Posts

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Keith Gartenlaub Wonders Why He Can’t Get the Carter Page Treatment

Whatever else you think of the Carter Page pseudo-scandal, the release of his FISA application has finally ended the 50 year period during which not a single person targeted under FISA has ever seen the application used to obtain the order.

That should mean that for defendants who can legitimately demonstrate there was probably something actually problematic with the application they can review the application and challenge the order and everything that comes from it. Keith Gartenlaub, who was targeted as a Chinese spy based off basically nothing, currently has a pending challenge in his FISA case in the 9th Circuit.

His attorney, John Cline, has already written the court pointing out that the release of Page’s FISA application demonstrates DOJ’s 50 year fearmongering about FISA is really overblown.

As with the HPSCI memoranda, the declassification and disclosure of the redacted Page FISA materials demonstrates that it is possible to discuss publicly aspects of a FISA application without damaging national security. In addition, the declassification and disclosure of the redacted FISA materials highlights the absurdity of the government’s assertion, in this and other cases involving motions to suppress FISA surveillance, that any disclosure of any portion of a FISA application, even to cleared defense counsel under the protections of CIPA, would harm national security. If the redacted Page FISA materials can be disclosed publicly without harming national security, as the Executive Branch has
determined, even more substantial disclosure of the Gartenlaub FISA application can be made to cleared defense counsel under CIPA without causing such harm.

It is likely that we (or rather, Cline, Gartenlaub’s cleared attorney) would learn far more about the things FBI gets away with in FISA applications from Gartenlaub’s application than Page’s.

If defendants like Gartenlaub can carry out such review, we actually might be able to make FISA more reasonable.

Andy Finds an Acorn: The Searches of Carter Page’s Devices

I’ve long argued that Trump opponents should include Andrew McCarthy among the right wing Trump defenders they read. That’s true, in part, because he at least feigns to be considering the public evidence (though I think he has long since gotten swept up in tribalism). Moreover, as a former prosecutor who worked on some high visibility national security cases, he knows how these things worked fifteen years ago.

His piece on the Adam Schiff memo is typical of his current work. Virtually every single point is easily refuted; most are laughable, such as when he claims the FBI’s use of his 2013 interview to prosecute some spies means his March 2016 interview was truthful.

The memo does note that “the FBI also interviewed Page multiple times about his Russian intelligence contacts.” Apparently, these interviews stretch back to 2013. The memo also lets slip that there was at least one more interview with Page in March 2016, before the counterintelligence investigation began. We must assume that Page was a truthful informant since his information was used in a prosecution against Russian spies and Page himself has never been accused of lying to the FBI.

McCarthy also adheres to the GOP propaganda line that “Democrats conveniently omit is that … the Russian spies explicitly regarded him as an ‘idiot’ (and they had not even seen him on cable TV),” which I mocked in this piece at Vice.

The Republican response to the evidence that the Trump campaign named Page a foreign policy advisor around the same time the FBI interviewed him over suspected ties with Russian spies is perhaps the most pathetic thing in here. Among other things, it complains that the Schiff memo doesn’t mention that “a Russian intelligence officer called Page ‘an idiot.’”

So the latest Memoghazi arguments might best be summarized this way: After Democrats convincingly argued Trump made a suspected Russian asset a key foreign policy advisor, Republicans insisted that doesn’t matter because the suspected Russian asset was a moron.

On one point (a point I’ve been making), however, McCarthy is right.

The Schiff memo reveals, for the first time, that DOJ obtained a FISA order covering both electronic surveillance and “physical search.” Not many people understand this, but DOJ uses physical search orders not just to authorize FBI agents to search through a person’s home, but also to search through that person’s electronic devices (and cloud providers’ cloud storage). As I explained in my post on FISA and the Space-Time Continuum, using a physical search order allows the government to search far back in time.

Domestically, there are two kinds of collection: 1805, which is the collection of data in motion — an old fashioned wiretap, and 1824, which is called a “physical search” order. The government likes to hide the fact that the collection of data at rest is accomplished with an 1824 physical search order, not 1805. So an 1824 order might be used to search a closet, or it might be used to image someone’s hard drive. Most often, 1805 and 1824 get combined, but not always (the FISC released a breakdown for these last year).

Of course (as the Gartenlaub case will show), if you image someone’s hard drive, you’re going to get data from well before the time they’ve been under a FISA order, quite possibly even from before you’ve owned your computer.

In Keith Gartenlaub’s case, a physical search order was used to conduct a black bag search of his home, during which the FBI imaged and subsequently searched the saved hard drives from the last three computers Gartenlaub had used, going back a decade, which is how FBI found child porn that hadn’t been accessed in a decade.

And, as McCarthy notes (though without explaining the electronic/physical distinction), in the case of Carter Page, depending on what minimization procedures the FISC imposed, a physical search order approved on October 21, 2016 might allow FBI to search his devices for communications he had between March and September 2016, when he was a member of the Trump campaign.

What Democrats fail to mention is that the surveillance enabled the FBI to intercept not only his forward-going communications but also any stored emails and texts he might have had. Clearly, they were hoping to find a motherlode of campaign communications. Remember, Page was merely the vehicle for surveillance; the objective was to probe Trump ties to Russia.

I’ve explained that the near-certainty that NSA obtained a 705(b) order on Page for when he traveled to Moscow, London, and the Emirates in December and January would make such backwards looking surveillance even more likely.

I’m not sure that amounts to using Page as a vehicle to surveil the Trump campaign. Depending on how you count it, FISC modified somewhere between 112 and 310 applications in 2016, easily more than they ever had before (my guess is the big spike in numbers has to do with their consideration of the Riley SCOTUS precedent as they approve more orders accessing iPhones). Modifications are how minimization procedures show up in FISA counts, and imposing limits on what the government might access from Page’s devices is the kind of thing I’d expect to see out of the FISC.

Still, McCarthy doesn’t know that FBI used Page as a vehicle; the FBI could easily argue they were trying to protect Trump from the suspected spy the campaign’s non-existent vetting had invited into its midst. And he couldn’t know whether targeting Page allowed FBI to access campaign-related communications without knowing what kind of minimization procedures were imposed, if any.

A real oversight committee would make answering such a question a priority, because it’s the kind of question that goes to the core of the impact of the Page order on Trump’s campaign, but also because the question of how FISC orders permit FBI to access decades of information is a fairly important legal issue, not least in the Ninth Circuit in the Gartenlaub case.

Alas, HPSCI is not that real oversight committee, and so no one appears to be asking that question.

In Defense of Suspected Russian Agent Carter Page, Michael Mukasey Just Gave Defense Attorneys a Big Gift

In my post laying out the damage the Nunes memo might have caused, I predicted that defense attorneys would use the release of the memo — and the language Don McGahn used to claim its release served a public interest — to support their arguments that defendants should get to review the underlying application for a FISA warrant.

