Posts

Confirmed: NSA Does Search Section 702 Data for Particular US Person Data

/18 Comments/in , /by

Update: To help Joshua Foust understand this topic, I did a second, really basic version of this post here. So if you’re fairly new to all this stuff, you might start there and then come back.

Update: Alexander’s office has conceded Udall and Wyden’s point about the classified inaccuracy. It also notes:

With respect to the second point raised in your 24 June 2013 letter, the fact sheet did not imply nor was it intended to imply “that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.”

He then cites two letters from James Clapper’s office which I don’t believe have been published.

I’ve seen some people complaining that Ron Wyden and Mark Udall didn’t explicitly describe what Keith Alexander’s lies were in the NSA handout on Section 702 collection (note, as of 1PM, NSA has taken down their handout from their server). I’m okay with them leaving big breadcrumbs instead, not least because until we fix intelligence oversight, we’re going to need people like them who manage to stay on the committees but lay these signposts.

That said, I think people are underestimating how big of a signpost they did leave. Consider this, from their letter:

Separately, this same fact sheet states that under Section 702, “Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.” We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans. [my emphasis]

Last year’s SSCI report on extending the FISA Amendments Act strongly implied that the government interpreted the law to mean it could search for records of particular Americans.

During the Committee’s consideration of this legislation, several Senators expressed a desire to quantify the extent of incidental collection under Section 702. I share this desire. However, the Committee has been repeatedly advised by the ODNI that due to the nature of the collection and the limits of the technology involved, it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority. Senators Ron Wyden and Mark Udall have requested a review by the Inspector General of the NSA and the Inspector General of the Intelligence Community to determine whether it is feasible to estimate this number. The Inspectors General are conducting that review now, thus making an amendment on this subject unnecessary.

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession. [my emphasis]

This passage made it clear that the Intelligence Community had demanded the ability to search on US person data already collected. Wyden and Udall’s letter makes that even more clear.

And the minimization procedures leaked last week support this (though note, these date to 2009 and might have been ruled to violate the Fourth Amendment since, though I suspect they haven’t).

They make it clear that US person communications will be retained if they contain foreign intelligence information (a term not defined in the procedures), including those they collected because (they claim) they’re unable to filter it out.

3(b)

(1) Personnel will exercise reasonable judgment in determining whether information acquired must be minimized and will destroyed inadvertently acquired communications of or concerning a United States person at the earliest practicable point in the processing cycle at which such communication can be identified either: as clearly not relevant to the authorized purpose of the acquisition (e.g., the communication does not contain foreign intelligence information)

[snip]

The communications that may be retained include electronic communications acquired because of limitations on NSA’s ability to filter communications.

(2) Communications of or concerning United States persons that may be related to the authorized purpose of the acquisition may be forwarded to analytic personnel responsible for producing intelligence information from the collected data.

The procedures make it clear that, with authorization from the NSA Director, even communications entirely between US persons may be retained (see section 5) if they are of significant intelligence value. Communications showing a communications security vulnerability may also be retained (this permission, related to cybersecurity, was not made public in the NSA handout).

And here’s perhaps the most interesting way of keeping US person data.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures …

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures …

This is a kind of collection that Pat Leahy seems to believe escapes review by current Inspector General reviews of the program, as he tried to mandate such reviews in last year’s reauthorization.

The minimization procedures also appear to support Julian Sanchez’ guesstimate of how they could pull up US person contacts, since a phone number or unique name are not explicitly included among the identifiers that would constitute IDing a US person.

Now, all that doesn’t specifically address the other lie Wyden and Udall invoked, which they describe “portrays protections for Americans’ privacy as being significantly stronger than they actually are.” But I think the points I’ve laid out above — particularly the cybersecurity collection that is entirely unmentioned in the 702 sheet — probably lays out the gist of Alexander’s lies.

The government has spent the entire time since these documents were revealed trying to lie to Americans about whether their contacts with foreigners can be retained and read. And those lies keep getting exposed.

Wyden & Udall to Alexander: Why Do You People Keep Lying?

/10 Comments/in , /by

According to a letter Ron Wyden and Mark Udall sent Keith Alexander, the NSA is still lying publicly. At issue are two inaccuracies in the information sheet the NSA released about Section 702 implementation.

We were disappointed to see that this fact sheet contains an inaccurate statement about how the section 702 authority has been interpreted by the US government. In our judgment this inaccuracy is significant, as it portrays protections for Americans’ privacy as being significantly stronger than they actually are.

