Posts

Marco Rubio Explains the Dragnet

SIGINT and 215A penny dropped for me, earlier this week, when Marco Rubio revealed that authorities are asking “a large number of companies” for “phone records.” Then, yesterday, he made it clear that these companies don’t fall under FCC’s definition of “phone” companies, because they’re not subject to that regulator’s 18 month retention requirement.

His comments clear up a few things that have been uncertain since February 2014, when some credulous reporters started reporting that the Section 215 phone dragnet — though they didn’t know enough to call it that — got only 20 to 30% of “all US calls.”

The claim came not long after Judge Richard Leon had declared the 215 phone dragnet to be unconstitutional. It also came just as the President’s Review Group (scoped to include all of the government’s surveillance) and PCLOB (scoped to include only the 215 phone dragnet) were recommending the government come up with a better approach to the phone dragnet.

The report clearly did several things. First, it provided a way for the government to try to undermine the standing claim of other plaintiffs challenging the phone dragnet, by leaving the possibility their records were among the claimed 70% that was not collected. It gave a public excuse the Intelligence Community could use to explain why PRG and PCLOB showed the dragnet to be mostly useless. And it laid the ground work to use “reform” to fix the problems that had, at least since 2009, made the phone dragnet largely useless.

It did not, however, admit the truth about what the 215 phone dragnet really was: just a small part of the far vaster dragnet. The dragnet as a whole aspires to capture a complete record of communications and other metadata indicating relationships (with a focus on locales of concern) that would, in turn, offer the ability to visualize the networks of the world, and not just for terrorism. At first, when the Bush Administration moved the Internet (in 2004) and phone (in 2006) dragnets under FISC authority, NSA ignored FISC’s more stringent rules and instead treated all the data with much more lax EO 12333 rules(see this post for some historical background). When FISC forced the NSA to start following the rules in 2009, however, it meant NSA could no longer do as much with the data collected in the US. So from that point forward, it became even more of a gap-filler than it had been, offering a thinner network map of the US, one the NSA could not subject to as many kinds of analysis. As part of the reforms imposed in 2009, NSA had to start tracking where it got any piece of data and what authority’s rules it had to follow; in response, NSA trained analysts to try to use EO 12333 collected data for their queries, so as to apply the more permissive rules.

That, by itself, makes it clear that EO 12333 and Section 215 (and PRTT) data was significantly redundant. For every international phone call (or at least those to countries of terrorism interest, as the PATRIOT authorities were supposed to be restricted to terrorism and Iran), there might be two or more copies of any given phone call, one collected from a provider domestically, and one collected via a range of means overseas (in fact, the phone dragnet orders make it clear the same providers were also providing international collection not subject to 215).  If you don’t believe me on this point, Mike Lee spelled it out last week. Not only might NSA get additional data with the international call — such as location data — but it could subject that data to more interesting analysis, such as co-location. Thus, once the distinction between EO 12333 and PATRIOT data became formalized in 2009 (years after it should have been) the PATRIOT data served primarily to get a thinner network map of the data they could only collect domestically.

Because the government didn’t want to admit they had a dragnet, they never tried to legislate fixes for it such that it would be more comprehensive in terms of reach or more permissive in terms of analysis.

So that’s a big part of why four beat journalists got that leak in February 2014, at virtually the same time President Obama decided to replace the 215 phone dragnet with something else.

The problem was, the government never admitted the extent of what they wanted to do with the dragnet. It wasn’t just telephony-carried voice calls they wanted to map, it was all communications a person might make from their phone, which increasingly means a smart phone. It wasn’t just call-chaining they wanted to do, it was connection chaining, linking identities, potentially using far more intrusive technological analysis.

Some of that was clear with the initial IC effort at “reform.” Significantly, it didn’t ask for Call Detail Records, understood to include either phone or Internet or both, but instead “records created as a result of communications of an individual or facility.” That language would have permitted the government to get backbone providers to collect all addressing records, regardless if it counted as content. The bill also permitted the use of such tools for all purposes, not just counterterrorism. In effect, this bill would have completed the dragnet, permitting the IC to conduct EO 12333 collection and analysis on records collected in the US, for any “intelligence” purpose.

But there was enough support for real reform, demonstrated most vividly in the votes on Amash-Conyers in July 2013, that whatever got passed had to look like real reform, so that effort was killed.

So we got the USA F-ReDux model, swapping more targeted collection (of communications, but not other kinds of records, which can still be collected in bulk) for the ability to require providers to hand over the data in usable form. This meant the government could get what it wanted, but it might have to work really hard to do so, as the communications provider market is so fragmented.

The GOP recognized, at least in the weeks before the passage of the bill, that this would be the case. I believe that Richard Burr’s claimed “mistake” in claiming there was an Internet dragnet was instead an effort to create legislative intent supporting an Internet dragnet. After that failed, Burr introduced a last minute bill using John Bates’ Dialing, Routing, Addressing, and Signaling language, meaning it would enable the government to bulk collect packet communications off switches again, along with EO 12333 minimization rules. That failed (in part because of Mitch McConnell’s parliamentary screw ups).

But now the IC is left with a law that does what it said it wanted (plus some, as it definitely gets non-telephony “phone” “calls”), rather than one that does what it wanted, which was to re-establish the full dragnet it had in the US at various times in the past.

I would expect they won’t stop trying for the latter, though.