In the 40 year history of FISA, no defendant who got notice that FISA data was being used against them in prosecution has been able to review the application used against them. Because Nunes released this information so frivolously, because White House Counsel Don McGahn, in his cover memo, suggested this was a time when “public interest in disclosure of [FISA materials] outweighs any need to protect the information, the memo lowers the bar for release of FISA-related information going forward.

I assume Carter Page, if he is charged, will successfully be able to win review of his FISA application (and think that would be entirely appropriate); that may mean he doesn’t get charged or, if he does, Mueller has to bend over backwards to avoid using FISA material.

But I also assume — and hope — that this disclosure ends the 40 year drought on the release of information, which the original drafters of FISA envisioned would be appropriate in certain circumstances. I think this the one salutary benefit of this memo; it makes it more likely that FISA will work the way it is supposed to going forward.

I even think it possible that the release of this information may affect the response to Keith Gartenlaub’s pending appeal in the Ninth Circuit. His is a case that merits FISA review, and whereas the court might have hesitated to give him that in the past, it would be far easier for them to do so here.

Former Attorney General Michael Mukasey, fresh off trying to broker the release of sanctions violator Reza Zarrab, just gave defense attorneys another big gift.

In a WSJ op-ed that ignores all the holes in the Nunes memo and pretends two guilty pleas about lies about negotiations with Russians have nothing to do with an investigation into “collusion” with Russians, he says that Carter Page’s FISA application should be made public so we can figure out whether DOJ misled the FISA Court.

I believe that at a minimum, the public should get access to a carefully redacted copy of the FISA application and renewals, so we can see whether officials behaved unlawfully by misleading a court;

Remember: when defendants who’ve gotten FISA notice ask to see their own applications to see whether “officials behaved unlawfully by misleading a court,” one thing the government has to do to keep the application secret is submit a declaration from the Attorney General saying that FISA applications are so sensitive they can never be shared with defendants. In the declaration Eric Holder submitted in the Gartenlaub case, for example, he claimed,

Based on the facts and considerations set forth below, I hereby claim that it would harm the national security of the United States to disclose or hold an adversary hearing with respect to the FISA Materials.

[snip]

I certify that the unauthorized disclosure of the FISA Materials that are classified at the “TOP SECRET” level could reasonably be expected to cause exceptionally grave damage to the national security of the United States. I further certify that the unauthorized disclosure of the FISA materials that are classified at the “SECRET” level could be expected to cause serious damage to the national security of the United States. The FISA Materials contain sensitive and classified information concerning United States intelligence sources and methods and other information related to efforts of the United States to conduct national security investigations, including the manner and means by which those investigations are conducted. As a result, the unauthorized disclosure of the information could harm the national security interests of the United States.

I’m sure Holder was using boilerplate that Mukasey himself used, when he submitted similar declarations to courts.

Remember, Gartenlaub is awaiting a ruling from the Ninth Circuit on whether he should be able to access his FISA application to see whether officials misled the FISA Court. The government has been claiming over and over that accessing his FISA application to do so would be too dangerous.

And yet, here we have one of the most hawkish Attorneys General in recent history telling the world that even the public release of FISA applications to do just that would be useful.

The Harm Releasing the Nunes Memo Caused

I did two pieces elsewhere on the Devin Nunes memo yesterday. At Vice, I tracked all the holes in the memo; subsequent reporting showed that I hit virtually all the big ones that Adam Schiff hit in his response memo: the memo misrepresented what FBI told FISC about the political nature of Christopher Steele’s, it misrepresents Andrew McCabe’s testimony, and the memo misrepresented why George Papadopoulos was mentioned in the application. At HuffPo, I described how on the twin FISA events of the last few weeks — 702 reauthorization and the Nunes memo — both Nunes and Paul Ryan were on the wrong side of the principles of rule of law and civil liberties.

Since the memo has proven to be such a dud, a lot of people are now questioning DOJ’s and Democrats’ claims that releasing the memo would harm national security. I want to lay out three ways (DOJ surely believes) it may well do that.

Tells Carter Page and any co-conspirators precisely when FISA surveillance started

The memo tells Carter Page — and any co-conspirators both within the Trump camp and overseas — precisely when the surveillance on Page started and what it consists of.

FBI obtained an electronic surveillance warrant against Page on October 21, 2016, and obtained 3 reauthorizations (so roughly January 19, April 19, and July 18). While Page’s interlocutors overseas were likely wiretapped, if possible, associates in the Trump camp can now assume any conversations they had with him before October 21 were not recorded and remain unavailable to Robert Mueller.

Mind you, we know the memo doesn’t reveal the full extent of surveillance directed against Carter Page, because it gives no details on the 2014 FISA wiretap reportedly used against him. That leaves open the possibility that he was surveilled using other means. I think the GOP would have included had FISC approved a physical search FISA warrant against Page, because that would include the possibility of obtaining stored communications from during the campaign. But I would also bet a lot of money that whatever Attorney General was in charge during periods when Page traveled overseas approved a 705(b) order on him, permitting surveillance to continue while he was overseas. I’ll have more to say on this in upcoming days.

Note, it is also possible that the surveillance against Page continues.

Tells subjects of the investigation the status of the investigation and FBI’s ability to validate the Steele memo

The memo provides other details about the investigation, too.

On October 21, per a quotation from FBI Assistant Director Bill Priestap, the investigation into Russian ties with the Trump camp was is its “infancy.” Again, this will let Russians and Trump associates know that anything they managed to destroy before that date may well be unavailable to Mueller.

Later in October, the source report on Steele reported that the dossier had been “only minimally corroborated.” If any of the events in the dossier are real, then the Russians (especially) will have a sense of how unsuccessful the FBI had been in finding the evidence to corroborate those events. If the dossier is, as I’ve suggested, disinformation, the Russians would know that their disinformation was wasting FBI Agent time at least for months.

Tells Australians and every other foreign partner shared intelligence may be officially declassified

The memo mentions the Papadopoulos tip and confirms that’s what triggered the investigation; it also confirms that nothing shared prior to then had triggered an investigation. While the description here doesn’t attribute that intelligence to the Australians, we know that’s where it came from. Now Australia and every other country will know that intelligence they share, including intelligence that makes it look like Five Eyes officials are reporting on the citizens of other Five Eyes countries, may be released by Devin Nunes for political gain. This will add to the many reasons why our friends will hesitate before sharing intelligence with us.

Makes it more likely defendants will get FISA review

In the 40 year history of FISA, no defendant who got notice that FISA data was being used against them in prosecution has been able to review the application used against them. Because Nunes released this information so frivolously, because White House Counsel Don McGahn, in his cover memo, suggested this was a time when “public interest in disclosure of [FISA materials] outweighs any need to protect the information, the memo lowers the bar for release of FISA-related information going forward.

I assume Carter Page, if he is charged, will successfully be able to win review of his FISA application (and think that would be entirely appropriate); that may mean he doesn’t get charged or, if he does, Mueller has to bend over backwards to avoid using FISA material.

But I also assume — and hope — that this disclosure ends the 40 year drought on the release of information, which the original drafters of FISA envisioned would be appropriate in certain circumstances. I think this the one salutary benefit of this memo; it makes it more likely that FISA will work the way it is supposed to going forward.

