In Op-Ed Calling for Counter-Disinformation Strategy, Will Hurd Engages in His Own Disinformation

I like Will Hurd. I think he’s smart, thoughtful, and (when I met him at an event I did last year in DC) personally very nice. So I was a bit disappointed by this op-ed, arguing that to save democracy, “Americans must begin working together,” just weeks after he voted with all the rest of the House Intelligence Committee Republicans to release the Nunes memo.

After revealing that his CIA clandestine service was in places in Russia’s sphere, Hurd argues that we need a counter-disinformation strategy.

I served in places where Russia has geopolitical interests, and learned that Russia has one simple goal: to erode trust in democratic institutions.


To address continued Russian disinformation campaigns, we need to develop a national counter-disinformation strategy. The strategy needs to span the entirety of government and civil society, to enable a coordinated effort to counter the threat that influence operations pose to our democracy. It should implement similar principles to those in the Department of Homeland Security’s Strategy for Countering Violent Extremism, with a focus on truly understanding the threat and developing ways to shut it down.

That much I can agree with him on.

But it has no business appearing in an op-ed that suggests bipartisan criticism of the Nunes Memo stunt amounts to Russia winning — which flips reality on its head.

Unfortunately, over the last year, the United States has demonstrated a lack of resilience to this infection. The current highly charged political environment is making it easier for the Russians to achieve their goal. The hyperbolic debate over the release of the FISA memos by the House Intelligence Committee further helps the Russians achieve their aim. Most recently, Russian social-media efforts used computational propaganda to influence public perceptions of this issue, and we found ourselves once again divided among party lines.

When the public loses trust in the press, the Russians are winning. When the press is hyper-critical of Congress for executing oversight and providing transparency on the actions taken by the leaders of our law-enforcement agencies, the Russians are winning. When Congress and the general public disagree simply along party lines, the Russians are winning. When there is friction between Congress and the executive branch resulting in the further erosion of trust in our democratic institutions, the Russians are winning.

Let’s unpack this passage closely.

First, note how Hurd refers to “the last year” during which the US demonstrated a lack of resilience to Russian disinformation? Hurd is pretending that that lack of resilience doesn’t extend to 2016, when in fact at least the social media companies started to respond to Russian election year events last year.

He then calls the debate over the release of the memo — not propaganda seeded by Republicans claiming the Nunes memo revealed something “worse than Watergate” — hyperbolic.

Hurd then makes the same mistake everyone always makes with the Fucking Gizmo™, the Hamilton Dashboard that tracks right wing propaganda and — because it moves in tandem with official Russian propaganda outlets — deems it Russian, not American.

Then Hurd rebrands Nunes’ stunt as the press being “hyper-critical of Congress for executing oversight and providing transparency on the actions taken by the leaders of our law-enforcement agencies.” As I’ve noted before, it’s particularly rich for people who voted against the Amash-Lofgren amendment to the FISA 702 reauthorization to claim they support transparency, as that amendment would have provided just that. But it’s also pathetic that Hurd would claim either the Nunes or Schiff memos are about transparency or oversight. It’d be awesome if HPSCI decided to hold a hearing on the use of consultants and informants in FISA applications and elsewhere in law enforcement. The Nunes stunt only brought a concern about that to a white politically connect white guy, not the people who really would benefit from actual oversight.

And more importantly, the Nunes memo (which GOPers admitted made a false claim about whether FISC got notice about the political nature of the Steele dossier), especially, was about obfuscation, not transparency.

Will Hurd was on the wrong side of adult behavior when he voted in favor of the Nunes memo. He seems to be trying to spin his vote as something it wasn’t.

He’d do well if, instead, he tried to make up for it.

Asha Rangappa Demands Progressive Left Drop Bad Faith Beliefs in Op-Ed Riddled with Errors Demonstrating [FBI’s] Bad Faith

It’s my fault, apparently, that surveillance booster Devin Nunes attacked the FBI this week as part of a ploy to help Donald Trump quash the investigation into Russian involvement in his election victory. That, at least, is the claim offered by the normally rigorous Asha Rangappa in a NYT op-ed.

It’s progressive left privacy defenders like me who are to blame for Nunes’ hoax, according to Rangappa, because — she claims — “the progressive narrative” assumes the people who participate in the FISA process, people like her and her former colleagues at the FBI and the FISA judges, operate in bad faith.

But those on the left denouncing its release should realize that it was progressive and privacy advocates over the past several decades who laid the groundwork for the Nunes memo — not Republicans. That’s because the progressive narrative has focused on an assumption of bad faith on the part of the people who participate in the FISA process, not the process itself.

And then, Ragappa proceeds to roll out a bad faith “narrative” chock full of egregious errors that might lead informed readers to suspect FBI Agents operate in bad faith, drawing conclusions without doing even the most basic investigation to test her pre-conceived narrative.

Rangappa betrays from the very start that she doesn’t know the least bit about what she’s talking about. Throughout, for example, she assumes there’s a partisan split on surveillance skepticism: the progressive left fighting excessive surveillance, and a monolithic Republican party that, up until Devin Nunes’ stunt, “has never meaningfully objected” to FISA until now. As others noted to Rangappa on Twitter, the authoritarian right has objected to FISA from the start, even in the period Rangappa used what she claims was a well-ordered FISA process. That’s when Republican lawyer David Addington was boasting about using terrorist attacks as an excuse to end or bypass the regime. “We’re one bomb away from getting rid of that obnoxious [FISA] court.”

I’m more peeved, however, that Rangappa is utterly unaware that for over a decade, the libertarian right and the progressive left she demonizes have worked together to try to rein in the most dangerous kinds of surveillance. There’s even a Congressional caucus, the Fourth Amendment Caucus, where Republicans like Ted Poe, Justin Amash, and Tom Massie work with Rangappa’s loathed progressive left on reform. Amash, Mike Lee, and Rand Paul, among others, even have their name on legislative attempts to reform surveillance, partnering up with progressives like Zoe Lofgren, John Conyers, Patrick Leahy, and Ron Wyden. This has become an institutionalized coalition that someone with the most basic investigative skills ought to be able to discover.

Since Rangappa has not discovered that coalition, however, it is perhaps unsurprising she has absolutely no clue what the coalition has been doing.

In criticizing the FISA process, the left has not focused so much on fixing procedural loopholes that officials in the executive branch might exploit to maximize their legal authority. Progressives are not asking courts to raise the probable cause standard, or petitioning Congress to add more reporting requirements for the F.B.I.

Again, there are easily discoverable bills and even some laws that show the fruits of progressive left and libertarian right efforts to do just these things. In 2008, the Democrats mandated a multi-agency Inspector General on Addington’s attempt to blow up FISA, the Stellar Wind program. Progressive Pat Leahy has repeatedly mandated other Inspector General reports, which forced the disclosure of FBI’s abusive exigent letter program and that FBI flouted legal mandates regarding Section 215 for seven years (among other things). In 2011, Ron Wyden started his thus far unsuccessful attempt to require the government to disclose how many Americans are affected by Section 702. In 2013, progressive left and libertarian right Senators on the Senate Judiciary Committee tried to get the Intelligence Community Inspector General to review how the multiple parts of the government’s surveillance fit together, to no avail.