While I’m not certain what inaccuracy they’re talking about here, I suspect it has to do with the US person contact info collected along with targets. Even a comparison of the minimization order and the NSA’s claims make it clear US person communication can be swept up more easily than they claim.

Then there’s this complaint, which explicitly objects to the suggestion that the government manages to purge US person data, which of course they also claim they don’t track.

Separately, this same fact sheet states that under Section 702, “Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.” We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans. In fact, the intelligence community has told us repeatedly that it is “not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the authority” of the FISA Amendments Act.

They make it clear the claim this information gets purged is false.

Keith Alexander’s “Packets in Flight” Turn Hackers into Terrorists

/12 Comments/in , , /by

Keith Alexander showed up to chat with a typically solicitous George Stephanopoulos yesterday. The interview demonstrates something I’ll be increasingly obsessed with in upcoming weeks.

The government is using the limited success of NSA’s counterterrorism spying to justify programs that increasingly serve a cybersecurity function — a function Congress has not enthusiastically endorsed.

The interview starts with Alexander ignoring Steph’s first question (why we didn’t find Snowden) and instead teeing up 9/11 and terror terror terror.

And when you think about what our mission is, I want to jump into that, because I think it reflect on the question you’re asking.

You know, my first responsibility to the American people is to defend this nation. And when you think about it, defending the nation, let’s look back at 9/11 and what happened.

The intel community failed to connect the dots in 9/11. And much of what we’ve done since then were to give us the capabilities — and this is the business record FISA, what’s sometimes called Section 215 and the FAA 702 — two capabilities that help us connect the dots.

The reason I bring that up is that these are two of the most important things from my perspective that helps us understand what terrorists are trying to do. And if you think about that, what Snowden has revealed has caused irreversible and significant damage to our country and to our allies.

When — on Friday, we pushed a Congress over 50 cases where these contributed to the understanding and, in many cases, disruptions of terrorist plots.

Steph persists with his original question and gets Alexander to repeat that they’ve “changed the passwords” at NSA to prevent others from leaking.

Steph then asks Alexander about Snowden’s leaks of details on our hacking of China (note, no one seems to be interested in this article, which is just as revealing about our hacking of China as Snowden’s revelations).

Note how, even here, Alexander says our intelligence collection in China is about terrorism.

STEPHANOPOULOS: In the statement that Hong Kong put out this morning, explaining why they allowed Snowden to leave, they also say they’ve written to the United States government requesting clarification on the reports, based on Snowden’s information, that the United States government attacked (ph) computer systems in Hong Kong.

He said that the NSA does all kinds of things like hack Chinese cell phone companies to steal all of your SMS data.

Is that true?

ALEXANDER: Well, we have interest in those who collect on us as an intelligence agency. But to say that we’re willfully just collecting all sorts of data would give you the impression that we’re just trying to canvas the whole world.

The fact is what we’re trying to do is get the information our nation needs, the foreign intelligence, that primary mission, in this case and the case that Snowden has brought up is in defending this nation from a terrorist attack.

Alexander then shifts the issue and suggests we’re collecting on China because it is collecting on us.

Now we have other intelligence interests just like other nations do. That’s what you’d expect us to do. We do that right. Our main interest: who’s collecting on us?

Alexander next goes on to answer Steph’s question about whether we broke Hong Kong law by saying this hacking doesn’t break our law. Read more

Section 215 Dragnet: Again with the Passive Voice Oversight

/9 Comments/in /by

The NSA released a more-detailed sheet on the Section 215 dragnet which provides a number of details that are more troubling than what got presented in front of the TV cameras earlier today.

As always, I’m particularly interested in the documentation process. And once again,  unnamed passive-voiced actors do the critical audits.

  • This metadata may be queried only when there is a reasonable suspicion, based on specific and articulated facts, that the identifier that will be used as the basis for the query is associated with specific foreign terrorist organizations.
  • The basis for these queries must be documented in writing in advance.
  • Fewer than two dozen NSA officials may approve such queries.
  • The documented basis for these queries is regularly audited by the Department of Justice

Here’s how the transmission of aggregate numbers of the queries looks.

Every 30 days, the government must file with the Foreign Intelligence Surveillance Court a report describing the implementation of the program, to include a discussion of the application of the Reasonable Articulable Suspicion (RAS) standard, the number of approved queries and the number of instances that query results that contain U.S. person information were shared outside of NSA in any form.

And, in spite of the fact that several people have said all three branches can audit these numbers (as Adam Schiff noted today, the court can’t, because they only get the aggregate numbers), there’s not mention of Congress’ oversight role.

