Center for Democracy and Technology’s James Dempsey on “the Wall,” Then and Now

Remember “the wall” that used to separate intelligence from criminal investigations and was used as an excuse for intelligence agencies not sharing intelligence they were permitted to share before 9/11?

It was demolished in 2001 — when the PATRIOT Act explicitly permitted what had been permitted before, sharing of intelligence information with the FBI — and 2002 — when the FISA Court of Review overruled presiding FISA Judge Royce Lamberth’s efforts to sustain some Fourth Amendment protections in criminal investigations using minimization procedures.

Nevertheless, the specter of a wall that didn’t prevent the Intelligence Committee from discovering 9/11 rising again is one of the things lying behind PCLOB’s weak recommendations on back door searches in its report on Section 702.

Of particular note, that’s what the Center for Democracy and Technology’s James Dempsey cites in his squishy middle ground recommendation on back door searches.

It is imperative not to re-erect the wall limiting discovery and use of information vital to the national security, and nothing in the Board’s recommendations would do so. The constitutionality of the Section 702 program is based on the premise that there are limits on the retention, use and dissemination of the communications of U.S. persons collected under the program. The proper mix of limitations that would keep the program within constitutional bounds and acceptable to the American public may vary from agency to agency and under different circumstances. The discussion of queries and uses at the FBI in this Report is based on our understanding of current practices associated with the FBI’s receipt and use of Section 702 data. The evolution of those practices may merit a different balancing. For now, the use or dissemination of Section 702 data by the FBI for non-national security matters is apparently largely, if not entirely, hypothetical. The possibility, however, should be addressed before the question arises in a moment of perceived urgency. Any number of possible structures would provide heightened protection of U.S. persons consistent with the imperative to discover and use critical national security information already in the hands of the government.546 

546 See Presidential Policy Directive — Signals Intelligence Activities, Policy Directive 28, 2014 WL 187435, § 2, (Jan. 17, 2014) (limiting the use of signals intelligence collected in bulk to certain enumerated purposes), available at  [my emphasis]

Dempsey situates his comments in the context of the “wall.” He then suggests there are two possible uses of back door searches: “national security matters,” and non-national security matters, with the latter being entirely hypothetical, according to what the FBI self-reported to PCLOB.

Thus, he’s mostly thinking in terms of “possible structures [that] would provide heightened protection of US. persons,” to stave off future problems. He points to President Obama’s PPD-28 as one possibility as a model.

But PPD-28 is laughably inapt! Not only does the passage in question address “bulk collection,” which according to the definition Obama uses and PCLOB has adopted has nothing to do with Section 702. “[T]he Board does not regard Section 702 as a ‘bulk’ collection program,” PCLOB wrote at multiple points in its report.

More troubling, the passage in PPD-28 Dempsey cites permits bulk collection for the following uses:

(1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;

(2) threats to the United States and its interests from terrorism;

(3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;

(4) cybersecurity threats;

(5) threats to U.S. or allied Armed Forces or other U.S or allied personnel;

(6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section;

Ultimately, this represents — or should — an expansion of permissible use of Section 702 data, because its discussion of  terrorism and cybersecurity do not distinguish between those with an international nexus and those without. And the discussion of transnational crime might subject any petty drug dealer selling dope from Mexico to foreign intelligence treatment.

That this is what passes for the mushy middle on PCLOB is especially curious given that Dempsey was one of the first PCLOB member to express concern about back door searches. He did so in November’s Section 215 hearing, and even suggested limiting back door searches to foreign intelligence purposes (which is not the standard for FBI, in any case) was inadequate. Nevertheless, in last week’s report, he backed only very weak protections for back door searches, and did so within the context of national security versus non-national security, and not intelligence versus crime.

Now, I don’t mean to pick on Dempsey exclusively — I’ll have a few more posts on this issue. And to be clear, Dempsey does not represent CDT at PCLOB; he’s there in his private capacity.