Indeed, I suspect that’s the real reason Marco Rubio has been permitted to keep complaining about the dragnet’s shortcomings.

While They’re Replacing John Boehner, the GOP Should Replace Devin Nunes, Too

In a profile in Politico, Justin Amash* makes the case that the Freedom Caucus’ rebellion against John Boehner isn’t so much about ideology, it is about process.

Republican leaders see Freedom Caucus members as a bunch of bomb-throwing ideologues with little interest in finding solutions that can pass a divided government.

But that’s a false reading of the group, Amash told his constituents. Their mission isn’t to drag Republican leadership to the right, though many of them would certainly favor more conservative outcomes. It’s simply to force them to follow the institution’s procedures, Amash argued.

That means allowing legislation and amendments to flow through committees in a deliberative way, and giving individual members a chance to offer amendments and to have their ideas voted on on the House floor. Instead of waiting until right before the latest legislative crisis erupts, then twisting members’ arms for votes, they argue, leadership must empower the rank and file on the front end and let the process work its will.

“In some cases, conservative outcomes will succeed. In other cases, liberal outcomes will succeed. And that’s OK,” said Amash, who was reelected overwhelmingly last year after the U.S. Chamber of Commerce backed his Republican primary rival. “We can have a House where different coalitions get together on different bills and pass legislation. And then we present that to the Senate and we present it to the White House.

The truth lies somewhere in-between. After all, 8 of the 21 questions the FC posed to potential Speaker candidates are ideological in nature, hitting on the following issues:

  • Obamacare
  • Budget and appropriation resolution reform
  • Ex-Im bank
  • Highway Trust Fund
  • Impeaching the IRS Commissioner
  • First Amendment Defense Act

Admittedly, even some of those — the financial ones — are procedural, but there are some key ideological litmus tests there.

Of the remaining 21 questions, 3 pertain to use of NRCC resources, 4 pertain to conference make-up, and 6 have to do with process. In other words, this block of members wants to end the systematic exclusion of their members from leadership and other positions and the systematic suppression of legislation that might win a majority vote without leadership sanction.

And while I certainly recognize that some of these process reforms — again, especially the financial ones — would likely lead to more hostage taking, I also think such reforms would also make (as one example) stupid wars and surveillance less likely, because a transpartisan majority of the House opposes many such things while GOP leadership does not (Nancy Pelosi generally opposes stupid surveillance and wars but also usually, though not always, does the bidding of the President).

The Yoder-Polis Act, an ECPA reform bill supported by 300 co-sponsors, is an example of worthy legislation that has long been held up because of leadership opposition.

While making the case for reform, though, I’d like to make the suggestion for another: to boot Devin Nunes, the current Chair of the House Intelligence Committee. According to the House Republican rules, the only positions picked by the Speaker are Select Committee Chairs, which would include Nunes and Benghazi Committee Chair Trey Gowdy (the latter of whom seems to be taken care of with Republican after Republican now admitting the committee is just a hack job, though if the FC wants to call for Richard Hanna to take over as Chair to shut down this government waste, I’d be cool with that too).

But with Boehner on his way out, it seems fair to suggest that Nunes should go too. While Nunes was actually better on Benghazi than his predecessor (raising questions about the CIA’s involvement in gun-running), he has otherwise been a typical rubber stamp for the intelligence community, rushing to pass info-sharing with Department of Energy even while commenting on their shitty security practices, and pitching partisan briefings to give the IC one more opportunity to explain why the phone dragnet was more useful than all the independent reviews say it was.

The Intelligence Community has lost credibility since 9/11, and having a series of rubber stamp oversight Chairs (excepting Silvestre Reyes, who was actually reasonably good) has only exacerbated that credibility problem. So why not call for the appointment of someone like former state judge Ted Poe, who has experience with intelligence related issues on both the Judiciary and Foreign Relations Committees, but who has also been a staunch defender of the Constitution.

Hostage taking aside, I’m sympathetic to the argument that the House should adopt more inclusive rules, in part because it would undercut the problems of a two party duopoly serving DC conventional wisdom.

But no place in Congress needs to be reformed more than our intelligence oversight. And while picking a more independent Chair won’t revamp the legal structure of intelligence oversight, it might initiate a process of bringing more rigorous oversight to our nation’s intelligence agencies.

Of course, who am I kidding?!?! It’s not even clear that the GOP will succeed in finding a palatable Speaker candidate before Boehner retires. Throwing HPSCI Chair into the mix would likely be too much to ask. Nevertheless, as we discuss change and process, HPSCI is definitely one area where we could improve process to benefit the country.


*Amash is my congressperson, but I have not spoken to him or anyone else associated with him for this post and don’t even know if he’d support this suggestion.

Some Thoughts on USA F-ReDux

There’s a funny line in the House Judiciary Committee’s report on USA F-ReDux. Amid the discussion of the new Call Detail Record function, it explains the government will be doing CDR chaining on “metadata it already lawfully possesses,” even as providers will be chaining on metadata in their possession.

In addition, the government can use the FISC-approved specific selection term to identify CDRs from metadata it already lawfully possesses.

The line should not be surprising. As I reported in 2013, the NSA does what are called “federated” queries, metadata chaining across data collected from a variety of sources. This line, then, simply acknowledges that the government will continue to conduct what amounts to federated queries even under the new system.

But the line ought to raise the question, “where does this lawfully possessed data come from?”

