Working Thread on the Combined Marathon IG Report

I started reading the Combined IG Report on the Marathon attack (including the DOJ, CIA, DHS, and Intelligence Community IGs, but not NSA). And the whole thing looked so bogus from the start, I figured a working thread was in order.

One thing to remember here: we’ve only got a 32-page summary that includes 5 pages of agency (but not CIA) response and a title page. We’re getting a mere fraction of the 168-page report.

To make things worse, some things are redacted that aren’t even classified, they’re just sensitive.

Redactions in this document are the result of classification and sensitivity designations we received from agencies and departments that provided information to the OIGs for this review. As to several of these classification and sensitivity designations, the OIGs disagreed with the bases asserted. We are requesting that the relevant entities reconsider those designations so that we can unredact those portions and make this information available to the public.

(PDF 2) Several things in this passage:

Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter.

First, they don’t say what law enforcement officials IDed the brothers. That sentence precedes one which claims there were “unidentified suspects,” which suggests they had suspicions before they were “IDed.” The word “encountered” is awfully suspicious, given that explanations of how the shootout in Watertown happened have been contradictory. And note they don’t say whether Tamerlan died immediately or not–again, an issue about which there’s some contention.

(PDF 2) Note they tell us Anzor’s ethnicity, but not his wife’s (who is more central to this narrative)?

(PDF 2) The report dodges legitimate questions about why the family got refugee status by referring only to “an immigration benefit.” Given reports the uncle had ties to the CIA, that benefit may be more than a simple asylum request.

(PDF 3) Note that, after having previously said the brothers were ID’ed by LE, they now specify FBI [Actually, I think that’s wrong: this is still ambiguous about who IDed them]. But the timing is crazy: it says FBI reviewed its records by April 19, but never says when they were IDed, and doesn’t say whether they were reviewed during a period of suspicion.

By April 19, 2013, after the Tsarnaev brothers were identified as suspects in the bombings, the FBI reviewed its records and determined that in early 2011 it had received lead information from the FSB about Tamerlan Tsarnaev, had conducted an assessment of him, and had closed the assessment after finding no link or “nexus” to terrorism.

(PDF 4) This seems very broad. I wonder what they’re including? Online communications?

As a result, the scope of this review included not only information that was in the possession of the U.S. government prior to the bombings, but also information that existed during that time and that the federal government reasonably could have been expected to have known before the bombings.

(PDF 4) This passage and footnote are huge dodges, making the entire report meaningless.

We carefully tailored our requests for information and interviews to focus on information available before the bombings and, where appropriate, coordinated with the U.S. Attorney’s Office conducting the prosecution of alleged bomber Dzhokhar Tsarnaev.1

1 The initial lead information from the FSB in March 2011 focused on Tamerlan Tsarnaev, and to a lesser extent his mother Zubeidat Tsarnaeva. Accordingly, the FBI and other agencies did not investigate Dzhokhar Tsarnaev’s possible nexus to terrorism before the bombings, and the OIGs did not review what if any investigative steps could have been taken with respect to Dzhokhar Tsarnaev.

I’ll come back to this. But the indictment lists a number of things that the FBI, in their stings, have found and used to identify easy marks. They did not do so here, with Dzhokhar. Which raises real questions about why they chose not to pursue him when they’ve pursued so many other young men like Dzhokhar?

(PDF 4) Here’s who was included in this review:

We also requested other federal agencies to identify relevant information they may have had prior to the bombings. These agencies included the Department of Defense (including the National Security Agency (NSA)), Department of State, Department of the Treasury, Department of Energy, and the Drug Enforcement Administration.

There has been little discussion of DEA’s likely awareness of the brothers, but it is likely, given that they were dealing drugs with potential ties to organized crime. And NSA, but I harp on that too much. I’m curious what role DOE might have.

(PDF 4) Again, they specify they’re only looking at pre-attack data. Which dodges what they could have collected but didn’t.