Rangappa’s apparent ignorance of this legislative history is all the more remarkable regarding the last several surveillance fights in Congress, USA Freedom Act and this year’s FISA Amendments Act reauthorization (the latter of which she has written repeatedly on). In both fights, the bipartisan privacy coalition fought for — but failed — to force the FBI to comply with the same kind of reporting requirements that the bill imposed on the NSA and CIA, the kind of reporting requirements Rangappa wishes the progressive left would demand. When a left-right coalition in the House Judiciary Committee tried again this year, the FBI stopped negotiating with HJC’s staffers, and instead negotiated exclusively with Devin Nunes and staffers from HPSCI.

With USAF, however, the privacy coalition did succeed in a few reforms (including those reporting requirements for NSA and CIA). Significantly, USAF included language requiring the FISA Court to either include an amicus for issues that present “a novel or significant interpretation of the law,” or explain why it did not. That’s a provision that attempts to fix the “procedural loophole” of having no adversary in the secret court, though it’s a provision of law the current presiding FISC judge, Rosemary Collyer, blew off in last year’s 702 reauthorization. (Note, as I’ve said repeatedly, I don’t think Collyer’s scofflaw behavior is representative of what FISC judges normally do, and so would not argue her disdain for the law feeds a “progressive narrative” that all people involved in the FISA process operated in bad faith.)

Another thing the progressive left and libertarian right won in USAF is new reporting requirements on FISA-related approvals for FISC, to parallel those DOJ must provide. Which brings me to Rangappa’s most hilarious error in an error-ridden piece (it’s an error made by multiple civil libertarians earlier in the week, which I corrected on Twitter, but Rangappa appears to mute me so wouldn’t have seen it).

To defend her claim that the FISC judge who approved the surveillance of Carter Page was operating, if anything, with more rigor than in past years, Rangappa points to EPIC’s tracker of FISA approvals and declares that the 2016 court rejected the highest number of applications in history.

We don’t know whether the memo’s allegations of abuse can be verified. It’s worth noting, however, that Barack Obama’s final year in office saw the highest number of rejected and modified FISA applications in history. This suggests that FISA applications in 2016 received more scrutiny than ever before.

Here’s why this is a belly-laughing error. As noted, USAF required the FISA Court, for the first time, to release its own record of approving applications. It released a partial report (for the period following passage of USAF) covering 2015, and its first full report for 2016. The FISC uses a dramatically different (and more useful) counting method than DOJ, because it counts what happens to any application submitted in preliminary form, whereas DOJ only counts applications submitted in final form. Here’s how the numbers for 2016 compare.

Rangappa relies on EPIC’s count, which for 2016 not only includes an error in the granted number, but adopts the AOUSC counting method just for 2016, making the methodology of its report invalid (it does have a footnote that explains the new AOUSC numbers, but not why it chose to use that number rather than the DOJ one or at least show both).

Using the only valid methodology for comparison with past years, DOJ’s intentionally misleading number, FISC rejected zero applications, which is consistent or worse than other years.

It’s not the error that’s the most amusing part, though. It’s that, to make the FISC look good, she relies on data made available, in significant part, via the efforts of a bipartisan coalition that she claims consists exclusively of lefties doing nothing but demonizing the FISA process.

If anyone has permitted a pre-existing narrative to get in the way of understanding the reality of how FISA currently functions, it’s Rangappa, not her invented progressive left.

Let me be clear. In spite of Rangappa’s invocation (both in the body of her piece and in her biography) of her membership in the FBI tribe, I don’t take her adherence to her chosen narrative in defiance of facts that she made little effort to actually learn to be representative of all FBI Agents (which is why I bracketed FBI in my title). That would be unfair to a lot of really hard-working Agents. But I can think of a goodly number of cases, some quite important, where that has happened, where Agents chased a certain set of leads more vigorously because they fit their preconceptions about who might be a culprit.

That is precisely what has happened here. A culprit, Devin Nunes — the same guy who helped the FBI dodge reporting requirements Rangappa thinks the progressive left should but is not demanding — demonized the FISA process by obscuring what really happens. And rather than holding that culprit responsible, Rangappa has invented some other bad guy to blame. All while complaining that people ever criticize her FBI tribe.

Steve King Just Voted to Subject Americans to “Worse than Watergate”

Devin Nunes has launched the next installment of his effort to undercut the Mueller investigation, a “Top Secret” four page report based on his staffers’ review of all the investigative files they got to see back on January 5. He then showed it to a bunch of hack Republicans, who ran to the right wing press to give alarmist quotes about the report (few, if any, have seen the underlying FBI materials).

Mark Meadows (who recently called for Jeff Sessions’ firing as part of this obstruction effort) said, “Part of me wishes that I didn’t read it because I don’t want to believe that those kinds of things could be happening in this country that I call home and love so much.”

Matt Gaetz (who strategized with Trump on how to undercut the Mueller investigation on a recent flight on Air Force One) said, “The facts contained in this memo are jaw-dropping and demand full transparency. There is no higher priority than the release of this information to preserve our democracy.”

Ron DeSantis (who joined Gaetz in that Air Force One strategy session with Trump and also benefitted directly from documents stolen by the Russians) said it was “deeply troubling and raises serious questions about the [the people in the] upper echelon of the Obama DOJ and Comey FBI,” who of course largely remain in place in the Sessions DOJ and Wray FBI.

Steve King claimed what he saw was, “worse than Watergate.” “Is this happening in America or is this the KGB?” Scott Perry said. Jim Jordan (who joined in Meadows’ effort to fire Sessions) said, “It is so alarming.” Lee Zeldin said the FBI, in using FISA orders against Russians and facilities used by suspected agents of Russia was relying “on bad sources & methods.”

It all makes for very good theater. But not a single one of these alarmists voted the way you’d expect on last week’s 702 reauthorization votes if they were really gravely concerned about the power of the FBI to spy on Americans.

Indeed, Gaetz, DeSantis, and King — three of those squawking the loudest — voted to give the same FBI they’re claiming is rife with abuse more power to spy on Americans, including political dissidents. Nunes, who wrote this alarming report, also wrote the bill to expand the power of the FBI he’s now pretending is badly abusive.

Even those who voted in favor of the Amash-Lofgren amendment and against final reauthorization — Meadows, Jordan, and Perry, among some of those engaging in this political stunt — voted against the Democratic motion to recommit, which would have at least bought more time and minimally improved the underlying bill (Justin Amash and Tom Massie, both real libertarians, voted with Democrats on the motion to recommit). Zeldin was among those who flipped his vote, backing the bill that will give the FBI more power after making a show of supporting Amash’s far better bill.

In short, not a single one of these men screaming about abuse at the FBI did everything they could do to prevent the FBI from getting more power.

