Posts

In Defense of Suspected Russian Agent Carter Page, Michael Mukasey Just Gave Defense Attorneys a Big Gift

In my post laying out the damage the Nunes memo might have caused, I predicted that defense attorneys would use the release of the memo — and the language Don McGahn used to claim its release served a public interest — to support their arguments that defendants should get to review the underlying application for a FISA warrant.

In the 40 year history of FISA, no defendant who got notice that FISA data was being used against them in prosecution has been able to review the application used against them. Because Nunes released this information so frivolously, because White House Counsel Don McGahn, in his cover memo, suggested this was a time when “public interest in disclosure of [FISA materials] outweighs any need to protect the information, the memo lowers the bar for release of FISA-related information going forward.

I assume Carter Page, if he is charged, will successfully be able to win review of his FISA application (and think that would be entirely appropriate); that may mean he doesn’t get charged or, if he does, Mueller has to bend over backwards to avoid using FISA material.

But I also assume — and hope — that this disclosure ends the 40 year drought on the release of information, which the original drafters of FISA envisioned would be appropriate in certain circumstances. I think this the one salutary benefit of this memo; it makes it more likely that FISA will work the way it is supposed to going forward.

I even think it possible that the release of this information may affect the response to Keith Gartenlaub’s pending appeal in the Ninth Circuit. His is a case that merits FISA review, and whereas the court might have hesitated to give him that in the past, it would be far easier for them to do so here.

Former Attorney General Michael Mukasey, fresh off trying to broker the release of sanctions violator Reza Zarrab, just gave defense attorneys another big gift.

In a WSJ op-ed that ignores all the holes in the Nunes memo and pretends two guilty pleas about lies about negotiations with Russians have nothing to do with an investigation into “collusion” with Russians, he says that Carter Page’s FISA application should be made public so we can figure out whether DOJ misled the FISA Court.

I believe that at a minimum, the public should get access to a carefully redacted copy of the FISA application and renewals, so we can see whether officials behaved unlawfully by misleading a court;

Remember: when defendants who’ve gotten FISA notice ask to see their own applications to see whether “officials behaved unlawfully by misleading a court,” one thing the government has to do to keep the application secret is submit a declaration from the Attorney General saying that FISA applications are so sensitive they can never be shared with defendants. In the declaration Eric Holder submitted in the Gartenlaub case, for example, he claimed,

Based on the facts and considerations set forth below, I hereby claim that it would harm the national security of the United States to disclose or hold an adversary hearing with respect to the FISA Materials.

[snip]

I certify that the unauthorized disclosure of the FISA Materials that are classified at the “TOP SECRET” level could reasonably be expected to cause exceptionally grave damage to the national security of the United States. I further certify that the unauthorized disclosure of the FISA materials that are classified at the “SECRET” level could be expected to cause serious damage to the national security of the United States. The FISA Materials contain sensitive and classified information concerning United States intelligence sources and methods and other information related to efforts of the United States to conduct national security investigations, including the manner and means by which those investigations are conducted. As a result, the unauthorized disclosure of the information could harm the national security interests of the United States.

I’m sure Holder was using boilerplate that Mukasey himself used, when he submitted similar declarations to courts.

Remember, Gartenlaub is awaiting a ruling from the Ninth Circuit on whether he should be able to access his FISA application to see whether officials misled the FISA Court. The government has been claiming over and over that accessing his FISA application to do so would be too dangerous.

And yet, here we have one of the most hawkish Attorneys General in recent history telling the world that even the public release of FISA applications to do just that would be useful.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Harm Releasing the Nunes Memo Caused

I did two pieces elsewhere on the Devin Nunes memo yesterday. At Vice, I tracked all the holes in the memo; subsequent reporting showed that I hit virtually all the big ones that Adam Schiff hit in his response memo: the memo misrepresented what FBI told FISC about the political nature of Christopher Steele’s, it misrepresents Andrew McCabe’s testimony, and the memo misrepresented why George Papadopoulos was mentioned in the application. At HuffPo, I described how on the twin FISA events of the last few weeks — 702 reauthorization and the Nunes memo — both Nunes and Paul Ryan were on the wrong side of the principles of rule of law and civil liberties.

Since the memo has proven to be such a dud, a lot of people are now questioning DOJ’s and Democrats’ claims that releasing the memo would harm national security. I want to lay out three ways (DOJ surely believes) it may well do that.

Tells Carter Page and any co-conspirators precisely when FISA surveillance started

The memo tells Carter Page — and any co-conspirators both within the Trump camp and overseas — precisely when the surveillance on Page started and what it consists of.

FBI obtained an electronic surveillance warrant against Page on October 21, 2016, and obtained 3 reauthorizations (so roughly January 19, April 19, and July 18). While Page’s interlocutors overseas were likely wiretapped, if possible, associates in the Trump camp can now assume any conversations they had with him before October 21 were not recorded and remain unavailable to Robert Mueller.

Mind you, we know the memo doesn’t reveal the full extent of surveillance directed against Carter Page, because it gives no details on the 2014 FISA wiretap reportedly used against him. That leaves open the possibility that he was surveilled using other means. I think the GOP would have included had FISC approved a physical search FISA warrant against Page, because that would include the possibility of obtaining stored communications from during the campaign. But I would also bet a lot of money that whatever Attorney General was in charge during periods when Page traveled overseas approved a 705(b) order on him, permitting surveillance to continue while he was overseas. I’ll have more to say on this in upcoming days.

Note, it is also possible that the surveillance against Page continues.

Tells subjects of the investigation the status of the investigation and FBI’s ability to validate the Steele memo

The memo provides other details about the investigation, too.

On October 21, per a quotation from FBI Assistant Director Bill Priestap, the investigation into Russian ties with the Trump camp was is its “infancy.” Again, this will let Russians and Trump associates know that anything they managed to destroy before that date may well be unavailable to Mueller.

Later in October, the source report on Steele reported that the dossier had been “only minimally corroborated.” If any of the events in the dossier are real, then the Russians (especially) will have a sense of how unsuccessful the FBI had been in finding the evidence to corroborate those events. If the dossier is, as I’ve suggested, disinformation, the Russians would know that their disinformation was wasting FBI Agent time at least for months.

Tells Australians and every other foreign partner shared intelligence may be officially declassified

The memo mentions the Papadopoulos tip and confirms that’s what triggered the investigation; it also confirms that nothing shared prior to then had triggered an investigation. While the description here doesn’t attribute that intelligence to the Australians, we know that’s where it came from. Now Australia and every other country will know that intelligence they share, including intelligence that makes it look like Five Eyes officials are reporting on the citizens of other Five Eyes countries, may be released by Devin Nunes for political gain. This will add to the many reasons why our friends will hesitate before sharing intelligence with us.

Makes it more likely defendants will get FISA review

In the 40 year history of FISA, no defendant who got notice that FISA data was being used against them in prosecution has been able to review the application used against them. Because Nunes released this information so frivolously, because White House Counsel Don McGahn, in his cover memo, suggested this was a time when “public interest in disclosure of [FISA materials] outweighs any need to protect the information, the memo lowers the bar for release of FISA-related information going forward.

I assume Carter Page, if he is charged, will successfully be able to win review of his FISA application (and think that would be entirely appropriate); that may mean he doesn’t get charged or, if he does, Mueller has to bend over backwards to avoid using FISA material.

But I also assume — and hope — that this disclosure ends the 40 year drought on the release of information, which the original drafters of FISA envisioned would be appropriate in certain circumstances. I think this the one salutary benefit of this memo; it makes it more likely that FISA will work the way it is supposed to going forward.

I even think it possible that the release of this information may affect the response to Keith Gartenlaub’s pending appeal in the Ninth Circuit. His is a case that merits FISA review, and whereas the court might have hesitated to give him that in the past, it would be far easier for them to do so here.

In other words, the release of this memo likely helped those Mueller is trying to investigate, provided another reason for our foreign partners to hesitate before sharing intelligence with us, and makes it more likely some defendants will get to review their FISA application going forward. I can see how DOJ would consider all of that harmful to national security.

Update: On Twitter some folks added that this makes people distrust FBI, making it less likely they’ll share information with the Bureau. In my opinion actually sharing interview reports with HPSCI already did that (though that Chris Wray was forced to do so wouldn’t be as widely known). I also think the sheer shittiness of the dossier minimizes the impact of that somewhat. But I think it’s a fair point.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Yes, in Gartenlaub, FBI Was Hunting for Child Porn in the Name of Foreign Intelligence Information

Over at Motherboard, I’ve got a piece on the Keith Gartenlaub hearing in the Ninth Circuit on December 4. Gartenlaub was appealing his conviction for possession of child porn, in part, based on the argument that the government shouldn’t have been able to look for child porn under the guise of searching for foreign intelligence information.

As I note, the public hearing seems to have gone reasonably well for Gartenlaub, with a close focus on how the US v Comprehensive Drug Testing precedent in the 9th Circuit, which requires searches of digital media to be appropriate to the purpose of the search, might limit searches for Foreign Intelligence Information.

Anthony Lewis, arguing for the government, suggested that FISA was different from the Rule 41 context; in FISA, he argued, specificity would be handled by post collection minimization procedures.