The data almost certainly comes from at least 3 sources: metadata taken from PRISM collection in databases that get copied wholesale (so Internet metadata within a hop of a foreign target), records of international phone calls, and records from Internet data collected overseas.

The latter two, of course, would be collected in bulk.

So within the report on a bill many claim ends bulk collection of American’s phone records is tacit admission that the bulk collection continues (not to mention that the government has broad access to data collected under PRISM).

After yesterday’s 338 – 88 vote in the House in favor of USA F-ReDux, a number of people asked me to explain my view on the bill.

First, the good news. As I noted, while the language on CDR chaining in the actual bill is muddled, the House report includes language that would prohibit most of the egregious provider-based chaining I can imagine. So long as nothing counters that, one of my big concerns dating back to last year has been addressed.

I also opposed USAF last fall because I expected the Second Circuit would weigh in in a way that was far more constructive than that bill, and I didn’t want a crappy bill to moot the Second Circuit. While there are many things that might yet negate the Second Circuit ruling (such as conflicting decisions from the DC or 9th Circuits or a reversal by SCOTUS), the Second Circuit’s decision was even more useful than I imagined.

But that’s part of why I’m particularly unhappy that Specific Selection Term has not been changed to require the government to more narrowly target its searches. Indeed, I think the bill report’s language on this is particularly flaccid.

Section 501(b)(2)(A) of FISA will continue to require the government to make ‘‘a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation….’’50 Section 103 requires the government to make an additional showing, beyond relevance, of a specific selection term as the basis for the production of the tangible things sought, thus ensuring that the government cannot collect tangible things based on the assertion that the requested collection‘‘is thus relevant, because the success of [an] investigative tool depends on bulk collection.’’ 51 Congress’ decision to leave in place the ‘‘relevance’’ standard for Section 501 orders should not be construed as Congress’ intent to ratify the FISA Court’s interpretation of that term. These changes restore meaningful limits to the‘‘relevance’’ requirement of Section 501, consistent with the opinion of the U.S. Court of Appeals for the Second Circuit in ACLU v.Clapper.

Meaningful limits on “relevant to” would be specific guidelines for the court on what is reasonable and what is not. Instead, USA F-ReDux still subjects the narrowness of an SST to a “greatest extent reasonably practicable” standard, which in the past we’ve seen amount to prioritization of the practicability of spying over privacy interests. While people can respectfully disagree on this front, I believe USA F-ReDux still permits both bulk collection of non-communications records and bulky collection of communications records (including FBI’s Internet collection). In the wake of the Second Circuit opinion, I find that especially inexcusable.

I also am not convinced USA F-ReDux is an across-the-board privacy win. I argued last year that USAF swaps a well-guarded unexploded nuclear bomb for many more exploding IEDs striking at privacy. By that, I mean that the new CDR function will probably not result in any less privacy impact, in practice (that is, assuming NSA follows its own minimization rules, which it hasn’t always), than the prior dragnet. That’s true because:

  • We have every reason to believe the CDR function covers all “calls,” whether telephony or Internet, unlike the existing dragnet. Thus, for better and worse, far more people will be exposed to chaining than under the existing dragnet. It will catch more potential terrorists, but also more innocent people. As a result, far more people will be sucked into the NSA’s maw, indefinitely, for exploitation under all its analytical functions. This raises the chances that an innocent person will get targeted as a false positive.
  • The data collected under the new CDR function will be circulated far more broadly than status quo. Existing dragnet orders limit access to the results of queries to those with special training unless one of four named individuals certifies that the query result relates to counterterrorism. But USA F-ReDux (and the current minimization procedures for Section 702 data; USA F-ReDux will likely use the PRISM infrastructure and processing) makes it clear that FBI will get access to raw query results. That almost certainly means the data will be dumped in with FBI’s PRISM and FISA data and subjected to back door searches at even the assessment level, even for investigations that have nothing to do with terrorism. As on the NSA side, this increases the risk that someone will have their lives turned upside down for what amounts to being a false positive. It also increases the number of people who, because of something in their metadata that has nothing to do with a crime, can be coerced into becoming an informant. And, of course, they’ll still never get notice that that’s where this all came from, so they will have a difficult time suing for recourse.

One other significant concern I’ve got about the existing bill — which I also had last year — is that the emergency provision serves as a loophole for Section 215 collection; if the FISC deems emergency collections illegal, the government still gets to keep — and parallel construct — the data. I find this especially concerning given how much Internet data FBI collects using this authority.

I have — as I had last year — mixed feelings about the “improvements” in it. I believe the amicus, like initial efforts to establish PCLOB, will create an initially ineffective function that might, after about 9 years, someday become effective. I believe the government will dodge the most important FISC opinion reporting, as they currently do on FOIAs. And, in spite of a real effort from those who negotiated the transparency provisions, I believe that the resulting reporting will result in so thoroughly an affirmatively misleading picture of surveillance it may well be counterproductive, especially in light of the widespread agreement the back doors searches of Section 702 data must be closed (while there are a few improvements on reporting to Congress in this year’s bill, the public reporting is even further gutted than it was last year).

And now there’s new gunk added in.

One change no one has really examined is a change extending “foreign power” status from those proliferating WMDs to those “conspiring” or “abetting” efforts to do so. I already have reasons to believe the WMD spying under (for example) PRISM is among the more constitutionally problematic. And this extends that in a way no one really understands.