But I raised his affiliation with CDT because in that capacity, Dempsey was part of an amicus brief, along with representatives from ACLU, Center for National Security Studies, EPIC, and EFF, submitted in the In Re Sealed Case in 2002, in which the FISA Court of Review reversed Lamberth and permitted prosecutor involvement in FISA warrants. That brief strongly rebuts the kind of argument he adopted in last week’s PCLOB report.

Read more

USA Freedumb Act: The Timing

A number of people have expressed appreciation for this analysis: if you find this useful, please consider donating to support my work. 

I’m going to do a series of more finished posts on the “compromised” version of Jim Sensenbrenner’s USA Freedom Act, which I hereby dub the USA Freedumb Act (thanks to Fake John Schindler for the suggestion), because so many of the reforms have been gutted. Here’s the initially proposed bill. Here’s my working thread on USA Freedumb.

You will hear a great many respectable people making positive comments about this bill, comments they normally would not make. That’s because of the carefully crafted timing.

As you recall, Mike Rogers originally got the House Parliamentarian to rule that the bill could go through the House Intelligence Committee. And his bill, which I affectionately call “RuppRoge” after Rogers and Dutch Ruppersberger and Scooby Doo’s “Rut Roh” phase, is genuinely shitty. Not only does it put the NSA onsite at providers and extend call records collection beyond terrorism applications, but it also extends such collection beyond call records generally. It is likely an attempt to get the US back into the Internet dragnet business. Shitty bill.

That said, in key ways RuppRoge is very similar to USA Freedumb. Both “limit” bulk collection by limiting collection to selectors (Freedumb does so across the board, including for NSLs, whereas RuppRoge does so for sensitive Business Records, call records, and Internet metadata). Both propose a similarly (IMO) flimsy FISC advocate. Both propose laughably weak FISC transparency measures. Both will include compensation and immunity for providers they don’t currently have.

Aside from three areas where RuppRoge is better — it forces agencies to update their EO 12333 proposals, doesn’t extend the PATRIOT Act, and provides a (not very useful) way to challenge certificates, all the way up to SCOTUS — and three where it is far worse — it develops more Insider Threat measures, it applies for uses beyond terrorism and beyond call records, and doesn’t include new (but now circumscribed) IG reporting  — they’re not all that different. [Correction: USA Freedumb ALSO applies beyond terrorism.]

They’re differently shitty, but both are pretty shitty.

The reason why otherwise respectable people are welcoming the shitty Freedumb bill, however, is that it gives House Judiciary Committee — with a number of real reformers on it — first pass on this bill. It’s a jurisdictional issue. It puts the jurisdiction for surveillance bills back where it belongs, at the Judiciary Committee.

Oh, by the way, one of the more extensive (in terms of text) real changes in Freedumb is it finally includes the House Judiciary Committee, along with the House and Senate Intelligence Committees and Senate Judiciary Committee, among the committees that get certain kinds of reporting. Jurisdiction. (No, I can’t explain to you why it wasn’t included in the first place in 2008, and no, I can’t explain why that detail is not better known.) It gives everyone on HJC a tiny reason to support the bill, because they’ll finally get the reporting they should have gotten in 2008.

The House Intelligence Committee will consider RuppRoge the day after HJC considers Freedumb, Thursday. Which has elicited hasty (overly hasty, IMO) statements of support for Freedumb, as a way to head off the shitty RuppRoge.

Effectively, the National Security State has managed to put two differently shitty bills before Congress and forced reformers to choose. Freedumb is the better (as in less horrible) bill, and it might get better in Committee. But it’s not a runaway call. And the haste has prevented anyone from really figuring out what a central change to both programs means, which limits collection to selectors, which could be defined in very broad terms (and about which — you’ll have to take my word for now — the NSA has lied in public comments).

