA Court. Only a very small fraction of the records are ever reviewed because the vast majority of the data is not responsive to any terrorism-related query. [my emphasis]

Even assuming James “Least Untruthful Too Cute by Half” Clapper can be trusted on this point, consider a few things about this statement.

  • It was released after only the first Guardian release. Thus, it was almost certainly rushed. And while NSA has claimed they had identified Edward Snowden before he started publishing, it is possible they did not know precisely what he had taken (though it is equally possible they already knew).
  • Clapper avoids mentioning precisely what program he is referring to in this statement, not even mentioning the Section 215 authority directly (though he does mention the PATRIOT Act. The Executive Branch has a well-established history — on this and related programs precisely — in addressing just a subset of a program so as to try to hide larger parts of it.

In addition, recall that when DOJ Inspector General Glenn Fine referred to these secret programs in a 2008 report on the use of Section 215, he spoke in the plural and included two classified appendices to describe them. In 2011, Acting Assistant Attorney General Todd Hinnen referred only to programs, plural. Thus, there almost certainly are at least two secret programs, and Michael Hayden has claimed Obama has expanded the use of this authority, which might mean there are more than two.

Furthermore, compare Clapper’s statement from June 6 — which mentioned only terrorists — with how he explained the dragnet program to Andrea Mitchell on June 9.

ANDREA MITCHELL: At the same time, when Americans woke up and learned because of these leaks that every single telephone call in this United States, as well as elsewhere, but every call made by these telephone companies that they collect is archived, the numbers, just the numbers, and the duration of these calls. People were astounded by that. They had no idea. They felt invaded.

JAMES CLAPPER: I understand that. But first let me say that I and everyone in the intelligence community all– who are also citizens, who also care very deeply about our– our privacy and civil liberties, I certainly do. So let me say that at the outset. I think a lot of what people are– are reading and seeing in the media is a lot of hyper– hyperbole.
A metaphor I think might be helpful for people to understand this is to think of a huge library with literally millions of volumes of books in it, an electronic library. Seventy percent of those books are on bookcases in the United States, meaning that the bulk of the of the world’s infrastructure, communications infrastructure is in the United States.

There are no limitations on the customers who can use this library. Many and millions of innocent people doing min– millions of innocent things use this library, but there are also nefarious people who use it. Terrorists, drug cartels, human traffickers, criminals also take advantage of the same technology. So the task for us in the interest of preserving security and preserving civil liberties and privacy is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read.

You think of the li– and by the way, all these books are arranged randomly. They’re not arranged by subject or topic matter. And they’re constantly changing. And so when we go into this library, first we have to have a library card, the people that actually do this work.

Which connotes their training and certification and recertification. So when we pull out a book, based on its essentially is– electronic Dewey Decimal System, which is zeroes and ones, we have to be very precise about which book we’re picking out. And if it’s one that belongs to the– was put in there by an American citizen or a U.S. person.

We ha– we are under strict court supervision and have to get stricter– and have to get permission to actually– actually look at that. So the notion that we’re trolling through everyone’s emails and voyeuristically reading them, or listening to everyone’s phone calls is on its face absurd. We couldn’t do it even if we wanted to. And I assure you, we don’t want to.

ANDREA MITCHELL: Why do you need every telephone number? Why is it such a broad vacuum cleaner approach?

JAMES CLAPPER: Well, you have to start someplace. If– and over the years that this program has operated, we have refined it and tried to– to make it ever more precise and more disciplined as to which– which things we take out of the library. But you have to be in the– in the– in the chamber in order to be able to pick and choose those things that we need in the interest of protecting the country and gleaning information on terrorists who are plotting to kill Americans, to destroy our economy, and destroy our way of life.

In speaking of the way in which the government uses this dragnet collection as a kind of Dewey Decimal system to identify communications it wants to go back and view, he doesn’t limit it to terrorists. Indeed, he doesn’t even limit it to those foreign intelligence uses the PATRIOT Act authorizes, like counterintelligence (though Obama’s roll-out of Transnational Crime Organization initiative in 2011 — which effectively started treating certain transnational crime networks just like terrorists — may suggest only those crime organizations are being targeted).

Given two more days of disclosures after his initial Section 215 statement, Clapper acknowledged that PRISM has been used (at a minimum) to pursue weapons proliferators and hackers in addition to terrorists. Then, the next day, he at least seemed to suggest that Section 215 collection is used to pinpoint not just terrorists, but also drug cartels and other criminal networks.

And as I’ll show in a follow-up post, it seems to have targeted far more than that.

Have Clapper, Feinstein, and Rogers Confused the Distinct Issues of Section 215 and PRISM? Or Are They Indistinct?

/23 Comments/in , /by

[youtube]hmw4G5q1OkE[/youtube]

Last year, when Pat Leahy tried to switch the FISA Amendments Act reauthorization to a 3 year extension instead of 5, which would have meant PATRIOT and FAA would be reconsidered together in 2015, the White House crafted a talking point claiming that would risk confusing the two provisions.