Which — if you didn’t already need proof — shows what a hack stunt this is.

Incidental Collection Under Section 702 Has Probably Contributed to Trump’s Downfall, Too

As you’ve no doubt heard, the House passed the bad reauthorization to Section 702 yesterday. The Senate will vote on cloture on Tuesday — though both Rand Paul and Ron Wyden have threatened to filibuster it — and will almost certainly be voted into law after that.

I’ll have comment later on the rising costs, for politicians, for mindlessly reauthorizing these bills in a follow-up post.

Paul Ryan told President Trump Section 702 hasn’t affected his people

But for the moment, I want to comment on the debate that took place in response to Trump’s two tweets. The first tweet, which was clearly a response to a Judge Napolitano piece on Fox News yesterday morning, complaining about FISA.

Then, after a half hour lesson from Paul Ryan on the different FISA regimes (note, for some reason Devin Nunes was conspicuously absent from much of this process yesterday, both the coddling of the President and managing debate on the bill), a follow-up tweet hailing Section 702’s utility for “foreign surveillance of foreign bad guys on foreign land.”

In response to those tweets, many commenters stated, as a matter of fact, that Trump hasn’t been impacted by Section 702, that only traditional FISA intercepts drove key developments in the Russian investigation.

That’s unlikely to be true, and I suspect we already have evidence that that’s not the case.

It is true that incidental collection on a Title I got Mike Flynn in trouble

To defend the case that incidental collection off a traditional FISA order has impacted Trump’s administration, people point to the December 29, 2016 intercepts of communications between Sergey Kislyak and Mike Flynn which were cited in Flynn’s guilty plea. It is true that those intercepts were done under a traditional FISA order. Admiral Mike Rogers as much as confirmed that last March in his efforts to explain basic FISA law to the House Intelligence Committee Republicans who are supposed to oversee it.

Rogers: FISA collection on targets in the United States has nothing to do with 702, I just want to make sure we’re not confusing the two things here. 702 is collection overseas against non US persons.

And Speaker Ryan, fresh off his efforts to teach the President basic surveillance law, yesterday clarified — inaccurately — that,

Title 1 of the FISA law is what you see in the news that applies to U.S. citizens. That’s not what we’re talking about here. This is Title 7, Section 702. This is about foreign terrorists on foreign soil.

Whatever the facts about FISA orders targeting Carter Page and Paul Manafort, the intercepts that have done the most known damage to the Trump Administration so far targeted a foreigner on US soil, Sergey Kislyak, and Flynn just got picked up incidentally.

Papadopoulos’ affidavit and statement of offense make different claims about his false claims and obstruction

But as I said, I suspect it is highly likely the Trump Administration has also been brought down by an American being caught up incidentally in a Section 702 tasking. That’s because of several details pertaining to the George Papadopoulos plea which I nodded to here; they strongly suggest that Papadopoulos’ Facebook communications with Joseph Mifsud were first obtained by the FBI via Section 702, and only subsequently parallel constructed using a warrant. It’s further likely that the FBI obtained a preservation order on Papadopoulos’ Facebook account before he deleted it because of what they saw via Section 702. [Update: KC has alerted me that they may not have gotten a preservation order, but instead were able to access the Facebook account because that content doesn’t all go away when you deactivate an account, which is what the October 5 document describes as happening.]

Compare the two descriptions of how Papadopoulos obstructed justice. The July 28, 2017 affidavit supporting Papadopoulos’ arrest describes Papadopoulos destroying his Facebook account to hide conversations he had with Timofeev.

The next day, on or about February 17, 2017, however, GEORGE PAPADOPOULOS, the defendant, shut down his Facebook account, which he had maintained since approximately August 2005. Shortly after he shut down his account, PAPADOPOULOS created a new Facebook account.

The Facebook account that PAPADOPOULOS shut down the day after his interview with the FBI contained information about communications he had with Russian nationals and other foreign contacts during the Campaign, including communications that contradicted his statements to the FBI. More specifically, the following communications, among others, were contained in that Facebook account, which the FBI obtained through a judicially authorized search warrant.

The affidavit makes it clear that Papadopoulos attempted to hide “his interactions during the Campaign with foreign contacts, including Russian nationals.” The descriptions of the communications that Papadopoulos attempted to hide are described as “a Facebook account identified with Foreign Contact 2,” Timofeev.

The FBI recorded both interviews, suggesting they already by January 27 they had reason to worry that Papadopoulos might not tell the truth.

The October 5 statement of the offense describes one of Papadopoulos’ false statements this way:

PAPADOPOULOS failed to inform investigators that the Professor had introduced him to the Russian MFA Connection [Timofeev], despite being asked if he had met with Russian nationals or “[a]nyone with a Russian accent” during the Campaign. Indeed, while defendant PAPADOPOULOS told the FBI that he was involved in meetings and did “shuttle diplomacy” with officials from several other countries during the Campaign, he omitted the entire course of conduct with the Professor and the Russian MFA Connection regarding his efforts to establish meetings between the Campaign and Russian government officials.

And it describes his obstruction this way:

The next day, on or about February 17, 2017, defendant PAPADOPOULOS deactivated his Facebook account, which he had maintained since approximately August 2005 and which contained information about communications he had with the Professor and the Russian MFA Connection. Shortly after he deactivated his account, PAPADOPOULOS created a new Facebook account that did not contain the communications with the Professor and the Russian MFA Connection.

On or about February 23, 2017, defendant PAPADOPOULOS ceased using his cell phone number and began using a new number.

In neither document does FBI mention having the content of Papadopoulos’ April 2016 Skype calls with Timofeev and neither one cites data — such as texts — that might have been on his cell phone.

What FBI (probably) learned when

While we can’t be sure — after all, the government may simply be withholding more information from other suspects — the differences between the two legal filings and other public information suggest the following evolution in what the government knew of Papadopoulous’ communications with his interlocutors when. Most importantly, the FBI had learned of Papadopoulos’ communications with Joseph Mifsud and Olga Vinogradova before his two interviews, but they had not learned of his communications with Ivan Timofeev.

Late July 2016

In a drunken conversation in May 2016, Papadopoulos told the Australian Ambassador Alexander Downer that he had been told (by Joseph Mifsud, but it’s not clear Papadopoulos would have revealed that) the Russians had dirt on Hillary in the form of emails.

