Posts

Why Did 3 Top DOJ Officials Feed Their Dog DOJ’s Homework?

DOJ has submitted what it claims is an explanation for why it materially misstated facts to Reggie Walton in discussions about destroying phone dragnet data. (See this post and this post for background.)

As you recall, Walton had read EFF’s emails closely enough to realize that EFF had asked Civil Division lawyers why they had claimed there was no protection order when they believed they had one.

A review of the E-mail Correspondence indicates that as early as February 26, 2014, the day after the government filed its February 25 Motion, the plaintiffs in Jewel and First Unitarian indeed sought to clarify why the preservation orders in Jewel and Shubert were not referenced in that motion. E-mail Correspondence at 6-7. The Court’s review of the E-mail Correspondence suggests that the DOJ attorneys may have perceived the preservation orders in Jewel and Shubert to be immaterial to the February 25 Motion because the metadata at issue in those cases was collected under what DOJ referred to as the “President’s Surveillance Program” (i.e., collection pursuant to executive authority), as opposed to having been collected under Section 215 pursuant to FISC orders — a proposition with which plaintiffs’ counsel disagreed. Id at 4. As this Court noted in the March 12 Order and Opinion, it is ultimately up to the Northern District of California, rather than the FISC, to determine what BR metadata is relevant to the litigation pending before the court.

As the government is well aware, it has a heightened duty of candor to the Court in ex parte procedings. See MODEL RULES OF PROF’L CONDUCT R. 3.3(d) (2013). Regardless of the government’s perception of the materiality of the preservation orders in Jewel andShubert to its February 25 Motion, the government was on notice, as of February 26, 2014, that the plaintiffs in Jewel and First Unitarian believed that orders issued by the District Court for the Northern District of California required the preservation of the FISA telephony metadata at issue in the government’s February 25 Motion. E-mail Correspondence at 6-7. The fact that the plaintiffs had this understanding of the preservation orders–even if the government had a contrary understanding–was material to the FISC’s consideration of the February 25 Motion. The materiality of that fact is evidenced by the Court’s statement, based on the information provided by the government in the February 25 Motion, that “there is no indication that nay of the plaintiffs have sought discovery of this information or made any effort to have it preserved.” March 7 Opinion and Order at 8-9.

The government, upon learning this information, should have made the FISC aware of the preservation orders and of the plaintiffs’ understanding of their scopre, regardless of whether the plaintiffs had made a “specific request” that the FISC be so advised. Not only did the government fail to do so, but the E-mail Correspondence suggests that on February 28, 2014, the government sought to dissuade plaintiffs’ counsel from immediately raising this issue with the FISC or the Northern District of California. E-mail Correspondence at 5.

DOJ’s excuse for not telling Walton EFF believed they had a protection order is roughly as follows:

1. Notwithstanding a past comment about preservation orders in the matters before Judge Walton, the government claims EFF’s suits are unrelated to the phone dragnet.

[T]he Government has always understood [EFF’s suits] to be limited to certain presidentially authorized intelligence collection activities outside FISA, the Government did not identify those lawsuits, nor the preservation order issued therein, in its Motion for the Second Amendment to Primary Order filed in the above-captioned Docket number on February 25, 2014. For the same reasons, the Government did not notify this Court of its receipt of plaintiffs’ counsel’s February 26, 2014, e-mail.

Note, to sustain this claim, the government withheld both the state secrets declarations that clearly invoke the FISC-authorized dragnets as part of the litigation, even though the government’s protection order invokes it repeatedly, as well as Vaughn Walker’s preservation order which is broader than DOJ’s own preservation plan. Thus, they don’t give Walton the things he needs to be able to assess whether DOJ’s actions in this matter were remotely reasonable.

2. It explains that it never provided EFF with its own 2007 preservation plan (which did not meet the terms of Walker’s order) until March 17, 2014 because Stellar Wind — but not the FISC-authorized programs that the preservation plan excluded — was classified until December 2013.