I even think it possible that the release of this information may affect the response to Keith Gartenlaub’s pending appeal in the Ninth Circuit. His is a case that merits FISA review, and whereas the court might have hesitated to give him that in the past, it would be far easier for them to do so here.

In other words, the release of this memo likely helped those Mueller is trying to investigate, provided another reason for our foreign partners to hesitate before sharing intelligence with us, and makes it more likely some defendants will get to review their FISA application going forward. I can see how DOJ would consider all of that harmful to national security.

Update: On Twitter some folks added that this makes people distrust FBI, making it less likely they’ll share information with the Bureau. In my opinion actually sharing interview reports with HPSCI already did that (though that Chris Wray was forced to do so wouldn’t be as widely known). I also think the sheer shittiness of the dossier minimizes the impact of that somewhat. But I think it’s a fair point.

Yes, in Gartenlaub, FBI Was Hunting for Child Porn in the Name of Foreign Intelligence Information

Over at Motherboard, I’ve got a piece on the Keith Gartenlaub hearing in the Ninth Circuit on December 4. Gartenlaub was appealing his conviction for possession of child porn, in part, based on the argument that the government shouldn’t have been able to look for child porn under the guise of searching for foreign intelligence information.

As I note, the public hearing seems to have gone reasonably well for Gartenlaub, with a close focus on how the US v Comprehensive Drug Testing precedent in the 9th Circuit, which requires searches of digital media to be appropriate to the purpose of the search, might limit searches for Foreign Intelligence Information.

Anthony Lewis, arguing for the government, suggested that FISA was different from the Rule 41 context; in FISA, he argued, specificity would be handled by post collection minimization procedures.

Anthony Lewis, arguing for the government, responded to Gartenlaub’s argument with vague promises that the minimization procedures—rules that FISA imposes on data obtained under the statute—would take care of any Fourth Amendment concerns. “The minimization procedures themselves really supply the answer in the FISA context,” Lewis said. Accessing data found during a search “simply operates differently in the FISA context, in which there is a robust set of procedures that exist on the back end of the search through acquisition, retention, and dissemination that is simply unlike what happens in a Rule 41 context.”

Lewis argued (and this is not in the post) that because FISA permits the sharing of criminal information, minimization procedures would always using evidence of a crime found in a search.

If it is evidence of a crime, then the minimization procedures — the statute does not call for it to be minimized. There are other procedures in place, some of which I can’t discuss in this open proceeding, but there are procedures in place that limit the use of that. Some of them are in the statute itself that Attorney General approval is required in order to use information obtained or derived from FISA.

The judges didn’t seem convinced. Each judge on the panel voiced a theory by which they could rule for Gartenlaub (which is different from giving him any kind of relief).

Judge Ronald Gould worried that if the government found evidence that wasn’t foreign intelligence but revealed something urgent—he used the example of a serial killer’s next targets throughout the hearing—it would need a way to use that information. Gartenlaub’s attorney John Cline and amicus lawyer Ashley Gorski, arguing for the ACLU, both noted an exigent circumstance exception could justify the use of the information on the hypothetical serial killer.

Judge Lawrence Piersol, a senior district court judge from Idaho, seemed to imagine district court judges providing individualized review on whether the information was reasonably obtained in a FISA-authorized search, possibly with the involvement of the court’s own cleared experts.

Judge Kim Wardlaw, who sat on the en banc panel for the Ninth Circuit precedent in question, asked why, when the government saw “a whole database [that] obviously suggests child porn” it couldn’t “go get another warrant?” So she seemed to favor a system where the government would have to get a criminal warrant to obtain child porn. That would present very interesting questions in this case, however, since the government obtained a criminal warrant based on probable cause that Gartenlaub was sharing information on Boeing intellectual property with China before it executed the FISA-authorized search that discovered the child porn.

But (also not in the post) Piersol added another example — one that has direct relevance for the most prominent investigation in the country implicating FISA, the Mueller investigation, which indicted FISA target Paul Manafort for what amounts to money laundering.

What about instead if you’re going through and looking for foreign intelligence information and you find a tremendous number of financial transactions which looks like it could well be money laundering. What do you do with that? Nothing? I mean, you just go ahead and prosecute it? You don’t have to worry about the fact that you weren’t looking for that?

Sure, Manafort’s not in the Ninth, but the judges sure seem inclined to limit the government’s ability to use a FISA order to troll through digital devices to find evidence of a crime that they can then use — as they did with Gartenlaub and are trying to do with Manafort — to coerce cooperation from the defendant. Depending on how they framed such a limit, it might seriously limit how the government enacted other FISA authorities in the circuit (which of course includes Silicon Valley — though any secondary searches would take place in Maryland or some other NSA facility); of very particular import, it would affect how the government implements its 2014 exception, whereby the NSA collects location obscured data (including entirely domestic communications) but then purges all but that which can be retained, including for criminal purposes, after the fact.

Which is why it’s so troubling that — as has happened in the last case where a defendant had a good argument to look at his FISA materials — the panel asked Lewis to stick around for an ex parte session.

Things were going swimmingly, that is, up until Wardlaw’s last comments to the government’s lawyer, Lewis. As he finished, she said she had no further questions, but added, “We’re going to ask you to stay after the hearing, to be available for us.” Lewis responded, “Understood, your honor,” as if he (and the people whose bags were sitting behind his counsel’s table but who were not themselves present) had advance warning of this. “Understood,” Lewis repeated again.

That was the first Gartenlaub’s team learned of the secret meeting the panel of judges had planned.

So after having presented a lackluster argument, Lewis was going to get a chance, it appears, to argue his case without Gartenlaub’s lawyers present, to be able to argue that not even Ninth Circuit precedent can limit the government’s authority to search with no limits in the name of national security.

There’s apparently precedent for this. Cline, who worked on the appeal of a defendant who almostgot FISA review, Adel Daoud, said the appeals court judges booted him and the other defense lawyers out of the courtroom for a similar ex parte hearing in that case too.

“The Seventh Circuit cleared the courtroom after the public argument and then allowed only government attorneys back in for the classified, ex parte session,” he said.

The session would not only give Lewis a chance to make further argument that the law envisions finding criminal evidence and using it to flip targets, but also to explain why, if the panel ruled in the direction it appeared they might, it would cause problems with other NSA collection.

Here’s the thing though — and the reason why an ex parte proceeding is so problematic here.

If given the chance, Gartenlaub would be able to argue in fairly compelling manner that the government set out to find things like child porn. That’s because one of the first steps of a forensics search — according to Gartenlaub’s forensics expert, Jeff Fischbach, who attended the hearing — is to set what you’re looking for. There’s a button to exclude all images and videos; by turning it off you vastly accelerate the search. And in Gartenlaub’s case, the government claimed to be looking for very specific kinds of foreign intelligence information: Boeing intellectual property, or any materials suggesting that Gartenlaub was dealing in same. The IP would have been CAD drawings stolen in digital form, not images. So to search what the government claimed it wanted to search for, there would have been no reason to search through any videos or photos. Which would have excluded finding the decade old child porn lying unopened on the hard drive.

