Why Are FAA Boosters Satisfied with Inadequate Oversight?
Julian Sanchez hosted a Cato event yesterday that examined surveillance generally and the FISA Amendments Act specifically. At it, Ron Wyden presented his concerns about the FISA Amendments Act and other surveillance, and then ACLU’s Michelle Richardson and NYT’s Eric Lichtblau added their own views.
There was one question asked during the question period claiming that the program undergoes adequate reviews. The questioner was Georgetown’s Director of National Security Studies, Carrie Cordero, who had a role on FISA implementation until 2010, who has now reprised and expanded her comments at Lawfare.
She starts by addressing Wyden’s request that DNI to tell Congress how many Americans have had their communications “collected or reviewed.”
In particular, they have, in a series of letters, requested that the Executive Branch provide an estimate of the number of Americans incidentally intercepted during the course of FAA surveillance. According to the exchanges of letters, the Executive Branch has repeatedly denied the request, on the basis that: i) it would be an unreasonable burden on the workforce (and, presumably, would take intelligence professionals off their national security mission); and ii) gathering the data the senators are requesting would, in and of itself, violate privacy rights of Americans.
The question of whether the data call itself would violate privacy rights is a more interesting one. Multiple oversight personnel independent of the operational and analytical wings of the Intelligence Community – including the Office of Management and Budget, the NSA Inspector General, and just last month, the Inspector General of the Intelligence Community, have all said that the data call requested by the senators is not feasible. The other members of the SSCI appear to accept this claim on its face. Meanwhile, Senator Wyden states he just finds the claim unbelievable. [my emphasis]
Note, first of all, that she mischaracterizes Wyden’s request. He asked about US person communication that had been “collected or reviewed,” whereas she claimed he was asking only about incidental interception. Those are different things, and what Wyden’s interested in is far more invasive than simply having your communications sitting in a data warehouse in UT unread.
That’s important because Cordero treats one aspect of the DNI IG’s response–the privacy claim–as an “interesting question,” but then she proceeds to not answer the question. She instead reverts back to what she had correctly portrayed as NSA’s claim that NSA didn’t have the capacity because it would be “unreasonable burden on the workforce,” then asks why Wyden doesn’t believe that claim.
Remember, the privacy claim was raised solely in terms of whether the NSA’s Inspector General could conduct a review, not whether NSA analysts should be pulled off reviewing intercepts to find out how many of them are Americans. So if that claim is not credible–and ultimately, she doesn’t say it is–then NSA IG’s sole remaining rationale is a manpower one.
Frankly, if it would take that much manpower to come up with an answer, it says the program isn’t being tracked adequately.
Cordero then gets to the jist of a comment she made at the hearing: that there are a bunch of reviews which provide adequate oversight.
Meanwhile, the assertion of today’s program’s title that the FAA enables “mass spying without accountability,” is debunked by the SSCI’s own report issued on June 7. The intelligence committees have been on the receiving end of a mountain of reports describing FAA activities, the FISA Court’s reviews, and the Executive Branch’s own compliance reviews. The SSCI report, and the additional written views of Senator Feinstein (D-CA), the Committee’s Chair, states that the statutorily-mandated reporting requirements “provide the Committee with extensive visibility into the application of…minimization procedures,” and have enabled the Committee to conduct “extensive” and “robust” oversight. The report goes on to detail all of the different categories of reports and briefings that have been provided to the Committee to facilitate their oversight role, in accordance with the National Security Act of 1947, as amended. [my emphasis]
Cordero claims that the SSCI report and DiFi’s additional reviews boast about reporting requirements. But only the word “extensive” appears in the report approved by SSCI as a whole, and it appears to simply repeat language from an appendix Eric Holder and James Clapper provided. The rest comes from this paragraph:
Third, the numerous reporting requirements outlined above provide the Committee with extensive visibility into the application of these minimization procedures and enable the Committee to evaluate the extent to which these procedures are effective in protecting the privacy and civil liberties of U.S. persons. Read more →