A classified submission was necessary at that time [in 2007] because the existence of the presidentially-authorized program was classified and remained so until December 2013.

Note, it doesn’t mention that 19 days passed between the time EFF formally raised concerns about the protection order and the date DOJ actually provided the declassified protection plan to them, during which time, it appears, NSA destroyed one of the most damning half year’s worth of data in the program’s history (which I’ll return to in a later post).

3. In spite of EFF telling DOJ their earlier suits were relevant (and not having received the preservation plan which could have been declassified in December), DOJ claims they didn’t think they were relevant so it didn’t tell FISC about EFF’s beliefs.

Because the Government’s Motion for Second Amendment already had sought relief from this Court based on a list of BR metadata pursuant to FISC authorization, see Motion for Second Amendment at 3-5, counsel did not appreciate — even after receiving the email from plaintiffs’ counsel in Jewel — that it would be be important to notify this Court about Jewel and Shubert or the email from counsel for the Jewel plaintiffs about those cases with which the Government disagreed. Rather, counsel viewed any potential dispute about the scope of Jewel and Shubert preservation orders as a mater to be resolved, if possible, by the parties to those cases (though a potential unclassified explanation to plaintiffs’ counsel) or, failing that, by the district court.

Note what DOJ is not mentioning here? That EFF has a Section 215 lawsuit too, and that its understanding of the impact on that suit may have been influenced by the Shubert and Jewel protection orders.

4. DOJ’s Civil Division lawyers did not forward EFF’s email to DOJ’s National Security Division lawyers, they claim, because the Civil Division lawyers did not agree with EFF’s interpretation of the protection order.

For these reasons, counsel did not think to forward the email from Jewel Plaintiffs’ counsel to the attorneys with primary responsibility for interaction with this Court before the Court ruled on the Motion for Second Amendment. The Department wishes to assure the Court that it has always endeavored to maintain close coordination within the Department regarding civil litigation matters that involve proceedings before this Court, and will take even greater care to do so in the future.

5. DOJ told EFF to hold off formally alerting any Court in the belief that it could tell EFF about the preservation plan which could have been declassified in December but did not get declassified until 10 days after FISC issued its initial order requiring DOJ to destroy data, and that would solve everything.

In particular, the request in its February 28 email that counsel for the Jewel plaintiffs “forbear from filing anything with the FISC, or [the district court], until we have further opportunity to confer” was a good faith attempt to avoid unnecessary motions practice in the event that the issue could be worked out among the parties through the Government’s provision of an unclassified explanation concerning its preservation in Jewel and Shubert.

Read more

Judge Reggie Walton Is Pissed that Government Is Making Material Misstatements to FISC, Again

FISA Court Chief Judge Reggie Walton just issued a rather unhappy order requiring the government to explain why it materially misstated the facts about whether any plaintiffs had protection orders that governed the phone dragnet.

Generally, he wants to know why the government didn’t tell him that EFF had protection orders in the Jewel and Shubert cases. More specifically, he wants to know why they didn’t tell him that — as I reported here — the EFF had asked the government how they could claim there was no protection order when they had one in their suits of the larger dragnet.

A review of the E-mail Correspondence indicates that as early as February 26, 2014, the day after the government filed its February 25 Motion, the plaintiffs in Jewel and First Unitarian indeed sought to clarify why the preservation orders in Jewel and Shubert were not referenced in that motion. E-mail Correspondence at 6-7. The Court’s review of the E-mail Correspondence suggests that the DOJ attorneys may have perceived the preservation orders in Jewel and Shubert to be immaterial to the February 25 Motion because the metadata at issue in those cases was collected under what DOJ referred to as the “President’s Surveillance Program” (i.e., collection pursuant to executive authority), as opposed to having been collected under Section 215 pursuant to FISC orders — a proposition with which plaintiffs’ counsel disagreed. Id at 4. As this Court noted in the March 12 Order and Opinion, it is ultimately up to the Northern District of California, rather than the FISC, to determine what BR metadata is relevant to the litigation pending before the court.