As Wardlaw (who had been on the CDT panel) laid out,

The main problem we had was that in CDT, the government was authorized to look at the files pertaining to certain individuals — I believe Barry Bonds — and instead, they went further, and looked at the drug testing files for other baseball players. So that search was not authorized. They were not the subjects of the warrant and the warrant was circumscribed that way. Here, the warrant is any foreign intelligence data, it’s not narrower than that.

We don’t actually know (and it’s likely Wardlaw doesn’t either, at this point). But the government claimed to be searching for very specific things, tied to very specific claims of stolen IP from Boeing. Yet they necessarily designed their search to find far more than that. Which is how they found no foreign intelligence, but instead unopened child porn.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

Former FBI Special Agent Asha Rangappa has a defense of back door searches at Just Security that (unlike most defenses of 702) actually takes on those searches as practiced in most problematic way at FBI, rather than as done in much more controlled fashion at NSA.

FBI does federated searches

I think she nitpicks a few issues. For example, she claims that back door opponents claim there is a “stand-alone computer in the middle of each FBI office with a big sign that reads ‘702 DATABASE ‘” but then goes on to claim “FBI uses one database for all of its investigative functions,” even while admitting that the FBI really does “federated queries” of multiple repositories. The distinction — particularly given that we know the database comes with access limits tied to job function — could offer solutions to concerns about 702 data (including providing access to just metadata, a proposal I’m not a fan of but one she attacks in the post). She also ignores the FBI’s use of “ad hoc databases” that have posed access and data protection concerns in the past.  Which is to say, the technical realities of how FBI Agents access this data soup are more complex than she lays out, and those complexities should be part of the discussion because they present additional risks and opportunities.

FBI’s raw data will be US-person focused

Rangappa minimizes what percentage of raw data obtained by FBI would include US person contact.

According to FBI Director Christopher Wray, the FBI receives about 4.3 percent of the NSA’s total collection – and since not every incidental communication will necessarily involve an USPER, the number of communications involving Americans are likely less than that.

While the FBI does have global investigations, the FBI is going to have few full investigations that have no domestic component. Investigations focused on US victims (say a US company hacked by Russian or Chinese state actors) won’t include many US interlocutors, but the other most likely 702 related investigations would all be focused on international communications: who suspected extremists were talking to in the US, what Iranians were buying dual use or other proliferation products, including from US companies, which Americans that Chinese scientists or Russian businessmen were engaging with closely. The 5,000 or so targets sucked into FBI would be the 5,000 targets in most frequent contact with Americans, by design. That has been the entire justification for this collection program since its inception as Stellar Wind.

And — as Ron Wyden recently made clear — it is permissible to target a foreigner if collecting on a US person is one purpose of the targeting, so long as the foreigner is targetable in his own right. Indeed, we can probably point to examples where that happened. That’s going to increase the US content pulled in with those 5,000 targets.

702 can target a whole bunch of selectors

And I believe this is misleading.

PRISM allows the NSA to target non-U.S. persons reasonably believed to be located abroad based on “selectors” – like an email address or a phone number (but not keywords or names) – which will reasonably return foreign intelligence information.

It is true that upstream collection doesn’t use keywords (and has halted about collection altogether). It is true that the most common selector provided in a directive to Google will be an email address. But there are a slew of other kinds of selectors that NSA and FBI can target. That includes IP addresses, which given the 2014 exception means entirely domestic communications can be collected. Even ignoring the targeting of IP addresses that Americans are known to also use (which will come into FBI’s possession a different way), the collection on chat room IPs, just as one example, might suck up a lot more US person content than individual emails might. And the FBI can also search for things like cookies or encryption tools, which will pull in different kinds of content.

FBI’s queries are not all routinely audited

I think Rangappa overstates the tracking of queries and makes an outright error when she claims that backdoor searches are “routinely audited.”

Every query, furthermore, is documented and placed in a case file. (If we learned anything from James Comey, it’s that the FBI puts everything down on paper.) In fact, every query conducted by the FBI is recorded and must be traceable back to an authorized purpose and a case file.  Agent queries are routinely audited, and a failure of an agent to provide an authorized purpose for conducting a query can be grounds for sanctions, suspension, or even termination.

She overstates the tracking of queries because by design there’s not a case file for many of the queries in question, because they’re done at the assessment stage. Moreover, if the FBI tracked its queries as well as Rangappa claims, it could provide documentation of what was going on to oversight bodies, but it has persistently claimed it could not do so, not in public, and not even in private.

More importantly, the FBI’s use of 702 is simply not audited adequately. That’s true, in part, because in 2012-2013, FBI moved much of its FISA activity to field offices, and not every field office gets audited every six months.

During this reporting period, however, FBI transitioned much of its dissemination from FBI Headquarters to FBI field offices. NSD is conducting oversight reviews of FBI field offices use of these disseminations, but because every field office is not reviewed every six months, NSD no longer has comprehensive numbers on the number of disseminations of United States person information made by FBI.

In 2015 — the most recent period for which we’ve gotten a Semiannual Report — NSD only reviewed minimization at 15 field offices (and ODNI did not attend all of these).

During these field office reviews, NSD also audits a sample of FBI personnel queries in systems that contain unminimized Section 702 collection. As detailed in the attachments to the Attorney General’s Section 707 Report, NSD conducted minimization reviews at 15 FBI field offices during this reporting period and reviewed cases involving Section 702-tasked facilities.

FBI has 56 field offices. And while I’m confident that NSD focuses its 702 reviews on the offices that work with FISA most often — places like DC, NY, LA, SF, and places with significant foreign population, like Detroit and Minneapolis — that means that when a field office that doesn’t use FISA often (say, if an Agent in Milwaukee were researching a hacker named MalwareTech), a combination of inexperience and lax oversight might be especially likely to result in problems.  And note, in any office, just a sample of queries gets reviewed, as the government explained to FISC last year, and the tracking isn’t detailed enough to figure out what occurred with a query without talking to the Agent who did it.

Additionally, NSD conducts minimization reviews in multiple FBI field offices each year. As part of these minimization reviews, NSD and FBI National Security Law Branch have emphasized the above requirements and processes during field office training. Further, during the minimization reviews, NSD audits a sample of queries performed by FBI personnel in the databases storing raw FISA-acquired information, including raw section 702-acquired information. Since December 2015, NSD has reviewed these queries to determine if any such queries were conducted solely for the purpose of retaining evidence of a crime. If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query.

Notably, the one case where FBI reported a criminal return on a criminal search in 702 information only got reported after NSD did follow-up questioning. So yeah, NSD spends 4 days at Main Justice reviewing this stuff and goes to 27% of the field offices every six months, but that’s a far cry from “routinely auditing” queries.

