In this post, I’ll examine what the report — particularly taken in conjunction with the Wyden-Paul reform — reveals about the use of Section 702 for domestic spying.
The first clue is Senator Wyden’s effort to prohibit collection of domestic communications — the issue about which he and Director of National Intelligence Dan Coats have been fighting about since June.
By a vote of four ayes to eleven noes, the Committee rejected an amendment by Senator Wyden that would have prohibited acquisition under Section 702 of communications known to be entirely domestic under authority to target certain persons outside of the United States. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—aye; Senator Wyden—aye; Senator Heinrich— aye; Senator King—no; Senator Manchin—no; and Senator Harris—aye.
It tells us that the government collects entirely domestic communications, a practice that Wyden tried to prohibit in his own bill, which added this language to Section 702.
(F) may not acquire communications known to be entirely domestic;
This would effectively close the 2014 exception, which permitted the NSA to continue to collect on a facility even after it had identified that Americans also used it. As I have explained is used to collect Tor (and probably VPN) traffic to obtain foreigners’ data. I suspect that detail is what Wyden had in mind when, in his comments in the report, he said the report itself “omit[s] key information about the scope of authorities granted the government” (though there are likely other things this report hides).
I have concerns about this report. By omitting key information about the scope of authorities granted the government, the Committee is itself contributing to the continuing corrosive problem of secret law
As the bill report lays out, Senators Burr, Risch, Rubio, Collins, Blunt, Lankford, Cotton, Cornyn, Warner, King, and Manchin are all cool using a foreign surveillance program to spy on their constituents, especially given that Burr has hidden precisely the impact of that spying in this report.
Any bets on whether they might have voted differently if we all got to know what kind of spying on us this bill authorized.
That, of course, is only eleven senators who are cool with treating their constituents (or at least those using location obscuring techniques) like foreigners.
But I’m throwing Feinstein and Harris in with that group, because they voted against a Wyden amendment that would have limited how the government could use 702 collected data in investigations.
By a vote of two ayes to thirteen noes, the Committee rejected an amendment by Senator Wyden that would have imposed further restrictions on use of Section 702-derived information in investigations and legal proceedings. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—no; Senator Wyden— aye; Senator Heinrich—aye; Senator King—no; Senator Manchin— no; and Senator Harris—no.
While we don’t have the language of this amendment, I assume it does what this language in Wyden’s bill does, which is to limit the use of Section 702 data for purposes laid out in the known certificates (foreign government including nation-state hacking, counterproliferation, and counterterrorism — though this language makes me wonder if there’s a Critical Infrastructure certificate or whether it only depends on the permission to do so in the FBI minimization procedures, and the force protection language reminds me of the concerns raised by a recent HRW FOIA permitting the use of 12333 language to do so).
(B) in a proceeding or investigation in which the information is directly related to and necessary to address a specific threat of—
(i) terrorism (as defined in clauses (i) through (iii) of section 2332(g)(5)(B) of title 18, United States Code);
(ii) espionage (as used in chapter 37 of title 18, United States Code);
(iii) proliferation or use of a weapon of mass destruction (as defined in section 2332a(c) of title 18, United States Code);
(iv) a cybersecurity threat from a foreign country;
(v) incapacitation or destruction of critical infrastructure (as defined in section 1016(e) of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (42 U.S.C. 5195c(e))); or
(vi) a threat to the armed forces of the United States or an ally of the United States or to other personnel of the United States Government or a government of an ally of the United States.
Compare this list with the one included in the bill, which codifies the use of 702 data for issues that,
“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,
- Serious bodily injury
- Specified offense against a minor
- Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
- Cybersecurity, including violations of CFAA
- Transnational crime, including transnational narcotics trafficking
- Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)
Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.
The bill report’s description of this section makes it clear that — in spite of its use of the word “restriction,” — this is really about providing affirmative “permission.”
Section 6 provides restrictions on the Federal Bureau of Investigation’s (FBI’s) use of Section 702-derived information, so that the FBI can use the information as evidence only in court proceedings [my emphasis]
That is, Wyden would restrict the use of 702 data to purposes the FISC has affirmatively approved, rather than the list of 702 purposes expanded to include the most problematic uses of Tor: all hacking, dark markets, and child porn.
So while Feinstein and Harris voted against the use of 702 to collect known domestic communications, they’re still okay using domestic Tor commuincations they say they don’t want to let NSA collect to prosecute Americans (which is actually not surprising given their past actions on sex workers).
Again, they’re counting on the fact that the bill report is written such that their constituents won’t know that this is going on. Unless they read me.
Look, I get the need to collect on Tor traffic to go after its worst uses. But if you’re going to do that, stop pretending this is a foreign surveillance bill, and instead either call it a secret court bill (one that effectively evades warrant requirements for all Tor wiretapping in this country), or admit you’re doing that collection and put review of it back into criminal courts where it belongs.