Aligning FAA with expiration of provisions of the Patriot Act risks confusing distinct issues.

In the last week, the Guardian had one scoop pertaining to FAA (the PRISM program) and another to PATRIOT (the use of Section 215 to conduct dragnet collection of Americans’ phone records).

Since then, almost everyone discussing the issues seems to have confused the two.

Including, at a minimum, Mike Rogers, as demonstrated by the video above. When Dianne Feinstein started explaining the Section 215 Verizon order, Mike Rogers interrupted to say that the program could not be targeted at Americans. But of course the Section 215 order was explicitly limited to calls within the US, so he had to have been thinking of PRISM.

Then there what, on first glance, appears to be confusion on the part of journalists. I noted how Reuters’ Rogers-related sources were clearly confused (or in possession of a time machine) when they made such claims, and NYT appeared to conflate the issues as well. Similarly, Andrea Mitchell took this exchange — which is clearly about Section 215 — and elsewhere reported that the law allowing NSA to wiretap Americans (which could be FISA or FAA) stopped the attack.

ANDREA MITCHELL:

At the same time, when Americans woke up and learned because of these leaks that every single telephone call in this United States, as well as elsewhere, but every call made by these telephone companies that they collect is archived, the numbers, just the numbers, and the duration of these calls. People were astounded by that. They had no idea. They felt invaded.

JAMES CLAPPER:

I understand that.

[snip]

A metaphor I think might be helpful for people to understand this is to think of a huge library with literally millions of volumes of books in it, an electronic library. Seventy percent of those books are on bookcases in the United States, meaning that the bulk of the of the world’s infrastructure, communications infrastructure is in the United States.

[snip]

So the task for us in the interest of preserving security and preserving civil liberties and privacy is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read.

[snip]

So when we pull out a book, based on its essentially is– electronic Dewey Decimal System, which is zeroes and ones, we have to be very precise about which book we’re picking out. And if it’s one that belongs to the– was put in there by an American citizen or a U.S. person.

We ha– we are under strict court supervision and have to get stricter– and have to get permission to actually– actually look at that. So the notion that we’re trolling through everyone’s emails and voyeuristically reading them, or listening to everyone’s phone calls is on its face absurd. We couldn’t do it even if we wanted to. And I assure you, we don’t want to.

ANDREA MITCHELL:

Why do you need every telephone number? Why is it such a broad vacuum cleaner approach?

JAMES CLAPPER:

Well, you have to start someplace. If– and over the years that this program has operated, we have refined it and tried to– to make it ever more precise and more disciplined as to which– which things we take out of the library. But you have to be in the– in the– in the chamber in order to be able to pick and choose those things that we need in the interest of protecting the country and gleaning information on terrorists who are plotting to kill Americans, to destroy our economy, and destroy our way of life.

ANDREA MITCHELL:

Can you give me any example where it actually prevented a terror plot?

JAMES CLAPPER:

Well, two cases that– come to mind, which are a little dated, but I think in the interest of this discourse, should be shared with the American people. They both occurred in 2009. One was the aborted plot to bomb the subway in New York City in the fall of 2009.

And this all started with a communication from Pakistan to a U.S. person in Colorado. And that led to the identification of a cell in New York City who was bent on– make– a major explosion, bombing of the New York City subway. And a cell was rolled up, and in their apartment, we found backpacks with bombs.

A second example, also occurring in 2009, involved– the– one of the– those involved, perpetrators of the Mumbai bombing in India, David Headley. And we aborted a plot against a Danish news publisher based on– the same kind of information. So those are two specific cases of uncovering plots through this mechanism that– prevented terrorist attacks.

What would seem to support the conclusion that everyone was just very confused is that, in his talking points on the two programs, Clapper claims three examples as successes for the use of PRISM, none of which is Zazi or Headley.

Now, the AP reports Clapper’s office (which is fast losing credibility) has circulated talking points making the claim that PRISM helped nab Zazi.

The Obama administration declassified a handful of details Tuesday that credited its PRISM Internet spying program with intercepting a key email that unraveled a 2009 terrorist plot in New York.

The details, declassified by the director of national intelligence, were circulated on Capitol Hill as part of government efforts to tamp down criticism of two recently revealed National Security Agency surveillance programs.

But, as I suggested last year, the White House clearly wasn’t concerned about us confusing our pretty little heads by conflating FAA and Section 215. Rather, it seemed then to want to hide the relationship between the dragnet collection of Americans calls and the direct access to Internet providers’ data.

But Clapper and DiFi seem to hint at the relationship between them.

In her first comments about Section 215 (even before PRISM had broken) DiFi said this.

The information goes into a database, the metadata, but cannot be accessed without what’s called, and I quote, “reasonable, articulable suspicion” that the records are relevant and related to terrorist activity.