One more timing issue that I suspect explains the sudden activity surrounding “reform.” The Privacy and Civil Liberties Oversight Board is due to release a report on Section 702 in the next month or so (its comment period for the report closed on April 11). Given the comments of David Medine, James Dempsey, and Patricia Wald at hearings, I strongly suspect PCLOB will recommend reforms — at least — to back door searches, and possibly to upstream collection. Both are items which were gutted as USA Freedom became Freedumb. (In addition, two aspects that would have expanded PCLOB’s authorities — giving it a role in picking the FISC advocate and giving it subpoena power — have been removed.) So in the same way that President Obama rushed to reaffirm NSA’s unified structure, in which the Information Assurance Division and Cybercommand functions are unified with the more general NSA spying function, before his handpicked Review Group recommended they be split, this seems to be a rush to pre-empt any recommendations PCLOB makes.

Ultimately, these two shitty bills are destined to be merged in conference anyway, and reformers seem to have given up 75% of the field before we get started.

Which means just about the only “reform” we’ll get are actually tactical fixes to help the Security State deal with legal and technical issues they’ve been struggling with.

The USA Freedumb Act has become — with DiFi’s Fake FISA Fix and RuppRoge before it — the third fake reform since Edward Snowden’s leaks first got published. Wearing down the reformers seems to be working.

NSA’s New “Privacy Officer” Releases Her First Propaganda

Over at Lawfare, Ken Anderson released the public comment on Section 702 the NSA Civil Liberties and Privacy Office have submitted to the Privacy and Civil Liberties and Oversight Board. Anderson notes that the comment doesn’t appear to be online yet, and the name of the Civil Liberties and Privacy Officer, Rebecca Richards, doesn’t appear on what Anderson posted (though that may be Lawfare’s doing).

The statement, generally, makes me sad. The comment repeatedly backed off including known, even unclassified details about Section 702, and as such this doesn’t so much read as an independent statement on the privacy assessment of the woman at the NSA mandated with overseeing it, but rather a highly scripted press release.

I will probably do a piece on some potential holes this statement may indicate in NSA’s oversight (though it is written in such hopeless bureaucratese, we can’t be sure). But for the moment, I wanted to point to what, in my opinion, is the most glaring example of how scripted this.

The statement describes back door searches this way:

Since October 2011 and consistent with other agencies’ Section 702 minimization procedures, NSA’s Section 702 minimization procedures have permitted NSA personnel to use U.S. person identifiers to query Section 702 collection when such a query is reasonably likely to return foreign intelligence information. NSA distinguishes between queries of communications content and communications metadata. NSA analysts must provide justification and receive additional approval before a content query using a U.S. person identifier can occur. To date, NSA analysts have queried Section 702 content with U.S. person identifiers less frequently than Section 702 metadata. For example, NSA may seek to query a U.S. person identifier when there is an imminent threat to life, such as a hostage situation. NSA is required to maintain records of U.S. person queries and the records are available for review by both OOJ [sic] and ODNI as part of the external oversight process for this authority. Additionally, NSA’s procedures prohibit NSA from querying Upstream data with U.S. person identifiers.

The only new piece of information provided here is that the NSA conducts more back door searches on 702 metadata than on 702 content.

But then the statement immediately provides the most defensible example of back door searches — searching for a US person’s identifier in content when they’ve been kidnapped, a scenario that derives from a pre-PAA problem with NSA’s kludged FISC approved program. Notably, this scenario is almost certainly not a metadata search! This is also the same scenario used by Dianne Feinstein’s aides in November to obscure the true extent of the searches, suggesting it is a propaganda line NSA has developed to spin back door searches.

What I find so frustrating about this statement is how it compares with statements others have already made … to PCLOB.

In November, for example, after ODNI General Counsel Robert Litt admitted that the Intelligence Community treats back door searches of 702 data (and probably, EO 12333 data) like they do all “legally collected” data, NSA General Counsel Raj De admitted that NSA doesn’t even require Reasonable Articulable Suspicion to do searches on US person data, because doing so would involve adopting a higher standard for back door searches than for other data.