Even more troublesome is the extension of Material Support maximum sentences from 15 to 20 years. Remember, under Holder v. HLP, a person can be convicted of material support for First Amendment protected activities. Thus, USA F-ReDux effectively embraces a 20 year sentence for what could be (though isn’t always) thought crimes. And no one has explained why it is necessary! I suspect this is an effort to use harsh sentences to coerce people to turn informant. If so, then this is an effort to recruit fodder for infiltrators into ISIS. But if all that’s correct, it parallels similar efforts under the Drug War to use excessive sentences to recruit informants, who — it turns out in practice — often lead to false convictions and more corruption. In other words, at a moment when there is bipartisan support for sentencing reform for non-violent crimes (for which many cases of Material Support qualify), USA F-ReDux goes in the opposite direction for terrorism, all at a time when the government claims it should be putting more emphasis on countering extremism, including diversion.

So while I see some advantages to the new regime under USA F-ReDux (ironically, one of the most important is that what surveillance the government does will be less ineffective!), I am not willing to support a bill that has so many bad things in it, even setting aside the unconstitutional surveillance it doesn’t address and refuses to count in transparency provisions. I think there need to be privacy advocates who live to fight another day (and with both ACLU and EFF withdrawing their affirmative support for the bill, we at least have litigators who can sue if and when we find the government violating the law under this new scheme — I can already identify an area of the bill that is certainly illegal).

That said, it passed with big numbers yesterday. If it passes, it passes, and a bunch of authoritarians will strut their purported support for liberty.

At this point, however, the priority needs to be on preventing the bill from getting worse (especially since a lot of bill boosters seem not to have considered at what point they would withdraw their support because the bill had gotten too corrupted). Similarly, while I’m glad bill sponsors Jim Sensenbrenner and Jerry Nadler say they won’t support any short-term extension, that may tie their own hands if what comes back is far worse than status quo.

There’s some good news there, too. The no votes on yesterday’s House vote were almost exclusively from supporters of privacy who believe the bill doesn’t go far enough, from Justin Amash to Jared Polis to Tom Massie to Donna Edwards to Ted Poe to rising star Ted Lieu and — most interestingly — Jan Schakowsky (who voted for the crappier House bill when she was on HPSCI last year). Hopefully, if and when Mitch McConnell throws in more turdballs, those who opposed the bill yesterday can whip efforts to defeat it.

Stay tuned.

The Emergency EO 12333 Fix: Section 309

In a last minute amendment to the Intelligence Authorization, the House and Senate passed a new section basically imposing minimization procedures for EO 12333 or other intelligence collection not obtained by court order. (See Section 309)

(3) Procedures.–

(A) Application.–The procedures required by paragraph (1) shall apply to any intelligence collection activity not otherwise authorized by court order (including an order or certification issued by a court established under subsection (a) or (b) of section 103 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1803)), subpoena, or similar legal process that is reasonably anticipated to result in the acquisition of a covered communication to or from a United States person and shall permit the acquisition, retention, and dissemination of covered communications subject to the limitation in subparagraph (B).

(B) Limitation on retention.–A covered communication shall not be retained in excess of 5 years, unless–

(i) the communication has been affirmatively determined, in whole or in part, to constitute foreign intelligence or counterintelligence or is necessary to understand or assess foreign intelligence or counterintelligence;

(ii) the communication is reasonably believed to constitute evidence of a crime and is retained by a law enforcement agency;

(iii) the communication is enciphered or reasonably believed to have a secret meaning;

(iv) all parties to the communication are reasonably believed to be non-United States persons;

(v) retention is necessary to protect against an imminent threat to human life, in which case both the nature of the threat and
the information to be retained shall be reported to the congressional intelligence committees not later than 30 days after the
date such retention is extended under this clause;

(vi) retention is necessary for technical assurance or compliance purposes, including a court order or discovery obligation, in which case access to information retained for technical assurance or compliance purposes shall be reported to the congressional
intelligence committees on an annual basis; or

(vii) retention for a period in excess of 5 years is approved by the head of the element of the intelligence community responsible for such retention, based on a determination that retention is necessary to protect the national security of the United States, in which case the head of such element shall provide to the congressional intelligence committees a written certification describing–
(I) the reasons extended retention is necessary to protect the national security of the United States; (II) the duration for which the head of the element is authorizing retention;

(III) the particular information to be retained; and

(IV) the measures the element ofthe intelligence community is taking toprotect the privacy interests of UnitedStates persons or persons locatedinside the United States.

The language seems to be related to — but more comprehensive than — language included in the RuppRoge bill earlier this year. That, in turn, seemed to arise out of concerns raised by PCLOB that some unnamed agencies had not revised their minimization procedures in the entire life of EO 12333.

Whereas that earlier passage had required what I’ll call Reagan deadenders (since they haven’t updated their procedures since him) to come up with procedures, this section effectively imposes minimization procedures similar to, though not identical, to what the NSA uses: 5 year retention except for a number of reporting requirements to Congress.

I suspect these are an improvement over whatever the deadenders have been using But as Justin Amash wrote in an unsuccessful letter trying to get colleagues to oppose the intelligence authorization because of the late addition, the section provides affirmative basis for agencies to share US person communications whereas none had existed.

Sec. 309 authorizes “the acquisition, retention, and dissemination” of nonpublic communications, including those to and from U.S. persons. The section contemplates that those private communications of Americans, obtained without a court order, may be transferred to domestic law enforcement for criminal investigations.