And in his talking points on 215, Clapper said this.

By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program. All information that is acquired under this program is subject to strict, court-imposed restrictions on review and handling. The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization.

This standard — reasonable suspicion that the records are relevant to or associated with a terrorist investigation (I’ll come back to the terrorism issue in another post) — is not the 215 standard, because it requires reasonable suspicion. But it’s not as high as a FISA warrant would be, which requires it to be more closely related than “relevant” to a terrorist investigation.

So what standard is this, and where did it come from? Read more

Clapper Couldn’t Even Do Better Than “Least Untruthful” with a Day’s Notice

/14 Comments/in , /by

As I noted yesterday, when Andrea Mitchell asked James Clapper about his lie to Ron Wyden earlier this year, Clapper offered a baloney answer, admitting both that he gave the “least untruthful” answer and that he had been “too cute by half.”

First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

[snip]

And this has to do with of course somewhat of a semantic, perhaps some would say too– too cute by half. But it is– there are honest differences on the semantics of what– when someone says “collection” to me, that has a specific meaning, which may have a different meaning to him. [my emphasis]

It was such a terrible response to Mitchell’s question, for ten whole minutes I wished Rahm Emanuel were back in the White House to rip Clapper to shreds for such a media fail.

But what makes Clapper’s answer — and his retroactive explanations for it — far, far worse is that Ron Wyden gave him a day to figure out how to answer.

One of the most important responsibilities a Senator has is oversight of the intelligence community. This job cannot be done responsibly if Senators aren’t getting straight answers to direct questions. When NSA Director Alexander failed to clarify previous public statements about domestic surveillance, it was necessary to put the question to the Director of National Intelligence. So that he would be prepared to answer, I sent the question to Director Clapper’s office a day in advance. [my emphasis]

And after Clapper lied to Wyden’s face, Wyden gave him a chance to amend it, which he did not take.

After the hearing was over my staff and I gave his office a chance to amend his answer. Now public hearings are needed to address the recent disclosures and the American people have the right to expect straight answers from the intelligence leadership to the questions asked by their representatives. [my emphasis]

Wyden is making it clear: this was a deliberate, knowing lie to Congress. And no one wants to talk about it.

Which, as Wyden further notes, undermines any pretense that Congress exercise adequate oversight over the Executive Branch.

If Wanting to Reveal that All Americans’ Metadata Gets Swept Up Is Treason, Edward Snowden Is in Distinguished Company

/30 Comments/in , , /by

Earlier this evening, Dianne Feinstein called Edward Snowden’s decision to leak NSA documents an act of treason.

“I don’t look at this as being a whistleblower. I think it’s an act of treason,” the chairwoman of the Senate Intelligence Committee told reporters.

The California lawmaker went on to say that Snowden had violated his oath to defend the Constitution.

“He violated the oath, he violated the law. It’s treason.”

Perhaps DiFi can be excused for her harsh judgment. After all, in addition to exposing the sheer range of surveillance our government is doing, Snowden made it very clear that DiFi allowed Director of National Intelligence James Clapper to lie to her committee.

And continues to allow Clapper’s lie to go unreported, much less punished.

But I thought it worthwhile to point out the many people who have committed to make the FISA Court Opinions describing, among other things, how the government’s abuse of Section 215 violated the Constitution.

In 2010, DOJ promised to try to declassify important rulings of law.

In 2010, as part of the same effort, Clapper’s office promised to try to declassify important rulings of law.

In 2011, prior to be confirmed as Assistant Attorney General, now White House Homeland Security Advisor Lisa Monaco promised, “I will work to ensure that the Department continues to work with the ODNI to make this important body of law as accessible as possible.”

All these people claimed they wanted to make FISC’s opinion, among other things, on the secret use of Section 215 public.

What Snowden released on Section 215 — just a single 215 order to Verizon, without details on how this information is used — is far, far less than what DOJ and ODNI and Lisa Monaco pledged to try to release. Given that the collection is targeted on every single American indiscriminately, it won’t tell the bad guys anything (except that they’ve been sucked into the same dragnet the rest of us have). And while it shows that FBI submits the order but the data gets delivered to NSA (which has some interesting implications), that’s a source and method to game the law, not the source or method used to identify terrorists.

So if Snowden committed treason, he did so doing far less than top members of our National Security establishment promised to do.

Wait.

There’s one more member of this gang of — according to DiFi — traitors committed to tell Americans how their government spies on them. There’s the Senator who said this on December 27, 2012.

I have offered to Senator Merkley to write a letter requesting declassification of more FISA Court opinions. If the letter does not work, we will do another intelligence authorization bill next year, and we can discuss what can be added to that bill on this issue.

Oh, wait! That was Senator Dianne Feinstein, arguing that they didn’t have time to pass an actual amendment, attached to the actual FISA Amendments Act renewal, forcing the government to turn over this secret law.

But she promised to write a letter!