As the government is well aware, it has a heightened duty of candor to the Court in ex parte procedings. See MODEL RULES OF PROF’L CONDUCT R. 3.3(d) (2013). Regardless of the government’s perception of the materiality of the preservation orders in Jewel and Shubert to its February 25 Motion, the government was on notice, as of February 26, 2014, that the plaintiffs in Jewel and First Unitarian believed that orders issued by the District Court for the Northern District of California required the preservation of the FISA telephony metadata at issue in the government’s February 25 Motion. E-mail Correspondence at 6-7. The fact that the plaintiffs had this understanding of the preservation orders–even if the government had a contrary understanding–was material to the FISC’s consideration of the February 25 Motion. The materiality of that fact is evidenced by the Court’s statement, based on the information provided by the government in the February 25 Motion, that “there is no indication that nay of the plaintiffs have sought discovery of this information or made any effort to have it preserved.” March 7 Opinion and Order at 8-9.

The government, upon learning this information, should have made the FISC aware of the preservation orders and of the plaintiffs’ understanding of their scopre, regardless of whether the plaintiffs had made a “specific request” that the FISC be so advised. Not only did the government fail to do so, but the E-mail Correspondence suggests that on February 28, 2014, the government sought to dissuade plaintiffs’ counsel from immediately raising this issue with the FISC or the Northern District of California. E-mail Correspondence at 5.

In a number of places, Walton provides an out for the government, suggesting they might just be stupid and not obstructing (those are my words, obviously). He even goes so far as to suggest that DOJ might have an internal communication problem between the Civil Division, which is litigating the EFF suits, and the National Security Division, which works with FISC.

But then he notes that both Civil AAG Stuart Delery and Acting NSD AAG John Carlin submitted the filings to him.

The government’s failure to inform the FISC of the plaintiffs’ understanding that the prior preservation orders require retention of Section 591 telephony metadata may have resulted from imperfect communication or coordination within the Department of Justice rather than from deliberate decision-making.4 Nonetheless, the Court expects the government to be far more attentive to its obligations in its practice before this Court.

4 Attorneys from the Civil Division of the Department of Justice participated in the E-Mail Correspondence with plaintiffs’ counsel. As a general matter, attorneys from the National Security Division represent the government before the FISC. The February 25 Motion, as well as the March 13 Response, were submitted by the Assistant Attorney General for the Civil Division and the Acting Attorney General for the National Security Division.

Frankly, I hope Walton ultimately tries to learn why he wasn’t told about these protection orders in more detail years ago, when the government was deciding whether or not to destroy evidence of lawbreaking that Walton first identified in 2009. I also hope he gets to the bottom of why Deputy Attorney General James Cole had to intervene in this issue. But for now, I’m happy to see DOJ taken to the woodshed for misinforming the Court.

Update: Meanwhile, on the other coast, Judge Jeffrey White issued a protection order that is far broader than the government would prefer it to be. The government had implied that the First Unitarian Church suit only covered Section 215; earlier this week (I’ve got a post half written on it), EFF argued they’re challenging the dragnet, irrespective of what authorization the government used to collect it. Nothing in White’s order limits the protection order to Section 215 and this passage seems to encompass the larger dragnet.

Defendants’ searching of the telephone communications information of Plaintiffs is done without lawful authorization, probable cause, and/or individualized suspicion. It is done in violation of statutory and constitutional limitations and in excess of statutory and constitutional authority. Any judicial, administrative, or executive authorization (including any business records order issued pursuant to 50 U.S.C. § 1861) of the Associational Tracking Program or of the searching of the communications information of Plaintiffs is unlawful and invalid.

Update: fixed a typo in which I inadvertently said Walton caused rather than found the lawbreaking in 2009.

NSA’s Newfound Concern about Defendants’ Rights under FISA

As WSJ reported it was going to do, NSA has requested that the FISA Court permit it to retain call data beyond the 5 year age-off date because of all the lawsuits it faces.

