Posts

Some Legislative Responses to Clinton’s Email Scandal

The Republicans have reverted to their natural “Benghazi witchhunt” form in the wake of Jim Comey’s announcement Tuesday that Hillary Clinton and her aides should not be charged, with Comey scheduled to testify before the House Oversight Committee at 10 AM.

Paul Ryan wrote a letter asking James Clapper to withhold classified briefings from Hillary. And the House Intelligence Committee is even considering a bill to prevent people who have mishandled classified information from getting clearances.

In light of the FBI’s findings, a congressional staffer told The Daily Beast that the House Intelligence Committee is considering legislation that could block security clearances for people who have been found to have mishandled classified information in the past.

It’s not clear how many of Clinton’s aides still have their government security clearances, but such a measure could make it more difficult for them to be renewed, should they come back to serve in a Clinton administration.

“The idea would be to make sure that these rules apply to a very wide range of people in the executive branch,” the staffer said. (Clinton herself would not need a clearance were she to become president.)

It’s nice to see the same Republicans who didn’t make a peep when David Petraeus kept — and still has — his clearance for doing worse than Hillary has finally getting religion on security clearances.

But this circus isn’t really going to make us better governed or safer.

So here are some fixes Congress should consider:

Add some teeth to the Federal/Presidential Records Acts

As I noted on Pacifica, Hillary’s real crime was trying to retain maximal control over her records as Secretary of State — probably best understood as an understandable effort to withhold anything potentially personal combined with a disinterest in full transparency. That effort backfired spectacularly, though, because as a result all of her emails have been released.

Still, every single Administration has had at least a minor email scandal going back to Poppy Bush destroying PROFS notes pertaining to Iran-Contra.

And yet none of those email scandals has ever amounted to anything, and many of them have led to the loss of records that would otherwise be subject to archiving and (for agency employees) FOIA.

So let’s add some teeth to these laws — and lets mandate and fund more rational archiving of covered records. And while we’re at it, let’s ensure that encrypted smart phone apps, like Signal, which diplomats in the field should be using to solve some of the communication problems identified in this Clinton scandal, will actually get archived.

Fix the Espionage Act (and the Computer Fraud and Abuse Act)

Steve Vladeck makes the case for this:

Congress has only amended the Espionage Act in detail on a handful of occasions and not significantly since 1950. All the while, critics have emerged from all corners—the academy, the courts, and within the government—urging Congress to clarify the myriad questions raised by the statute’s vague and overlapping terms, or to simply scrap it and start over. As the CIA’s general counsel told Congress in 1979, the uncertainty surrounding the Espionage Act presented “the worst of both worlds”:

On the one hand the laws stand idle and are not enforced at least in part because their meaning is so obscure, and on the other hand it is likely that the very obscurity of these laws serves to deter perfectly legitimate expression and debate by persons who must be as unsure of their liabilities as I am unsure of their obligations.

In other words, the Espionage Act is at once too broad and not broad enough—and gives the government too much and too little discretion in cases in which individuals mishandle national security secrets, maliciously or otherwise.

To underscore this point, the provision that the government has used to go after those who shared classified information with individuals not entitled to receive it (including Petraeus, Drake, and Manning), codified at 18 U.S.C. § 793(d), makes it a crime if:

Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted … to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it …

This provision is stunningly broad, and it’s easy to see how, at least as a matter of statutory interpretation, it covers leaking—when government employees (“lawfully having possession” of classified information) share that information with “any person not entitled to receive it.” But note how this doesn’t easily apply to Clinton’s case, as her communications, however unsecured, were generally with staffers who were“entitled to receive” classified information.