To be clear, Sec. 309 provides the first statutory authority for the acquisition, retention, and dissemination of U.S. persons’ private communications obtained without legal process such as a court order or a subpoena. The administration currently may conduct such surveillance under a claim of executive authority, such as E.O. 12333. However, Congress never has approved of using executive authority in that way to capture and use Americans’ private telephone records, electronic communications, or cloud data.

[snip]

In exchange for the data retention requirements that the executive already follows, Sec. 309 provides a novel statutory basis for the executive branch’s capture and use of Americans’ private communications. The Senate inserted the provision into the intelligence reauthorization bill late last night.

Which raises the question of what the emergency was to have both houses of Congress push this through at the last minute? Back in March, after all, RuppRoge was happy to let the agencies do this on normal legislative time.

I can think of several possibilities:

  • The government is imminently going to have to explain some significant EO 12333 collection — perhaps in something like the Hassanshahi case or one of the terrorism cases explicitly challenging the use of EO 12333 data and it wants to create the appearance it is not a lawless dragnet (though the former was always described as metadata, not content)
  • The government is facing new scrutiny on tools like Hemisphere, which the DOJ IG is now reviewing; if 27-year old data is owned by HIDTA rather than AT&T, I can see why it would cause problems (though again, except insofar as it includes things like location, that’s metadata, not content)
  • This is Dianne Feinstein’s last ditch fix for the “trove” of US person content that Mark Udall described that John Carlin refused to treat under FISA
  • This is part of the effort to get FBI to use EO 12333 data (which may be related to the first bullet); these procedures are actually vastly better than FBI’s see-no-evil-keep-all-data for up to 30 years approach, though the language of them doesn’t seem tailored to the FBI

Or maybe this is meant to provide the patina of legality to some other dragnet we don’t yet know about.

Still, I find it an interesting little emergency the intelligence committees seem to want to address.

The Pearl-Clutchers Normalizing Inflammatory Dog Whistles


As expected, last night Justin Amash held off a challenge from a corporatist Republican, Brian Ellis (though the margin was closer than polls predicted). What has the local punditry surprised, however, is Amash’s victory speech, where he attacked Ellis and former Congressman Crazy Pete Hoekstra, who endorsed Ellis.

AMASH VICTORY SPEECH: U.S. Rep. Justin Amash’s win over 3rd District GOP primary challenger Brian Ellis wasn’t too surprising, but his victory speech was. Rather than simply celebrate, Amash reportedly refused to answer a concession phone call from Ellis and then unloaded on the businessman, who had run a TV ad calling him “Al Qaeda’s best friend” in Congress. “I ran for office to stop people like you,” Amash said to Ellis, who was not present. He also ripped former U.S. Rep. Pete Hoekstra, who backed Ellis in a separate commercial. “I’m glad we can hand you one more loss before you fade into total obscurity and irrelevance,” he said of Hoekstra. (more >>)

I get that you’re supposed to give a happy unity speech after you win (though I personally don’t much care if MI Republicans rip themselves apart, and MI’s Republican Congressmen already broke protocol by offering no support to Amash and in Mike Rogers’ case giving big support for Ellis). But not only is Crazy Pete a disgrace, Ellis did try to gain traction by smearing Amash.

From the coverage, I think Amash was most pissed that Ellis and Hoekstra treated a vote Amash refused to cast to defund Planned Parenthood on constitutional grounds as a pro-choice vote.

But in an interview with Fox, Amash also called Ellis’ ad rather famously repeating a claim he’s al Qaeda’s best friend in Congress disgusting.

“I’m an Arab-American, and he has the audacity to say I’m Al-Queda’s best friend in congress. That’s pretty disgusting.”

This ad, which played (among other prominent ad buys) during the World Cup, really pissed me off.

Not only for the treatment of Gitmo as anything but a terrible moneypit, all in the hopes of maintaining some extra-legal space to sustain the notion of war rather than law. But especially for the notion that anything but lock-step support for counterproductive counterterrorism policies makes you a friend of al Qaeda.

And yes, especially the suggestion that one of Congress’ only Arab-American members (Amash’s parents are Palestinian and Syrian Christians) might therefore be an Islamic terrorist.

For 12 years — ever since Saxby Chambliss used a similar technique to take out Max Cleland — our political culture has tolerated ads that invoke terror to short-circuit any real political debate about how we fight it. Those ads get treated as business as usual. Win or lose the race and then make nice with your opponent.

That such ads are still (were ever!) considered acceptable political discourse — that Amash, and not Ellis, is getting the scolds — damns our political system. By treating any debate over the efficacy of counterterrorism policy as terrorism itself, we foreclose potentially far more effective ways of keeping the country safe and potentially far smarter ways to spend limited resources. (Crazy Pete, for example, fear-mongered about moving Gitmo detainees to a prison threatened with closure in Michigan, thereby losing Michigan jobs, but also committing the US to continue to spend exorbitant amounts to keep our gulag open.)

At some point, it needs to be okay to call out such bullshit. Because until then, we’ll never be able to actually debate the best way to keep the country safe.

The RNC and the Dead-Enders

If you’ve spent much time in political party conventions, you likely know that the resolution process largely serves as an opportunity for active members to vent. While party resolutions might represent where the ideological base of the party is, nothing prevents the elected leaders of the party to blow off resolutions (though at times resolutions are deemed toxic enough for leaders to undermine by parliamentary stunts).