And even, DiFi claimed (though similar promises to John Cornyn to obtain the OLC memo authorizing Anwar al-Awlaki’s killing went undelivered), to include a requirement in this year’s intelligence authorization requiring the government to turn over far more information on the government’s use of Section 215 than Snowden did.

I get that DiFi doesn’t agree with his method — that he leaked this rather than (!) write a letter. I get that Snowden has exposed DiFi for allowing Clapper lie to her committee, in part to hide precisely this information.

But in debates in the Senate, at least, DiFi has claimed to support releasing just this kind of information.

Section 702 Is Used for Terror, Proliferation, AND Hacking

/14 Comments/in , , /by

The AP has a story about the way algorithms control Section 702, the legal program for which PRISM provides NSA analysts acces.

And while he also admits that Obama “had expanded the scope of the surveillance,” Michael Hayden makes this false claim (which he actually said on FNS).

Michael Hayden, who led both the NSA and CIA, said the government doesn’t touch the phone records unless an individual is connected to terrorism.

He described on “Fox News Sunday” how it works if a U.S. intelligence agent seized a cellphone at a terrorist hideout in Pakistan.

“It’s the first time you’ve ever had that cellphone number. You know it’s related to terrorism because of the pocket litter you’ve gotten in that operation,” Hayden said. “You simply ask that database, `Hey, any of you phone numbers in there ever talked to this phone number in Waziristan?'”

Here’s how I know this is absolutely false (aside from the language of Section 702 that clearly allows it to be used for foreign intelligence generally so long as it is targeted — which is one of those tricky words– at people not known to be in the US).

Director Clapper — who admittedly engages in least untruthfuls that are too cute by half — claimed this as one of the successes in Section 702.

Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States, including specific potential network computer attacks. This insight has led to successful efforts to mitigate these threats.

Don’t get me wrong. Using this kind of collection for foreign cyberattacks is entirely appropriate. Indeed, it is probably the very best use of the tool, since it’s it’s a lot easier to engage in cyberattacks — particularly if you’re overseas — using the Internet, whereas the most dangerous terrorists can and no doubt increasingly will find other means to communicate.

So it’s not that I object to using this program to target Chinese hackers. But as you consider the 51% standard that, according to Edward Snowden, NSA analysts have to meet, or if you consider how easily signals taken from any major US-based coverage can meet that 51% standard, understand that NSA is much more likely to make a “mistake” in its geographic screens for American hackers than for American Islamic extremists.

We’ve heard nothing but TERRA TERRA TERRA since these leaks first started. And every time you hear that, you might ask what it would mean if they also mean hacker.

James Clapper Hails Checks and Balances While Treating Oversight “Too Cute by Half”

/22 Comments/in , , , /by

I’ve been citing bits of this interview between James Clapper and Andrea Mitchell here and there, but the whole thing needs to be read to be believed.

But the quick version is this. Mitchell asks Clapper whether “trust us” is enough, given that some future President or Director of National Intelligence might decide to abuse all the programs in question. Clapper responds by celebrating our constitutional system’s checks and balances.

ANDREA MITCHELL:

The president and you and the others in this top-secret world, are saying, “Trust us. We have your best interests, we’re not invading your privacy, we’re going after bad guys. We’re not going after your personal lives.” What happens when you’re gone, when this president or others in our government are gone? There could be another White House that breaks the law.

There could be another D.N.I. who does really bad things– we listened during the Watergate years to those tapes. With the President of the United States saying, “Fire bomb the Brookings Institution.” You know, what do you say to the American people about the next regime who has all of these secrets? Do they– do they live forever somewhere in a computer?

JAMES CLAPPER:

No, they don’t live forever. That’s a valid concern, I think. You know, people come and go, presidents come and go, administrations come and go, D.N.I.’s will come and go. But what is, I think– important about our system is our system of laws, our checks and balances.

You know, the– I think the founding fathers would actually be pretty impressed with how– what they wrote and the organizing principles for this country are still valid and are still used even in you– to– to regulate a technology then, they never foresaw. So that’s timeless. That– those are part of our institutions. Are there people that will abuse those institutions? Yes. But we have a system that sooner or later, mostly sooner these days, those misdeeds are found out. [my emphasis]

But when, earlier in the interview, Mitchell asks him about his lie to Ron Wyden, here’s how he answered.

ANDREA MITCHELL:

Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said that there was not data collection on millions of Americans?

JAMES CLAPPER:

First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

Read more

Is Robert Mueller, a Purported Hero of the Hospital Confrontation, Responsible for Section 215 Use?

/7 Comments/in , /by

On March 23, 2004 at noon, less than two weeks after the dramatic hospital confrontation and threats to quit reportedly got the Administration to agree to stop data mining Americans, FBI Director Robert Mueller had a meeting with Dick Cheney, at the Vice President’s request, in the Vice President’s office. In his notes, Mueller doesn’t describe what the VIce President wanted, nor am I aware that it has even been reported in the press.