Additionally, each OIG conducted or directed its component agencies to conduct database searches to identify relevant pre-bombing information.

(PDF 4-5) As with HHSC’s report, the FBI stalled here.

As described in more detail in the classified report, the DOJ OIG’s access to certain information was significantly delayed at the outset of the review by disagreements with FBI officials over whether certain requests fell outside the scope of the review or could cause harm to the criminal investigation. Only after many months of discussions were these issues resolved, and time that otherwise could have been devoted to completing this review was instead spent on resolving these matters.

(PDF 5) The 12333 passage makes it clear NSA had a big role here. But, again, its IG did not conduct an investigation.

(PDF 6-7) The CIA section is very thin. I assume some stuff is missing.

(PDF 8) Note the importance of NSA’s sharing with FBI here?

Of particular relevance to this review are the relationships between the FBI, CIA, and DHS, as well as the relationship between the FBI and the NSA, and the NCTC’s relationships throughout the Intelligence Community.

(PDF 8) This makes clear that the transcription and birthdate errors were in both FSB warnings; it’s just that CIA didn’t fix the second one.

Importantly, the memorandum included two incorrect dates of birth (October 21, 1987 or 1988) for Tamerlan Tsarnaev, and the English translation used by the FBI transliterated their last names as Tsarnayev and Tsarnayeva, respectively.

(PDF 10) This passage seems to admit that FBI could have, but did not, search FISA related databases. It also suggests there was a “certain telephone database,” which might include the Hemisphere database, which performs the same function as the NSA claims (falsely) the phone dragnet does. Note, too, that they’ve only checked for the Tsarnaevs in FBI databases. I’ll come back to these databases in a later post.

Additionally, the DOJ OIG determined that the CT Agent did not use every relevant search term known or available at the time to query the FBI systems, including certain telephone databases and databases that include information collected under authority of the Foreign Intelligence Surveillance Act (FISA). However, searches of FBI databases conducted at the direction of the DOJ OIG during this review produced little information beyond that identified by the CT Agent during the assessment, with the exception of additional travel-related data for Zubeidat Tsarnaeva.

(PDF 11) Note that the second FBI letter to FSB, dated October 7, 2011, postdated the FSB notice to CIA. But it also comes at a time when Boston area law enforcement were conducting an investigation into the murder of Tamerlan’s best friend. The Waltham murders are not mentioned at all in the unclassified report.

(PDF 12) The IG Report does not tell us the date in September when FSB provided notice to CIA. Given that Tamerlan may have just been or was about to be involved in a grisly murder, I find that omission very notable.

(PDF 12) Note you can be watchlisted without derogatory information. This seems to be because of the exception mentioned in FN 10. But fat lot of good it did in this case. Per the footnote, that exception subsequently got disqualified, though I bet it has been qualified again.

(PDF 12) The IG Report doesn’t even acknowledge there was some other kind of difference between the first and the later watchlist entries as indicated on pp 33-4 of the HHSAC Committee report, which suggests that discussion may be redacted entirely.

(PDF 16) Note that, as happens with all Legal Permanent Residents, Tamerlan was photographed (and fingerprinted) during immigration. I’m surprised there isn’t more discussion of this (though it may be classified). But one big point of this relatively new border protocol is to have recent pictures on hand in case, say, you need to do facial recognition on pictures from a terrorist attack. Were they used?

(PDF 19) Note the big redaction describing intercepted communications. This may simply describe what the Russians had collected, which led to their tip. But I do wonder whether NSA collected its own version, not least because details of the Russian intercept has been widely reported.

(PDF 20) Note that the discussion of Tamerlan’s (remember, Dzhokhar is not included here) computer materials is described solely in terms of what FBI could do. That’s different from what both DHS does (they track public online speech) and NSA. It’s unclear whether they could have found some of this using methods available to them, but the report’s silence on that point is notable.

The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.”


The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.

The passage goes on to report the 7 copies of Inspire on one of the computers used by Tamerlan (again, there’s no mention of Dzhokhar here).