Instead, the provision folks have pointed to in her case is the even more strangely worded § 793(f), which makes it a crime for:

Whoever, being entrusted with or having lawful possession or control of [any of the items mentioned in § 793(d)], (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed … fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer …

Obviously, it’s easy to equate Clinton’s “extreme carelessness” with the statute’s “gross negligence.” But look closer: Did Clinton’s carelessness, however extreme, “[permit] … [classified information] to be removed from its proper place of custody or delivered to anyone in violation of [her] trust”? What does that even mean in the context of intangible information discussed over email? The short answer is nobody knows: This provision has virtually never been used at least partly because no one is really sure what it prohibits. It certainly appears to be focused on government employees who dispossess the government of classified material (like a courier who leaves a satchel full of secret documents in a public place). But how much further does it go?

There’s an easy answer here, and it’s to not use Clinton as a test case for an unprecedented prosecution pursuant to an underutilized criminal provision, even if some of us think what she did was a greater sin than the conduct of some who have been charged under the statute. The better way forward is for Congress to do something it’s refused to do for more than 60 years: carefully and comprehensively modernize the Espionage Act, and clarify exactly when it is, and is not, a crime to mishandle classified national security secrets.

Sadly, if Congress were to legislate the Espionage Act now, they might codify the attacks on whistleblowers. But they should not. They should distinguish between selling information to our adversaries and making information public. They should also make it clear that intent matters — because in the key circuit, covering the CIA, the Pentagon, and many contractors, intent hasn’t mattered since the John Kiriakou case.

Eliminate the arbitrariness of the clearance system

But part of that should also involve eliminating the arbitrary nature of the classification system.

I’ve often pointed to how, in the Jeffrey Sterling case, the only evidence he would mishandle classified information was his retention of 30-year old instructions on how to dial a rotary phone, something far less dangerous than what Hillary did.

Equally outrageous, though, is that four of the witnesses who may have testified against Sterling, probably including Bob S who was the key witness, have also mishandled classified information in the past. Those people not only didn’t get prosecuted, but they were permitted to serve as witnesses against Sterling without their own indiscretions being submitted as evidence. As far as we know, none lost their security clearance. Similarly, David Petraeus hasn’t lost his security clearance. But Ashkan Soltani was denied one and therefore can’t work at the White House countering cyberattacks.

Look, the classification system is broken, both because information is over-classified and because maintaining the boundaries between classified and unclassified is too unwieldy. That broken system is then magnified as people’s access to high-paying jobs are subjected to arbitrary review of security clearances. That’s only getting worse as the Intelligence Community ratchets up the Insider Threat program (rather than, say, technical means) to forestall another Manning or Snowden.

The IC has made some progress in recent years in shrinking the universe of people who have security clearances, and the IC is even making moves toward fixing classification. But the clearance system needs to be more transparent to those within it and more just.

Limit the President’s arbitrary authority over classification

Finally, Congress should try to put bounds to the currently arbitrary and unlimited authority Presidents claim over classified information.

As a reminder, the Executive Branch routinely cites the Navy v. Egan precedent to claim unlimited authority over the classified system. They did so when someone (it’s still unclear whether it was Bush or Cheney) authorized Scooter Libby to leak classified information — probably including Valerie Plame’s identity — to Judy Miller. And they did so when telling Vaughn Walker could not require the government to give al Haramain’s lawyers clearance to review the illegal wiretap log they had already seen before handing it over to the court.

And these claims affect Congress’ ability to do their job. The White House used CIA as cover to withhold a great deal of documents implicating the Bush White House in authorizing torture. Then, the White House backed CIA’s efforts to hide unclassified information, like the already-published identities of its torture-approving lawyers, with the release of the Torture Report summary. In his very last congressional speech, Carl Levin complained that he was never able to declassify a document on the Iraq War claims that Mohammed Atta met with a top Iraqi intelligence official in Prague.

This issue will resurface when Hillary, who I presume will still win this election, nominates some of the people involved in this scandal to serve in her White House. While she can nominate implicated aides — Jake Sullivan, Huma Abedin, and Cheryl Mills — for White House positions that require no confirmation (which is what Obama did with John Brennan, who was at that point still tainted by his role in torture), as soon as she names Sullivan to be National Security Advisor, as expected, Congress will complain that he should not have clearance.