Raj De: Our minimization procedures, including how we handle data, whether that’s collection, analysis, dissemination, querying are all approved by the Foreign Intelligence Surveillance Court. There are protections on the dissemination of information, whether as a result of a query or analysis. So in other words, U.S. person information can only be disseminated if it’s either necessary to understand the foreign intelligence value of the information,evidence of a crime and so forth. So I think those are the types of protections that are in place with this lawfully collected data.

[Center for Democracy and Technology VP James] DEMPSEY: But am I right, there’s no, on the query itself, other than it be for a foreign intelligence purpose, is there any other limitation? We don’t even have a RAS for that data.

MR. DE: There’s certainly no other program for which the RAS standard is applicable. That’s limited to the 215 program, that’s correct. But as to whether there is, and I think this was getting to the probable cause standard, should there be a higher standard for querying lawfully collected data. I think that would be a novel approach in this context, not to suggest reasonable people can’t disagree, discuss that. But I’m not aware of another context in which there is lawfully collected, minimized information in this capacity in which you would need a particular standard.

Then, in March, Litt objected to requiring court review before doing back door searches (and he was asked specifically about back door searches of US person data, though he reportedly tried to back off the application of this to US persons after the hearing) because the volume of back door searches is so high.

[Retired DC Circuit Judge] Patricia Wald: The President required, or, I think he required in his January directive that went to 215 that at least temporarily, the selectors in 215 for questioning the databank of US telephone calls–metadata–had to be approved by the FISA Court. Why wouldn’t a similar requirement for 702 be appropriate in the case where US person indicators are used to search the PRISM database? What big difference do you see there?

Robert Litt: Well, I think from a theoretical perspective it’s the difference between a bulk collection and a targeted collection which is that–

Wald: But I would think that, sorry for interrupting, [cross-chatter]  I would think that message since 702 has actually got the content.

Litt: Well, and the second point that I was going to make is that I think the operational burden in the context of 702 would far greater than in the context of 215.

Wald: But that would–

Litt: If you recall, the number of actual telephone numbers as to which a  RAS–reasonable articulable suspicion determination was made under Section 215 was very small. The number of times that we query the 702 database for information is considerably larger. I suspect that the Foreign Intelligence Surveillance Court would be extremely unhappy if they were required to approve every such query.

Wald: I suppose the ultimate question for us is whether or not the inconvenience to the agencies or even the unhappiness of the FISA Court would be the ultimate criteria.

Litt: Well I think it’s more than a question of convenience, I think it’s also a question of practicability.

Admittedly, Litt’s answer refers to all the back door searches conducted by the Intelligence Community, including the both the CIA and FBI (the latter of which other reporters seem to always ignore when discussing back door searches), as well as NSA. So it’s possible this volume of back door searches reflects FBI’s use of the practice, not NSA’s. (Recall that former presiding FISC Judge John Bates admits the Court has no clue how often or in what ways the Executive Branch is doing back door searches on US person data, but that it is likely so common as to be burdensome to require FISC involvement.)

Still, the combined picture already provided to PCLOB goes well beyond the hostage situation provided by the Privacy Office statement.

Even the President’s comment about back door searches in his January speech appears to go beyond what the NSA statement does (though again, imposing new limits on back door searches for law enforcement purposes probably speaks primarily to FBI’s back door searches, less so NSA’s).

 I am asking the Attorney General and DNI to institute reforms that place additional restrictions on government’s ability to retain, search, and use in criminal cases, communications between Americans and foreign citizens incidentally collected under Section 702.

We are slowly squeezing details about the reality of back door searches, so I wasn’t really relying on this statement in any case.

But it’s an issue of credibility. The Privacy Officer, to have a shred of credibility and therefore the PR value that Obama surely hopes it will have, must appear to be speaking from independent review within the scope permitted by classification restraints. That hasn’t happened here, not even close. Instead, Rebecca Richards appears to speaking under the constraint of censorship far beyond that imposed on other government witnesses on this issue.

That doesn’t bode well for her ability to make much difference at NSA.