Something they’re not saying, but we know to be true.  Had they picked up Inspire either through a 702 upstream search or XKeyscore, they would have had identifiers that could have pegged Tsarnaev’s identity and tied it to all his other identities, regardless of the fact Tamerlan used an alias until February 2013.

And note the big redaction: NSA had information that dated to 2012, which may well have been the intercepts with Plotnikov.

Finally, note that FBI never turned over most of the information about Tamerlan’s Google accounts. The excuse (as noted above) was the ongoing investigation. But I wonder whether that’s ongoing investigation into the Waltham murder or the Marathon attack.

(PDF 25) Note the discussion of enhancement in the 2nd-to-last bullet. I believe this suggests that transliteration questions are only addressed with this enhancement.

(PDF 25) Note that they at least used to delete US person travel info after 6 months unless it represents terrorism information. This would arise from NCTC’s minimization procedures.

(PDF 32) As noted above, we don’t get John Brennan’s response to this, though he presumably sent one. I suspect that means there are classified recommendations for the Agency and that his response reflects that. While it’s not clear what the foreign target would be in this context (perhaps an investigation of the person to whom Zubeidat was speaking about Tamerlan wanting to join jihad?) but there seems to have been some.

Newly-Released Dragnet Order Suggests Spike in 215 Orders May Include Financial Records

I Con the Record reissued less classified versions of two Section 215 orders: the March 2, 2009 one that sharply restricted the phone dragnet without much new declassified, and the June 22, 2009 one that dealt, in part, with FBI and CIA access to the data in both the Internet and phone dragnet, showing both those parts unclassified in the same order (previously the government had released two separate versions — phone, Internet — with different things declassified).

The only new document was a November 23, 2010 order, modeled closely on a December 12, 2008 one. The earlier one had judged that the Stored Communication Act’s limits on collection did not preclude the use of Section 215 to collect phone records. This one judged that the Right to Financial Privacy Act did not preclude the use of Section 215 to collect financial records. Both opinions basically find that because those laws permit the use of National Security Letters to obtain such records without judicial review, clearly it’s okay to obtain the same records with judicial review under Section 215.

Of course, we know that in the phone context — and so presumably also in the financial records context — the use of Section 215 also entailed bulk, potentially comprehensive collection. While some bulk collection occurred under NSLs, especially for phone records (we know that because that’s the only category of NSL that doesn’t get accounted individually in public records), and while we assume bulk collection occurred under Bush’s illegal program via other means, moving a new kind of record under Section 215 may represent the institutionalization of bulk collections of another type of document.

Aside from revealing that this order pertained to financial records, we don’t know much about the underlying order. The order says the records were provided to the FBI (though WSJ and NYT reported CIA used Section 215 to get money order records). It uses “financial records” in scare quotes, so it is possible it is something beyond just bank records. And the fact that it was stamped by John Bates (then the presiding judge) suggests it may have been regarded as rather significant.

All that said, this opinion doesn’t necessarily mark November 2010 as the date the government started using Section 215 to collect (presumably bulk) financial records. After all, the government collected phone records for over 2 years before answering the seemingly obvious question of whether doing so violated other laws. I suspect they did so in 2008 in response to questions then DOJ Inspector General Glenn Fine kept raising about Section 215. And it is perhaps instructive that Fine was, in November 2010, working on a new Section 215 review, one that has since been delayed, in part by ODNI and DOJ refusal to declassify a number of documents, for 1,371 days.

Perhaps it’s just a remarkable coinkydink, but Fine resigned 6 days after this FISC ruling was issued.

Two more details about this. First, as I have shown, DOJ appears to have been hiding details about Section 215 from Congress during this period, though the only financial records they would have been obliged to disclose were tax records.

In addition, the number Section 215 orders started going up drastically in 2010, along with the number of orders the FISC modified to require minimization procedures.

Nevertheless, the reports show us two new things.