The next day, the Chief Division Counsel of some Division of the FBI wrote a memo to the FBI General Counsel noting that FBI was using a “new standard” with Section 215 of the PATRIOT Act and indicating that a “recent decision” had been made to bypass the review of the Office of Intelligence Policy and Review on Section 215 applications.

In part, the apparent decision to bypass OIPR, which had rejected the premise of the previous Section 215 orders FBI had submitted in the past, reflected no more than a concerted effort on FBI’s part to make sure it could start using all the PATRIOT authorities it had been granted in 2001 in anticipation of renewal discussions that would take place the following year. Yet the timing of this change is particularly curious, given that we now know Section 215 has been used to collect data that could be used for data mining Americans, precisely the problem that had caused the hospital confrontation 12 days earlier.

At the very least, however, it shows that sometime around the same time as Jim Comey and others at DOJ tried to stop the data mining of Americans under NSA’s illegal program, FBI claimed to have eliminated one review step for Section 215 orders and changed the standard used for them. That reference notwithstanding, DOJ Inspector General at least reported that OIPR continued to have a role. (Note, the office that got cut out of the process, OIPR, is where one of the key whistleblowers on the illegal program, Thomas Tamm worked, though I have asked him if he knew whether they used Section 215 to accomplish the same program and he didn’t know anything about it.)

On May 21, 2004, just as the the confrontation was settling down, FBI got its first Section 215 order approved. MIRACLES! the memo subject line read. “We got our first business record order signed today. It only took two and a half years.”

Now, at least some of the people commenting publicly on the confirmation that Section 215 has been used to compile a database recording details on all calls Americans make say Section 215 has supported that purpose only since 2006. Dianne Feinstein, for example, says the practice has gone on for 7 years.

As far as I know, this is the exact three month renewal of what has been the case for the past seven years. This renewal is carried out by the FISA Court under the business records section of the Patriot Act. Therefore, it is lawful.

Seven years would put its start almost exactly at the March 9, 2006 renewal of the PATRIOT Act, which added new language on Section 215 in the wake of the December 15, 2005 exposure of Bush’s illegal wiretap program. In discussions of this collection program since last week, it has generally been accepted that’s when it all started.

Curiously (particularly given his insistence that PRISM only started in 2008, slides to the contrary notwithstanding), James Clapper made no claims about precisely when this practice started.

The Patriot Act was signed into law in October 2001 and included authority to compel production of business records and other tangible things relevant to an authorized national security investigation with the approval of the FISC. This provision has subsequently been reauthorized over the course of two Administrations – in 2006 and in 2011. It has been an important investigative tool that has been used over the course of two Administrations, with the authorization and oversight of the FISC and the Congress.

It is possible that this program was conducted under a different PATRIOT provision (such as the Pen Register ones) prior to 2006; in fact, Clapper never mentions the term “Section 215” in his purported clarification of the program.

Now, consider one more detail. In a statement before the 2009 debate on PATRIOT Act reauthorization focusing closely on Section 215, Russ Feingold suggested that the debate over reauthorization in 2005, which led to purported initial use of Section 215 to conduct this dragnet, had been stymied by classification of how the PATRIOT had been implemented.

I remain concerned that critical information about the implementation of the Patriot Act has not been made public – information that I believe would have a significant impact on the debate. During the debate on the Protect America Act and the FISA Amendments Acts in 2007 and 2008, critical legal and factual information remained unknown to the public and to most members of Congress – information that was certainly relevant to the debate and might even have made a difference in votes. And during the last Patriot Act reauthorization debate in 2005, a great deal of implementation information remained classified.

[snip]

But there also is information about the use of Section 215 orders that I believe Congress and the American people deserve to know. I do not underestimate the importance of protecting our national security secrets. But before we decide whether and in what form to extend these authorities, Congress and the American people deserve to know at least basic information about how they have been used. So I hope that the administration will consider seriously making public some additional basic information, particularly with respect to the use of Section 215 orders.

There can be no question that statutory changes to our surveillance laws are necessary. Since the Patriot Act was first passed in 2001, we have learned important lessons, and perhaps the most important of all is that Congress cannot grant the government overly broad authorities and just keep its fingers crossed that they won’t be misused, or interpreted by aggressive executive branch lawyers in as broad a way as possible. [my emphasis]

This suggests the plan to use Section 215 may have been explicit in those classified debates.

Read more

Are Guardian’s Sources Responding to a New Use of Surveillance, Post-Boston?

/34 Comments/in , , /by

boundless heatmap

Update: The Guardian source, Edward Snowden, has revealed himself. Stunning.

Little mentioned as we talk about the massive amounts of spying Obama’s Administration undertakes is this passage from the President’s recent speech on counterterrorism.