Anthony Lewis, arguing for the government, responded to Gartenlaub’s argument with vague promises that the minimization procedures—rules that FISA imposes on data obtained under the statute—would take care of any Fourth Amendment concerns. “The minimization procedures themselves really supply the answer in the FISA context,” Lewis said. Accessing data found during a search “simply operates differently in the FISA context, in which there is a robust set of procedures that exist on the back end of the search through acquisition, retention, and dissemination that is simply unlike what happens in a Rule 41 context.”

Lewis argued (and this is not in the post) that because FISA permits the sharing of criminal information, minimization procedures would always using evidence of a crime found in a search.

If it is evidence of a crime, then the minimization procedures — the statute does not call for it to be minimized. There are other procedures in place, some of which I can’t discuss in this open proceeding, but there are procedures in place that limit the use of that. Some of them are in the statute itself that Attorney General approval is required in order to use information obtained or derived from FISA.

The judges didn’t seem convinced. Each judge on the panel voiced a theory by which they could rule for Gartenlaub (which is different from giving him any kind of relief).

Judge Ronald Gould worried that if the government found evidence that wasn’t foreign intelligence but revealed something urgent—he used the example of a serial killer’s next targets throughout the hearing—it would need a way to use that information. Gartenlaub’s attorney John Cline and amicus lawyer Ashley Gorski, arguing for the ACLU, both noted an exigent circumstance exception could justify the use of the information on the hypothetical serial killer.

Judge Lawrence Piersol, a senior district court judge from Idaho, seemed to imagine district court judges providing individualized review on whether the information was reasonably obtained in a FISA-authorized search, possibly with the involvement of the court’s own cleared experts.

Judge Kim Wardlaw, who sat on the en banc panel for the Ninth Circuit precedent in question, asked why, when the government saw “a whole database [that] obviously suggests child porn” it couldn’t “go get another warrant?” So she seemed to favor a system where the government would have to get a criminal warrant to obtain child porn. That would present very interesting questions in this case, however, since the government obtained a criminal warrant based on probable cause that Gartenlaub was sharing information on Boeing intellectual property with China before it executed the FISA-authorized search that discovered the child porn.

But (also not in the post) Piersol added another example — one that has direct relevance for the most prominent investigation in the country implicating FISA, the Mueller investigation, which indicted FISA target Paul Manafort for what amounts to money laundering.

What about instead if you’re going through and looking for foreign intelligence information and you find a tremendous number of financial transactions which looks like it could well be money laundering. What do you do with that? Nothing? I mean, you just go ahead and prosecute it? You don’t have to worry about the fact that you weren’t looking for that?

Sure, Manafort’s not in the Ninth, but the judges sure seem inclined to limit the government’s ability to use a FISA order to troll through digital devices to find evidence of a crime that they can then use — as they did with Gartenlaub and are trying to do with Manafort — to coerce cooperation from the defendant. Depending on how they framed such a limit, it might seriously limit how the government enacted other FISA authorities in the circuit (which of course includes Silicon Valley — though any secondary searches would take place in Maryland or some other NSA facility); of very particular import, it would affect how the government implements its 2014 exception, whereby the NSA collects location obscured data (including entirely domestic communications) but then purges all but that which can be retained, including for criminal purposes, after the fact.

Which is why it’s so troubling that — as has happened in the last case where a defendant had a good argument to look at his FISA materials — the panel asked Lewis to stick around for an ex parte session.

Things were going swimmingly, that is, up until Wardlaw’s last comments to the government’s lawyer, Lewis. As he finished, she said she had no further questions, but added, “We’re going to ask you to stay after the hearing, to be available for us.” Lewis responded, “Understood, your honor,” as if he (and the people whose bags were sitting behind his counsel’s table but who were not themselves present) had advance warning of this. “Understood,” Lewis repeated again.

That was the first Gartenlaub’s team learned of the secret meeting the panel of judges had planned.

So after having presented a lackluster argument, Lewis was going to get a chance, it appears, to argue his case without Gartenlaub’s lawyers present, to be able to argue that not even Ninth Circuit precedent can limit the government’s authority to search with no limits in the name of national security.

There’s apparently precedent for this. Cline, who worked on the appeal of a defendant who almostgot FISA review, Adel Daoud, said the appeals court judges booted him and the other defense lawyers out of the courtroom for a similar ex parte hearing in that case too.

“The Seventh Circuit cleared the courtroom after the public argument and then allowed only government attorneys back in for the classified, ex parte session,” he said.

The session would not only give Lewis a chance to make further argument that the law envisions finding criminal evidence and using it to flip targets, but also to explain why, if the panel ruled in the direction it appeared they might, it would cause problems with other NSA collection.

Here’s the thing though — and the reason why an ex parte proceeding is so problematic here.

If given the chance, Gartenlaub would be able to argue in fairly compelling manner that the government set out to find things like child porn. That’s because one of the first steps of a forensics search — according to Gartenlaub’s forensics expert, Jeff Fischbach, who attended the hearing — is to set what you’re looking for. There’s a button to exclude all images and videos; by turning it off you vastly accelerate the search. And in Gartenlaub’s case, the government claimed to be looking for very specific kinds of foreign intelligence information: Boeing intellectual property, or any materials suggesting that Gartenlaub was dealing in same. The IP would have been CAD drawings stolen in digital form, not images. So to search what the government claimed it wanted to search for, there would have been no reason to search through any videos or photos. Which would have excluded finding the decade old child porn lying unopened on the hard drive.

As Wardlaw (who had been on the CDT panel) laid out,

The main problem we had was that in CDT, the government was authorized to look at the files pertaining to certain individuals — I believe Barry Bonds — and instead, they went further, and looked at the drug testing files for other baseball players. So that search was not authorized. They were not the subjects of the warrant and the warrant was circumscribed that way. Here, the warrant is any foreign intelligence data, it’s not narrower than that.

We don’t actually know (and it’s likely Wardlaw doesn’t either, at this point). But the government claimed to be searching for very specific things, tied to very specific claims of stolen IP from Boeing. Yet they necessarily designed their search to find far more than that. Which is how they found no foreign intelligence, but instead unopened child porn.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

Former FBI Special Agent Asha Rangappa has a defense of back door searches at Just Security that (unlike most defenses of 702) actually takes on those searches as practiced in most problematic way at FBI, rather than as done in much more controlled fashion at NSA.

FBI does federated searches

I think she nitpicks a few issues. For example, she claims that back door opponents claim there is a “stand-alone computer in the middle of each FBI office with a big sign that reads ‘702 DATABASE ‘” but then goes on to claim “FBI uses one database for all of its investigative functions,” even while admitting that the FBI really does “federated queries” of multiple repositories. The distinction — particularly given that we know the database comes with access limits tied to job function — could offer solutions to concerns about 702 data (including providing access to just metadata, a proposal I’m not a fan of but one she attacks in the post). She also ignores the FBI’s use of “ad hoc databases” that have posed access and data protection concerns in the past.  Which is to say, the technical realities of how FBI Agents access this data soup are more complex than she lays out, and those complexities should be part of the discussion because they present additional risks and opportunities.

FBI’s raw data will be US-person focused

Rangappa minimizes what percentage of raw data obtained by FBI would include US person contact.

According to FBI Director Christopher Wray, the FBI receives about 4.3 percent of the NSA’s total collection – and since not every incidental communication will necessarily involve an USPER, the number of communications involving Americans are likely less than that.

While the FBI does have global investigations, the FBI is going to have few full investigations that have no domestic component. Investigations focused on US victims (say a US company hacked by Russian or Chinese state actors) won’t include many US interlocutors, but the other most likely 702 related investigations would all be focused on international communications: who suspected extremists were talking to in the US, what Iranians were buying dual use or other proliferation products, including from US companies, which Americans that Chinese scientists or Russian businessmen were engaging with closely. The 5,000 or so targets sucked into FBI would be the 5,000 targets in most frequent contact with Americans, by design. That has been the entire justification for this collection program since its inception as Stellar Wind.

And — as Ron Wyden recently made clear — it is permissible to target a foreigner if collecting on a US person is one purpose of the targeting, so long as the foreigner is targetable in his own right. Indeed, we can probably point to examples where that happened. That’s going to increase the US content pulled in with those 5,000 targets.

702 can target a whole bunch of selectors

And I believe this is misleading.

PRISM allows the NSA to target non-U.S. persons reasonably believed to be located abroad based on “selectors” – like an email address or a phone number (but not keywords or names) – which will reasonably return foreign intelligence information.

It is true that upstream collection doesn’t use keywords (and has halted about collection altogether). It is true that the most common selector provided in a directive to Google will be an email address. But there are a slew of other kinds of selectors that NSA and FBI can target. That includes IP addresses, which given the 2014 exception means entirely domestic communications can be collected. Even ignoring the targeting of IP addresses that Americans are known to also use (which will come into FBI’s possession a different way), the collection on chat room IPs, just as one example, might suck up a lot more US person content than individual emails might. And the FBI can also search for things like cookies or encryption tools, which will pull in different kinds of content.

FBI’s queries are not all routinely audited

I think Rangappa overstates the tracking of queries and makes an outright error when she claims that backdoor searches are “routinely audited.”