[T]he Government requests that Section (3)E of the Court’s Primary Order be amended to authorize the preservation and/or storage of certain call detail records or “telephony metadata” (hereinafter “BR metadata”) beyond five years (60 months) after its initial collection under strict conditions and for the limited purpose of allowing the Government to comply with its preservation obligations, described below, arising as a result of the filing of several civil lawsuits challenging the legality of the National Security Agency (NSA) Section 215 bulk telephony metadata collection program.

It provides this introduction to a list of the suits in question.

The following matters, currently pending either before a United States District Court, or United States Court of Appeals, are among those in which a challenge to the lawfulness of the Section 215 program have been raised:

And lists:

  • ACLU v. Clapper
  • Klayman v. Obama
  • Smith v. Obama, an Idaho case
  • First Unitarian Church of LA, the EFF related case
  • Paul v. Obama
  • Perez v. Clapper, a Bivens suit out of West Texas I hadn’t known about before

It goes on to say,

The duty to preserve typically arises from the common-law duty to avoid spoilation of relevant evidence for use at trial;

[snip]

A party may be exposed to a range of sanctions not only for violating a preservation order,3 but also for failing to produce relevant evidence when ordered to do so because it destroyed information that it had a duty to preserve.

3 To date, no District Court or Court of Appeals has entered a specific preservation order in any of the civil lawsuits referenced in paragraph 4 but a party’s duty to preserve arises apart from any specific court order.

[snip]

When preservation of information is required, the duty to preserve supersedes statutory or regulatory requirements or records-management policies that would otherwise result in the destruction of the information.

[snip]

Based upon the claims raised and the relief sought, a more limited retention of the BR metadata is not possible as there is no way for the Government to know in advance and then segregate and retain only that BR metadata specifically relevant to the identified lawsuits.

[snip]

Congress did not intend FISA or the minimization procedures adopted pursuant to section 1801(h) to abrogate the rights afforded to defendants in criminal proceedings.4 For example, in discussing section 1806, Congress stated,

[a]t the outset, the committee recognizes that nothing in these subsections abrogates the rights afforded a criminal defendant under Brady v. Maryland, and the Jencks Act. These legal principles inhere in any such proceeding and are wholly consistent with the procedures detailed here.

[snip]

Although the legislative history discussed above focuses on the use of evidence against a person in criminal proceedings, the Government respectfully submits that the preservation of evidence in civil proceedings is likewise consistent with FISA.

4 By extension, this should also apply to section 1861(g) which, with respect to retention is entirely consistent with section 1801(h).

Now, if you’re not already peeing your pants in laughter, consider the following.

First, as EFF’s Cindy Cohn pointed out to the WSJ, Judge Vaughn Walker issued a retention order in EFF’s 2008 suit against the dragnet.

Ms. Cohn also questioned why the government was only now considering this move, even though the EFF filed a lawsuit over NSA data collection in 2008.

In that case, a judge ordered evidence preserved related to claims brought by AT&T customers. What the government is considering now is far broader.

So, at least in her interpretation, it should already be retaining it.

Then, consider DOJ’s very serious citation of Congress’ intention that FISA not impair any defendant’s criminal rights. It basically says that that principle, laid out during debates about traditional FISA in 1978, should apply to other parts of FISA like the phone dragnet.

Of course, it was only 24 hours ago when DOJ was last caught violating that principle in Section 702, abrogating a defendant’s right to know where the evidence against him came from. And there are a whole slew of criminal defendants — most now imprisoned — whose 702 notice DOJ is still sitting on, whose rights DOJ felt perfectly entitled to similarly abrogate (we know this because back in June FBI was bragging about how many of them there were). So I am … surprised to hear DOJ suggest it gives a goddamn about criminal defendants’ rights, because for at least the last 7 years it has been shirking precisely that duty as it pertains to FISA.