That’s why, in the years to come, we will have to keep working hard to strike the appropriate balance between our need for security and preserving those freedoms that make us who we are. That means reviewing the authorities of law enforcement, so we can intercept new types of communication, and build in privacy protections to prevent abuse. [my emphasis]

As massive as the surveillance collection currently is, Obama recently called to expand it.

Most people have assumed that’s a reference to FBI’s persistent call for CALEA II, newly proposed to be a law imposing fines on companies that don’t comply with “wiretap” orders.

The F.B.I. director, Robert S. Mueller III, has argued that the bureau’s ability to carry out court-approved eavesdropping on suspects is “going dark” as communications technology evolves, and since 2010 has pushed for a legal mandate requiring companies like Facebook and Google to build into their instant-messaging and other such systems a capacity to comply with wiretap orders. That proposal, however, bogged down amid concerns by other agencies, like the Commerce Department, about quashing Silicon Valley innovation.

While the F.B.I.’s original proposal would have required Internet communications services to each build in a wiretapping capacity, the revised one, which must now be reviewed by the White House, focuses on fining companies that do not comply with wiretap orders. The difference, officials say, means that start-ups with a small number of users would have fewer worries about wiretapping issues unless the companies became popular enough to come to the Justice Department’s attention.

That is certainly at least part of what Obama’s seeking (though the ill-considered plan presents as many security issues as it does privacy ones).

But I note that Mike Rogers said this on ABC this morning.

And so each one of these programs — and I think the Zazi case is so important, because that’s one you can specifically show that this was the key piece that allowed us to stop a bombing in the New York Subway system.

But these programs, that authorized by the court by the way, only focused on non-United States persons overseas, that gets lost in this debate, are pieces of the puzzle. And you have to have all of the pieces of the puzzle to try to put it together. That’s what we found went wrong in 9/11.

And we didn’t have all of the pieces of the puzzle, we found out subsequently, to the Boston bombings, either. And so had we had more pieces of the puzzle you can stop these things before they happen. [my emphasis]

Mike Rogers asserted, with no evidence given, that had we had more information on Tamerlan Tsarnaev, we might have been able to prevent the Boston attack.

Rogers has, in the past, suggested that if we had gotten the texts between Tsarnaev’s mother and a relative in Russia discussing Tamerlan’s interest in fighting jihad. But it’s not clear that anything prevented us from collecting the relative’s communications, and if the discussion of fighting is as obvious as reporting claims (I suspect it is not), there would have been adequate probable cause to ID the mother.

In fact, one of the Guardian’s other scoops makes it clear that we don’t collect all that much SIGINT from Russia in the first place, so the fact we missed the text may say more about our intelligence focus than the technologies available to us.

Nevertheless, Rogers at least suggests that we might have been able to prevent the attack had we had more data.

In part of an interview with Andrea Mitchell that has not yet (AFAIK) been shown, James Clapper whined that the intelligence community was accused of not being intrusive enough following the Boston attack.

DNI Clapper @TodayShow: I find it a little ironic that after the Boston bombings we were accused of not being intrusive enough

Which makes me wonder whether Obama is calling for more than just CALEA II, but has floated using all this data in new ways because two guys were able to conduct a very low-tech attack together.

Glenn Greenwald said somewhere (I haven’t been able to find it) that he had been working on the PRISM story for around 2 months. If so, that would put it close to the Boston attack (though if it were two full months, it’d make it before the attack).

Given that timing, I’m wondering if the final straw that motivated this presumably high level NSA person to start leaking was a proposed new use of all this data hoovered up. Clapper et al insist that the FISA Court does not currently allow the NSA to data mine the data collected in its dragnet.

But have then been thinking about changing that?

James Clapper’s Tip for Avoiding Lies: Don’t Do Talking Points

/13 Comments/in , /by

[youtube]QwiUVUJmGjs[/youtube]

For a guy who warned for years about an abuse of the FISA Amendments Act and Section 215 of the PATRIOT Act, I have to admit Ron Wyden was pretty circumspect  yesterday. He issued a statement, partly to reiterate his call to make this public, partly to suggest the program isn’t worth much.

The administration has an obligation to give a substantive and timely response to the American people and I hope this story will force a real debate about the government’s domestic surveillance authorities. The American people have a right to know whether their government thinks that the sweeping, dragnet surveillance that has been alleged in this story is allowed under the law and whether it is actually being conducted. Furthermore, they have a right to know whether the program that has been described is actually of value in preventing attacks. Based on several years of oversight, I believe that its value and effectiveness remain unclear.

And he sent out three tweets:

Of course, it’s the second tweet — showing the Director of National Intelligence lying in testimony to Congress about whether the NSA collects “any data at all on millions or hundreds of millions of Americans” — I found most interesting.

Wyden always has had a knack for exposing people as liars.

By the end of the day the National Journal had contacted Clapper to provide him an opportunity to explain why this lie to Congress wasn’t a lie. He offered a nonsensical explanation.

Director of National Intelligence James Clapper said Thursday that he stood by what he told Sen. Ron Wyden, D-Ore., in March when he said that the National Security Agency does not “wittingly” collect data on millions of Americans.