Edward Snowden: Congress Has Immunity from Spying, But You Don’t

/21 Comments/in , /by

I’ll admit from the start that the Snowden chat at the Guardian was a brilliant journalistic and technical feat. At the same time, it’s clear that Snowden is still closely following the news, and presumably shaping his answers for maximal political effect.

So I take this comment, the last words he spoke on the chat, with a grain of salt.

This is the precise reason that NSA provides Congress with a special immunity to its surveillance.

Certainly, it would seem technically feasible to block all Verizon numbers associated with official Congressional communications devices. It would be far harder to block the abundant communications devices tied to campaign activity.

From this, shall we assume the White House and Courts are also immune?

Contrast that with Snowden’s claims about we peons’ communications.

NSA likes to use “domestic” as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as “incidental” collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of “warranted” intercept, it’s important to understand the intelligence community doesn’t always deal with what you would consider a “real” warrant like a Police department would have to, the “warrant” is more of a templated form they fill out and send to a reliable judge with a rubber stamp.

[snip]

US Persons do enjoy limited policy protections (and again, it’s important to understand that policy protection is no protection – policy is a one-way ratchet that only loosens) and one very weak technical protection – a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the “widest allowable aperture,” and can be stripped out at any time. Even with the filter, US comms get ingested, and even more so as soon as they leave the border. Your protected communications shouldn’t stop being protected communications just because of the IP they’re tagged with.

I do believe I pointed out James Clapper using “domestic” as just on such weasel word (I prefer to call it Orwellian turd-splat) this morning!

Clearly, Snowden is trying to make it clear that our Congressional overseers aren’t protecting our interests as well as the NSA has protected theirs (for good reasons under the Constitution, I would add).

So this claim may just be an effort to make us more pissed.

Remember, however, the day after the first leak on this, Eric Holder testified before the Senate Appropriations Committee. Barbara Milulski, who (as a tremendously powerful Senator representing NSA) had not previously publicly ever met NSA surveillance she didn’t like, was up in arms about the possibility the government was surveilling her communications.

Those concerns had been placated by the time Keith Alexander testified a day or so later.

So while Snowden is clearly trying to push the debate, it is also quite likely that the immunity comment is true.

Shell Games: How to Keep Doing Internet Data Mining and Avoid the Courts

/8 Comments/in , /by

As I noted, the WaPo makes it clear one of the most sensitive parts of the government’s surveillance programs is the collection of Internet metadata.

But the thing is, it doesn’t come out and explain whether and if so how it continues to go on.

This passage, written in the present tense, sure seems to suggest it continues.

MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.

The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.

What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see. “You could do analyses that give you more information, but the law and procedures don’t allow that,” a senior U.S. intelligence lawyer said.

Yet buried in the last paragraphs of the story, WaPo’s sources suggest “the NSA is no longer doing it.” Or — as elaborated — doing “it” under the guise of and with the oversight of the FISA court.

As for bulk collection of Internet metadata, the question that triggered the crisis of 2004, another official said the NSA is no longer doing it. When pressed on that question, he said he was speaking only of collections under authority of the surveillance court.

“I’m not going to say we’re not collecting any Internet metadata,” he added. “We’re not using this program and these kinds of accesses to collect Internet metadata in bulk.”

I keep saying this: sources on this story are trying hard to get us to focus on a few programs managed by FBI and NSA under two particular provisions of law that happen to have (secret, limited) court oversight, Section 215 of the PATRIOT Act and the FISA Amendments Act. But that leaves out several other likely candidates to conduct such intelligence analysis, notably the NCTC. And it leaves out other potential sources of collection, such as cybersecurity in the name of self-defense.

NSA Spying: The Oversight of the Passive Voice

/9 Comments/in , /by

In a white paper claiming “the American people deserve to know what we are doing to protect both” privacy and liberty, and security, the government (Ellen Nakashima, at least, doesn’t specify which agency generated this) also includes this assertion:

The [dragnet metadata] program is subject to strict controls and oversight: the metadata is segregated and queries against the metadata are documented and audited.

The detail is one that NSA Director Keith Alexander had already claimed in his testimony before the Senate Appropriations Committee last week. He claimed,

Every time we query that database, it’s auditible by the committees, by DOJ, by the court, by the Administration.

In a telling comment to the press the other day, though, Dianne Feinstein, whose staffers on the Intelligence Committee would be the ones auditing the queries, said this:

Asked to confirm that intelligence officials do not need a court order for the query of the number itself, Feinstein said, “that’s my understanding.”

I found it really strange that a person who should be solidly in the thick of the audits Alexander was boasting about didn’t even seem sure about how someone accessed the database.