Rosencrantz and Guildenstern Visit Pee-Clob

The first panel of an all-day Privacy and Civil Liberties Oversight Board hearing on Section 702 of FISA just finished.

It featured NSA General Counsel Raj De, ODNI General Counsel Robert Litt, Deputy AAG for National Security Brad Weigmann, and FBI General Counsel James Baker.

While there were a number of interesting disclosures — which I’ll get at in the future — the most striking aspect of the hearing was the tooth-pulling effort to get the panel to define the terms they use.

There were a slew of terms defined, among others including “minimization,” “bulk collection,” “PRISM,”

But the most interesting redefinitions were for “purge” and “search.”

After much tooth-pulling, James Dempsey got De to admit that NSA’s definition of the word “search” is different from the one used in the Fourth Amendment. Actually, that may not be entirely true: Sometimes the actual collection of data counts as a search, sometimes only the querying of it does. NSA gets to decide which is which, best as I can tell, in secret or in legal filings where it will serve to deprive someone of standing.

Then there’s “purge,” which I can’t hear anymore without seeing a pink speech bubble and scare quotes surrounding the word. Purge does not mean — as you might expect — “destroy.” Rather, it means only “remove from NSA systems in such a way that it cannot be used.” Which, best as I understand it, means they’re not actually destroying this data.

I do hope EFF figures that out before they argue the protection order for Section 215 today, as on those terms it seems increasingly clear NSA is not complying with the Jewel protection order.

“Purge.” To keep. Somewhere else.

The Intelligence Community’s Wide Open, Unprotected Back Door to All Your Content

PCLOB has posted the transcript from the first part of its hearing on Monday. So I want to return to the issue I raised here: both Director of National Intelligence General Counsel Robert Litt and NSA General Counsel Raj De admit that there are almost no limits on Intelligence Community searches of incidentally collection US person data (we know that FBI, NSA, and CIA have this authority, and I suspect National Counterterrorism Center does as well).

This discussion starts when PCLOB Chair David Medine asks whether the IC would consider getting a warrant before searching on incidentally collected data.

MR. MEDINE: And so turning to the protections for U.S. persons, as I understand it under the 702 program when you may target a non-U.S. person overseas you may capture communications where a U.S. person in the United States is on the other end of the communication. Would you be open to a warrant requirement for searching that data when your focus is on the U.S. person on the theory that they would be entitled to Fourth Amendment rights for the search of information about that U.S. person?

MR. DE: Do you want me to take this?

MR. LITT: Thanks, Raj. Raj is always easy, he raises his hands for all the easy ones.

MR. DE: I can speak for NSA but this obviously has implications beyond just NSA as well.

MR. LITT: I think that’s really an unusual and extraordinary step to take with respect to information that has been lawfully required.

I mean I started out as a prosecutor. There were all sorts of circumstances in which information is lawfully acquired that relates to persons who are not the subject of investigations. You can be overheard on a Title III wiretap, you can overheard on a Title I FISA wiretap. Somebody’s computer can be seized and there may be information about you on it.

The general rule and premise has been that information that’s lawfully acquired can be used by the government in the proper exercise of authorities.

Now we do have rules that limit our ability to collect, retain and disseminate information about U.S. persons. Those rules, as know, are fairly detailed. But generally speaking, we can’t do that except for foreign intelligence purposes, or when there’s evidence of a crime, or so on and so forth. But what we can’t do under Section 702 is go out and affirmatively use the collection authority for the purpose of getting information about U.S. persons. Once we have that information I don’t think it makes sense to say, you know, a year later if something comes up we need to go back and get a warrant to search that information. [my emphasis]

Litt compares finding incidental information on a laptop, presumably seized using a warrant, with searching for incidental information on a digital collection that includes very few limits on specificity. Remember, NSA can and has claimed a targeted “facility” may mean all the Internet traffic from a particular country or at least a region of a country. This is petabytes of data obtained with a directive, not gigabytes obtained with a specific warrant.

Read more