What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. I stand by that,” Clapper told National Journal in a telephone interview.

On March 12, at a hearing of the Senate Intelligence Committee, Wyden asked Clapper: “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper responded: “No, sir.” When Wyden followed up by asking, “It does not?” Clapper said: “Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.” Clapper did not specify at the time that he was referring to e-mail. [my emphasis]

Clapper’s lie — that he took Wyden’s “collected any type of data at all” to mean “voyeuristically pore through emails” — is all the worse for how bad a non-sequitur it is. Caught in a lie, the head of our Intelligence Community responded with word salad.

Given that abysmal attempt to explain away his lie, I find it all the more curious the Administration decided Clapper, newly exposed as a liar, would be the guy to head pushback to the revelations of the last few days. Late in the day Clapper issued first one, then another “statement” on the revelations.

Both, of course, issued stern condemnations of leaks revealing that he had lied (and that Americans have no privacy).

The unauthorized disclosure of a top secret U.S. court document threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation.

[snip]

The unauthorized disclosure of information about this important and entirely legal program is reprehensible and risks important protections for the security of Americans.

Those are hollow warnings, of course, for the reasons I laid out here.

Clapper then goes on to claim that both stories misrepresent the programs.

The article omits key information regarding how a classified intelligence collection program is used to prevent terrorist attacks and the numerous safeguards that protect privacy and civil liberties.

[snip]

The Guardian and The Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act.  They contain numerous inaccuracies.

Worlds tiniest violin! After refusing urgent requests from members of Congress who had been briefed on this to be transparent for years, the Intelligence Community has lost its ability to spin this!

Perhaps the most interesting part of Clapper’s two statements, however, is the way Clapper purportedly clarified a detail about the WaPo/Guardian stories on PRISM.

Clapper — and an anonymous statement from a Senior Administration Official issued minutes before Clapper’s — made explicitly clear PRISM operates under Section 702 of the FISA Amendments Act.

Section 702 is a provision of FISA that is designed to facilitate the acquisition of foreign intelligence information concerning non-U.S. persons located outside the United States. It cannot be used to intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States.

Activities authorized by Section 702 are subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. They involve extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.

Section 702 was recently reauthorized by Congress after extensive hearings and debate.

Section 702, Section 702, Section 702.

This claim had only been implicit in the reporting in the WaPo and Guardian.

Read more

Section 215: The White House’s Bullshit Talking Points

/21 Comments/in , /by

Here’s what the White House has offered as talking points to defend collecting (DiFi has confirmed) all the call data from all Americans since 2006. Interspersed is my commentary.

The article discusses what purports to be an order issued by the Foreign Intelligence Surveillance Court under a provision of the Foreign Intelligence Surveillance Act that authorizes the production of business records. Orders of the FISA Court are classified.

As they’ve done with drone strikes and, especially, WikiLeaks cables before, the Administration refuses to confirm that this is, in fact, what several members of Congress have made it clear it is: an authentic FISA Order that (as Dianne Feinstein revealed) is just the quarterly renewal of a program that goes back to the PATRIOT Act renewal in March 2006.

In other words, with its “talking points,” the Administration is recommitting to keeping this program legally secret, even though it’s not secret.

Everything that say after they set up that information asymmetry should be regarded with the knowledge that the White House refuses to permit you to check its claims.

The talking points go on.

On its face, the order reprinted in the article does not allow the Government to listen in on anyone’s telephone calls. The information acquired does not include the content of any communications or the name of any subscriber. It relates exclusively to metadata, such as a telephone number or the length of a call.

Here, the White House does two things. With its “exclusively metadata” comment, it tries to minimize how much metadata really provides. Here’s how Shane Harris, in a superb explainer, describes what metadata can really provide.

What can you learn with metadata but no content?

A lot. In fact, telephone metadata can be more useful than the words spoken on the phone call. Starting with just one target’s phone number, analysts construct a social network. They can see who the target talks to most often. They can discern if he’s trying to obscure who he knows in the way he makes a call; the target calls one number, say, hangs up, and then within second someone calls the target from a different number. With metadata, you can also determine someone’s location, both through physical landlines or, more often, by collecting cell phone tower data to locate and track him. Metadata is also useful for trying to track suspects that use multiple phones or disposable phones. For more on how instructive metadata can be, read this.

Note the White House fails to mention the forms of some metadata, such as geolocation, that are particularly invasive.

But the other thing this White House bullshit talking point does is precisely the same thing the Bush White House did when, in 2005 after James Risen and Eric Lichtblau exposed the illegal wiretap program, it dubbed a subpart of the program the Terrorist Surveillance Program and talked about how innocuous it was taken in solitary. The White House is segregating one part of the government’s interdependent surveillance system and preening about how harmless that isolated part is in isolation.