But then, Alexander said they were “auditable,” not that they were audited by all these people.

One of just a few explanations about oversight in a document trying to prove the government protects our privacy and liberty might be more persuasive if they weren’t presented in the passive voice. It doesn’t sound like DiFi knows Congress could audit the document; I wonder if the FISA Court, which Alexander claims also can audit the data, knows it can (I’d also like to see someone audit the claim it is segregated; is it ever copied?).

The white paper’s statements about the 702/PRISM program are equally unsatisfying.

Congress requires the Government to develop and obtain judicial approval for “minimization” procedures to ensure appropriate protection of any information about U.S. persons that may be incidentally acquired. The Government did that, and its procedures were approved by the Foreign Intelligence Surveillance Court.

As I’ve noted repeatedly, the FISC doesn’t get to review compliance with these procedures, only the adequacy of them if applied as promised. And since this white paper makes no claims that the government can’t access this US person data — which, after all, includes content and metadata — it suggests the most sensitive collection for Americans has only internal (DOJ and ODNI review) safeguards for Americans’ Internet communications.

Effectively, in addition to providing further evidence for Mark Udall’s assertions that the government could accomplish what it says it is doing via other, far less sensitive means, this document only serves to show how inadequate the oversight of these programs is.

What Does NCTC Do with NSA and FBI’s Newly Disclosed Databases?

/22 Comments/in , , /by

The discussion about the various “NSA” programs we’ve seen so far have discussed only how NSA works with FBI. FBI requests the dragnet phone information and hands it over to NSA. NSA negotiates direct access to internet companies that allow FBI to make direct queries.

We’ve heard from Keith Alexander about what NSA does — its only use of Section 215, he said, was the phone records.

We heard from Robert Mueller who gave less clear answers about what FBI does and does not do.

But we have yet to have direct testimony from James “least untruthful too cute by half” James Clapper. Mind you, we’ve gotten several fact sheets and Clapper’s hilarious interview with Andrea Mitchell. Just no specific public testimony.

And curiously, in the DNI’s own fact sheets, he doesn’t specify who does what, aside from describing the statutory role his position and the Attorney General play in authorizing FAA 702 orders. He doesn’t say what FBI does, what NSA does … or what his own organization does.

That’s important, because in addition to overseeing all intelligence, Clapper’s office also includes the National Counterterrorism Center. And the NCTC is the entity in charge sharing data. Indeed, it is statutorily required to have access to everything.

[The National Security Act] provides that “[u]nless otherwise directed by the President, the Director of National Intelligence shall have access to all national intelligence and intelligence related to the national security which is collected by any federal department, agency, or other entity, except as otherwise provided by law, or as appropriate, under guidelines agreed upon by the Attorney General and the Director of National Intelligence.

That means, presumably, that NCTC is doing a lot of the work that NSA and FBI are making narrow denials about.

But it also means that NCTC can play with these databases — the dragnet and the access via PRISM to 702 data — as well as any other data in the Federal government, including databases that John Brennan gave it the ability to go get.

So here’s the thing. When Keith Alexander gives you pat reassurances about how limited NSA’s access to Americans’ call data is, that may disclose a whole lot more intrusive data mining over at James Clapper’s shop.

Remember, here is what James Clapper was initially asked.

Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Clapper: No, sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.” [my emphasis]

His first attempt to walk back that lie went like this:

What I said was, the NSA does not voyeuristically pore through U.S. citizens’ e-mails. [my emphasis]

His second attempt to walk it back went like this:

ANDREA MITCHELL: Senator Wyden made quite a lot out of your exchange with him last March during the hearings. Can you explain what you meant when you said that there was not data collection on millions of Americans?

JAMES CLAPPER: First– as I said, I have great respect for Senator Wyden. I thought, though in retrospect, I was asked– “When are you going to start– stop beating your wife” kind of question, which is meaning not– answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.

And again, to go back to my metaphor. What I was thinking of is looking at the Dewey Decimal numbers– of those books in that metaphorical library– to me, collection of U.S. persons’ data would mean taking the book off the shelf and opening it up and reading it.

ANDREA MITCHELL: Taking the contents?

JAMES CLAPPER: Exactly. That’s what I meant. Now–

ANDREA MITCHELL: You did not mean archiving the telephone numbers?

All of those efforts were, by context at least, limited exclusively to NSA. They don’t address, at all, what NCTC might do with this data (or, for that matter, FBI).

So what does the NCTC do with the data that NSA and FBI have issued careful denials about?