Every query, furthermore, is documented and placed in a case file. (If we learned anything from James Comey, it’s that the FBI puts everything down on paper.) In fact, every query conducted by the FBI is recorded and must be traceable back to an authorized purpose and a case file.  Agent queries are routinely audited, and a failure of an agent to provide an authorized purpose for conducting a query can be grounds for sanctions, suspension, or even termination.

She overstates the tracking of queries because by design there’s not a case file for many of the queries in question, because they’re done at the assessment stage. Moreover, if the FBI tracked its queries as well as Rangappa claims, it could provide documentation of what was going on to oversight bodies, but it has persistently claimed it could not do so, not in public, and not even in private.

More importantly, the FBI’s use of 702 is simply not audited adequately. That’s true, in part, because in 2012-2013, FBI moved much of its FISA activity to field offices, and not every field office gets audited every six months.

During this reporting period, however, FBI transitioned much of its dissemination from FBI Headquarters to FBI field offices. NSD is conducting oversight reviews of FBI field offices use of these disseminations, but because every field office is not reviewed every six months, NSD no longer has comprehensive numbers on the number of disseminations of United States person information made by FBI.

In 2015 — the most recent period for which we’ve gotten a Semiannual Report — NSD only reviewed minimization at 15 field offices (and ODNI did not attend all of these).

During these field office reviews, NSD also audits a sample of FBI personnel queries in systems that contain unminimized Section 702 collection. As detailed in the attachments to the Attorney General’s Section 707 Report, NSD conducted minimization reviews at 15 FBI field offices during this reporting period and reviewed cases involving Section 702-tasked facilities.

FBI has 56 field offices. And while I’m confident that NSD focuses its 702 reviews on the offices that work with FISA most often — places like DC, NY, LA, SF, and places with significant foreign population, like Detroit and Minneapolis — that means that when a field office that doesn’t use FISA often (say, if an Agent in Milwaukee were researching a hacker named MalwareTech), a combination of inexperience and lax oversight might be especially likely to result in problems.  And note, in any office, just a sample of queries gets reviewed, as the government explained to FISC last year, and the tracking isn’t detailed enough to figure out what occurred with a query without talking to the Agent who did it.

Additionally, NSD conducts minimization reviews in multiple FBI field offices each year. As part of these minimization reviews, NSD and FBI National Security Law Branch have emphasized the above requirements and processes during field office training. Further, during the minimization reviews, NSD audits a sample of queries performed by FBI personnel in the databases storing raw FISA-acquired information, including raw section 702-acquired information. Since December 2015, NSD has reviewed these queries to determine if any such queries were conducted solely for the purpose of retaining evidence of a crime. If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query.

Notably, the one case where FBI reported a criminal return on a criminal search in 702 information only got reported after NSD did follow-up questioning. So yeah, NSD spends 4 days at Main Justice reviewing this stuff and goes to 27% of the field offices every six months, but that’s a far cry from “routinely auditing” queries.

The importance of investigative levels

The most remarkable thing about Rangappa’s post, however, is how well she exhibits the absurdity of what really goes on here. She correctly states — as I reported here — that FBI only obtains 702 content in full investigations. And she provides a short description of FBI’s three investigative levels.

Specifically, the NSA passes on to the FBI information collected on selectors associated with “Full Investigations” opened by the FBI. Full Investigations are the most serious class of investigations within the Bureau, and require the most stringent predicate to open: There must be an “articulable factual basis” that a federal crime has occurred or is occurring or a threat to national security exists.  (Two other investigative classifications, Preliminary Investigations and Threat Assessments, have lower thresholds to open and shorter time limits to remain open.)

She helpfully describes how investigations work through stages, with new investigative methods approved for each

Querying DIVS is, quite literally, the first and most basic thing the FBI does in its investigative sequence. Depending on the kind of information the search returns, an agent will then take the next prescribed step as outlined in the FBI’s Domestic and Investigative Operations Guide (DIOG) until a case is either opened for further investigation, or the matter is resolved in the negative and closed.

She then dismisses the concern that FBI does queries of 702 data at the assessment level without really addressing it.

Much of the criticism of the FBI’s use of 702 centers around the fact that agents can query subjects in their databases even if there is no evidence of criminal wrongdoing. However, as any law enforcement official will tell you, criminals and spies don’t show up on the doorstep of law enforcement with all of their evidence and motives neatly tied up in a bow. Cases begin with leads, tips, or new information obtained in the course of other cases. Often, the discrete pieces of information the FBI receives may not in and of themselves constitute criminal acts – and the identifying information provided to the FBI may be incomplete. However, anytime the FBI receives a credible piece of information that could indicate a potential violation of the law or a threat to national security, it has a legal duty determine whether a basis for further investigation exists. It is for this reason that a query of its existing databases is essential before proceeding further.

Somehow, the necessity of investigating a tip requires not an assessment of the lead itself, but querying a vast data store to see if the lead connects to any other known evidence even if that evidence is not itself evidence of criminal behavior. (One of the reasons FBI does that — which I’ve written about elsewhere — is to make it easier to find informants.)

That logic — which absolutely reflects the logic under which FBI operates — is all the more bizarre given the fact that the FBI is obliged, under the same DIOG Rangappa cites as the basis for the step-by-step development of an FBI case, to always consider using the “least intrusive” means as laid out by this language in the Attorney General Guidelines.

The conduct of investigations and other activities authorized by these Guidelines may present choices between the use of different investigative methods that are each operationally sound and effective, but that are more or less intrusive, considering such factors as the effect on the privacy and civil liberties of individuals and potential damage to reputation. The least intrusive method feasible is to be used in such situations.

DIOG section 4.4, which lays out what least intrusive means, says that “wiretaps … are very intrusive.” It says that “collecting information regarding an isolated event, such as a certain phone number called … is less intrusive or invasive of an individual’s privacy than collecting a complete communications … profile.” It states that, “If, for example, the threat is remote, the individual’s involvement is speculative, and the probability of obtaining probative information is low, intrusive methods may not be justified, and, in fact, may do more harm than good.”

Ultimately, though, the DIOG swallows all these rules by stating that, “FBI employees may use any lawful method allowed, even if intrusive, where the intrusiveness is warranted by the threat to the national security.” The logic must be — probably not born out even by FBI’s limitation to obtaining raw 702 data tied to Full Investigations — that for any person tied to a Full Investigation, any possible tie to an American about whom someone has submitted a tip, national security overrides all FBI’s rules about least intrusive methods.

But nonetheless, the FBI’s own guidelines admit how intrusive it is to start an investigation by looking at entire conversations rather than simply seeing the record of a email sent. That is, however, what the routine practice is.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

On 702, NSA Wants to Assure You You’re Not a Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target

NSA just released a touchy-feely Q&A, complete with a touchy-feely image of the NSA, explaining “the Impact of Section 702 on the Typical American.”

I shall now shred it.

First note that this document deals with 702? It should be dealing with Title VII, because the entire thing gets reauthorized by 702 reauthorization. That means Sections 704 and 705(b), which are used to target Americans, will be reauthorized. And they have had egregious problems in recent years (even if the problems only affect some subset of around 300 Americans). Sure, Paul Manafort and Carter Page are not your “typical” Americans, but abuses against them would be problematic for reasons that could affect Americans (not least that they could fuck up the Mueller probe if FISA disclosure for defendants weren’t so broken).

The piece starts by talking about how the IC uses 702 to “hunt” for information on “adversaries,” which it suggests include terrorists and hackers.

The U.S. Intelligence Community relies on Section 702 of the Foreign Intelligence Surveillance Act in the constant hunt for information about foreign adversaries determined to harm the nation or our allies. The National Security Agency (NSA), for example, uses this law to target terrorists and thwart their plans. In a time of increasing cyber threats, Section 702 also aids the Intelligence Community’s cybersecurity efforts.

Somehow, it neglects to mention the foreign government certificate — which can target people who aren’t “adversaries” at all, but instead foreign muckety mucks we want to know about — or the counterproliferation certificate — which can target businesses of all kinds that deal in dual use technologies. Not to mention the SysAdmins that it might target for all these purposes.

The piece then lays out in two paragraphs and six questions (I include just one below) the basic principles that 702 can only “target” foreigners overseas.

Under Section 702, the government cannot target a U.S. person anywhere in the world, or any person located in the United States.

Under Section 702, NSA can target foreigners reasonably believed to be located outside the United States only if it has a basis to believe it will acquire certain types of foreign intelligence information that have been authorized for collection.

[snip]

Q: Can I, as an American, be the target of Section 702 surveillance?

A: No. As an American citizen, you cannot be the target of surveillance under Section 702. Even if you were not an American, you could not be targeted under Section 702 if you were located in the United States.

Effectively, this passage might as well say, “target target target target target target target target target target
target target target target target target target target target,” which is how many times (19) the word is used in the touchy-feely piece. The word “incidental” appears just once, where it entertains what happens if one of “Mary’s” foreign relatives were in a terrorist organization.

Q: One of Mary’s foreign relatives in South America is a member of an international terrorist group. Could Mary’s conversations with that relative be collected under Section 702?