What the White House doesn’t mention is how the government uses this data, among other ways, to identify possible terrorists who they can conduct more investigation of, including accessing their content using this data mining to establish probable cause.

What the White House is trying to hide, in other words, is that this collection is part of a massive collection program that uses algorithms and other data analysis to invent people to investigate as terrorists.

And then the bullshit White House talking points contradict themselves.

Information of the sort described in the Guardian article has been a critical tool in protecting the nation from terrorist threats to the United States, as it allows counterterrorism personnel to discover whether known or suspected terrorists have been in contact with other persons who may be engaged in terrorist activities, particularly people located inside the United States.

Wait, what? Just one talking point ago, the White House told us that, “The information acquired does not include the content of any communications or the name of any subscriber.” But here we are, a mere talking point later, and the White House is claiming that it is used to discover whether known terrorists are in contact with other persons? Uh, so it does involve the known identities of both existing suspects and those gleaned from this massive collection of data, huh?

But don’t worry. Because a court has rubber stamped this.

As we have publicly stated before, all three branches of government are involved in reviewing and authorizing intelligence collection under the Foreign Intelligence Surveillance Act. Congress passed that act and is regularly and fully briefed on how it is used, and the Foreign Intelligence Surveillance Court authorizes such collection.

How does the separation of powers work again? Congress passes the law, the Executive enforces the law, and Courts review the law?

Only, in its bold claim that all three branches of government support this, the Court’s role is to “authorize such collection.” There’s a reason for that word, authorize. The only thing the courts are permitted to review are whether the government has provided,

(A) a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, such things being presumptively relevant to an authorized investigation if the applicant shows in the statement of the facts that they pertain to—
(i) a foreign power or an agent of a foreign power;

(ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or

(iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation; and

(B) an enumeration of the minimization procedures adopted by the Attorney General under subsection (g) that are applicable to the retention and dissemination by the Federal Bureau of Investigation of any tangible things to be made available to the Federal Bureau of Investigation based on the order requested in such application.

That is, the government just has to make a “reasonable” argument that this stuff is “relevant” to an investigation geared toward protecting against international terror or foreign clandestine activities. And if they can point to any number of foreign types (a foreign power, a suspected agent of a foreign power, or someone in contact with a suspected agent of a foreign power), the judge is instructed to presume it is related even if that seems like a stretch.

This is not a robust review of the claims the government is making. On the contrary, it is designed not to be a robust review of those claims.

Which brings us to Congress, that other branch the White House touts. It is utterly and embarrassingly true that they have repeatedly bought off on this, even if James Sensenbrenner, among others, is suckering journalists claiming that he didn’t. Indeed, oversight committees shot down efforts to limit Section 215 orders to people who actually had a tie to a suspected terrorist or foreign spy in 2006, 2009, and 2011. Such language was shot down each time. So, too, were efforts in 2011 and 2012 to reveal what was really going on in Section 215 collection; oversight committees shot that down too.

So here, in a rarity for national security overreach, the White House is absolutely right. Congress repeatedly bought off on this program, including its unbelievably broad standard for “relevance.”

Except … except … when Ron Wyden tried to get the government to tell him how many Americans’ records had been reviewed (by using this front-end collection to identify the back-end collection) the Inspectors General in question professed to be helpless to do that (later hints suggested they had done that study, but refused to share it with the Intelligence Committees).

So while it is true that Congress, with a few exceptions, have been completely complicit in this, it is also true that the Executive Branch has withheld the information Congress needs to understand what is happening with US person data.

I wonder why?

Never you worry, though, because it’s all constitutional.

There is a robust legal regime in place governing all activities conducted pursuant to the Foreign Intelligence Surveillance Act. That regime has been briefed to and approved by the Court.

Activities authorized under the Act are subject to strict controls and procedures under oversight of the Department of Justice, the Office of the Director of National Intelligence and the FISA Court, to ensure that they comply with the Constitution and laws of the United States and appropriately protect privacy and civil liberties.

Don’t worry, the White House concludes. The legal review designed not to be robust is robust.

And to be fair, the FISA Court has, on at least one occasion, told the Administration they were violating the Fourth Amendment. Though apparently DOJ and ODNI thought this Fourth Amendment violative collection was kosher, as they had to be slapped down by the court, so I’m not sure what purpose their purported oversight serves.

But as I pointed out this morning, there’s a flaw to this argument that is grounded in the Administration’s refusal to admit this is a real FISA Court order.

Standing.

The government, over and over and over and over, assures us this is all very Constitutional. Even while the government, over and over and over and over, goes to great lengths to ensure citizens don’t learn how they’re being surveilled, which would (in addition to pissing them off) give them the ability to sue.

Until the Americans who have been surveilled are permitted to challenge this in a court — precisely what the government has gone to great lengths to prevent — White House claims to constitutionality ring hollow.

The government doesn’t have the confidence to let us test these claims in court. That ought to tell you what they really think about its constitutionality.