The importance of investigative levels

The most remarkable thing about Rangappa’s post, however, is how well she exhibits the absurdity of what really goes on here. She correctly states — as I reported here — that FBI only obtains 702 content in full investigations. And she provides a short description of FBI’s three investigative levels.

Specifically, the NSA passes on to the FBI information collected on selectors associated with “Full Investigations” opened by the FBI. Full Investigations are the most serious class of investigations within the Bureau, and require the most stringent predicate to open: There must be an “articulable factual basis” that a federal crime has occurred or is occurring or a threat to national security exists.  (Two other investigative classifications, Preliminary Investigations and Threat Assessments, have lower thresholds to open and shorter time limits to remain open.)

She helpfully describes how investigations work through stages, with new investigative methods approved for each

Querying DIVS is, quite literally, the first and most basic thing the FBI does in its investigative sequence. Depending on the kind of information the search returns, an agent will then take the next prescribed step as outlined in the FBI’s Domestic and Investigative Operations Guide (DIOG) until a case is either opened for further investigation, or the matter is resolved in the negative and closed.

She then dismisses the concern that FBI does queries of 702 data at the assessment level without really addressing it.

Much of the criticism of the FBI’s use of 702 centers around the fact that agents can query subjects in their databases even if there is no evidence of criminal wrongdoing. However, as any law enforcement official will tell you, criminals and spies don’t show up on the doorstep of law enforcement with all of their evidence and motives neatly tied up in a bow. Cases begin with leads, tips, or new information obtained in the course of other cases. Often, the discrete pieces of information the FBI receives may not in and of themselves constitute criminal acts – and the identifying information provided to the FBI may be incomplete. However, anytime the FBI receives a credible piece of information that could indicate a potential violation of the law or a threat to national security, it has a legal duty determine whether a basis for further investigation exists. It is for this reason that a query of its existing databases is essential before proceeding further.

Somehow, the necessity of investigating a tip requires not an assessment of the lead itself, but querying a vast data store to see if the lead connects to any other known evidence even if that evidence is not itself evidence of criminal behavior. (One of the reasons FBI does that — which I’ve written about elsewhere — is to make it easier to find informants.)

That logic — which absolutely reflects the logic under which FBI operates — is all the more bizarre given the fact that the FBI is obliged, under the same DIOG Rangappa cites as the basis for the step-by-step development of an FBI case, to always consider using the “least intrusive” means as laid out by this language in the Attorney General Guidelines.

The conduct of investigations and other activities authorized by these Guidelines may present choices between the use of different investigative methods that are each operationally sound and effective, but that are more or less intrusive, considering such factors as the effect on the privacy and civil liberties of individuals and potential damage to reputation. The least intrusive method feasible is to be used in such situations.

DIOG section 4.4, which lays out what least intrusive means, says that “wiretaps … are very intrusive.” It says that “collecting information regarding an isolated event, such as a certain phone number called … is less intrusive or invasive of an individual’s privacy than collecting a complete communications … profile.” It states that, “If, for example, the threat is remote, the individual’s involvement is speculative, and the probability of obtaining probative information is low, intrusive methods may not be justified, and, in fact, may do more harm than good.”

Ultimately, though, the DIOG swallows all these rules by stating that, “FBI employees may use any lawful method allowed, even if intrusive, where the intrusiveness is warranted by the threat to the national security.” The logic must be — probably not born out even by FBI’s limitation to obtaining raw 702 data tied to Full Investigations — that for any person tied to a Full Investigation, any possible tie to an American about whom someone has submitted a tip, national security overrides all FBI’s rules about least intrusive methods.

But nonetheless, the FBI’s own guidelines admit how intrusive it is to start an investigation by looking at entire conversations rather than simply seeing the record of a email sent. That is, however, what the routine practice is.

On 702, NSA Wants to Assure You You’re Not a Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target

NSA just released a touchy-feely Q&A, complete with a touchy-feely image of the NSA, explaining “the Impact of Section 702 on the Typical American.”

I shall now shred it.

First note that this document deals with 702? It should be dealing with Title VII, because the entire thing gets reauthorized by 702 reauthorization. That means Sections 704 and 705(b), which are used to target Americans, will be reauthorized. And they have had egregious problems in recent years (even if the problems only affect some subset of around 300 Americans). Sure, Paul Manafort and Carter Page are not your “typical” Americans, but abuses against them would be problematic for reasons that could affect Americans (not least that they could fuck up the Mueller probe if FISA disclosure for defendants weren’t so broken).

The piece starts by talking about how the IC uses 702 to “hunt” for information on “adversaries,” which it suggests include terrorists and hackers.

The U.S. Intelligence Community relies on Section 702 of the Foreign Intelligence Surveillance Act in the constant hunt for information about foreign adversaries determined to harm the nation or our allies. The National Security Agency (NSA), for example, uses this law to target terrorists and thwart their plans. In a time of increasing cyber threats, Section 702 also aids the Intelligence Community’s cybersecurity efforts.

Somehow, it neglects to mention the foreign government certificate — which can target people who aren’t “adversaries” at all, but instead foreign muckety mucks we want to know about — or the counterproliferation certificate — which can target businesses of all kinds that deal in dual use technologies. Not to mention the SysAdmins that it might target for all these purposes.

The piece then lays out in two paragraphs and six questions (I include just one below) the basic principles that 702 can only “target” foreigners overseas.

Under Section 702, the government cannot target a U.S. person anywhere in the world, or any person located in the United States.

Under Section 702, NSA can target foreigners reasonably believed to be located outside the United States only if it has a basis to believe it will acquire certain types of foreign intelligence information that have been authorized for collection.

[snip]

Q: Can I, as an American, be the target of Section 702 surveillance?

A: No. As an American citizen, you cannot be the target of surveillance under Section 702. Even if you were not an American, you could not be targeted under Section 702 if you were located in the United States.

Effectively, this passage might as well say, “target target target target target target target target target target
target target target target target target target target target,” which is how many times (19) the word is used in the touchy-feely piece. The word “incidental” appears just once, where it entertains what happens if one of “Mary’s” foreign relatives were in a terrorist organization.

Q: One of Mary’s foreign relatives in South America is a member of an international terrorist group. Could Mary’s conversations with that relative be collected under Section 702?

A: Yes, it’s possible, if the U.S. government is aware of the relative’s membership in a terrorist group and the relative is one of the 106,000 targets under Section 702. However, even if this scenario occurred, there would still be protections in place for Mary, a U.S. citizen, if her conversations with that target were incidentally intercepted. For example:

U.S. intelligence agencies’ court-approved minimization procedures are specifically designed to protect the privacy of U.S. persons by, among other things, limiting the circumstances in which NSA can include the identity of a U.S. person in an intelligence report. Moreover, even where those procedures allow the NSA to include the identity of a U.S. person in an intelligence report, NSA frequently substitutes the U.S. person identity with a generic phrase or term, such as “U.S. person 1” or “a named U.S. person.” NSA calls this “masking” the identity of the U.S. person.

There are also what’s known as “age-off requirements”: After a certain period of time, the IC must delete any unminimized Section 702 information, regardless of the nationality of the communicants.

