NSA Lost the House Judiciary Committee During the 2011 PATRIOT Act Reauthorization

I want to put the two documents pertaining to the NSA’s geolocation effort released last week into context. Because they show yet another instance where the Intelligence Community did not inform Congress about what they were doing.

The two documents make it clear NSA started considering collecting geolocation in February 2010, almost certainly before the February 26-27 one year reauthorization of PATRIOT Act that month. The December 2009 letter that provided notice to Congress — which wasn’t shared with the rest of Congress until February 23-24 — provided no notice NSA was going to start testing on geolocation. So the NSA missed one opportunity to brief Congress that it was again expanding its interpretation of Section 215.

Then on February 2, 2011, Ronald Weich provided the Intelligence Chairs a second letter designed to inform Congress about the dragnet. Again, this letter also appears to make no mention of the geolocation testing. So NSA missed a second opportunity to brief Congress. Moreover, this is the letter that Mike Rogers did not pass onto members of the House.

It is unclear when NSA briefed the Intelligence Committees about the program, but a Senate Intelligence Committee staffer posed questions to NSA on March 7, but even those basic questions about legal support for the testing did not get answered until April 1.

The 4-year extension of the PATRIOT Act passed on May 26, 2011.

It took another three months before the House Judiciary Committee would get notice of a geolocation program already in action.

In other words, this was a clear instance where NSA was expanding the dragnet during the entire 15 month period of PATRIOT Act reauthorization. But according to the public record, it didn’t even inform the House Judiciary Committee — which the I Con insists always gets adequate briefing — until months after 4-year reauthorization of the PATRIOT Act.

NSA defenders are trying to use HJC member Jim Sensenbrenner’s earlier prevarications to suggest he doesn’t have reason to claim the NSA keeps secrets from Congress. Too bad the record — as it always tends to, once it becomes public — proves them wrong.  Read more

Did the FISA Court Approve the “Relevant To” Dragnet Collection before Congress Passed the PATRIOT Reauthorization?

I want to point to a passage of the 2008 DOJ IG Report on use of Section 215. I think it adds new details about how the government came to use Section 215 to spy on all of us.

On page 20, the report describes what it calls “combination Section 215 Applications and Orders in 2006.” It reveals that for a period, when FBI got pen register/trap and trace orders, it would also use Section 215 to get subscriber information.

A combination application is a term used by OIPR to refer to a Section 215 request that was added to or combined with a FISA application for a pen register/trap and trace. The use of the combination request evolved from OIPR’s determination that FISA pen register/trap and trace orders did not require providers to turn over subscriber information associated with telephone numbers obtained through those orders. As a result, Section 215 requests were added to pen register/trap and trace orders to seek subscriber information.

That’s all for regular FBI use of the program.

But then it includes one of those heavily redacted passages that, we now know, refer to the bulk metadata collection program(s).

OIPR also used combination orders in 2005 and 2006 to obtain [two lines redacted]23

After passage of the Reauthorization Act on March 9, 2006, combination orders became unnecessary for subscriber information and [one line redacted]. Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber information to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [half line redacted] from the FISA Court. Therefore, OIPR decided not to request [several words redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court. 24

23 [One line footnote redacted]

24 OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act. [two lines redacted]

This may actually pertain solely to the phone metadata collection (as far as we know, they never used 215 for Internet metadata because (James Cole implied yesterday) Internet companies don’t keep records of their customers’ metadata.

And the reference to 2005-2006 may simply refer to the period, after the initial NYT reports, when phone companies asked to be required to turn over their customers’ metadata.

If so, then this is nothing new … except for one detail. It suggests the government used PR/TT for the initial period of this collection, until such time as Congress passed the “relevant to” language in Section 215.

But that would also suggest that DOJ had developed and briefed this new use of Section 215 orders even before Congress approved the bill.

Only, it doesn’t appear to have told those pushing the bill through Congress.

Perhaps that’s why Jim Sensenbrenner — who was one of the bill managers — is so pissed.

To Justify Dragnet, FBI Implies It Can’t File 300 More NSLs in a Year

So Mark Hosenball just reported this, uncritically.