She can do so — George Bush did the equivalent (remember he appointed John Poindexter, whose prosecution in relation to the Iran-Contra scandal was overturned on a technicality, to run the Total Information Awareness program).

There’s a very good question whether she should be permitted to do so. Even ignoring the question of whether Sullivan would appropriately treat classified information, it sets a horrible example for clearance holders who would lose their clearances.

But as far as things stand, she could. And that’s a problem.

To be fair, legislating on this issue is dicey, precisely because it will set off a constitutional challenge. But it should happen, if only because the Executive’s claims about Navy v. Egan go beyond what SCOTUS actually said.

Mandate and fund improved communication system

Update, after I posted MK reminded me I meant to include this.

If Congress is serious about this, then they will mandate and fund State to fix their decades-long communications problems.

But they won’t do that. Even 4 years after the Benghazi attack they’ve done little to improve security at State facilities.

Update: One thing that came up in today’s Comey hearing is that the FBI does not routinely tape non-custodial interviews (and fudges even with custodial interviews, even though DOJ passed a policy requiring it). That’s one more thing Congress could legislate! They could pass a simple law requiring FBI to start taping interviews.

John Yoo’s Assistance in Starting Iraq War Might Help Obama Avoid an Iran War

Last week, Steven Aftergood released a January 27, 2003 OLC memo, signed by John Yoo, ruling that the Executive Branch could withhold WMD information from Congress even though 22 USC § 3282 requires the Executive to brief the Foreign Relations committees on such information. I had first noted the existence of the memo in this post (though I guessed wrong as to when it was written).

The memo is, even by Yoo’s standards, inadequate and poorly argued. As Aftergood notes, Yoo relies on a Bill Clinton signing statement that doesn’t say what he says it says. And he treats briefing Congress as equivalent to public disclosure.

Critically, a key part of the Yoo’s argument relies on an OLC memo the Reagan Administration used to excuse its failure to tell Congress that it was selling arms to Iran.

Fourth, despite Congress’s extensive powers under the Constitution, Its authorities to legislative and appropriate cannot constitutionally be exercised in a manner that would usurp the President’s authority over foreign affairs and national security. In our 1986 opinion, we reasoned that this principle had three important corollaries: a) Congress cannot directly review the President’s foreign policy decisions; b) Congress cannot condition an appropriation to require the President to relinquish his discretion in foreign affairs; and c) any statute that touches on the President’s foreign affairs power must be interpreted, so as to avoid constitutional questions, to leave the President as much discretion as possible. 10 Op. O.L.C. at 169-70.

That’s one of the things — a pretty central thing — Yoo relies on to say that, in spite of whatever law Congress passes, the Executive still doesn’t have to share matters relating to WMD proliferation if it doesn’t want to.

Thus far, I don’t think anyone has understood the delicious (if inexcusable) irony of the memo — or the likely reasons why the Obama Administration has deviated from its normal secrecy in releasing the memo now.

This memo authorized the Executive to withhold WMD information in Bush’s 2003 State of the Union address

First, consider the timing. I noted above I was wrong about the timing — I speculated the memo would have been written as part of the Bush Administration’s tweaks of Executive Orders governing classification updated in March 2003.

Boy how wrong was I. Boy how inadequately cynical was I.

Nope. The memo — 7 shoddily written pages — was dated January 27, 2003.The day the White House sent a review copy of the State of the Union to CIA, which somehow didn’t get closely vetted. The day before Bush would go before Congress and deliver his constitutionally mandated State of the Union message. The day before Bush would lay out the case for the Iraq War to Congress — relying on certain claims about WMD — including 16 famous words that turned out to be a lie.

The British government has learned that Saddam Hussein recently sought significant quantities of uranium from Africa.