A: Yes, it’s possible, if the U.S. government is aware of the relative’s membership in a terrorist group and the relative is one of the 106,000 targets under Section 702. However, even if this scenario occurred, there would still be protections in place for Mary, a U.S. citizen, if her conversations with that target were incidentally intercepted. For example:

U.S. intelligence agencies’ court-approved minimization procedures are specifically designed to protect the privacy of U.S. persons by, among other things, limiting the circumstances in which NSA can include the identity of a U.S. person in an intelligence report. Moreover, even where those procedures allow the NSA to include the identity of a U.S. person in an intelligence report, NSA frequently substitutes the U.S. person identity with a generic phrase or term, such as “U.S. person 1” or “a named U.S. person.” NSA calls this “masking” the identity of the U.S. person.

There are also what’s known as “age-off requirements”: After a certain period of time, the IC must delete any unminimized Section 702 information, regardless of the nationality of the communicants.

I guess the NSA figured if they used “Fatima,” whose relatives were in Syria, this scenario would be too obvious?

Yet in this, the only discussion of “incidental” collection, the NSA doesn’t explain how it is used — for example to find informants (meaning Fatima might be coerced into informing on her mosque if she discussed her tax dodging with her cousin) or to find 2nd degree associates (meaning Fatima’s friend in the US, Mohammed, might get an FBI visit because Fatima’s cousin in Syria is in ISIS). It also doesn’t explain that the “age-off” is five years, if Fatima is lucky enough to avoid having the FBI deem her conversations with her cousin in Syria interesting. If not, the data will sit on an FBI server for 30 years, ready to provide an excuse to give Fatima extra attention next time some bigot gets worried because he sees her taking pictures at Disney World.

Curiously, while the NSA doesn’t address the disproportionate impact of 702 on Muslims, it does pretend to address the disproportionate impact on Asians or their family members — people like like Xiaoxiang Xi and Keith Gartenlaub.

Q: Could the government target my colleague, who is a citizen of an Asian country, as a pretext to collect my communications under Section 702?

A: No. That would be considered “reverse targeting” and is prohibited.

Thanks to Ron Wyden, we know how cynically misleading this answer is. He explained in the SSCI 702 reauthorization bill report that the government may,

conduct unlimited warrantless searches on Americans, disseminate the results of those searches, and use that information against those Americans, so long as it has any justification at all for targeting the foreigner.

Effectively, the government has morphed the “significant purpose” logic from the PATRIOT Act onto 702, meaning collecting foreign intelligence doesn’t have to be the sole purpose of targeting a foreigner; learning about what an American is doing, such as a scientist engaging in scientific discussion, can be one purpose of the targeting.

After dealing with unmasking, the NSA then performs the always cynical move of asking whether the NSA can query US person content.

Q: Can NSA use my information to query lawfully collected 702 data?

A: NSA can query already lawfully collected Section 702 information using a U.S. person’s name or identifier (such as an e-mail account or phone number) only if the query is reasonably designed to identify foreign intelligence information.

However, a U.S. person is still afforded protection. The justification for the query must be documented. The process for conducting a query is also subject to internal controls. Such queries are reviewed by the Department of Justice and the Office of the Director of National Intelligence to ensure they meet the relevant legal requirements. Additionally, if the query was subsequently identified as being improper, it would be reported to the Foreign Intelligence Surveillance Court and to Congress.

This passage is absolutely correct. But also absolutely beside the point, because NSA sends a significant chunk of its collection to the FBI where it can be searched to assess leads and search for evidence of crimes, and where queries get nowhere near the kind of oversight that NSA queries get.

Then the piece tries to explain the need for all the secrecy.

Q: Terrorists aim to hurt Americans and our allies, so why doesn’t the Intelligence Community share more Section 702 information about how the IC goes after them?

A: The Intelligence Community has dramatically enhanced transparency, especially regarding its implementation of Section 702. Thousands of pages of key documents have been officially released, and are available on IC on the Record. The public has more information than ever before on how the IC uses this critical foreign surveillance authority. That said, the IC must continue to protect classified information. This includes specifics on whether or not it has collected information about any particular individual.

If terrorists could find out that NSA had intercepted their communications, terrorists would likely change their communications methods to avoid further detection.

This is, partly, a straw man. People aren’t really asking to know NSA’s individual targets. They’re asking to know whether the government has back doored their iPhones via demands under FISA, or whether the NSA is collecting on the 430,000 Americans that use Tor every day, or if they’re also using this “foreign intelligence” collection program to hunt Americans buying drugs on Dark Markets or even BLM activists that our racist Attorney General has deemed a threat to national security. And in the name of keeping secrets from terrorists (who actually have the feedback mechanism of observing what gets their associates drone-killed to learn what gets collected), the government is refusing to admit that the answer to all those questions is yes: yes, the government has back doored our iPhones, yes, the government is spying on the 430,000 Americans that use Tor, and yes, for those who use Tor to buy drugs, they may even use 702 data to prosecute you.

Finally, the NSA pretends that everyone else in the world has a program just like this.

Q: Is the U.S. government the only one in the world with intercept programs like 702?

A: No. Many other countries have intelligence surveillance intercept programs, nearly all of which have far fewer privacy protections. Section 702 and its supporting policies and practices stand out in terms of strength of oversight, privacy protections, and public transparency.

It is true that other countries have “intercept programs,” but with the exception of China and Russia’s access to domestic Internet companies, no other country has a program “like 702” that, by virtue of the United States hosting the world’s most popular Internet companies, gives the US the luxury of spying on the rest of the world using a nice note to Google rather than having to hack users individually (or hack all users, as Russia did with Yahoo).

So, yes, the NSA has now offered a picture of itself, literally and metaphorically, that minimizes the scope, the thousands of spies it employs, and the reach, both domestic and global. But it’s a profoundly misleading picture.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

How FBI Could Use Reverse Targeting to Use Section 702 against Keith Gartenlaub

Some weeks ago, in a post named, “Evidence the US Government Used Section 702 against Keith Gartenlaub[‘s Parents-in-Law],” I laid out the evidence that Section 702 was used against Keith Gartelaub. As I showed,

  • A warrant in his case seemed to parallel construct Yahoo and Google content, often a sign the government is trying to introduce a second source for PRISM content
  • In spite of reference to Skype metadata, nothing in the court case ever seemed to reflect the content from those calls, in spite of the fact they’d be readily collectible
  • After approving the sharing of FISA information with the National Center for Missing and Exploited Children for traditional FISA data, the government approved such sharing for 702 data the day before they arrested Gartenlaub

But there was just one problem with that argument — one made clear in the title of the post. Ultimately, the government is only supposed to be allowed to target foreigners like Gartenlaub’s “well connected” Chinese parents-in-law, not Gartenlaub. Yet by all appearances, the investigation started with Gartenlaub, basically by deciding that allegations of Boeing theft must mean there was a Boeing theft at Gartenlaub’s location and then, very quickly, settling on Gartenlaub as the likely culprit.

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

So if Agent Harris did obtain 702 data between February, when he first showed interest in Gartenlaub, and June, when he appeared to be parallel constructing Google and Yahoo content, it would have been for the purpose of obtaining information on Gartenlaub, already a focus of the investigation.

That would pretty clearly be reverse targeting (unless, for some reason, the FBI already had a big stash of his in-laws’ communications in their 702 collection, in which it’d come up in a back door search).

In other words, while there’s a good deal of circumstantial evidence that the government used 702 to spy on his conversations with his in-laws, that shouldn’t be allowed under a common sense definition of what reverse targeting does.

Except, as Senator Wyden’s 702 reform and the SSCI bill report make clear, that kind of reverse targeting actually is permitted by current practice.

In his comments to the SSCI bill report, for example, Wyden explained,

The bill does not include a meaningful prohibition on reverse targeting, which would require a warrant when a significant purpose of targeting a foreigner is actually to collect the communications of the American communicant. The current standard permits the government to conduct unlimited warrantless searches on Americans, disseminate the results of those searches, and use that information against those Americans, so long as it has any justification at all for targeting the foreigner.

His own bill would insert language prohibiting the targeting someone outside the US if a significant purpose is to get the communications of someone inside the US. If it was, the bill would require the government to get a Title I (traditional) order. [Bolded language is new.]

(d) Targeting procedures
(1) Requirement to adopt–The Attorney General, in consultation with the Director of National Intelligence, shall adopt targeting procedures that are reasonably designed to—
(A) ensure — 

(aa) that any acquisition authorized under subsection (a) is limited to targeting persons reasonably believed to be located outside the United States; and
(bb) that an application is filed under title I, if otherwise required, when a significant purpose of an acquisition authorized under subsection (a) is to acquire the communications of a particular, known person reasonably believed to be located in the United States; 

And a SSCI Wyden amendment modified by Angus King would prohibit the targeting of someone overseas if a purpose of the targeting was to collect on someone in the US.

By a vote of four ayes to eleven noes, the Committee rejected an amendment by Senator Wyden, as modified by Senator King, which would have revised the standard on current reverse targeting prohibitions to replace ‘‘the’’ with ‘‘a,’’ such that the statute would state ‘‘If a purpose of such acquisition is to target a particular known person.’’ The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—no; Senator Wyden—aye; Senator Heinrich— aye; Senator King—aye; Senator Manchin—no; and Senator Harris—aye.