I guess the NSA figured if they used “Fatima,” whose relatives were in Syria, this scenario would be too obvious?

Yet in this, the only discussion of “incidental” collection, the NSA doesn’t explain how it is used — for example to find informants (meaning Fatima might be coerced into informing on her mosque if she discussed her tax dodging with her cousin) or to find 2nd degree associates (meaning Fatima’s friend in the US, Mohammed, might get an FBI visit because Fatima’s cousin in Syria is in ISIS). It also doesn’t explain that the “age-off” is five years, if Fatima is lucky enough to avoid having the FBI deem her conversations with her cousin in Syria interesting. If not, the data will sit on an FBI server for 30 years, ready to provide an excuse to give Fatima extra attention next time some bigot gets worried because he sees her taking pictures at Disney World.

Curiously, while the NSA doesn’t address the disproportionate impact of 702 on Muslims, it does pretend to address the disproportionate impact on Asians or their family members — people like like Xiaoxiang Xi and Keith Gartenlaub.

Q: Could the government target my colleague, who is a citizen of an Asian country, as a pretext to collect my communications under Section 702?

A: No. That would be considered “reverse targeting” and is prohibited.

Thanks to Ron Wyden, we know how cynically misleading this answer is. He explained in the SSCI 702 reauthorization bill report that the government may,

conduct unlimited warrantless searches on Americans, disseminate the results of those searches, and use that information against those Americans, so long as it has any justification at all for targeting the foreigner.

Effectively, the government has morphed the “significant purpose” logic from the PATRIOT Act onto 702, meaning collecting foreign intelligence doesn’t have to be the sole purpose of targeting a foreigner; learning about what an American is doing, such as a scientist engaging in scientific discussion, can be one purpose of the targeting.

After dealing with unmasking, the NSA then performs the always cynical move of asking whether the NSA can query US person content.

Q: Can NSA use my information to query lawfully collected 702 data?

A: NSA can query already lawfully collected Section 702 information using a U.S. person’s name or identifier (such as an e-mail account or phone number) only if the query is reasonably designed to identify foreign intelligence information.

However, a U.S. person is still afforded protection. The justification for the query must be documented. The process for conducting a query is also subject to internal controls. Such queries are reviewed by the Department of Justice and the Office of the Director of National Intelligence to ensure they meet the relevant legal requirements. Additionally, if the query was subsequently identified as being improper, it would be reported to the Foreign Intelligence Surveillance Court and to Congress.

This passage is absolutely correct. But also absolutely beside the point, because NSA sends a significant chunk of its collection to the FBI where it can be searched to assess leads and search for evidence of crimes, and where queries get nowhere near the kind of oversight that NSA queries get.

Then the piece tries to explain the need for all the secrecy.

Q: Terrorists aim to hurt Americans and our allies, so why doesn’t the Intelligence Community share more Section 702 information about how the IC goes after them?

A: The Intelligence Community has dramatically enhanced transparency, especially regarding its implementation of Section 702. Thousands of pages of key documents have been officially released, and are available on IC on the Record. The public has more information than ever before on how the IC uses this critical foreign surveillance authority. That said, the IC must continue to protect classified information. This includes specifics on whether or not it has collected information about any particular individual.

If terrorists could find out that NSA had intercepted their communications, terrorists would likely change their communications methods to avoid further detection.

This is, partly, a straw man. People aren’t really asking to know NSA’s individual targets. They’re asking to know whether the government has back doored their iPhones via demands under FISA, or whether the NSA is collecting on the 430,000 Americans that use Tor every day, or if they’re also using this “foreign intelligence” collection program to hunt Americans buying drugs on Dark Markets or even BLM activists that our racist Attorney General has deemed a threat to national security. And in the name of keeping secrets from terrorists (who actually have the feedback mechanism of observing what gets their associates drone-killed to learn what gets collected), the government is refusing to admit that the answer to all those questions is yes: yes, the government has back doored our iPhones, yes, the government is spying on the 430,000 Americans that use Tor, and yes, for those who use Tor to buy drugs, they may even use 702 data to prosecute you.

Finally, the NSA pretends that everyone else in the world has a program just like this.

Q: Is the U.S. government the only one in the world with intercept programs like 702?

A: No. Many other countries have intelligence surveillance intercept programs, nearly all of which have far fewer privacy protections. Section 702 and its supporting policies and practices stand out in terms of strength of oversight, privacy protections, and public transparency.

It is true that other countries have “intercept programs,” but with the exception of China and Russia’s access to domestic Internet companies, no other country has a program “like 702” that, by virtue of the United States hosting the world’s most popular Internet companies, gives the US the luxury of spying on the rest of the world using a nice note to Google rather than having to hack users individually (or hack all users, as Russia did with Yahoo).

So, yes, the NSA has now offered a picture of itself, literally and metaphorically, that minimizes the scope, the thousands of spies it employs, and the reach, both domestic and global. But it’s a profoundly misleading picture.

How FBI Could Use Reverse Targeting to Use Section 702 against Keith Gartenlaub

Some weeks ago, in a post named, “Evidence the US Government Used Section 702 against Keith Gartenlaub[‘s Parents-in-Law],” I laid out the evidence that Section 702 was used against Keith Gartelaub. As I showed,

  • A warrant in his case seemed to parallel construct Yahoo and Google content, often a sign the government is trying to introduce a second source for PRISM content
  • In spite of reference to Skype metadata, nothing in the court case ever seemed to reflect the content from those calls, in spite of the fact they’d be readily collectible
  • After approving the sharing of FISA information with the National Center for Missing and Exploited Children for traditional FISA data, the government approved such sharing for 702 data the day before they arrested Gartenlaub

But there was just one problem with that argument — one made clear in the title of the post. Ultimately, the government is only supposed to be allowed to target foreigners like Gartenlaub’s “well connected” Chinese parents-in-law, not Gartenlaub. Yet by all appearances, the investigation started with Gartenlaub, basically by deciding that allegations of Boeing theft must mean there was a Boeing theft at Gartenlaub’s location and then, very quickly, settling on Gartenlaub as the likely culprit.

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

So if Agent Harris did obtain 702 data between February, when he first showed interest in Gartenlaub, and June, when he appeared to be parallel constructing Google and Yahoo content, it would have been for the purpose of obtaining information on Gartenlaub, already a focus of the investigation.

That would pretty clearly be reverse targeting (unless, for some reason, the FBI already had a big stash of his in-laws’ communications in their 702 collection, in which it’d come up in a back door search).

In other words, while there’s a good deal of circumstantial evidence that the government used 702 to spy on his conversations with his in-laws, that shouldn’t be allowed under a common sense definition of what reverse targeting does.

Except, as Senator Wyden’s 702 reform and the SSCI bill report make clear, that kind of reverse targeting actually is permitted by current practice.