Also, did you notice what pending case pertaining to the legality of the phone dragnet DOJ didn’t mention? Basaaly Moalin’s appeal of his conviction based off evidence collected pursuant to Section 215. What do you want to bet that NSA hasn’t retained the original phone records that busted him, which would have aged off NSA’s servers back in October 2012, well before DOJ told Moalin it had used Section 215 to nab him. That’s relevant because, according to recent reporting, NSA should not have been able to find Moalin’s call records given claims about limits on collection; if they did, they probably only did because AT&T was turning over other providers phone records. Moreover, we know that NSA was in violation of the dragnet minimization requirements in a slew of different ways at the time. Notably, that includes queries using selectors that had not been RAS-approved, as required, and dissemination using EO 12333’s weaker dissemination rules. Now that we know of these problems, a court might need that original data to determine whether the search that netted Moalin was proper (I presume NSA has the original query results and finished intelligence reports on it, but it’s not clear that would explain precisely how NSA obtained that data). Significantly, it was not until after 2009 that NSA even marked incoming data to show where it had been obtained.

So show us (or rather, Moalin’s lawyers) the data, NSA.

Ah well. If nothing else, this laughable motion should prove useful for defendants challenging their conviction because DOJ abrogated their rights!

Confirmed: DOJ Uses Section 702 to Get Title I FISA Warrants

In addition to the apparent miscommunication between Mark Udall and Acting (and presumably soon to be confirmed) DOJ National Security Division Head John Carlin, there was an even more telling exchange in today’s hearing.

In it, Martin Heinrich asked whether DOJ had yet written down its radical new policy of giving notice to defendants caught using Section 702.

Heinrich: As you know in October 2013, after months and months of discussion and debate in which you and the NSD were involved, DOJ adopted a new policy by which Federal prosecutors would inform defendants when they intended to offer evidence informed, obtained, or derived from intelligence collected under Section 702 of FISA. And when you and I met in December you informed me that that policy had not yet been reduced to a formal written policy, and so, Mr. Carlin, I wanted to ask, is that process done yet and has that policy been finalized and if so has it been disseminated in written form?

Carlin: Thank you Senator, and thank you for having taken the time to meet prior to this uh, hearing, in terms of the question, it is my understanding that it was the practice of the, uh, or policy of the Department, to inform a defendant in a criminal case, to give notice, if there was 702 information that was going to be used against them prior to, uh, prior to this change in practice. The change in practice had to do with a particular set of circumstances when there was an instance where information obtained from one prong of the FISA statute, 702, was used and led to information that led to another prong of FISA, Title I FISA, being used, and that when the notice was given to the defendant that that notice was referring to one type of FISA but not both types of FISA. And that is the practice that we uh reviewed and changed, so that now defendants are receiving notice in those instances of both types of uh, FISA, the review of cases affected like that, uh, affected by that continues, but we have filed such notice now, I believe in three uh criminal matters, including the case of Mohamed Mohamud, the individual convicted by a jury of attempting to uh use an explosive device in a Christmas tree lighting ceremony. In reference to that case we’ve now filed, um, there’s a filing in that case we should provide to your staff where we lay out what our practice is and I will ensure that that filing is distributed to US Attorneys offices across the country so they know exactly what our position is in that issue.

Heinrich: That’s helpful. And so you’ll share that with the committee as well?

Carlin: Yes sir.

Heinrich: Great.

Now, Carlin might be forgiven for all the uming and ahing here. After all, the filing he appears to be referring to is sort of an extended effort to pretend that “derived from” doesn’t mean “derived from,” all in an effort to pretend DOJ hasn’t been deliberately hiding this (in Mohamud’s case) for over 3 years.

But kudos to Carlin for not using that verb — derived — in his answer, choosing instead to use “was used and led to information that led to.”

All that said, Carlin did admit what has been clear for some time: that DOJ has been hiding Section 702 collected information by getting Title I warrants they provide to defendants. Which is another way of saying all the reassurances people have given about the protections given to people collected incidentally in Section 702 fall flat, because what has actually been happening is the government uses that incidental collection to justify Title I warrants.

Um.

I’m glad that’s all cleared up.

Does Acting National Security Division Head John Carlin Know about FISA Sections 703 and 704?