 

Clearly, the current prohibition on reverse targeting actually would nevertheless permit the government to obtain Gartenlaub’s in-laws communications to find out what they talk about in order to assess whether he might be plotting to steal IP from Boeing with them. And even though we still only have circumstantial evidence this is what happened, if it did, it would show the problem with reverse targeting: because Gartenlaub had Chinese in-laws, it (may have) made it far easier to obtain potentially damning information using 702 than it would be for any of his colleagues who didn’t have such ties with anyone of interest in China.

Effectively (again, if Gartenlaub was indeed reverse targeted), it would mean the government could obtain communications without any suspicion from which they could look for evidence of probable cause that he (or his wife) was an agent of a foreign power.

Ultimately, after both a criminal warrant and a FISA warrant claiming they had probable cause Gartenlaub was spying for China, after reading his emails for months, searching his home, and searching multiple devices, the government never found evidence to support that claim. But they did find old child porn (though no forensic evidence showing he had accessed that porn). It appears likely that they would never have found it if he hadn’t had the bad luck of marrying a well-connected Chinese-American.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Christopher Wray and the Myth Created by Parallel Construction

At the Friday Heritage Foundation Section 702 event, FBI Director Christopher Wray argued that reforming Section 702 (he suggested, illogically, making any reforms) would rebuild the wall taken down after 9/11. (Here’s the transcript, which unfortunately doesn’t include the Q&A period.)

I think back to the time that I was in government before on 9/11, right before 9/11, right after 9/11. I think about how hard dedicated men and women throughout the intelligence community worked to try to tear down the walls that had prevented us from connecting all the information that might have been able to prevent those attacks. As I said at the beginning, listening to this debate right now, watching some of the potential ideas that are being floated strikes me as eerily similar to people, well-intentioned, starting to put bricks into a wall.

There are problems with that argument (which have as much to do with our national myopia about the risks we face and how we’ve combatted them as anything else). But I’m grateful Wray made an effort to avoid the ad hominem attacks some of Section 702’s other boosters have resorted to.

Still, Wray’s response to concerns about using Section 702 in criminal prosecutions got dangerously close to that. In response to a question from David Shedd, Wray said that concerns about the topic derive from a myth. Those of us with such concerns, Wray said, are just “confused.”

There’s been a little bit of myth development in that space. When we talk about the criminal side, I think it’s important to distinguish between the tip and lead kind of scenario that I’m describing, which is where Section 702 is so important, and the prosecution end of it, where the information of any sort is being used. Section 702 has not been used for any traditional criminal case as evidence in a trial or anything like that ever, except in about 10 terrorism prosecutions. So the notion that there are criminal agents using Section 702 to make garden variety criminal cases, that’s just myth. It is not happening.

I’m reluctant to try to guess as to how people who are confused get confused. My goal is to get them straight.

To claim this is a myth, of course, Wray has to rely on a bogus number of defendants who have gotten their legally required 702 notice — ten counterterrorism cases — thereby pretending that 702 hasn’t had a key role in far, far more criminal cases, and not just in counterterrorism cases, but also counterespionage (including nation-state hacking) and counterproliferation cases.  (Interestingly, defendants are only known to have gotten notice in eight cases, meaning Wray may have revealed two more where defendants got non-public notice.) Plus, as I’ve noted, FBI submitted notice about attorney-client violations to FISC in nine cases in the time since DOJ largely stopped giving defendants notice.

The numbers just don’t add up.

Which means, in significant part, what Wray calls a myth is, in reality, parallel construction, a myth of a different sort, the myth that law enforcement tells defendants about where their cases came from or why certain approaches were used with the case, the myth created by DOJ’s secret interpretations about how they deal with legally mandated FISA notice. The myth that decides Keith Gartenlaub is a counterintelligence threat because of the conversations he conducts on Skype, a PRISM provider, with his in-laws, only to scrub all mention of those Skype conversations (and, DOJ presumably maintains in its secret policies on the issue, the legal obligation to give notice) once you go to trial.

Wray goes on to blithely describe how content collected without a warrant comes to define the tips FBI Agents get, even before any evidence has been collected.

There’s the information over here, that the Agent is seeing in real time in the US. That’s the tip or the lead. And then there’s the information in the database. And it’s the connection that’s important. Let me talk about what’s in the database, first, and what isn’t. What’s in the database — that 4.3% [of the NSA’s targets] — that’s not evidence of garden variety criminal conduct. The only stuff that’s in that is information about foreigners, reasonably believed to be overseas, for foreign intelligence purposes. So that’s foreign intelligence information in there. That’s not evidence of … I don’t know, pick an example, you know, child porn, or something else. It could be very serious, but that’s not what’s in there. So the Agent over here, if he’s in national security investigator is connecting national sec–something that he thinks is national security information with foreign intelligence information. The criminal agent, who is not doing anything related to national security, he’s not looking to try to find some national security hook for his case. He’s just trying to make sure — let’s say he’s got a cigarette smuggling case — one of the things we know is that terrorist groups have used things like cigarette smuggling to finance their activities. There are cases that Department of Justice has brought over the years on that very thing. Cigarette smuggling is a crime. Well, it could be handled one way but if it turns out that cigarette smuggling that’s designed to support Hezballah, that’s different. It needs to be viewed differently. But we won’t know if we just build a wall between the Agent and the information that’s sitting right over here in the FBI database. [my emphasis]

Wray makes another error here, in claiming that “That’s not evidence of … I don’t know, pick an example, you know, child porn,” in the information FBI deems foreign intelligence information. Either that, or the government should very quickly inform the Ninth Circuit of that fact, because Keith Gartenlaub is as we speak challenging the use of a physical search FISA order to turn nine-year old child porn lying unaccessed on his hard drives into foreign intelligence information and thereafter into a criminal prosecution.

But it’s not just Gartenlaub and a traditional FISA search. Given that 702 PRISM collection obtains not only emails, but also attachments and data stored in the cloud, it will obtain a lot more than communications, including photos. Those photos may be garden variety sexy photos shared between adults (indeed, photos of that kind were also introduced in Gartenlaub’s case). But they also may be abusive photos of children. The Intelligence Community will use both kinds — as well as all the other kinds of non-email information obtained by targeting email accounts — for its foreign intelligence purposes.

It’s fairly unfortunate that, three years after FBI asked for and obtained a change in its Section 702 minimization procedures so as to be able to easily deal with child porn discovered using it, the FBI Director claimed publicly that Section 702  data doesn’t include child porn.

Of course it does.

Whether we should want the FBI to immediately prosecute child porn discovered in the name of foreign intelligence information or, first (as happened with Gartenlaub) use it to try to flip someone to become an informant, is a policy discussion we’re not having.

But the reason we’re not having that discussion is because of the other myth being told, the myths about prosecutions that have used parallel construction to hide the whys and wherefores of the case, in large part to sustain the myth Wray is telling here, that those tips and that warrantless collection have nothing to do with each other.

I appreciate Wray’s efforts to avoid dodging the key issues by attacking those of us who recognize the 702 needs reform. But what is really going on is that the myths the government tells about how intelligence is used serves to make a real policy discussion difficult (for people like me, who know the criminal cases) and impossible (for staffers and members of Congress, who don’t). Wray and others in the intelligence community have grown so accustomed to these myths (see this Bob Litt exchange for an example), that they don’t even seem to see the implications of parallel construction for our claims to due process anymore. If we’re confused about the use of 702 information in criminal proceedings, the government is confused about how metasticizing parallel construction rots the guarantees in our Constitution.

I imagine FBI would like to defer this discussion once again; pretending reformers are the ones inventing myths is a good way to do that. But it’s important, this time around, that we call the government on the myths they tell, even while they claim we’re the ones who’re confused.

Update: When I asked FBI about the discrepancy in numbers (8 versus 10), a spox emphasized that Wray said “about” 10 cases have used 702 evidence.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Evidence the US Government Used Section 702 against Keith Gartenlaub[‘s Parents-in-Law]

A few weeks ago, I laid out how the Keith Gartenlaub case made child pornography foreign intelligence information. I showed how the FBI moved back and forth from a criminal to a FISA to a criminal warrant, only to try to use evidence of child pornography to get Gartenlaub to flip on his Chinese in-laws regarding suspected spying.

In this post, I want to lay out circumstantial evidence that Section 702 was used in the case — probably to spy on communications of Gartenlaub’s Chinese in-laws as well as his communications with them. This is circumstantial, but important, particularly given FBI Director Christopher Wray’s claims last Friday that 702 doesn’t include child pornography and has only been used in counterterrorism cases.

FBI cites his communications on PRISM providers to obtain warrant for domestic records from those providers

The first reason to believe FBI used Section 702 with Gartenlaub is that the first warrant affidavit in the case, used to obtain his and his wife’s Yahoo and Google account data, looks like typical parallel construction. It provides a means to get the content from specific PRISM providers based in large part on the use of those providers to communicate with people in China.