This memo was written during the drafting of the 2003 State of the Union to pre-approve not sharing WMD information known by the Executive Branch with Congress even in spite of laws requiring the Executive share that information.

Now, we don’t know — because Alberto Gonzales apparently didn’t tell Yoo — what thing he was getting pre-authorization not to tell Congress about. Here’s what the memo says:

It has been obtained through sensitive intelligence sources and methods and concerns proliferation activities that, depending upon information not yet available, may be attributable to one or more foreign nations. Due to your judgment of the extreme sensitivity of the information and the means by which it was obtained, you have not informed us about the nature of the information, what nation is involved, or what activities are implicated. We understand, however, that the information is of the utmost sensitivity and that it directly affects the national security and foreign policy interests of the United States. You have also told us that the unauthorized disclosure of the information could directly injure the national security, compromise intelligence sources and methods, and potentially frustrate sensitive U.S. diplomatic, military, and intelligence activities.

Something about WMD that another nation told us that is too sensitive to share with Congress — like maybe the Brits didn’t buy the Niger forgery documents anymore?

In any case, we do know from the SSCI Report on Iraq Intelligence that an INR analyst had already determined the Niger document was a forgery.

On January 13, 2003, the INR Iraq nuclear analyst sent an e-mail to several IC analysts outlining his reasoning why, “the uranium purchase agreement probably is a hoax.” He indicated that one of the documents that purported to be an agreement for a joint military campaign, including both Iraq and Iran, was so ridiculous that it was “clearly a forgery.” Because this document had the same alleged stamps for the Nigerien Embassy in Rome as the uranium documents, the analyst concluded “that the uranium purchase agreement probably is a forgery.” When the CIA analyst received the e-mail, he realized that WINP AC did not have copies of the documents and requested copies from INR. CIA received copies of the foreign language documents on January 16, 2003.

Who knows? Maybe the thing Bush wanted to hide from Congress, the day before his discredited 2003 State of the Union, didn’t even have to do with Iraq. But we know there has been good reason to question whether Bush’s aides deliberately misinformed Congress in that address, and now we know John Yoo pre-approved doing so.

This memo means Obama doesn’t have to share anything about the Iran deal it doesn’t want to

Here’s the ironic part — and one I only approve of for the irony involved, not for the underlying expansive interpretation of Executive authority.

By releasing this memo just a week before the Iran deal debate heats up, the Obama Administration has given public (and Congressional, to the extent they’re paying attention) notice that it doesn’t believe it has to inform Congress of anything having to do with WMD it deems too sensitive. John Yoo says so. Reagan’s OLC said so, in large part to ensure that no one would go to prison for disobeying Congressional notice requirements pertaining to Iran-Contra.

If you think that’s wrong, you have to argue the Bush Administration improperly politicized intelligence behind the Iraq War. You have to agree that the heroes of Iran-Contra — people like John Poindexter, who signed onto a letter opposing the Iran deal — should be rotting in prison. That is, the opponents of the Iran deal — most of whom supported both the Iraq War and Iran-Contra — have to argue Republican Presidents acted illegally in those past actions.

Me? I do argue Bush improperly withheld information from Congress leading up to the Iraq War. I agree that Poindexter and others should have gone to prison in Iran-Contra.

I also agree that Obama should be forthcoming about whatever his Administration knows about the terms of the Iran deal, even while I believe the deal will prevent war (and not passing the deal will basically irretrievably fuck the US with the international community).

A key thing that will be debated extensively in coming days — largely because the AP, relying on an echo chamber of sources that has proven wrong in the past, published an underreported article on it — is whether the inspection of Parchin is adequate. Maybe that echo chamber is correct, and the inspection is inadequate. More importantly, maybe it is the case that people within the Administration — in spite of IAEA claims that it has treated that deal with the same confidentiality it gives to other inspection protocols made with inspected nations  — know the content of the Parchin side agreement. Maybe the Administration knows about it, and believes it to be perfectly adequate, because it was spying on the IAEA, like it long has, but doesn’t want the fact that it was spying on IAEA to leak out. Maybe the Administration knows about the Parchin deal but has other reasons not to worry about what Iran was allegedly (largely alleged by AP’s sources on this current story) doing at Parchin.