The U.S. government only searched for detailed information on calls involving fewer than 300 specific phone numbers among the millions of raw phone records collected by the National Security Agency in 2012, according to a government paper obtained by Reuters on Saturday.

As Jim Sensenbrenner noted the other day, if the government is doing only what it says it is with the database — finding US persons who are in contact with suspected terrorists — the FBI could use a grand jury subpoena or a National Security Letter to do so. Collecting all the phone records of Americans would only be required if the FBI were doing so many checks such a process became onerous.

Except that the FBI routinely gets upwards of 10,000 NSLs a year. Adding these 300 would be a drop in the bucket.

So the difficulty of getting NSLs can’t be the problem.

Which suggests the 300 claim is implicit acknowledgment they’re doing something more with this data than they’re letting on.

Jim Sensenbrenner’s Horseshit Claims of Innocence

The reaction from members of Congress to the revelation that the Section 215 surveillance was just as bad as some of us have been warning has varied, with Dianne Feinstein and Saxby Chambliss reiterating claims about the value and oversight of the program (though not having any idea, according to DiFi, whether it has prevented any attacks), and Ron Wyden and Mark Udall effectively saying “I told you so.” John Boehner dodged aggressively, suggesting even though he had approved this surveillance President Obama had to explain it.

Asked whether lawmakers should answer for an order that fell under the Patriot Act they passed, Boehner disagreed. “The tools were given to the administration, and it’s the administration’s responsibility to explain how these tools are used,” he said. ”I’ll leave it to them to explain.”

By far the most disingenuous, however, was Jim Sensenbrenner, who (as he has emphasized to the credulous journalists who served as his stenographers today) wrote the PATRIOT Act, who has remained in a senior position on House Judiciary Committee since that day, and who now claims to be shocked — shocked! — there is dragnet collection going on in the casino he built.

Predictably, he wrote a letter demanding to know how a law he has fought to retain its current form could be used to do what the law authorizes.

In the letter, Sensenbrenner de-emphasizes the role of the relevance standard to the collection.

To obtain a business records order from the court, the Patriot Act requires the government to show that: (1) it is seeking the information in certain authorized national security investigations pursuant to guidelines approved by the Attorney General; (2) if the investigative target is a U.S. person, the investigation is not based solely on activities protected by the First Amendment; and (3) the information sought is relevant to the authorized investigation.

Compare that to the letter of the law, which requires the government to show,

(A) a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, such things being presumptively relevant to an authorized investigation if the applicant shows in the statement of the facts that they pertain to—

(i) a foreign power or an agent of a foreign power;

(ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or

(iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation;

That is, the emphasis is not on the investigation, as Sensenbrenner’s interpretation would have it, but on the relevance of the information sought, which Sensenbrenner adds third. More importantly, Sensenbrenner omits all mention of the presumptively relevant conditions — basically something pertaining to a foreign power.

With his interpretation, Sensenbrenner has omitted something baked into Section 215, which is that so long as the government says this pertains to foreign spies or terrorists, the judge has almost no discretion on whether information is relevant to an investigation.

Then Sensenbrenner points to 2011 testimony from Acting Assistant Attorney General Todd Hinnen, who he claims said the following:

Section 215 has been used to obtain driver’s license records, hotel records, car rental records, apartment leasing records, credit card records, and the like. It has never been used against a library to obtain circulation records. . . On average, we seek and obtain section 215 ordersless than 40 times per year

Which Sensenbrenner uses to claim the Department never told the Committee about this dragnet.

The Department’s testimony left the Committee with the impression that the Administration was using the business records provision sparingly and for specific materials. The recently released FISA order, however, could not have been drafted more broadly.

As it happens, Hinnen has been testifying since at least 2009 that Section 215 authorizes other secret programs. So I checked Sensenbrenner’s work. Here’s what that precise passage of Hinnen’s testimony says, without the deceitful ellipsis.

Section 215 has been used to obtain driver’s license records, hotel records, car rental records, apartment leasing records, credit card records, and the like. It has never been used against a library to obtain circulation records. Some orders have also been used to support important and highly sensitive intelligence collection operations, on which this committee and others have been separately briefed. On average, we seek and obtain section 215 ordersless than 40 times per year. [my emphasis]

In other words, Sensenbrenner points to doctored proof he has been briefed on this secret program, but doctors it in such a way as to support his claim he never knew about this.