The GARTENLAUB SUBJECT ACCOUNT, [email protected], is used by Keith Gartenlaub at work and at home based on information provided by Boeing regarding the use of his Boeing issued laptop computer . Information obtained from a court-authorized pen register and trap and trace device shows that he is in contact with a China based email account using a Shanghai IP address seven times since March 2013. The GARTENLAUB SUBJECT ACCOUNT is also used to communicate with his wife, as reflected in the results of a pen register and trap and trace device. Emails are also forwarded from Gartenlaubs Boeing e-mail account to the GARTENLAUB SUBJECT ACCOUNT, evidence of which exists on the results of the data pen and trap and trace device.

Given that this was a spying case, the Chinese interlocutors would have been solid Section 702 targets. Though, remarkably, nowhere in the unclassified legal documents does the government do anything more than cite him saying his wife’s family was “well connected” to explain who those suspected spying recruiters were.

Gartenlaub stated he never had to worry about his security while traveling in China because his wife’s family is “well connected.” Gartenlaub did not elaborate on what connections she has.

To get the later (or earlier!) FISA order, the FBI would have had to detail who in China he was talking about. And to get that they likely would have used 702.

The mysterious absence of Skype in evidence

In addition to Google and Yahoo, the affidavit asking for Google and Yahoo content also described his most frequent communications with people in China taking place on Skype.

I have also reviewed the records provided by Skype for the account subscribed to Keith Gartenlaub. Those records showed that in the period of April 2011 to March 2013, the account contacted other accounts based in China approximately once every three days, on average. (Gartenlaub was interviewed on February 7 , 8, and 22, 2013). After Gartenlaub was contacted by the FBI to set up an interview, the Skype account subscribed to Gartenlaub contacted accounts based in China approximately three times per day 1 on average.

[snip]

His contact with Chinese-based Skype accounts spiked as soon as he was contacted by the FBI about the C17 investigation;

But not only does the affidavit not ask for a warrant for Skype (as part of Microsoft, a PRISM provider), as best I can tell no Skype data ever got introduced at trial.

In other words, a key reason they suspected Gartenlaub — his discussions with elites in China — never made it into the case in chief.

Which may be how they avoided giving him his legally mandated 702 notice.

The timing of the Section 702 NCMEC change

Then there’s the most obvious reason to think that Gartenlaub’s prosecution implicates Section 702: the coincidence between the the change in Section 702’s minimization procedures, as it pertains to sharing with the Center for Missing and Exploited Children, and the date of his arrest.

The government changed the standard minimization procedures for individualized FISA orders on August 11, 2014. Then, citing back to this earlier change, FISC approved an equivalent change in the Section 702 minimization procedures on August 26, 2014. The next day, the government arrested Gartenlaub. Particularly given how long they had had the child porn from the January 2014 search, it seems likely they waited until all relevant authorities included NCMEC permission before arresting him based off information that clearly relied on FISA information, if not earlier 702 information.

Mind you, the change in the 702 minimization procedures would only be necessary to cover Gartenlaub’s case if the government had found some evidence of the child porn before the FISA search. I can’t think of any way they could have done that unless they found him sharing porn with targeted people in China. That shouldn’t be possible — not according to regular targeting rules, anyway.

Still, the timing does make me think the government wanted both sets of minimization procedures available in time for the arrest.

Whatever the case, given how easily the government could have targeted Gartenlaub’s in-laws, and given the PRISM providers implicated (both in the known discovery and the missing Skype communications), I think it highly likely the government used Section 702 as part of this case.

Even if they didn’t provide notice.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

702 Reauthorization Bill: Why a Back Door Fix for Criminal Searches Is Meaningless

In this post, I explained how the House Judiciary Committee Section 702 reauthorization bill only closes the back door search loophole for “quer[ies] for evidence of a crime.” In addition, they let the government define what a “query reasonably designed for the primary purpose of returning foreign intelligence information” is, which means they’re basically punting on defining it themselves until 2023.

Given that treatment, the back door search fix is virtually useless, because for every search that might return the communications of an American, the government can always claim they’re considering recruiting the American as an informant.

Any communication queryable by back door search by definition involves a person of interest for a foreign intelligence reason

To understand why, first remember why FBI would get this information in the first place. They can only get raw 702 data if they have an active full investigation — and by definition, the targets of that that active full investigation are going to be targeted for the same reasons the target would be targeted by NSA, because they are of national security interest, pertaining to counterterrorism, counterproliferation, and counterintelligence/nation-state hacking.

Thus, any American whose communications might come up in a back door search will — by definition — be someone talking to a target of interest. That doesn’t mean they’re talking to a “bad guy,” as US national security professionals insist on speaking of adversaries. They’re just someone who has foreign intelligence information related to one of those three-plus topics.

Since 2002, the government has insisted that any crime — including rape — can be foreign intelligence information

The precedent that determined the limits of the government’s use of FISA-obtained information in criminal proceedings came in the 2002 In Re Sealed case challenge where the FISA Court of Review deemed the PATRIOT Act’s adoption of “significant purpose” language in FISA targeting to permit the sharing of information for criminal purposes.

As part of that case, the government claimed it could use criminal information to recruit a foreign spy.

Thus, for example, where information is relevant or necessary to recruit a foreign spy or terrorist as a double agent, that information is “foreign intelligence information” if the recruitment effort will “protect against” espionage or terrorism.

[snip]

Whether the government intends to prosecute a foreign spy or recruit him as a double agent (or use the threat of the former to accomplish the latter), the investigation will often be long range, involve the interrelation of various sources and types of information, and present unusual difficulties because of the special training and support available to foreign enemies of this country. [my emphasis]

During the hearing, FISCR judge Laurence Silberman tried to get Solicitor General Ted Olson to envision some kind of crime that couldn’t be used for foreign intelligence purpose, suggesting rape. But even that, Olson argued, could be deemed foreign intelligence information, because the government could use evidence of rape to coerce someone to become an informant.

OLSON: And it seems to me, if anything, it illustrates the position that we’re taking about here. That, Judge Silberman, makes it clear that to the extent a FISA-approved surveillance uncovers information that’s totally unrelated — let’s say, that a person who is under surveillance has also engaged in some illegal conduct, cheating —

JUDGE LEAVY: Income tax.

SOLICITOR GENERAL OLSON: Income tax. What we keep going back to is practically all of this information might in some ways relate to the planning of a terrorist act or facilitation of it.

JUDGE SILBERMAN: Try rape. That’s unlikely to have a foreign intelligence component.

SOLICITOR GENERAL OLSON: It’s unlikely, but you could go to that individual and say we’ve got this information and we’re prosecuting and you might be able to help us. I don’t want to foreclose that.

JUDGE SILBERMAN: It’s a stretch.

SOLICITOR GENERAL OLSON: It is a stretch but it’s not impossible either. [my emphasis]

The previous year, in 2001, the government had used the threat of a rape prosecution against Abu Zubaydah’s brother, Hesham Abu Zubaydah (who had had calls with his brother picked up on wiretaps), to convince him to become an informant. The FISCR decision certainly didn’t endorse approving individual FISA warrants to find proof of crimes that could be used to flip people. But neither did it place meaningful limits (and why should it, given that in those halcyon days all FISA orders were individualized).

In years since then, the government has repeatedly told the FISC they’re using programmatic spying to find informants. In both 2006 and 2009 it said it would use the phone dragnet “to discover individuals willing to become U.S. Government assets.” (see PDF 22 for citations to two Keith Alexander statements) That’s also one way the FBI measured the efficacy of Stellar Wind.

The Gartenlaub case shows FBI will use kiddie porn to (attempt to recruit) foreign intelligence informants

This is one reason the Keith Gartenlaub case is so important, in which the government used a criminal warrant, then a FISA warrant, then another criminal warrant to obtain evidence that Gartenlaub had nine-year old kiddie porn on his hard drives. The government justified all those warrants based on the claim that Gartenlaub was working with his Chinese in-laws — who always got described as influential in China — to steal Boeing information to share with China. Ultimately, they found no evidence of that.

I will eventually show evidence that the government also used Section 702 against Gartenlaub, probably (at a minimum) to obtain the Skype conversations he had with his in-laws, who would be targetable as influential Chinese citizens.

In any case, in association with the Gartenlaub case, the government changed both the individual FISA and the Section 702 minimization procedures to permit the sharing of data collected under FISA with the National Center for Missing and Exploited Children, meaning they can use FISA to obtain information on kiddie porn in the name of foreign intelligence collection.

After they indicted Gartenlaub, the government offered to drop the charges for information on the spying with China.

During his initial appearance in a federal courthouse in Santa Ana, Calif., the prosecutors indicated a willingness to reduce or drop the child pornography charges if he would tell them about the C-17, said Sara Naheedy, Gartenlaub’s attorney at the time.

Even at that late date, after eighteen months, two criminal warrants, and a FISA warrant, the government was treating Gartenlaub’s alleged kiddie porn possession as potential foreign intelligence information.

One purpose of assessments — and queries conducted under them — is to assess people to become informants

Every description of back door searches is clear: FBI can use them at the assessment level (that is, when they’re trying to figure out whether to open a full investigation).

[W]henever the FBI opens a new national security investigation or assessment, FBI personnel will query previously acquired information from a variety of sources, including Section 702, for information relevant to the investigation or assessment. With some frequency, FBI personnel will also query this data, including Section 702– acquired information, in the course of criminal investigations and assessments that are unrelated to national security efforts. In the case of an assessment, an assessment may be initiated “to detect, obtain information about, or prevent or protect against federal crimes or threats to the national security or to collect foreign intelligence information.