The point is, whether you’re pro-Iran deal or anti-Iran deal, whether you’re worried about the Parchin side agreement or not, John Yoo gave Barack Obama permission to withhold it from Congress, in part because Reagan’s OLC head gave him permission to withhold Iran-Contra details from Congress.

I believe this document Yoo wrote to help Bush get us into the Iraq War may help Obama stay out of an Iran war.

Praising by Damned Faintness: The NSAs, SoSs, and SoDs Who Didn’t Endorse Chuck Hagel

Ever since this letter, in which a bunch of former Directors of Central Intelligence–but not Poppy Bush–came out against torture investigations, I’ve been more interested in who doesn’t sign these endorsement letters than who does.

For example, did you notice that Harold Koh did not vouch for John Brennan’s respect for the rule of law the other day, even though his counterpart at DOD, Jeh Johnson, did?

The same is true of this letter–signed by a bunch of former National Security Advisors and Secretaries of Defense and State in support of Chuck Hagel’s nomination to be Defense Secretary.

Here’s who did endorse:

Hon. Madeleine Albright, former Secretary of State

Hon. Samuel Berger, former National Security Advisor

Hon. Harold Brown, former Secretary of Defense

Hon. Zbigniew Brzezinski, former National Security Advisor

Hon. William Cohen, former Secretary of Defense

Hon. Robert Gates, former Secretary of Defense

Hon. James Jones, former National Security Advisor

Hon. Melvin Laird, former Secretary of Defense

Hon. Robert McFarlane, former National Security Advisor

Hon. William Perry, former Secretary of Defense

Hon. Colin Powell, former Secretary of State and National Security Advisor

Hon. George Shultz, former Secretary of State

Hon. Brent Scowcroft, former National Security Advisor

Which leaves–in addition to currently serving Tom Donilon, Leon Panetta, and Hillary Clinton–these non-endorsers:

Stephen Hadley

Condi Rice (both NSA and State)

Anthony Lake (Lake directs UNICEF right now, which may preclude such endorsements)

Frank Carlucci (both NSA and Defense Secretary) [Update: Thanks to Justin Raimundo for correcting me–while Carlucci did not sign this letter, he did sign a LTE in support of Hagel]

John Poindexter

William Clark (NSA for Reagan)

Richard Allen (NSA for Reagan)

Henry Kissinger (both NSA and State)

Donald Rumsfeld

Dick Cheney

James Schlesinger

James Baker III

Jeebus, White House, get on your game! You want people to vote for Hagel? Release the list of all the corporatist warmongers who didn’t endorse Chuck Hagel. Hagel may not be my first choice, but there is no clearer praise than the list of non-endorsers Hagel has racked up.

NSA Twice Chose to Forgo Privacy Protections in Domestic Data Mining Programs

While Jane Mayer’s profile on NSA whistleblower Thomas Drake has generated a lot of attention for the way Obama’s DOJ is senselessly prosecuting him, there has been less focus on the key revelation that Drake and others went on the record to reveal in Mayer’s story: that the NSA chose not to integrate the privacy protections from a program called ThinThread into its illegal domestic surveillance program.

Pilot tests of ThinThread proved almost too successful, according to a former intelligence expert who analyzed it. “It was nearly perfect,” the official says. “But it processed such a large amount of data that it picked up more Americans than the other systems.” Though ThinThread was intended to intercept foreign communications, it continued documenting signals when a trail crossed into the U.S. This was a big problem: federal law forbade the monitoring of domestic communications without a court warrant. And a warrant couldn’t be issued without probable cause and a known suspect. In order to comply with the law, [Bill Binney, a crypto-mathmetician who headed Signals Intelligence Automation Research Center (SARC) that developed ThinThread] installed privacy controls and added an “anonymizing feature,” so that all American communications would be encrypted until a warrant was issued. The system would indicate when a pattern looked suspicious enough to justify a warrant.