Before January 27, 2017

  • Papadopoulos might lie and so should be recorded
  • Papadopoulos had interesting communications with Joseph Mifsud and Olga Vinogradova
  • Since Timofeev did not come up in the interview, FBI appears not to have learned of those conversations yet

Before February 16, 2017

  • Papadopoulos’ Facebook was interesting enough to sustain a preservation request but (because FBI still didn’t know about Timofeev) FBI had not yet accessed its content via Papadopoulos [Though see update above]
  • FBI had not yet accessed Skype, which would have shown call records between Timofeev and Papadopoulos
  • FBI did not have a warrant on Papadopoulos’ phone and never obtained one before February 23

By July 28, 2017

  • FBI had obtained a warrant for Papadopoulos’ email
  • FBI had read the Facebook content Papadopoulos tried to delete, discovering the communications (and the relationship) with Timofeev
  • FBI had identified the Skype conversations that had taken place, but not in time to collect them using 702

By October 5, 2017

  • FBI had obtained far more email from the campaign side
  • FBI had discovered that, in addition to destroying his Facebook account, Papadopoulos had also gotten a new phone number (and, I suspect, a new phone), thereby destroying any stored texts on the phone

FBI probably tracked Papadopoulos’ Facebook communications with Mifsud before February 16

Again, this is just a guess, but given the evolution of FBI’s understanding about Papadopoulos laid out above, it seems highly likely that FBI had obtained some (but not all) of Mifsud’s communications before February 16, had submitted preservation requests to Papadopoulos’ providers, but had not yet obtained any legal process for content via Papadopoulos. Given that Papadopoulos’ Facebook content was preserved even in spite of his effort to destroy it, it seems clear the government had reason to know its content was of interest, but it did not yet know about his Facebook communications with Timofeev. This is how FBI routinely launders Section 702 information through criminal process, by getting a warrant for the very same content available at PRISM providers that they already obtained via PRISM. They key detail is that they appear to have known about the content of some but not all of Papadopoulos’ Facebook messages in time to preserve the account before February 16.

This strongly suggests the FBI had obtained Mifsud’s Facebook content, but not Papadopoulos’.

Once FBI opened a full investigation into the Russian ties — which we know they did in late July, in part because of that Papadopoulos conversation about the Mifsud comments — it could task and obtain a raw feed of any known PRISM account for any foreigner overseas associated with that investigation. Once it identified Mifsud as Papadopoulos’ interlocutor — and they would have been able to identify their common relationship from their common front organization, the London Centre of International Law Practice — they would have tasked Mifsud on any identifier they could collect.

And collecting on Facebook would be child’s play — just ask nicely. So it would be shocking if they hadn’t done it as soon as they identified that Mifsud was Papadopoulos’ interlocutor and that he had a Facebook account.

Incidental collection under 702 may have led to the preservation of evidence about the Timofeev relationship Papadopoulos tried to destroy

If all this is right — and it is admittedly just a string of well-educated guesses — then it means FBI’s ability to incidentally collect on Papapdopoulos by targeting Mifsud may have been what led them to take action to preserve Papadopoulos’ Facebook content, and with it evidence of ongoing communications with Timofeev that he had tried to hide.

And the fact that he did try to hide it is what led to Mueller flipping his first cooperating witness.

So if all this is right, then incidental collection on Papadopoulos under Section 702 may be every bit as central to Trump’s legal jeopardy right now as the incidental collection on Flynn under Title I. They’re both critical pieces in proving any hypothetical case that Trump traded policy considerations for the release of Hillary emails.

This is how Section 702 is supposed to work, and could be done under USA Rights

Let me be clear: I’m not saying the discovery of Papadopoulos’ Facebook communications with Mifsud and through them his Facebook communications with Timofeev is an abuse. On the contrary, this is how 702 is supposed to work.

If we’re going to have this program, it should be used to target suspect agents of a foreign power located overseas, as Mifsud clearly was. If he was targeted under 702, he was targeted appropriately.

But there is no reason to believe doing so required any of the more abusive uses of 702 that USA Rights would limit. Unless Mifsud was already tasked at FBI when they opened the investigation in July 2016, there’s no reason to believe this account could have been found off of a back door search at FBI. Mifsud may have been tasked at NSA or even CIA, but if he was, searching on Papadopoulos because the government suspected he was being recruited by a foreign power would fall under known justifications for back door searches at those foreign intelligence agencies (especially at CIA).

USA Rights would permit the use of this 702 information to support the criminal case against Papadopoulos, because it’s clearly a case of foreign government spying.

And no use of the Tor exception would be implicated with this search.

In other words, Section 702 as Ron Wyden and Rand Paul and Justin Amash and Zoe Lofgren would have it would still permit the use of Section 702 as a tool to — ultimately — lead FBI to figure out that Papadopoulos was hiding his contacts with Ivan Timofeev.

As it turns out, the kinds of people Trump’s foreign policy advisor George Papadopoulos was chatting up on Facebook — Joseph Mifsud and Ivan Timofeev — are precisely the kind of people the FBI considers “foreign bad guys on foreign land” for the purposes of Section 702, meaning the Bureau could get their Facebook account quite easily.

And the incidental collection of Americans of such conversations can be — may well have been — as dangerous to Donald Trump as the incidental collection of Americans under Title I.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

What HPSCI Wants to Protect in 702: Back Doors, the Tor Exception, and a Dysfunctional FISC

The House is revving up to vote on 702 reauthorization, offering either the shitty bill drafted by Devin Nunes, Adam Schiff, and Devin Nunes or the Amash amendment (which is the Wyden-Paul USA Rights bill). As I noted in a piece at The New Republic,

Congress is, in an apparently serious attempt at surveillance reform, about to make it easier for the FBI to spy on those whom it has zero evidence of wrongdoing than those whom it has probable cause to suspect of illegal behavior. This bill would protect a very small subset of suspected criminals—perhaps just one a year, based on reporting from 2016. But it would do nothing to prevent the FBI from reading the communications of any innocent American who is named in a tip.

HPSCI has come out with a one pager making shite up about USA Rights. And I’m interested in three things HPSCI prioritizes:

  • Ensuring that NSA can order companies to bypass encryption
  • Sustaining the Tor domestic spying exception
  • Coddling the dysfunction of the FISA Court

Ensuring that NSA can order companies to bypass encryption

The HPSCI flyer complains that USA Rights,

Significantly limit[s] the Government’s ability to obtain Section 702 information on foreign terrorists by unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers;

At issue is language in USA Rights that limits government requests for technical assistance to things that are necessary, narrowly tailored, and would not pose an undue burden.

(B) LIMITATIONS.—The Attorney General or the Director of National Intelligence may not request assistance from an electronic communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the assistance sought—

(i) is necessary;

(ii) is narrowly tailored to the surveillance at issue; and

(iii) would not pose an undue burden on the electronic communication service provider or its customers who are not an intended target of the surveillance.

It is clear this is Wyden’s effort to prohibit the government from using individual directives (which are not reviewed by the FISA Court) to back door or circumvent a company’s encryption. While the government says it has not yet asked the FISC to force companies to do this (which is different from saying they haven’t asked and gotten companies to willingly do so), it has dodged whether it has asked companies to circumvent their own encryption.

So basically, one of the big things HPSCI thinks is wrong with USA Rights is that it won’t let NSA back door your phone.