Which is why I find the response to the RNC’s resolution renouncing the NSA’s “Surveillance Prorgam” (it mentions PRISM and, implicitly, the phone dragnet) so interesting.

There are responses like this, from Kevin Drum, who spins it as pure politics.

I get that politics is politics, and the grass always looks browner when the other party occupies the Oval Office. And there are plenty of liberals who are less outraged by this program today than they were back when George Bush and Dick Cheney were in charge of it.

But holy cow! The RNC! Officially condemning a national security program that was designedby Republicans to fight terrorism!

Benjy Sarlin, in the account Drum linked, got the politics more clear, reading this, in part, as the influence of libertarians who largely gained ascendance as part of a backlash against Bush policies or at least failures.

But the resolution also is a sign of the increasing influence of the libertarian wing of the party, especially supporters of Ron Paul and his son, Rand Paul, who have made government overreach in pursuit of terrorists a top issue. Both Orrock and fellow Nevada Committeeman James Smack, who presented the resolution on her behalf, supported the elder Paul’s presidential campaign.

But I also think there’s more to it.

There is certainly a great deal of opportunism here (note, Democrats’ utter disdain for tech companies’ concerns about the dragnet make this a monetary, as well as political opportunity for the GOP, one already bearing fruit). And while the GOP establishment is still cautiously trying to regain control over the Tea Party forces that it once encouraged, there has also been a slow change in traditional conservatives’ stance, too, which I measure through Amash-Conyers opponent Bob Goodlatte’s changing position.

Goodlatte has issued three statements in recent weeks (January 9, January 17, and January 23) calling for reform (including more civil liberties protections and attention to tech companies’ concerns) and more transparency. In the most interesting of the statements, Goodlatte suggested that if Obama wanted to keep the dragnet he’d have to explain what purpose it was really serving and then argue that that purpose

Over the course of the past several months, I have urged President Obama to bring more transparency to the National Security Agency’s intelligence-gathering programs in order to regain the trust of the American people. In particular, if the President believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security. The President has unique information about the merits of these programs and the extent of their usefulness. This information is critical to informing Congress on how far to go in reforming the programs. Americans’ civil liberties are at stake in this debate. [my emphasis]

As I’ve been pointing out for some time, no dragnet defenders have yet to explain what purpose it really serves, and I’m struck that Goodlatte seems to suggest the same. Note, too, that Goodlatte was among the 6 Representatives who attended Bruce Schneier’s briefing on what NSA was really doing, along with leading GOP dragnet opponents Jim Sensenbrenner and Justin Amash and 3 Democrats.

I would suggest to Democrats who see this resolution exclusively as an overly cynical attack on Obama there may, in fact, be things that could explain why Republicans specifically or reasonable Americans more generally might have good reason to oppose the dragnet.

Now back to the resolution. As Sarlin notes, “Not a single member rose to object or call for further debate, as occurred for other resolutions.” (I like to think that had Michigan’s retrograde Dave Agema been able to participate rather than fending off calls for his resignation, he might have spoken up for authoritarianism.)

Instead of opposition from the Republican Party then, came first this quote to Sarlin,

“I think it probably does reflect the views of many of the people who really want to turn out the vote and who are viewing the world through the prism of the next election,” Stewart Baker, a former Bush-era Homeland Security official, told msnbc in an email. “It’s a widespread view among Republicans, but I think the ones that know this institution best and for whom national security is a high priority don’t share this view.”

Then what Eli Lake reports as a letter (Lake doesn’t say to whom) from just one elected official — KS Representative and House Intelligence Committee member Mike Pompeo — and 7 Bush officials (including Baker) blasting the resolution. Part of the letter, apparently, serves to waggle National Security seniority, as Baker already had.

Their letter says: “The Republican National Committee plays a vital role in political campaigns, but it has relatively little expertise in national security.”

And part of it serves to correct a technical inaccuracy that may not be one.

In particular the letter takes issue with the resolution’s claim that the NSA’s PRISM program “monitors searching habits of virtually every American on the internet.”

“In fact, there is no program that monitors the searches of all Americans,” the letter says. “And what has become known as the PRISM program is not aimed at collecting the communications of Americans. It is targeted at the international communications of foreign persons located outside the United States and is precisely the type of foreign-targeted surveillance that Congress approved in 2008 and 2012 when it enacted and reauthorized amendments to the Foreign Intelligence Surveillance Act.”

At issue is the language of the resolution, which starts by discussing PRISM, but then talks about what is clearly the phone (though it would encompass the Internet) dragnet, but then explicitly returns to both, by name of the authority that govern them.

WHEREAS, the secret surveillance program called PRISM targets, among other things, the surveillance of U.S. citizens on a vast scale and monitors searching habits of virtually every American on the internet;

WHEREAS, this dragnet program is, as far as we know, the largest surveillance effort ever launched by a democratic government against its own citizens, consisting of the mass acquisition of Americans’ call details encompassing all wireless and landline subscribers of the country’s three largest phone companies.