There were several curious exchanges in today’s hearing for Acting National Security Division AAG John Carlin to become the official AAG.

I’ll start with this exchange. (After 1:01, my transcription)

Udall: I want to talk about Executive Order 12333, with which you’re familiar. I understand that the collection, retention, or dissemination of information about US persons is prohibited under Executive Order 12333 except under certain procedures approved by the Attorney General. But this doesn’t mean that US person information isn’t mistakenly collected or obtained and then disseminated outside these procedures, so take this example. Let’s say the NSA’s conducting what it believes to be foreign to foreign collection under EO 12333 but discovers in the course of this collection that it also incidentally collected a vast trove of US person information. That US person collection should now have FISA protections. What role does the NSD have in overseeing any collection, retention, or dissemination of US person information that might occur under that executive order?

Carlin: Senator, so, generally the intelligence activities that NSA would conduct under its authorities pursuant to EO 12333 would be done pursuant to a series of guidelines that were approved by the Attorney General and then ultimately implemented through additional policies and procedures by NSA. But the collection activities that occur pursuant to 12333, if there was incidental collection, would be handled through a different set of oversight mechanisms than the Departments–by the Office of Compliance, the Inspector General there, the General Counsel there, and the Inspector General and General Counsel’s office for the Intelligence Community writ large, as well as reporting to these committees as appropriate.

Udall: So you don’t see a role for NSD in ensuring that that data is protected under FISA?

Carlin: Under FISA, no, under FISA we would have a direct role, so if it was under, if it was collection that was pursuant to the FISA statutes, so collection targeted at US persons, for example, or collection targeted at certain non-US persons overseas that was collected domestically such as pursuant to the 702 collection program. That would fall within the scope of the National Security Division. That’s information that — and oversight that we conduct through our oversight section in conjunction with the agencies. We would have the responsibility in terms of informing, of working with them to inform the court if there were any compliance incidents and making sure those compliance incidents were addressed.

Udall: My time’s obviously expired, but I think you don’t understand where I’m coming from here. One is to make sure the DOJ and you in your capacity have the most accurate information so you can represent United States of America and our citizens in the best possible way, and secondly that you have an additional role to play in providing additional oversight. Those are all tied to having information that’s factual, that’s based on what happened, and I’m going to continue to look for ways possible to make sure that’s what does happen, whether it’s under the auspices of the IC or the DOJ. You all have a responsibility to protect the Bill of Rights.

Udall asks Carlin about a “vast trove” of US person data collected under the guise of EO 12333, and asks whether NSD would have a role in protecting it under FISA.

Carlin responds by saying NSD wouldn’t have any role; only NSA and ODNI have oversight over EO 12333 compliance with the Attorney General approved guidelines.

At first, I thought Udall didn’t get Carlin’s point — that this data would get no FISA protection. (Earlier in the hearing, Dianne Feinstein had even pointed out EO 12333 collection gets less oversight, and suggested maybe NSD should play a role in EO 12333 compliance.)

But upon review, Udall may have been suggesting something else (I have a question in with his office seeking clarity on this point).

By all appearances, this was content, not metadata (under SPCMA, metadata collection is considered fair game).

US person content cannot be collected overseas — not intentionally at least — outside the purview of FISA sections 703 and 704.

And while admittedly I have yet to meet a lawyer who has been able to explain precisely how those statutes work, and while the White House has given particularly crazy answers on this point, it seemed that Carlin couldn’t even conceive of a way that US person content collected overseas would be protected under FISA.

He may simply be reflecting NSA policy that if they collect US person content overseas under EO 12333, they call it incidental and therefore never have to consider the FISA implications. And that may well be what the letter of the law provides (in which case I’m sure NSA never ever exploits that loophole, nosirree bob).

But he seemed completely unfamiliar with the concept that, under FISA Amendments Act, US persons do get FISA protection overseas.

Really?

Update: According to Udall’s spokesperson, he wasn’t specifically thinking of 703 and 704, but asking whether this data “should” fall under FISA and therefore under NSD’s oversight.