Sustaining the Tor domestic spying exception

The HPSCI flyer claims that USA Rights,

Mandat[es] a flat prohibition on the use of Section 702 information in prosecuting dangerous criminals, including murderers and child abusers;

That flips reality on its head. What HPSCI is trying to protect, here, is its carve-out permitting the use of 702 information for anything that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)


Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

As I have noted, the carve out, taken in conjunction with the 2014 exception letting the NSA collect on location obscuring servers (like VPNs and Tor) used by Americans, effectively makes 702 a domestic spying bill (on top of permitting its use for anything else Jeff Sessions claims is related to national security).

In other words, HPSCI doesn’t so much want 702 to spy on the terrorists, spies, and proliferators included in USA Rights: it wants to spy domestically.

Coddling the dysfunction of the FISA Court

Finally, the HPSCI flyer complains that USA Freedom,

Subvert[s] the authority and expediency of the Foreign Intelligence Surveillance Court by requiring an amicus review during every Section 702 authorization; and

This is a complaint about a number of common sense measures that make the FISA Court more credible, most notably requiring each 702 authorization to include an amicus review. The bill also includes measures to make the amicus review more robust, like enough advance involvement to be useful.

For a body of Congress to guard “the authority and expediency” of the FISC — especially in the wake of last year’s debacle of a ruling from Rosemary Collyer, who stubbornly refused to follow the law and either appoint an amicus or explain why she chose not to do so, is an outright abdication of congressional authority.

The FISC just defied Congressional intent as reflected in USA Freedom Act. USA Rights would make it harder for the FISC to continue to do so. And HPSCI’s response to that is to whimper that Congress is “subverting the authority” of another branch by demanding that it follow the law?

Update: DemandProgress did a fact check of this flyer that’s quite good.

Marco Rubio Explains the Dragnet

SIGINT and 215A penny dropped for me, earlier this week, when Marco Rubio revealed that authorities are asking “a large number of companies” for “phone records.” Then, yesterday, he made it clear that these companies don’t fall under FCC’s definition of “phone” companies, because they’re not subject to that regulator’s 18 month retention requirement.

His comments clear up a few things that have been uncertain since February 2014, when some credulous reporters started reporting that the Section 215 phone dragnet — though they didn’t know enough to call it that — got only 20 to 30% of “all US calls.”

The claim came not long after Judge Richard Leon had declared the 215 phone dragnet to be unconstitutional. It also came just as the President’s Review Group (scoped to include all of the government’s surveillance) and PCLOB (scoped to include only the 215 phone dragnet) were recommending the government come up with a better approach to the phone dragnet.

The report clearly did several things. First, it provided a way for the government to try to undermine the standing claim of other plaintiffs challenging the phone dragnet, by leaving the possibility their records were among the claimed 70% that was not collected. It gave a public excuse the Intelligence Community could use to explain why PRG and PCLOB showed the dragnet to be mostly useless. And it laid the ground work to use “reform” to fix the problems that had, at least since 2009, made the phone dragnet largely useless.

It did not, however, admit the truth about what the 215 phone dragnet really was: just a small part of the far vaster dragnet. The dragnet as a whole aspires to capture a complete record of communications and other metadata indicating relationships (with a focus on locales of concern) that would, in turn, offer the ability to visualize the networks of the world, and not just for terrorism. At first, when the Bush Administration moved the Internet (in 2004) and phone (in 2006) dragnets under FISC authority, NSA ignored FISC’s more stringent rules and instead treated all the data with much more lax EO 12333 rules(see this post for some historical background). When FISC forced the NSA to start following the rules in 2009, however, it meant NSA could no longer do as much with the data collected in the US. So from that point forward, it became even more of a gap-filler than it had been, offering a thinner network map of the US, one the NSA could not subject to as many kinds of analysis. As part of the reforms imposed in 2009, NSA had to start tracking where it got any piece of data and what authority’s rules it had to follow; in response, NSA trained analysts to try to use EO 12333 collected data for their queries, so as to apply the more permissive rules.

That, by itself, makes it clear that EO 12333 and Section 215 (and PRTT) data was significantly redundant. For every international phone call (or at least those to countries of terrorism interest, as the PATRIOT authorities were supposed to be restricted to terrorism and Iran), there might be two or more copies of any given phone call, one collected from a provider domestically, and one collected via a range of means overseas (in fact, the phone dragnet orders make it clear the same providers were also providing international collection not subject to 215).  If you don’t believe me on this point, Mike Lee spelled it out last week. Not only might NSA get additional data with the international call — such as location data — but it could subject that data to more interesting analysis, such as co-location. Thus, once the distinction between EO 12333 and PATRIOT data became formalized in 2009 (years after it should have been) the PATRIOT data served primarily to get a thinner network map of the data they could only collect domestically.

Because the government didn’t want to admit they had a dragnet, they never tried to legislate fixes for it such that it would be more comprehensive in terms of reach or more permissive in terms of analysis.

So that’s a big part of why four beat journalists got that leak in February 2014, at virtually the same time President Obama decided to replace the 215 phone dragnet with something else.

The problem was, the government never admitted the extent of what they wanted to do with the dragnet. It wasn’t just telephony-carried voice calls they wanted to map, it was all communications a person might make from their phone, which increasingly means a smart phone. It wasn’t just call-chaining they wanted to do, it was connection chaining, linking identities, potentially using far more intrusive technological analysis.

Some of that was clear with the initial IC effort at “reform.” Significantly, it didn’t ask for Call Detail Records, understood to include either phone or Internet or both, but instead “records created as a result of communications of an individual or facility.” That language would have permitted the government to get backbone providers to collect all addressing records, regardless if it counted as content. The bill also permitted the use of such tools for all purposes, not just counterterrorism. In effect, this bill would have completed the dragnet, permitting the IC to conduct EO 12333 collection and analysis on records collected in the US, for any “intelligence” purpose.

But there was enough support for real reform, demonstrated most vividly in the votes on Amash-Conyers in July 2013, that whatever got passed had to look like real reform, so that effort was killed.

So we got the USA F-ReDux model, swapping more targeted collection (of communications, but not other kinds of records, which can still be collected in bulk) for the ability to require providers to hand over the data in usable form. This meant the government could get what it wanted, but it might have to work really hard to do so, as the communications provider market is so fragmented.

The GOP recognized, at least in the weeks before the passage of the bill, that this would be the case. I believe that Richard Burr’s claimed “mistake” in claiming there was an Internet dragnet was instead an effort to create legislative intent supporting an Internet dragnet. After that failed, Burr introduced a last minute bill using John Bates’ Dialing, Routing, Addressing, and Signaling language, meaning it would enable the government to bulk collect packet communications off switches again, along with EO 12333 minimization rules. That failed (in part because of Mitch McConnell’s parliamentary screw ups).

But now the IC is left with a law that does what it said it wanted (plus some, as it definitely gets non-telephony “phone” “calls”), rather than one that does what it wanted, which was to re-establish the full dragnet it had in the US at various times in the past.

I would expect they won’t stop trying for the latter, though.

Indeed, I suspect that’s the real reason Marco Rubio has been permitted to keep complaining about the dragnet’s shortcomings.