Not to mention that a series of DOJ Inspector General reports included classified appendices describing these secret collection operations.

Read more

Journalists: Eric Holder Believes You’re Probably a Criminal But Won’t Charge You

As I noted the other day, Eric Holder seems intent on calling journalists whom he believes are co-conspirators in a criminal leak something else.

Which is why I think this detail, from Politico’s leaks-about-a-meeting-about-leaks story, is the most telling I’ve seen on the Holder meeting.

“The guidelines require a balance between law enforcement and freedom of the press, and we all argued that the balance was out of kilter, with the national security and law enforcement interests basically overwhelming the public’s right to get information,” one journalist at the meeting said. “The language concerning ‘aiding and abetting’ comes out of the Privacy [Protection] Act, and they discussed trying to revise that language so that reporters don’t need to be defined as co-conspirators in order to execute search warrants.”

This is a reference to part of the Privacy Act that prohibits the government from seizing media work product unless it is connected to a crime (see pages 5 ff for how it affected the James Rosen warrant application). After claiming Rosen was aiding and abetting a violation of the Espionage Act and therefore his emails could be seized, the FBI then said that since he was potentially criminally liable, he should not get notice. In other words, the aiding abetting was an investigative tactic DOJ used to get around protections put into place just for someone like Rosen.

And DOJ’s solution for abusing a protection meant to protect someone like Rosen is apparently to simply redefine the law, so it can overcome those protections without having to accuse Rosen of being a criminal.

The outcome would remain the same; DOJ would just avoid saying mean things about people associated with powerful media outlets.

But the letter Principal Assistant Deputy Attorney General Peter Kadzik sent to answer Bob Goodlatte and Jim Sensenbrenner’s questions about Eric Holder’s testimony about whether he ever prosecuted a journalist makes it clear he thinks James Rosen probably is a criminal, regardless of what he calls it.

When the Department has initiated a criminal investigation into the unauthorized disclosure of classified information, the Department must, as it does in all criminal investigations, conduct a thorough investigation and follow the facts where they lead. Seeking a search warrant is part of an investigation of potential criminal activity, which typically comes before any final decision about prosecution. Probable cause sufficient to justify a search warrant is different from a decision to bring charges for that crime; probable cause is a significantly lower burden of proof than beyond a reasonable doubt, which is required to obtain a conviction on criminal charges.

Note the slippage here: Kadzik says the standard for a probable cause warrant is different than the standard for charging, then says a probable cause warrant is different from the standard for convicting.

What Kadzik is implicitly suggesting is that while DOJ might think Rosen was a criminal co-conspirator, they’d never win their case against him. So they never considered charging him.

I joked some weeks ago that journalists should take solace in all this: Obviously, Eric Holder holds them in precisely the same category as banksters, those who are guilty of a crime but that DOJ chooses not to charge with one.

This letter seems to support this.

The House Judiciary Committee Preens in Full Ignorance at Leaks Hearing

The headline that has come out of yesterday’s House Judiciary Committee hearing on leaks is that the Committee may subpoena people. As US News correctly reports, one push for subpoenas came from a John Conyers ploy trying to call Republican members’ bluff; he basically asked how they could be sure who leaked the stories in question and if they were they should just subpoena those people to testify to the committee.

It’s a testament to the thin knowledge of these stories that none of the Republicans responded, “John Brennan.” But then, even if they had, the committee would quickly get into trouble trying to subpoena Brennan as National Security Advisors (and Deputy NSAs) have traditionally been excused from Congressional subpoena for deliberation reasons, a tradition reinforced by Bush’s approach with Condi Rice.

Ah well. I’m sure we’re going to have some amusing theater of Jim Sensenbrenner trying to force Conyers to come up with some names now.

The other big push for subpoenas, though, came from Trey Gowdy. Partly because he wanted to create an excuse to call a Special Prosecutor and partly because, just because, he was most interested in subpoenaing some journalists. And in spite of the way that former Assistant Attorney General Ken Wainstein patiently explained why there are good, national security, reasons why DOJ is hesitant to subpoena journalists, Gowdy wouldn’t let up.