In his comments to the SSCI bill report, for example, Wyden explained,

The bill does not include a meaningful prohibition on reverse targeting, which would require a warrant when a significant purpose of targeting a foreigner is actually to collect the communications of the American communicant. The current standard permits the government to conduct unlimited warrantless searches on Americans, disseminate the results of those searches, and use that information against those Americans, so long as it has any justification at all for targeting the foreigner.

His own bill would insert language prohibiting the targeting someone outside the US if a significant purpose is to get the communications of someone inside the US. If it was, the bill would require the government to get a Title I (traditional) order. [Bolded language is new.]

(d) Targeting procedures
(1) Requirement to adopt–The Attorney General, in consultation with the Director of National Intelligence, shall adopt targeting procedures that are reasonably designed to—
(A) ensure — 

(aa) that any acquisition authorized under subsection (a) is limited to targeting persons reasonably believed to be located outside the United States; and
(bb) that an application is filed under title I, if otherwise required, when a significant purpose of an acquisition authorized under subsection (a) is to acquire the communications of a particular, known person reasonably believed to be located in the United States; 

And a SSCI Wyden amendment modified by Angus King would prohibit the targeting of someone overseas if a purpose of the targeting was to collect on someone in the US.

By a vote of four ayes to eleven noes, the Committee rejected an amendment by Senator Wyden, as modified by Senator King, which would have revised the standard on current reverse targeting prohibitions to replace ‘‘the’’ with ‘‘a,’’ such that the statute would state ‘‘If a purpose of such acquisition is to target a particular known person.’’ The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—no; Senator Wyden—aye; Senator Heinrich— aye; Senator King—aye; Senator Manchin—no; and Senator Harris—aye.

 

Clearly, the current prohibition on reverse targeting actually would nevertheless permit the government to obtain Gartenlaub’s in-laws communications to find out what they talk about in order to assess whether he might be plotting to steal IP from Boeing with them. And even though we still only have circumstantial evidence this is what happened, if it did, it would show the problem with reverse targeting: because Gartenlaub had Chinese in-laws, it (may have) made it far easier to obtain potentially damning information using 702 than it would be for any of his colleagues who didn’t have such ties with anyone of interest in China.

Effectively (again, if Gartenlaub was indeed reverse targeted), it would mean the government could obtain communications without any suspicion from which they could look for evidence of probable cause that he (or his wife) was an agent of a foreign power.

Ultimately, after both a criminal warrant and a FISA warrant claiming they had probable cause Gartenlaub was spying for China, after reading his emails for months, searching his home, and searching multiple devices, the government never found evidence to support that claim. But they did find old child porn (though no forensic evidence showing he had accessed that porn). It appears likely that they would never have found it if he hadn’t had the bad luck of marrying a well-connected Chinese-American.

Christopher Wray and the Myth Created by Parallel Construction

At the Friday Heritage Foundation Section 702 event, FBI Director Christopher Wray argued that reforming Section 702 (he suggested, illogically, making any reforms) would rebuild the wall taken down after 9/11. (Here’s the transcript, which unfortunately doesn’t include the Q&A period.)

I think back to the time that I was in government before on 9/11, right before 9/11, right after 9/11. I think about how hard dedicated men and women throughout the intelligence community worked to try to tear down the walls that had prevented us from connecting all the information that might have been able to prevent those attacks. As I said at the beginning, listening to this debate right now, watching some of the potential ideas that are being floated strikes me as eerily similar to people, well-intentioned, starting to put bricks into a wall.

There are problems with that argument (which have as much to do with our national myopia about the risks we face and how we’ve combatted them as anything else). But I’m grateful Wray made an effort to avoid the ad hominem attacks some of Section 702’s other boosters have resorted to.

Still, Wray’s response to concerns about using Section 702 in criminal prosecutions got dangerously close to that. In response to a question from David Shedd, Wray said that concerns about the topic derive from a myth. Those of us with such concerns, Wray said, are just “confused.”

There’s been a little bit of myth development in that space. When we talk about the criminal side, I think it’s important to distinguish between the tip and lead kind of scenario that I’m describing, which is where Section 702 is so important, and the prosecution end of it, where the information of any sort is being used. Section 702 has not been used for any traditional criminal case as evidence in a trial or anything like that ever, except in about 10 terrorism prosecutions. So the notion that there are criminal agents using Section 702 to make garden variety criminal cases, that’s just myth. It is not happening.

I’m reluctant to try to guess as to how people who are confused get confused. My goal is to get them straight.

To claim this is a myth, of course, Wray has to rely on a bogus number of defendants who have gotten their legally required 702 notice — ten counterterrorism cases — thereby pretending that 702 hasn’t had a key role in far, far more criminal cases, and not just in counterterrorism cases, but also counterespionage (including nation-state hacking) and counterproliferation cases.  (Interestingly, defendants are only known to have gotten notice in eight cases, meaning Wray may have revealed two more where defendants got non-public notice.) Plus, as I’ve noted, FBI submitted notice about attorney-client violations to FISC in nine cases in the time since DOJ largely stopped giving defendants notice.

The numbers just don’t add up.

Which means, in significant part, what Wray calls a myth is, in reality, parallel construction, a myth of a different sort, the myth that law enforcement tells defendants about where their cases came from or why certain approaches were used with the case, the myth created by DOJ’s secret interpretations about how they deal with legally mandated FISA notice. The myth that decides Keith Gartenlaub is a counterintelligence threat because of the conversations he conducts on Skype, a PRISM provider, with his in-laws, only to scrub all mention of those Skype conversations (and, DOJ presumably maintains in its secret policies on the issue, the legal obligation to give notice) once you go to trial.

Wray goes on to blithely describe how content collected without a warrant comes to define the tips FBI Agents get, even before any evidence has been collected.

There’s the information over here, that the Agent is seeing in real time in the US. That’s the tip or the lead. And then there’s the information in the database. And it’s the connection that’s important. Let me talk about what’s in the database, first, and what isn’t. What’s in the database — that 4.3% [of the NSA’s targets] — that’s not evidence of garden variety criminal conduct. The only stuff that’s in that is information about foreigners, reasonably believed to be overseas, for foreign intelligence purposes. So that’s foreign intelligence information in there. That’s not evidence of … I don’t know, pick an example, you know, child porn, or something else. It could be very serious, but that’s not what’s in there. So the Agent over here, if he’s in national security investigator is connecting national sec–something that he thinks is national security information with foreign intelligence information. The criminal agent, who is not doing anything related to national security, he’s not looking to try to find some national security hook for his case. He’s just trying to make sure — let’s say he’s got a cigarette smuggling case — one of the things we know is that terrorist groups have used things like cigarette smuggling to finance their activities. There are cases that Department of Justice has brought over the years on that very thing. Cigarette smuggling is a crime. Well, it could be handled one way but if it turns out that cigarette smuggling that’s designed to support Hezballah, that’s different. It needs to be viewed differently. But we won’t know if we just build a wall between the Agent and the information that’s sitting right over here in the FBI database. [my emphasis]

Wray makes another error here, in claiming that “That’s not evidence of … I don’t know, pick an example, you know, child porn,” in the information FBI deems foreign intelligence information. Either that, or the government should very quickly inform the Ninth Circuit of that fact, because Keith Gartenlaub is as we speak challenging the use of a physical search FISA order to turn nine-year old child porn lying unaccessed on his hard drives into foreign intelligence information and thereafter into a criminal prosecution.