And FBI’s Domestic Investigations and Operations Guide is equally clear: the FBI uses assessments to determine whether people would make good informants. For example, the DIOG describes this scenario — which sounds just like what happened to Professor Xiaoxiang Xi — among its scenarios for using assessments.

A field office has a Full Investigation open on a group of individuals from country X believed to be targeting engineers and high-tech workers involved in the production of semiconductor chips. Evidence in the Full Investigation suggests that the individuals from country X are attempting to recruit the engineers and high tech workers to steal information regarding the semiconductor chips in exchange for money. During the investigation, an engineer who travels frequently to country X has been identified.

Information developed during the Predicated Investigation may be used to determine whether the engineer should be viewed as a subject of the investigation or a potential [Confidential Human Source]. If the engineer is determined to be a subject of the Full Investigation, a Type 5 Assessment may not be opened and the engineer needs to be opened as the target of a Full Investigation. If the primary focus of the FBI’s interest is to determine whether the individual may be a potential source, a Type 5 Assessment should be opened to collect information necessary to determine whether the FBI should attempt to recruit the engineer as a CHS. (PDF 117)

Remember: the FBI can obtain any 702 data related to a full investigation like the one described here. And Chinese scientists suspected of IP theft would be clear targets under the Foreign Government certificate. So it is solidly within the realm of possibility that the government would target Chinese scientists, obtain conversations (like the one that Xi got targeted for) about semiconductors, and then find that information at a later time when researching the American whose communication got collected incidentally.

That’s the problem with trying to fix the back door loophole while still permitting back door searches for foreign intelligence assessments: because it’s not until the government pulls up the information at the assessment stage — and it may well be years later, as was the case for Gartenlaub — that the government decides whether they’re going to use it and its fruits as foreign intelligence or criminal information.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

How Keith Gartenlaub Turned Child Porn into Foreign Intelligence

As I mentioned in this post on FISA and the space-time continuum, I’m going to be focusing closely on the FISA implications of Keith Gartenlaub’s child porn prosecution.

Gartenlaub was a Boeing engineer in 2013 when the FBI started investigating him for sharing information with China (see this and this story for background). He was suspected, in significant part, because of relationships and communications tied to his wife, who is a naturalized Chinese-American and whose family appears well-connected in China. The case is interesting for the way the government used both FISA and criminal searches to prosecute him for a non-national security related crime.

The case is currently being appealed to the 9th Circuit; it will be heard on December 4. His defense is challenging several things about his conviction, including that there was insufficient evidence to deem him an Agent of a Foreign Power (and therefore to obtain the ability to conduct a broader search than might be permitted under a criminal warrant), as well as that there was insufficient evidence offered at trial that he knowingly possessed the 9-year old child porn on which his conviction rests. I think there’s some merit to the latter claim, but I’m going to bracket it for my discussion, both because I think the FISA issues would remain important even if the government’s case on the child porn charge were far stronger than it is, and because I think the government may be sitting on potentially inculpatory evidence.

In this post, I’m going to show that it is almost certain that the government changed FISA minimization procedures to facilitate using FISA to prosecute him for child porn.

Timeline

The public timeline around the case looks like this (and as I said, I believe the government is hiding some bits):

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

Unknown date: Harris obtains a FISA order

January 29, 2014: Using FISA physical search order, FBI searches Gartenlaub’s home, images three hard drives

June 3, 2014: Harris sends files to National Center for Missing and Exploited Children, which confirms some files display known victims

August 22, 2014: Criminal search warrant obtained for Gartenlaub’s premises

August 27, 2014: FBI searches Gartenlaub’s properties, seizing computers used as evidence in trial, arrests him

August 29, 2014: Government reportedly says it will dismiss charges if Gartenlaub will cooperate on spying

October 23, 2014: Grand jury indicts

December 10, 2015: Guilty verdict

FBI used a criminal search warrant to obtain evidence, then obtained a FISA order

As you can see from the timeline, the government first obtained a criminal search warrant for access to Gartenlaub and his wife’s email accounts (Gartenlaub also got an 1806 notice, meaning they used a FISA wiretap on him at some point). Only after that did they execute a FISA physical search order to search his house and image his computers. Which means — unless they had a FISA order and a criminal warrant simultaneously — they had already convinced a judge it was likely Gartenlaub’s emails would provide evidence he was “remov[ing ] information, including export controlled technical data, from Boeing’s computer networks to China.” In his affidavit, Agent Harris cited violations of the Arms Export Control Act and Computer Fraud and Abuse Act.

Then, after probably months of reviewing emails later, having already shown probable cause that could have enabled them to get a search warrant to search Gartenlaub’s computer for those specific crimes — that is, proof that he had exploited his network access at Boeing in order to obtain data he could share with his wife’s Chinese associates — the government then went to FISA and convinced a judge they had probable cause Gartenlaub (or perhaps his wife) was acting as an agent of a foreign power for what are assumed to be the same underlying activities.

The government insists it still had adequate evidence Gartenlaub or his wife was an agent of a foreign power under FISA

The government’s response to Gartenlaub’s appeal predictably redacts much of the discussion to support its claim that it had sufficient probable cause, after months of reading his emails, to claim he or his wife was an agent of China. But the structure of it — with an unredacted paragraph addressing weaknesses with the criminal affidavit, followed by a redacted passage of unknown length, as well as a redacted footnote modifying the idea that the criminal affidavit “merely ‘recycled’ details that were found in the Harris affidavit” (see page 38-39) — suggests they raised evidence beyond what got included in the criminal affidavit. That’s surely true; it presumably explains what was so interesting about Yi’s family and associates in China as to sustain suspicion that they would be soliciting Boeing technology.

In any case, in a filing in which the government admits that “the [District] court expressed ‘some personal questions regarding the propriety of the FISA court proceeding even though that certainly seems to be legally authorized’,” the government pushed the Ninth Circuit to adopt a deferential standard on probable cause for FISA orders, in which only clear error can overturn the probable cause standard.

The Court has not previously articulated the standard of review applicable to an underlying finding of probable cause in a FISA case. In the analogous context of search warrants, this Court gives “great deference” to an issuing magistrate judge’s findings of probable cause, reviewing such findings only for “clear error.” Krupa, 658 F.3d at 1177; United States v. Hill, 459 F.3d 966, 970 (9th Cir. 2006) (same); United States v. Clark, 31 F.3d 831, 834 (9th Cir. 1994) (same). “In borderline cases, preference will be accorded to warrants and to the decision of the magistrate issuing it.” United States v. Terry, 911 F.2d 272, 275 (9th Cir. 1990). The same standard applies to this Court’s review of the findings in Title III wiretap applications. United States v. Brown, 761 F.2d 1272, 1275 (9th Cir. 2002).

Consistent with these standards and with FISA itself, the Second and Fifth Circuits have held that the “established standard of judicial review applicable to FISA warrants is deferential,” particularly given that “FISA warrant applications are subject to ‘minimal scrutiny by the courts,’ both upon initial presentation and subsequent challenge.” United States v. Abu-Jihaad, 630 F.3d 102, 130 (2d Cir. 2010); accord United States v. El-Mezain, 664 F.3d 467, 567 (5th Cir. 2011) (noting that representations and certifications in FISA application should be “presumed valid”). Other courts, reviewing district court orders de novo, have not discussed what deference applies to the FISC. See, e.g., Demeisi, 424 F.3d at 578; Squillacote, 221 F.3d at 553-54.

The government submits that the appropriate standard should be deferential. Consistent with findings of probable cause in other cases, the Court should review only for “clear error,” giving “great deference” to the initial conclusion that a FISA application established probable cause.

And, of course, the government argues that even if it didn’t meet the standards required under FISA, it still operated in good faith.

By using a FISA rather than a criminal search warrant, the FBI had more leeway to search for unrelated items

Nevertheless, having read Gartenlaub’s email for months and presumably having had the opportunity to obtain a warrant to search his computers for those specific crimes, the government instead obtained a FISA order that allowed the FBI to search his devices far more broadly, opening up decades old files named with sexually explicit names in the guise of finding intelligence on stealing Boeing’s secrets. Here’s how Gartenlaub’s lawyers describe the search in his appeal, a description the government largely endorses in their response:

The FISC can only authorize the government to search for and seize “foreign intelligence information.” 50 U.S.C. §§ 1822(b), 1823(a)(6)(A), 1824(a)(4). The order authorizing the January 2014 search of Gartenlaub’s home and computers presumably complied with this restriction. “Foreign intelligence information” (defined at 50 U.S.C. §§ 1801(e) and 1821(1)) does not include child pornography. Nonetheless, as detailed in the government’s application for the August 2014 search warrant, the agents imaged Gartenlaub’s computers in their entirety, reviewed every file, and–upon discovering that some of the files contained possible child pornography–subjected those and related files to detailed scrutiny, including sending them to the National Center for Exploited Children for analysis. ER248-56, 262-68. In an effort to establish that Gartenlaub had downloaded the child pornography, the agents also examined and analyzed a number of other files on the computers, none of which had anything to do with “foreign intelligence information.” ER255-62, 268-70.