But what concerned me more is that no one–not a single person on the House committee that oversees DOJ–explained that DOJ doesn’t need to subpoena journalists to find out who they’ve been talking to. They’ve given themselves the authority to get journalist call records in national security cases without Attorney General approval.

That’s a detail every member of the committee should know, particularly if they’re going to hold hearings about whether DOJ can adequately investigate leaks. And while I expect Trey Gowdy to be ignorant, it seems they all are ignorant of this detail.

There was another display of ignorance I find troubling for a different reason. Dan Lungren suggested that he learned of what we’re doing with StuxNet from David Sanger’s reports. He rightly noted that–as the Chair of the House Homeland Security Subcommittee on Cybersecurity–he ought to learn these things from the government, not the NYT. And while his ignorance of StuxNet’s escape may be due to the timing of his ascension to the Subcommittee Chair (most members of the Gang of Four, except Dianne Feinstein, would not have gotten briefed on early stages of StuxNet, when someone should have told the government what a boneheaded plan it was), the Subcommittee still should be aware that our own recklessness has made us vulnerable in dangerous new ways.

Perhaps the most telling detail of the hearing, though, came from retired Colonel Kenneth Allard. He was brought on, I guess, to label what we did with StuxNet an act of war (without, of course, considering whether that is the problem rather than the exposure that both Republican and Democratic Administrations are engaging in illegal war without telling anyone). In his comments, he went so far as to say that “What Mr. Sanger did is equivalent of having KGB operation run against White House.”

Someone had to accuse the journalists of being enemy spies.

But Allard’s statement reveals where all this comes from: personal pique against the NYT for coverage they’ve done on him. Not only did he complain that David Sanger’s publisher didn’t give the New York Journal of Books, for which he writes reviews, an advance copy, but also that the NYT reported on the scam the Pentagon set up to give select Generals and Colonels inside information to spin favorably on TV.

Third, I have personally experienced what it feels like when the NYT deliberately distorts national security information, even to the point of plagiarism. On April 20, 2008, the NYT published an inflammatory expose: “Behind Analysts, Pentagon’s Hidden Hand” by David Barstow. The Times’ article charged that over 70 retired officers, including me, had misused our positions while serving as military analysts with the broadcast and cable TV networks. Read more

How Republicans (and a Few Democrats) Avoided Limits on Section 215

In the markup of the PATRIOT reauthorization last week, Dick Durbin and Russ Feingold repeatedly pointed out that in 2005, the Senate Judiciary Committee had unanimously approved language to require Section 215 only be used with people who had some known tie to terrorism or a foreign power. Back then, everyone on the Committee supported the change Durbin and Feingold have been proposing as an improvement on Section 215. 

Now, Durbin and Feingold did so to point out the indefensible position of those who–like DiFi–said in 2005 that the current and proposed law amounts to an invitation for a fishing expedition, but are nonetheless insisting on issuing just such an invitation now.

But that doesn’t explain how it happened that, sometime between the Committee markup and the final bill in 2005-6, real limits on the use of Section 215 were eliminated over the apparent objections of the entire Committee. And while I’m just beginning to piece together that story, the history seems to support my suspicions that Section 215 and NSLs became the new vehicles for Bush’s illegal data mining program just as it was being exposed.

The primary bill that became the Patriot Improvement and Reauthorization Act of 2005 was HR 3199, introduced by Jim Sensenbrenner, then-Chair of the House Judiciary Committee, on July 11, 2005; in addition, then-Chair of the Senate Judiciary Committee Arlen Specter introduced S 1389 on July 22, 2005.

Sensenbrenner’s bill introduced the following language into Section 215, requiring that,

the information likely to be obtained from the tangible things is reasonably expected to be (A) foreign intelligence information not concerning a United States person, or (B) relevant to an ongoing investigation to protect against international terrorism or clandestine intelligence activities.

That is, when this was introduced in the House, it basically allowed Section 215 to be used for anything, provided it pertained to international terrorism. That language remained in the bill through the House Judiciary and House Intelligence Committee markups of the bill and was adopted by the House as a whole.

But the Senate substituted its own bill, including the language limiting Section 215 orders to those with a definitive tie to terrorism or foreign intelligence, specifically requiring the judge to make sure there was some kind of tie.

Read more