[snip]

RESOLVED, the Republican National Committee encourages Republican lawmakers to enact legislation to amend Section 215 of the USA Patriot Act, the state secrets privilege, and the FISA Amendments Act to make it clear that blanket surveillance of the Internet activity, phone records and correspondence — electronic, physical, and otherwise — of any person residing in the U.S. is prohibited by law and that violations can be reviewed in adversarial proceedings before a public court;

RESOLVED, the Republican National Committee encourages Republican lawmakers to call for a special committee to investigate, report, and reveal to the public the extent of this domestic spying and the committee should create specific recommendations for legal and regulatory reform ot end unconstitutional surveillance as well as hold accountable those public officials who are found to be responsible for this unconstitutional surveillance; [my emphasis]

7 Bush officials and 1 HPSCI member (but not, oddly enough, the always boisterous Mike Rogers) have weighed in to say that the NSA doesn’t monitor the searches of some Americans and then trots out the tired “targeted at foreign persons” line, without addressing the question of blanket surveillance of communications more generally.

Sarlin, in his piece, similarly retreats to “targeting” claptrap, claiming only that “lawmakers have accused the agency of overreaching.”

Somehow both the Bush dead-enders and Sarlin neglect to mention backdoor searches, which allow the NSA to use metadata collected under a range of dragnets to obtain US content without even Reasonable Articulable Suspicion.

And while it’s not all that surprising that Sarlin chose not to discuss how NSA can get domestic content, as I will show in a follow-up post the collection of dead-enders (Lake fleshed out the list here) who weighed in to deny that the NSA dragnet gets US person content is particularly instructive, as I’ll show in a follow-up post.

The Schneier Briefing: Some Observations

6 Congresspersons and a security researcher walk into an unsecure room. … And that’s the best briefing they can get on some of the things NSA might be doing.

This morning I spent an hour in a closed room with six Members of Congress: Rep. Logfren, Rep. Sensenbrenner, Rep. [Bobby] Scott, Rep. Goodlate, Rep [Mike] Thompson, and Rep. Amash. No staffers, no public: just them. Lofgren asked me to brief her and a few Representatives on the NSA. She said that the NSA wasn’t forthcoming about their activities, and they wanted me — as someone with access to the Snowden documents — to explain to them what the NSA was doing. Of course I’m not going to give details on the meeting, except to say that it was candid and interesting. And that it’s extremely freaky that Congress has such a difficult time getting information out of the NSA that they have to ask me. I really want oversight to work better in this country.

I’m as intrigued by the make-up of the group as I am by the fact they needed to do this.

Schneier makes it clear that Lofgren — who is not only a strong supporter of civil liberties, but also happens to represent Silicon Valley — set up the briefing. In addition to her House Judiciary Committee colleagues Sensenbrenner, Scott, and Goodlatte, she invited Amash (who’s not on the Committee but a loud defender of civil liberties — thanks, my Rep!), and N and E Bay Area Republican Democratic colleague Mike Thompson, who’s not a member of the Committee either, but is a member of the Intelligence Committee.

As I’ve noted, Goodlatte is not a named sponsor of USA Freedom; neither is Thompson (though Schneier describes them as all people who want to “rein in the NSA”).

And yet these are the individuals whom Lofgren chose to bring to this briefing.

Schneier, of course, is not focused on the actual spying that NSA is doing, but on the corruption of encryption, a threat to the business model of Lofgren’s district. [See Saul’s well-take correction here.]

Also note, while I’ve got real worries about some opponents to reining in the NSA in the Senate, I do think people are not considering the significance of the House Judiciary Chair, who voted against Amash-Conyers, increasingly complaining about the NSA.

I’m not sure what the best way to stop the NSA from making us all less safe (especially since NSA has apparently not even told HPSCI members what they’re doing). But I gather than Lofgren is trying to figure out a way to do so.

After Meeting with Obama, Bob Goodlatte Calls for Reform of Phone Dragnet

Bob Goodlatte, the Chair of the House Judiciary Committee, voted against the Amash-Conyers Amendment that would have defunded the phone dragnet. Nor is he a named cosponsor of the USA Freedom Act, the Leahy-Sensenbrenner bill that would reform the dragnet.

Which is why it is particularly notable that he’s the one member of Congress cited by name in a story reporting on skepticism that Obama will actually reform the NSA.

President Obama met with hand-picked lawmakers at the White House on Thursday to discuss the National Security Agency’s controversial spying programs, the main event of a week full of meetings at the White House focusing on potential reforms for the maligned federal agency.

[snip]

At least some of the lawmakers left the meeting unconvinced that the president is going to do enough to curtail the NSA’s activities. House Judiciary Committee Chairman Bob Goodlatte, R-Va., said “it’s increasingly clear that we need to take legislative action to reform” the NSA’s intelligence gathering.

“If the president believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security,” Goodlatte said in a statement. “Americans’ civil liberties are at stake in this debate.”

If the President has not yet been able to convince Goodlatte the phone dragnet is necessary, if Goodlatte walks out of meeting with the President calling to legislatively roll back the phone dragnet, it might just have a shot at passing.

Update: Here’s Goodlatte’s full statement.

Over the course of the past several months, I have urged President Obama to bring more transparency to the National Security Agency’s intelligence-gathering programs in order to regain the trust of the American people. In particular, if the President believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security. The President has unique information about the merits of these programs and the extent of their usefulness. This information is critical to informing Congress on how far to go in reforming the programs. Americans’ civil liberties are at stake in this debate.