[snip]

When Binney heard the rumors, he was convinced that the new domestic-surveillance program employed components of ThinThread: a bastardized version, stripped of privacy controls. “It was my brainchild,” he said. “But they removed the protections, the anonymization process. When you remove that, you can target anyone.” He said that although he was not “read in” to the new secret surveillance program, “my people were brought in, and they told me, ‘Can you believe they’re doing this? They’re getting billing records on U.S. citizens! They’re putting pen registers’ ”—logs of dialled phone numbers—“ ‘on everyone in the country!’ ”

[snip]

[Former HPSCI staffer Diane Roark] asked Hayden why the N.S.A. had chosen not to include privacy protections for Americans. She says that he “kept not answering. Finally, he mumbled, and looked down, and said, ‘We didn’t need them. We had the power.’ He didn’t even look me in the eye. I was flabbergasted.” She asked him directly if the government was getting warrants for domestic surveillance, and he admitted that it was not. [my emphasis]

Mayer’s actually not the first to report on the decision not to implement the privacy protections of ThinThread. It was the subject of one of Siobhan Gorman’s articles during the period when Drake, according to the indictment, served as a source for her. The article appeared on May 18, 2006, the morning of Michael Hayden’s confirmation hearing to be CIA Director. (Unlike most of Gorman’s articles from the period, this appears to be available only behind the Sun’s firewall. Update: I’ve found a link to the article at CommonDreams.) It describes that since Bush’s authorization for the program required no privacy protections, the NSA just didn’t bother to implement that part of ThinThread.

Once President Bush gave the go-ahead for the NSA to secretly gather and analyze domestic phone records – an authorization that carried no stipulations about identity protection – agency officials regarded the encryption as an unnecessary step and rejected it, according to two intelligence officials knowledgeable about ThinThread and the warrantless surveillance programs.”They basically just disabled the [privacy] safeguards,” said one intelligence official.

A former top intelligence official said that without a privacy requirement, “there was no reason to go back to something that was perhaps more difficult to implement.”

However two officials familiar with the program said the encryption feature would have been simple to implement. One said the time required would have involved minutes, not hours. [my emphasis; bracket original]

In other words, ThinThread came equipped with a measure–encryption–to achieve the same thing as minimization, but before the fact. But in implementing Dick Cheney’s illegal wiretapping, NSA took that protection out of the program. And when asked why he had done that, Michael Hayden explained they didn’t need the protection, not with the Presidential authorization they used to justify the program.

October 2001, as Michael Hayden was implementing Cheney’s illegal program, was not the only time the government chose not to include privacy protections on a data mining program focused on Americans.

As Shane Harris reported in 2006 and in more detail in his book, The Watchers, when the government dismantled John Poindexter’s Total Information Awareness program in August 2003 after Congress defunded it, they didn’t actual dismantle most of it–they just moved it into the NSA. In his book, Harris described Poindexter’s regret that the government had not salvaged the privacy protection research.

But he regretted that the privacy research had been tossed into the dustbin. He’d never felt that the idea got traction, and what little research there’d been would wither without funding. It was a fateful decision, since the agency inheriting TIA would so on enough find itself accused of a massive and illegal incursion into Americans’ private lives.

So in October 2001, NSA affirmatively chose to disable privacy protections in ThinThread, and then again in August to December 2003, the government chose to salvage the data mining aspects of Total Information Awareness, but not the privacy research.

In other words, the government, on at least two occasions, chose not to incorporate existing technology into its data mining program to protect the privacy of Americans. Sort of makes it clear that the Bush Administration wanted to make sure Americans’ privacy wasn’t protected, huh?