While They’re Replacing John Boehner, the GOP Should Replace Devin Nunes, Too

In a profile in Politico, Justin Amash* makes the case that the Freedom Caucus’ rebellion against John Boehner isn’t so much about ideology, it is about process.

Republican leaders see Freedom Caucus members as a bunch of bomb-throwing ideologues with little interest in finding solutions that can pass a divided government.

But that’s a false reading of the group, Amash told his constituents. Their mission isn’t to drag Republican leadership to the right, though many of them would certainly favor more conservative outcomes. It’s simply to force them to follow the institution’s procedures, Amash argued.

That means allowing legislation and amendments to flow through committees in a deliberative way, and giving individual members a chance to offer amendments and to have their ideas voted on on the House floor. Instead of waiting until right before the latest legislative crisis erupts, then twisting members’ arms for votes, they argue, leadership must empower the rank and file on the front end and let the process work its will.

“In some cases, conservative outcomes will succeed. In other cases, liberal outcomes will succeed. And that’s OK,” said Amash, who was reelected overwhelmingly last year after the U.S. Chamber of Commerce backed his Republican primary rival. “We can have a House where different coalitions get together on different bills and pass legislation. And then we present that to the Senate and we present it to the White House.

The truth lies somewhere in-between. After all, 8 of the 21 questions the FC posed to potential Speaker candidates are ideological in nature, hitting on the following issues:

  • Obamacare
  • Budget and appropriation resolution reform
  • Ex-Im bank
  • Highway Trust Fund
  • Impeaching the IRS Commissioner
  • First Amendment Defense Act

Admittedly, even some of those — the financial ones — are procedural, but there are some key ideological litmus tests there.

Of the remaining 21 questions, 3 pertain to use of NRCC resources, 4 pertain to conference make-up, and 6 have to do with process. In other words, this block of members wants to end the systematic exclusion of their members from leadership and other positions and the systematic suppression of legislation that might win a majority vote without leadership sanction.

And while I certainly recognize that some of these process reforms — again, especially the financial ones — would likely lead to more hostage taking, I also think such reforms would also make (as one example) stupid wars and surveillance less likely, because a transpartisan majority of the House opposes many such things while GOP leadership does not (Nancy Pelosi generally opposes stupid surveillance and wars but also usually, though not always, does the bidding of the President).

The Yoder-Polis Act, an ECPA reform bill supported by 300 co-sponsors, is an example of worthy legislation that has long been held up because of leadership opposition.

While making the case for reform, though, I’d like to make the suggestion for another: to boot Devin Nunes, the current Chair of the House Intelligence Committee. According to the House Republican rules, the only positions picked by the Speaker are Select Committee Chairs, which would include Nunes and Benghazi Committee Chair Trey Gowdy (the latter of whom seems to be taken care of with Republican after Republican now admitting the committee is just a hack job, though if the FC wants to call for Richard Hanna to take over as Chair to shut down this government waste, I’d be cool with that too).

But with Boehner on his way out, it seems fair to suggest that Nunes should go too. While Nunes was actually better on Benghazi than his predecessor (raising questions about the CIA’s involvement in gun-running), he has otherwise been a typical rubber stamp for the intelligence community, rushing to pass info-sharing with Department of Energy even while commenting on their shitty security practices, and pitching partisan briefings to give the IC one more opportunity to explain why the phone dragnet was more useful than all the independent reviews say it was.

The Intelligence Community has lost credibility since 9/11, and having a series of rubber stamp oversight Chairs (excepting Silvestre Reyes, who was actually reasonably good) has only exacerbated that credibility problem. So why not call for the appointment of someone like former state judge Ted Poe, who has experience with intelligence related issues on both the Judiciary and Foreign Relations Committees, but who has also been a staunch defender of the Constitution.

Hostage taking aside, I’m sympathetic to the argument that the House should adopt more inclusive rules, in part because it would undercut the problems of a two party duopoly serving DC conventional wisdom.

But no place in Congress needs to be reformed more than our intelligence oversight. And while picking a more independent Chair won’t revamp the legal structure of intelligence oversight, it might initiate a process of bringing more rigorous oversight to our nation’s intelligence agencies.

Of course, who am I kidding?!?! It’s not even clear that the GOP will succeed in finding a palatable Speaker candidate before Boehner retires. Throwing HPSCI Chair into the mix would likely be too much to ask. Nevertheless, as we discuss change and process, HPSCI is definitely one area where we could improve process to benefit the country.

*Amash is my congressperson, but I have not spoken to him or anyone else associated with him for this post and don’t even know if he’d support this suggestion.

Some Thoughts on USA F-ReDux

There’s a funny line in the House Judiciary Committee’s report on USA F-ReDux. Amid the discussion of the new Call Detail Record function, it explains the government will be doing CDR chaining on “metadata it already lawfully possesses,” even as providers will be chaining on metadata in their possession.

In addition, the government can use the FISC-approved specific selection term to identify CDRs from metadata it already lawfully possesses.

The line should not be surprising. As I reported in 2013, the NSA does what are called “federated” queries, metadata chaining across data collected from a variety of sources. This line, then, simply acknowledges that the government will continue to conduct what amounts to federated queries even under the new system.

But the line ought to raise the question, “where does this lawfully possessed data come from?”

The data almost certainly comes from at least 3 sources: metadata taken from PRISM collection in databases that get copied wholesale (so Internet metadata within a hop of a foreign target), records of international phone calls, and records from Internet data collected overseas.

The latter two, of course, would be collected in bulk.

So within the report on a bill many claim ends bulk collection of American’s phone records is tacit admission that the bulk collection continues (not to mention that the government has broad access to data collected under PRISM).

After yesterday’s 338 – 88 vote in the House in favor of USA F-ReDux, a number of people asked me to explain my view on the bill.

First, the good news. As I noted, while the language on CDR chaining in the actual bill is muddled, the House report includes language that would prohibit most of the egregious provider-based chaining I can imagine. So long as nothing counters that, one of my big concerns dating back to last year has been addressed.

I also opposed USAF last fall because I expected the Second Circuit would weigh in in a way that was far more constructive than that bill, and I didn’t want a crappy bill to moot the Second Circuit. While there are many things that might yet negate the Second Circuit ruling (such as conflicting decisions from the DC or 9th Circuits or a reversal by SCOTUS), the Second Circuit’s decision was even more useful than I imagined.

But that’s part of why I’m particularly unhappy that Specific Selection Term has not been changed to require the government to more narrowly target its searches. Indeed, I think the bill report’s language on this is particularly flaccid.

Section 501(b)(2)(A) of FISA will continue to require the government to make ‘‘a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation….’’50 Section 103 requires the government to make an additional showing, beyond relevance, of a specific selection term as the basis for the production of the tangible things sought, thus ensuring that the government cannot collect tangible things based on the assertion that the requested collection‘‘is thus relevant, because the success of [an] investigative tool depends on bulk collection.’’ 51 Congress’ decision to leave in place the ‘‘relevance’’ standard for Section 501 orders should not be construed as Congress’ intent to ratify the FISA Court’s interpretation of that term. These changes restore meaningful limits to the‘‘relevance’’ requirement of Section 501, consistent with the opinion of the U.S. Court of Appeals for the Second Circuit in ACLU v.Clapper.