With each new revelation of the scope of these programs, it’s increasingly clear that we need to take legislative action to reform some of our nation’s intelligence-gathering programs to ensure that they adequately protect Americans’ civil liberties and operate in a sensible manner. We also need to ensure the laws are clear so that the U.S. tech industry is not disadvantaged vis-à-vis their foreign competitors. The House Judiciary Committee, which has primary jurisdiction over the legal framework of these programs, has conducted aggressive oversight on this issue and will be instrumental to reforming the Foreign Intelligence Surveillance Act. I am committed to working with members of Congress and Senators from both political parties, House leaders, and President Obama to ensure our nation’s intelligence collection programs include real protections for Americans’ civil liberties, robust oversight, and additional transparency. [my emphasis]

 

David Kris Joins Ben Wittes in His NAKED! Choir

I know, I know. I’ve promised my substantive post on David Kris’ paper on the phone and Internet dragnets.

I know, I know. My repeated harping on the failure to inform the 2011 House freshmen about the dragnet is getting tedious.

But Kris dedicated 16 pages of his 67 page paper to arguing that the statutory requirements for briefing Congress about the dragnets (which Kris says require only Intelligence and Judiciary Committee briefing) have been met. He ultimately makes a half-hearted attempt to make the same argument Claire Eagan did about Congress adopting judicial interpretation. And he lays out the fatally weak case Ben Wittes has in the past to justify his wails of NAKED!

In doing so, Kris claims that, “all Members were offered briefings on the FISC’s interpretation.”

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. There is a basic principle of statutory construction that “Congress is presumed to be aware of an administrative or judicial interpretation of a statute and to adopt that interpretation when it reenacts a statute without change,”208 as it did repeatedly with the tangible things provision.

[snip]

Of course, it would be ridiculous to presume that Congress adopted a classified interpretation of a law of which it could not have been aware. As described above, however, the historical record shows that many Members were aware, and that all Members were offered briefings on the FISC’s interpretation, even if they did not attend the briefings.

And yet, in all those 16 pages, he offers not one whit of evidence that the 93 members of Congress elected in 2010 (save the 7 on the Intelligence and Judiciary Committees) could have learned about the program save two briefings offered in May 2011.

Unless you count this argument, which suffers from a basic logic problem.

In an unclassified report published in March 2011, the Senate Intelligence Committee emphasized that it had offered a briefing to all Members of Congress concerning the bulk telephony metadata collection:

Prior to the extension of the expiring FISA provisions in February 2010, the Committee acted to bring to the attention of the entire membership of the Senate important information related to the nature and significance of the FISA collection authority subject to sunset. Chairman Feinstein and Vice Chairman Bond notified their colleagues that the Attorney General and the DNI had provided a classified paper on intelligence collection made possible under the Act and that the Committee was providing a secure setting where the classified paper could be reviewed by any Senator prior to the vote on passage of what became Public Law 111–141 to extend FISA sunsets. [my bold]

The entire membership of the Senate, after all, is not the same thing as “all Members of Congress.”

Ultimately, though, Kris concedes (citing just the white paper, and not citing me, the Guardian, any other reporting, or Justin Amash’s public statements to the effect) that just maybe this information wasn’t passed on in 2011 — but don’t worry, the Executive did its job!

Although the House Intelligence Committee did notify Members of the House of the classified documents and briefings in 2010 (when it was led by Chairman Sylvestre Reyes), it may not have done so in 2011 (when it was led by Chairman Mike Rogers). See White Paper at 18 n.13.

[snip]

Regardless of any intracongressional issues in 2011, as a matter of inter-branch relations, it is clear that the Executive Branch provided the materials with the intent that they be made available to all Members of Congress, as they had been in 2009.

Now, Kris is a much better lawyer than the flunkies who wrote the Administration’s far weaker White Paper on Section 215, and his argument here betrays not only that, but, I suspect, a hint that he realizes the flaw in his argument.

Notice in his claim that “all Members were offered briefings on the FISC’s interpretation,” he doesn’t argue all members got the Executive Branch notices on the program. He doesn’t argue that all members got briefed on the content on the notices. Rather, he claims only that they were offered briefings on the FISC’s interpretation.

Read more

Mike Rogers Continues to Thwart Fully Informed Representative Government

Garance Franke-Ruta transcribes Justin Amash telling a remarkable story about another Mike Rogers’ attempt, back in August, to prevent elected representatives of American citizens from learning about details of the dragnet. After multiple tries, one of Amash’s colleagues finally won a game of 20 Questions with intelligence briefers.

And to show you how silly this whole thing gets, I had a colleague, one of my — I won’t say his name here, but he went to a number of classified briefings. And he asked a question and he never got a satisfactory answer. So he would just revise the question from briefing to briefing. By the time he got to to the third or fourth briefing he asked it in just the right way. He had figured out how to ask it in exactly the right way to get the answer he needed and of course, then they said, “Oh, you caught us. Yeah, we do do that.” Then we said, “Can you provide us with some more information?” and they said, “We’ll check, we’ll see if we can provide you with more information. We’ll see if we can provide you with a document” about this thing that he discovered.

And so we left that briefing and we said, “OK, we’re going to see something very interesting here.”

So when the Intelligence Community passed on this document to Intelligence Committee Chair Rogers to share with the victor of this particular game of 20 Questions and others, here’s how he distributed it. On August 3, he announced it would be available for 3 hours on August 4, on a Friday (when many members would already have left). He announced it on what Amash describes as a kind of spam folder.

They sent it through the “Dear Colleague” system. This is a system that, it’s almost like a spam folder, frankly. Read more