But it’s not just Gartenlaub and a traditional FISA search. Given that 702 PRISM collection obtains not only emails, but also attachments and data stored in the cloud, it will obtain a lot more than communications, including photos. Those photos may be garden variety sexy photos shared between adults (indeed, photos of that kind were also introduced in Gartenlaub’s case). But they also may be abusive photos of children. The Intelligence Community will use both kinds — as well as all the other kinds of non-email information obtained by targeting email accounts — for its foreign intelligence purposes.

It’s fairly unfortunate that, three years after FBI asked for and obtained a change in its Section 702 minimization procedures so as to be able to easily deal with child porn discovered using it, the FBI Director claimed publicly that Section 702  data doesn’t include child porn.

Of course it does.

Whether we should want the FBI to immediately prosecute child porn discovered in the name of foreign intelligence information or, first (as happened with Gartenlaub) use it to try to flip someone to become an informant, is a policy discussion we’re not having.

But the reason we’re not having that discussion is because of the other myth being told, the myths about prosecutions that have used parallel construction to hide the whys and wherefores of the case, in large part to sustain the myth Wray is telling here, that those tips and that warrantless collection have nothing to do with each other.

I appreciate Wray’s efforts to avoid dodging the key issues by attacking those of us who recognize the 702 needs reform. But what is really going on is that the myths the government tells about how intelligence is used serves to make a real policy discussion difficult (for people like me, who know the criminal cases) and impossible (for staffers and members of Congress, who don’t). Wray and others in the intelligence community have grown so accustomed to these myths (see this Bob Litt exchange for an example), that they don’t even seem to see the implications of parallel construction for our claims to due process anymore. If we’re confused about the use of 702 information in criminal proceedings, the government is confused about how metasticizing parallel construction rots the guarantees in our Constitution.

I imagine FBI would like to defer this discussion once again; pretending reformers are the ones inventing myths is a good way to do that. But it’s important, this time around, that we call the government on the myths they tell, even while they claim we’re the ones who’re confused.

Update: When I asked FBI about the discrepancy in numbers (8 versus 10), a spox emphasized that Wray said “about” 10 cases have used 702 evidence.

Evidence the US Government Used Section 702 against Keith Gartenlaub[‘s Parents-in-Law]

A few weeks ago, I laid out how the Keith Gartenlaub case made child pornography foreign intelligence information. I showed how the FBI moved back and forth from a criminal to a FISA to a criminal warrant, only to try to use evidence of child pornography to get Gartenlaub to flip on his Chinese in-laws regarding suspected spying.

In this post, I want to lay out circumstantial evidence that Section 702 was used in the case — probably to spy on communications of Gartenlaub’s Chinese in-laws as well as his communications with them. This is circumstantial, but important, particularly given FBI Director Christopher Wray’s claims last Friday that 702 doesn’t include child pornography and has only been used in counterterrorism cases.

FBI cites his communications on PRISM providers to obtain warrant for domestic records from those providers

The first reason to believe FBI used Section 702 with Gartenlaub is that the first warrant affidavit in the case, used to obtain his and his wife’s Yahoo and Google account data, looks like typical parallel construction. It provides a means to get the content from specific PRISM providers based in large part on the use of those providers to communicate with people in China.

The GARTENLAUB SUBJECT ACCOUNT, [email protected], is used by Keith Gartenlaub at work and at home based on information provided by Boeing regarding the use of his Boeing issued laptop computer . Information obtained from a court-authorized pen register and trap and trace device shows that he is in contact with a China based email account using a Shanghai IP address seven times since March 2013. The GARTENLAUB SUBJECT ACCOUNT is also used to communicate with his wife, as reflected in the results of a pen register and trap and trace device. Emails are also forwarded from Gartenlaubs Boeing e-mail account to the GARTENLAUB SUBJECT ACCOUNT, evidence of which exists on the results of the data pen and trap and trace device.

Given that this was a spying case, the Chinese interlocutors would have been solid Section 702 targets. Though, remarkably, nowhere in the unclassified legal documents does the government do anything more than cite him saying his wife’s family was “well connected” to explain who those suspected spying recruiters were.

Gartenlaub stated he never had to worry about his security while traveling in China because his wife’s family is “well connected.” Gartenlaub did not elaborate on what connections she has.

To get the later (or earlier!) FISA order, the FBI would have had to detail who in China he was talking about. And to get that they likely would have used 702.

The mysterious absence of Skype in evidence

In addition to Google and Yahoo, the affidavit asking for Google and Yahoo content also described his most frequent communications with people in China taking place on Skype.

I have also reviewed the records provided by Skype for the account subscribed to Keith Gartenlaub. Those records showed that in the period of April 2011 to March 2013, the account contacted other accounts based in China approximately once every three days, on average. (Gartenlaub was interviewed on February 7 , 8, and 22, 2013). After Gartenlaub was contacted by the FBI to set up an interview, the Skype account subscribed to Gartenlaub contacted accounts based in China approximately three times per day 1 on average.

[snip]

His contact with Chinese-based Skype accounts spiked as soon as he was contacted by the FBI about the C17 investigation;

But not only does the affidavit not ask for a warrant for Skype (as part of Microsoft, a PRISM provider), as best I can tell no Skype data ever got introduced at trial.

In other words, a key reason they suspected Gartenlaub — his discussions with elites in China — never made it into the case in chief.

Which may be how they avoided giving him his legally mandated 702 notice.

The timing of the Section 702 NCMEC change

Then there’s the most obvious reason to think that Gartenlaub’s prosecution implicates Section 702: the coincidence between the the change in Section 702’s minimization procedures, as it pertains to sharing with the Center for Missing and Exploited Children, and the date of his arrest.

The government changed the standard minimization procedures for individualized FISA orders on August 11, 2014. Then, citing back to this earlier change, FISC approved an equivalent change in the Section 702 minimization procedures on August 26, 2014. The next day, the government arrested Gartenlaub. Particularly given how long they had had the child porn from the January 2014 search, it seems likely they waited until all relevant authorities included NCMEC permission before arresting him based off information that clearly relied on FISA information, if not earlier 702 information.

Mind you, the change in the 702 minimization procedures would only be necessary to cover Gartenlaub’s case if the government had found some evidence of the child porn before the FISA search. I can’t think of any way they could have done that unless they found him sharing porn with targeted people in China. That shouldn’t be possible — not according to regular targeting rules, anyway.

Still, the timing does make me think the government wanted both sets of minimization procedures available in time for the arrest.

Whatever the case, given how easily the government could have targeted Gartenlaub’s in-laws, and given the PRISM providers implicated (both in the known discovery and the missing Skype communications), I think it highly likely the government used Section 702 as part of this case.

Even if they didn’t provide notice.