Meaningful limits on “relevant to” would be specific guidelines for the court on what is reasonable and what is not. Instead, USA F-ReDux still subjects the narrowness of an SST to a “greatest extent reasonably practicable” standard, which in the past we’ve seen amount to prioritization of the practicability of spying over privacy interests. While people can respectfully disagree on this front, I believe USA F-ReDux still permits both bulk collection of non-communications records and bulky collection of communications records (including FBI’s Internet collection). In the wake of the Second Circuit opinion, I find that especially inexcusable.

I also am not convinced USA F-ReDux is an across-the-board privacy win. I argued last year that USAF swaps a well-guarded unexploded nuclear bomb for many more exploding IEDs striking at privacy. By that, I mean that the new CDR function will probably not result in any less privacy impact, in practice (that is, assuming NSA follows its own minimization rules, which it hasn’t always), than the prior dragnet. That’s true because:

  • We have every reason to believe the CDR function covers all “calls,” whether telephony or Internet, unlike the existing dragnet. Thus, for better and worse, far more people will be exposed to chaining than under the existing dragnet. It will catch more potential terrorists, but also more innocent people. As a result, far more people will be sucked into the NSA’s maw, indefinitely, for exploitation under all its analytical functions. This raises the chances that an innocent person will get targeted as a false positive.
  • The data collected under the new CDR function will be circulated far more broadly than status quo. Existing dragnet orders limit access to the results of queries to those with special training unless one of four named individuals certifies that the query result relates to counterterrorism. But USA F-ReDux (and the current minimization procedures for Section 702 data; USA F-ReDux will likely use the PRISM infrastructure and processing) makes it clear that FBI will get access to raw query results. That almost certainly means the data will be dumped in with FBI’s PRISM and FISA data and subjected to back door searches at even the assessment level, even for investigations that have nothing to do with terrorism. As on the NSA side, this increases the risk that someone will have their lives turned upside down for what amounts to being a false positive. It also increases the number of people who, because of something in their metadata that has nothing to do with a crime, can be coerced into becoming an informant. And, of course, they’ll still never get notice that that’s where this all came from, so they will have a difficult time suing for recourse.

One other significant concern I’ve got about the existing bill — which I also had last year — is that the emergency provision serves as a loophole for Section 215 collection; if the FISC deems emergency collections illegal, the government still gets to keep — and parallel construct — the data. I find this especially concerning given how much Internet data FBI collects using this authority.

I have — as I had last year — mixed feelings about the “improvements” in it. I believe the amicus, like initial efforts to establish PCLOB, will create an initially ineffective function that might, after about 9 years, someday become effective. I believe the government will dodge the most important FISC opinion reporting, as they currently do on FOIAs. And, in spite of a real effort from those who negotiated the transparency provisions, I believe that the resulting reporting will result in so thoroughly an affirmatively misleading picture of surveillance it may well be counterproductive, especially in light of the widespread agreement the back doors searches of Section 702 data must be closed (while there are a few improvements on reporting to Congress in this year’s bill, the public reporting is even further gutted than it was last year).

And now there’s new gunk added in.

One change no one has really examined is a change extending “foreign power” status from those proliferating WMDs to those “conspiring” or “abetting” efforts to do so. I already have reasons to believe the WMD spying under (for example) PRISM is among the more constitutionally problematic. And this extends that in a way no one really understands.

Even more troublesome is the extension of Material Support maximum sentences from 15 to 20 years. Remember, under Holder v. HLP, a person can be convicted of material support for First Amendment protected activities. Thus, USA F-ReDux effectively embraces a 20 year sentence for what could be (though isn’t always) thought crimes. And no one has explained why it is necessary! I suspect this is an effort to use harsh sentences to coerce people to turn informant. If so, then this is an effort to recruit fodder for infiltrators into ISIS. But if all that’s correct, it parallels similar efforts under the Drug War to use excessive sentences to recruit informants, who — it turns out in practice — often lead to false convictions and more corruption. In other words, at a moment when there is bipartisan support for sentencing reform for non-violent crimes (for which many cases of Material Support qualify), USA F-ReDux goes in the opposite direction for terrorism, all at a time when the government claims it should be putting more emphasis on countering extremism, including diversion.

So while I see some advantages to the new regime under USA F-ReDux (ironically, one of the most important is that what surveillance the government does will be less ineffective!), I am not willing to support a bill that has so many bad things in it, even setting aside the unconstitutional surveillance it doesn’t address and refuses to count in transparency provisions. I think there need to be privacy advocates who live to fight another day (and with both ACLU and EFF withdrawing their affirmative support for the bill, we at least have litigators who can sue if and when we find the government violating the law under this new scheme — I can already identify an area of the bill that is certainly illegal).

That said, it passed with big numbers yesterday. If it passes, it passes, and a bunch of authoritarians will strut their purported support for liberty.

At this point, however, the priority needs to be on preventing the bill from getting worse (especially since a lot of bill boosters seem not to have considered at what point they would withdraw their support because the bill had gotten too corrupted). Similarly, while I’m glad bill sponsors Jim Sensenbrenner and Jerry Nadler say they won’t support any short-term extension, that may tie their own hands if what comes back is far worse than status quo.

There’s some good news there, too. The no votes on yesterday’s House vote were almost exclusively from supporters of privacy who believe the bill doesn’t go far enough, from Justin Amash to Jared Polis to Tom Massie to Donna Edwards to Ted Poe to rising star Ted Lieu and — most interestingly — Jan Schakowsky (who voted for the crappier House bill when she was on HPSCI last year). Hopefully, if and when Mitch McConnell throws in more turdballs, those who opposed the bill yesterday can whip efforts to defeat it.

Stay tuned.

The Emergency EO 12333 Fix: Section 309

In a last minute amendment to the Intelligence Authorization, the House and Senate passed a new section basically imposing minimization procedures for EO 12333 or other intelligence collection not obtained by court order. (See Section 309)

(3) Procedures.–

(A) Application.–The procedures required by paragraph (1) shall apply to any intelligence collection activity not otherwise authorized by court order (including an order or certification issued by a court established under subsection (a) or (b) of section 103 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803)), subpoena, or similar legal process that is reasonably anticipated to result in the acquisition of a covered communication to or from a United States person and shall permit the acquisition, retention, and dissemination of covered communications subject to the limitation in subparagraph (B).