Update: I’m going to replicate a big chunk of this post on the oversight over NCTC’s use of other agencies data, complete with the bit about how the guy in charge of it thought Cheney’s illegal program was the shit.

Back when John Negroponte appointed him to be the Director of National Intelligence’s Civil Liberties Protection Officer, Alexander Joel admitted he had no problem with Cheney’s illegal domestic wiretap program.

Read more

Who Are the Potential Targets of the OTHER Section 215 Program(s)

/18 Comments/in , , , /by

There are several small, but significant, discrepancies between what Dianne Feinstein and Keith Alexander said in yesterday’s Senate Appropriation Committee hearing on cyber and what others have said. As one example, last week James Clapper said this was the standard for accessing the dragnet of Americans’ call data:

The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization. [my emphasis]

DiFi yesterday said this was the standard:

It can only look at that data after a showing that there is a reasonable, articulable suspicion that a specific individual is involved in terrorism, actually related to al Qaeda or Iran. [my emphasis]

These are slightly different things (and Congress has fought hard over the word “articulable” in very similar contexts to this in the past — plus, whichever word is used may trace back to Jack Goldsmith’s 2004 OLC opinion on the illegal wiretap program). It’s possible — likely even — that Clapper was just dumbing down his statement the other day. But it is a difference.

I’m particularly interested in the point I raised yesterday. DiFi, in discussing the NSA’s use of the Section 215 data, says it can only be used to find people in the US with ties to terrorists or Iran.

But when Clapper discussed all the potential targets the Intelligence Community might want to trace using Section 215 data, he mentioned a broader group.

There are no limitations on the customers who can use this library. Many and millions of innocent people doing min– millions of innocent things use this library, but there are also nefarious people who use it. Terrorists, drug cartels, human traffickers, criminals also take advantage of the same technology. So the task for us in the interest of preserving security and preserving civil liberties and privacy is to be as precise as we possibly can be when we go in that library and look for the books that we need to open up and actually read. [my emphasis]

But remember. Clapper oversees all 16 members of the intelligence community, including FBI and the National Counterterrorism Center. DiFi’s statement (and Alexander’s confirmation) applied only to NSA. Elsewhere in the hearing, Alexander said NSA only used what he called “BR” (for business records) to collect phone records. And we know that — at least as recently as 2011 — there was at least one other secret collection program using Section 215. So one of those other entities — almost certainly FBI — must run that program.

Moreover, there’s no reason to believe that Edward Snowden, who had unbelievable access to NSA’s networks and, some time ago, CIA’s records, would have access to programs that didn’t involve those agencies.

And Keith Alexander probably knows that.

Also, terrorists, certainly, and Iran, sort of, are legitimate targets for DOD (I’m actually wondering if the government has acrobatically justified going after Iranian contacts by relying on the still extant Iraq AUMF). For NSA to pursue drug cartels and criminals might present a posse comitatus problem (one that I believe was part of the problem behind the 2004 hospital confrontation).

So I’m wondering how many of the answers we’re getting are designed to minimize the scope of what we know by referring only to the NSA programs?

 

BREAKING: Iran Is a Terrorist Organization

/15 Comments/in , , /by

I’m trying to sort through the irreconcilable claims about the Section 215 and PRISM/702 programs made in today’s Senate Appropriations Committee hearing on cyber.

But for now, I want to post Dianne Feinstein’s statement about what Section 215 does because, well, it seems Iran is now a terrorist. (This is around 1:55)

The Section 215 Business Records provision was created in 2001 in the PATRIOT for tangible things: hotel records, credit card statements, etcetera. Things that are not phone or email communications. The FBI uses that authority as part of its terrorism investigations. The NSA only uses Section 215 for phone call records — not for Google searches or other things. Under Section 215, NSA collects phone records pursuant to a court record. It can only look at that data after a showing that there is a reasonable, articulable that a specific individual is involved in terrorism, actually related to al Qaeda or Iran. At that point, the database can be searched. But that search only provides metadata, of those phone numbers. Of things that are in the phone bill. That person, um [flips paper] So the vast majority of records in the database are never accessed, and are deleted after a period of five years. To look at, or use content, a court warrant must be obtained.

Is that a fair description, or can you correct it in any way?

Keith Alexander: That is correct, Senator.

Frankly, Dianne Feinstein has appeared to keep her facts straight about Section 215, at least, better than Mike Rogers and James Clapper over the last week. But this statement conflicts in some important ways with what others are saying.

So maybe this is not accurate.

But according to DiFi — and backed by General Keith Alexander, head of NSA — Iran, along with al Qaeda, is now a terrorist organization.