As far as the record shows, the agents conducted this detailed, far-ranging analysis without obtaining any court authorization beyond the initial FISC order. In other words, after encountering suspected child pornography files, the agents did not stop their search and seek a warrant authorizing them to open and review those files and other potentially related files. Instead, they opened, examined, and analyzed the suspected child pornography files and a number of other files having nothing to do with foreign intelligence information. They then incorporated the results of that analysis into the August 2014 search warrant application. ER248- 49. That application, in turn, produced the warrant that gave the agents authority to search for and seize the very materials that they had already seized and searched under the purported authority of the January 2014 FISC order.

How did agents authorized to search for “foreign intelligence information” end up opening, examining, and analyzing suspected child pornography files and a number of other files that had nothing to do with the only authorized object of the search? The agents apparently relied on the following argument: To determine whether Gartenlaub’s computers contained foreign intelligence information, it was necessary to open and review every file; after all, a foreign spy might cleverly conceal such information in .jpg files with sex-themed names or in other non-obvious locations. And after opening the files, the child pornography and other information was in “plain view” and thus could be lawfully seized under the Fourth Amendment.

As a result of these broad standards, and of Gartenlaub’s habit of retaining disk drives from computers he no longer owned, the FBI found files dating back to 2005, from a computer Gartenlaub no longer owned.

Upon finding that those files included apparent child porn, the FBI sent them off to the National Center for Missing and Exploited Children, which confirmed some of the images included known victims. Almost two months later, FBI conducted further (criminal) searches, and arrested Gartenlaub for child porn.

In December 2015, Gartenlaub was found guilty on two counts of child porn, though one count was vacated by the judge after the verdict.

FBI changed standard minimization procedures to permit sharing with NCMEC

The timeline above is what would have been available to Gartenlaub’s defense team.

But in 2015 and 2017, two new details were added to the timeline.

First, on April 11, 2017, two months after Gartenlaub submitted his opening brief in the appeal on February 8, the government released an August 11, 2014 opinion approving the sharing of FISA-obtained data with NCMEC.

Congress established NCMEC in 1984 as a non-governmental organization and it is funded through grants administered by the Department of Justice. One of its purposes is to assist law enforcement in identifying victims of child pornography and other sexual crimes. Indeed, Congress has mandated Department of Justice coordination with NCMEC on these and related issues. See Mot. at 5-8. Furthermore, this Court has approved modifications to these SMPs in individual cases to permit the Government to disseminate information to NCMEC. See Docket Nos. [redacted]. Because of its unique role as a non-governmental organization with a law enforcement function, and because it will be receiving what reasonably appears to be evidence of specific types of crimes for law enforcement purposes, the Government’s amendment to the SMPs comply with FISA under Section 180l(h)(3).1

As noted, in the past the FISC had approved sharing FISA-collected data with NCMEC on a case-by-case basis. But in 2014, in the weeks while  it prepared to arrest Gartenlaub on child porn charges tied to a search that only found the child porn because it used the broader FISA search standard, the government finally made NCMEC sharing part of the standard minimization procedures.

Even on top of this coincidental timing, there are reasons to suspect DOJ codified the NCMEC sharing because of Gartenlaub’s case. For example, in the government’s response there’s a passage that clearly addresses how NCMEC got involved in the case that bridges the discussion of use of child porn evidence discovered in plain view in the criminal context and the discussion of its use here.

Non-FISA precedents also foreclose defendant’s claims. Analyzing a Rule 41 search warrant, this Court has held that using child pornography inadvertently discovered during a lawful search is consistent with the Fourth Amendment. Giberson, 527 F.3d at 889-90 (ruling that “the pornographic material [the agent] inadvertently discovered while searching for the documents enumerated in the warrant [related to document identification fraud] was properly used as a basis for the third warrant authorizing the search for child pornography”);

[additional precedents excluded]

[CLASSIFIED INFORMATION REMOVED] With the benefit of NCMEC’s assistance, the government then sought and obtained the August 2014 search warrants, authorizing the search of defendant’s residence and storage units for child pornography. (CR 73; GER 901-53). The fruits of this warrant were then used in defendant’s prosecution. The use of information discovered during the prior lawful January 2014 search in the subsequent search warrant application was proper. Giberson, 527 F.3d at 890.

The redacted discussion must include not only a description of how NCMEC was permitted to get involved, but in the approval approving this as part of the minimization procedures, which (after all) are designed to protect Americans under the Fourth Amendment.

Of particular interest, the government argued that one of the precedents Gartenlaub cited was not binding generally, and especially not binding on the FISC.

The concurring opinion in CDT, upon which defendant relies, does not aid him. That concurrence is not “binding circuit precedent” or a “constitutional requirement,” much less one binding on the FISC. Schesso, 730 F.3d at 1049 (the “search protocol” set forth in the CDT concurrence is not “binding circuit precedent,” not a[] constitutional requirement[],” and provides “no clear-cut rule”); see CDT, 621 F.3d at 1178 (observing that “[d]istrict and magistrate judges must exercise their independent judgment in every case”); Nessland, 601 Fed. Appx. at 576 (holding that “no special protocol was required” for a computer search). Defendant thus cannot demonstrate any error relating to any FISC-authorized search.

The FISC had, by the time of the search relying on the FISA-obtained child porn as evidence, already approved the use of child porn obtained in a FISA search. So the government could say the CDT case was not binding precedent, because it already had a precedent in hand from the FISC. Of course, it didn’t tell Gartenlaub that.

Of course, that’s not proof that the government codified the NCMEC sharing just for the Gartenlaub case. But there’s a lot of circumstantial evidence that that’s what happened.

The government still has not formally noticed this change to Gartenlaub

As I noted above, the government released the FISC order approving the change in the standard minimization procedures too late to be of use for Gartenlaub’s opening brief. That’s a point EFF and ACLU made in their worthwhile amicus submitted in the appeal.

For example, in this case, the government apparently refused to disclose the relevant FBI minimization procedures to Gartenlaub’s counsel even though other versions of those minimization procedures are publicly available. See Standard Minimization Procedures for FBI Electronic Surveillance and Physical Search Conducted Under FISA (2008). 8

We can debate whether the standard approval for NCMEC sharing is a good thing or whether it invites abuse, offering the FBI an opportunity to use more expansive searches to “find” evidence of child porn that it can then use as leverage in a foreign intelligence context (which I’ll return to). I suspect it is wiser to approve such sharing on a case-by-case basis, as had been the case before Gartenlaub.

But from this point forward, I would assume the FBI will routinely use this provision as an excuse to conduct particularly thorough searches for child porn, on the logic that obtaining any would provide great leverage against an intelligence target.

The timing of the approval of NCMEC sharing under Section 702

I have said repeatedly, I think the government is withholding some details.

One reason I think that is because of another remarkable coincidence of timing.

As I first reported here, the first notice that the government had approved the sharing with NCMEC in standard minimization procedures came in September 2015, when the government released the 2014 Thomas Hogan Section 702 opinion that approved such sharing under Section 702. The opinion relied on the earlier approval (by Rosemary Collyer), but redacted all reference to the timing and context of it, as well as a footnote relating to it.

I find the timing of both the release and the opinion itself to be of immense interest.

First, the government had no problem releasing this opinion back in 2015, while Gartenlaub was still awaiting trial (though it waited until almost two months after the District judge in his case, Christina Snyder, rejected his FISA challenge on August 6, 2015). So it was fine revealing to potential intelligence targets that it had standardized the approval of using FISA information to pursue child porn cases, just not revealing the dates that might have made it useful for Gartenlaub.

I’m even more interested in the timing of the order: August 26. The day before the FBI got its complaint approved and arrested Gartenlaub.

The FBI had long ago submitted FISA information to NCMEC. But it waited until both the standard minimization procedures for traditional FISA and for Section 702 had approved the sharing of data with NCMEC before they arrested Gartenlaub.

That’s one of several pieces of data that suggests they may have used Section 702 against Gartenlaub, on top of the other mix of criminal and FISA authorizations.

To be continued.

Updated timeline

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

Unknown date: Harris obtains a FISA order

January 29, 2014: FBI searches Gartenlaub’s home, images three hard drives

June 3, 2014: Harris sends files to National Center for Missing and Exploited Children, which confirms some files display known victims

August 11, 2014: Rosemary Collyer approves NCMEC sharing for traditional FISA standard minimization procedures

August 22, 2014: Search warrant obtained for Gartenlaub’s premises

August 26, 2014: Thomas Hogan approves NCMEC sharing for FISA 702

August 27, 2014: FBI searches Gartenlaub’s properties, seizing computers used as evidence in trial, arrests him

August 29, 2014: Government reportedly says it will dismiss charges if Gartenlaub will cooperate on spying

October 23, 2014: Grand jury indicts

August 6, 2015: Christina Snyder rejects Gartenlaub FISA challenge

September 29, 2015: ODNI releases 702 NCMEC sharing opinion

December 10, 2015: Guilty verdict

February 8, 2017: Gartenlaub submits opening brief

April 11, 2017: Government releases traditional FISA NCMEC sharing opinion

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.