(B) Limitation on retention.–A covered communication shall not be retained in excess of 5 years, unless–

(i) the communication has been affirmatively determined, in whole or in part, to constitute foreign intelligence or counterintelligence or is necessary to understand or assess foreign intelligence or counterintelligence;

(ii) the communication is reasonably believed to constitute evidence of a crime and is retained by a law enforcement agency;

(iii) the communication is enciphered or reasonably believed to have a secret meaning;

(iv) all parties to the communication are reasonably believed to be non-United States persons;

(v) retention is necessary to protect against an imminent threat to human life, in which case both the nature of the threat and
the information to be retained shall be reported to the congressional intelligence committees not later than 30 days after the
date such retention is extended under this clause;

(vi) retention is necessary for technical assurance or compliance purposes, including a court order or discovery obligation, in which case access to information retained for technical assurance or compliance purposes shall be reported to the congressional
intelligence committees on an annual basis; or

(vii) retention for a period in excess of 5 years is approved by the head of the element of the intelligence community responsible for such retention, based on a determination that retention is necessary to protect the national security of the United States, in which case the head of such element shall provide to the congressional intelligence committees a written certification describing–
(I) the reasons extended retention is necessary to protect the national security of the United States; (II) the duration for which the head of the element is authorizing retention;

(III) the particular information to be retained; and

(IV) the measures the element ofthe intelligence community is taking toprotect the privacy interests of UnitedStates persons or persons locatedinside the United States.

The language seems to be related to — but more comprehensive than — language included in the RuppRoge bill earlier this year. That, in turn, seemed to arise out of concerns raised by PCLOB that some unnamed agencies had not revised their minimization procedures in the entire life of EO 12333.

Whereas that earlier passage had required what I’ll call Reagan deadenders (since they haven’t updated their procedures since him) to come up with procedures, this section effectively imposes minimization procedures similar to, though not identical, to what the NSA uses: 5 year retention except for a number of reporting requirements to Congress.

I suspect these are an improvement over whatever the deadenders have been using But as Justin Amash wrote in an unsuccessful letter trying to get colleagues to oppose the intelligence authorization because of the late addition, the section provides affirmative basis for agencies to share US person communications whereas none had existed.

Sec. 309 authorizes “the acquisition, retention, and dissemination” of nonpublic communications, including those to and from U.S. persons. The section contemplates that those private communications of Americans, obtained without a court order, may be transferred to domestic law enforcement for criminal investigations.

To be clear, Sec. 309 provides the first statutory authority for the acquisition, retention, and dissemination of U.S. persons’ private communications obtained without legal process such as a court order or a subpoena. The administration currently may conduct such surveillance under a claim of executive authority, such as E.O. 12333. However, Congress never has approved of using executive authority in that way to capture and use Americans’ private telephone records, electronic communications, or cloud data.


In exchange for the data retention requirements that the executive already follows, Sec. 309 provides a novel statutory basis for the executive branch’s capture and use of Americans’ private communications. The Senate inserted the provision into the intelligence reauthorization bill late last night.

Which raises the question of what the emergency was to have both houses of Congress push this through at the last minute? Back in March, after all, RuppRoge was happy to let the agencies do this on normal legislative time.

I can think of several possibilities:

  • The government is imminently going to have to explain some significant EO 12333 collection — perhaps in something like the Hassanshahi case or one of the terrorism cases explicitly challenging the use of EO 12333 data and it wants to create the appearance it is not a lawless dragnet (though the former was always described as metadata, not content)
  • The government is facing new scrutiny on tools like Hemisphere, which the DOJ IG is now reviewing; if 27-year old data is owned by HIDTA rather than AT&T, I can see why it would cause problems (though again, except insofar as it includes things like location, that’s metadata, not content)
  • This is Dianne Feinstein’s last ditch fix for the “trove” of US person content that Mark Udall described that John Carlin refused to treat under FISA
  • This is part of the effort to get FBI to use EO 12333 data (which may be related to the first bullet); these procedures are actually vastly better than FBI’s see-no-evil-keep-all-data for up to 30 years approach, though the language of them doesn’t seem tailored to the FBI

Or maybe this is meant to provide the patina of legality to some other dragnet we don’t yet know about.

Still, I find it an interesting little emergency the intelligence committees seem to want to address.

The Pearl-Clutchers Normalizing Inflammatory Dog Whistles

As expected, last night Justin Amash held off a challenge from a corporatist Republican, Brian Ellis (though the margin was closer than polls predicted). What has the local punditry surprised, however, is Amash’s victory speech, where he attacked Ellis and former Congressman Crazy Pete Hoekstra, who endorsed Ellis.

AMASH VICTORY SPEECH: U.S. Rep. Justin Amash’s win over 3rd District GOP primary challenger Brian Ellis wasn’t too surprising, but his victory speech was. Rather than simply celebrate, Amash reportedly refused to answer a concession phone call from Ellis and then unloaded on the businessman, who had run a TV ad calling him “Al Qaeda’s best friend” in Congress. “I ran for office to stop people like you,” Amash said to Ellis, who was not present. He also ripped former U.S. Rep. Pete Hoekstra, who backed Ellis in a separate commercial. “I’m glad we can hand you one more loss before you fade into total obscurity and irrelevance,” he said of Hoekstra. (more >>)

I get that you’re supposed to give a happy unity speech after you win (though I personally don’t much care if MI Republicans rip themselves apart, and MI’s Republican Congressmen already broke protocol by offering no support to Amash and in Mike Rogers’ case giving big support for Ellis). But not only is Crazy Pete a disgrace, Ellis did try to gain traction by smearing Amash.

From the coverage, I think Amash was most pissed that Ellis and Hoekstra treated a vote Amash refused to cast to defund Planned Parenthood on constitutional grounds as a pro-choice vote.

But in an interview with Fox, Amash also called Ellis’ ad rather famously repeating a claim he’s al Qaeda’s best friend in Congress disgusting.

“I’m an Arab-American, and he has the audacity to say I’m Al-Queda’s best friend in congress. That’s pretty disgusting.”

This ad, which played (among other prominent ad buys) during the World Cup, really pissed me off.

Not only for the treatment of Gitmo as anything but a terrible moneypit, all in the hopes of maintaining some extra-legal space to sustain the notion of war rather than law. But especially for the notion that anything but lock-step support for counterproductive counterterrorism policies makes you a friend of al Qaeda.

And yes, especially the suggestion that one of Congress’ only Arab-American members (Amash’s parents are Palestinian and Syrian Christians) might therefore be an Islamic terrorist.

For 12 years — ever since Saxby Chambliss used a similar technique to take out Max Cleland — our political culture has tolerated ads that invoke terror to short-circuit any real political debate about how we fight it. Those ads get treated as business as usual. Win or lose the race and then make nice with your opponent.

That such ads are still (were ever!) considered acceptable political discourse — that Amash, and not Ellis, is getting the scolds — damns our political system. By treating any debate over the efficacy of counterterrorism policy as terrorism itself, we foreclose potentially far more effective ways of keeping the country safe and potentially far smarter ways to spend limited resources. (Crazy Pete, for example, fear-mongered about moving Gitmo detainees to a prison threatened with closure in Michigan, thereby losing Michigan jobs, but also committing the US to continue to spend exorbitant amounts to keep our gulag open.)

At some point, it needs to be okay to call out such bullshit. Because until then, we’ll never be able to actually debate the best way to keep the country safe.