Screen shot 2013-11-22 at 8.52.29 AM

First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:

The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).

The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).

I’ve suggested that 176 modified applications may suggest the government has as many as 44 bulk collection programs, which would be renewed every three months  (or, alternately, a whole lot more specific bulk collection orders).

That is, this rise in what are almost certainly bulk collection orders came around the same time as FISC “Bates-stamped” the collection of financial records with Section 215.

Finally, consider one more thing. Last year, 26 Senators raised concerns about credit card records; last week’s RuppRoge House Intelligence Committee dragnet fix doesn’t prohibit the bulk collection of credit card records (their list, I now realize, is based off the list of sensitive records currently written into Section 215). Credit card records are covered under FRPA.

So while it would be a wildarsed guess, it would not be unreasonable to guess that some of this spike in bulk collection involved credit card records, approved by this November 2010 opinion.

Any bets we’ll finally get that DOJ IG Report on Section 215, showing that’s what they’ve been doing?

What Was the Purpose of the Exigent Letter Program?

I’m aiming to have some rough guesses about what kind of bulk collection the FBI might use National Security Letters for (spoiler alert: my wildarseguess is that they’re getting subscriber lists from the same telecoms they’re getting phone dragnet data from).

But first, I want to return to the exigent letter program and consider how it may have complemented the dragnet during the period the dragnet had no court sanction.

As a reminder, starting in 2002, the FBI started getting phone calling records on individual users directly from telecoms using “exigent letters” — basically letters saying they needed the records urgently and promising some kind of legal documentation in the future. In 2003, representatives of the telecoms started moving onsite, so FBI Agents could ask for this information while looking over the representatives’ shoulders. As part of it, the FBI got “community of interest” data (basically, the 3-degrees information the phone dragnet provides) and “hot number” data (an alert when a number was used, which also became part of the phone dragnet). The program spun out of control because FBI often would never go back and provide that paperwork (and also they used it for improper purposes).

In 2006, at the same time the the phone dragnet from the illegal wiretap program was moving to Section 215 orders, FBI was trying to clean up the exigent letter problems with “blanket National Security Letters.” FBI issued the first blanket NSL on May 12, 2006; FISC approved the first Section 215 order on May 24. And while it took until January 2008 for the last telecom personnel to move out of FBI digs, FBI started phasing out the program by imposing new restrictions in 2006.

There’s a lot we don’t know yet about the exigent letters program — and the actions of those telecom personnel camping out at the FBI. That the 2010 IG Report on was produced in TS/SCI, classified, and unclassified versions (the other two NSL IG Reports (2007, 2008) came in classified and unclassified versions) suggests it had some tie to more sensitive counterterrorism programs, quite likely the illegal program.

And to some degree, the onsite telecom personnel were duplicating what we understand NSA to have been doing with phone call records in the illegal wiretap program: tracking activity and establishing 3-degree-of-separation maps around phone identifiers of interest. At least for those FBI Agents who knew of the illegal dragnet, they could get the same information from the NSA, though for FBI Agents it was likely more immediate to go directly to the telecom person and provide requests on post-it notes (as sometimes occurred). Moreover, the FBI could and did quickly check whether queries would be fruitful before they formally queried a number. That means they could use the telecom presence to run contact-chaining on people who were not yet formally identified as terrorist suspects (though that seems to have been possible with the NSA program at that point too).

But the duplicative nature of the program suggests the possibility (particularly given that it started in earnest in May 2003, after the illegal program had gotten started) that the telecom presence was used to launder results back through the telecoms to make them usable for both FISC and other Title III Courts.

One more thing of interest, given my spoiler alert. As far as I understand, the FBI would have access not just to a number’s community of interest, but also to the name of a phone subscriber (or, alternately, immediately be able to learn if a telecom served a particularly person or number). That is, the onsite telecom program provided the FBI with something that the current dragnet, as publicly understood, did not: easy access to contact-chaining, with identities attached.

As I have noted before, DOJ’s Inspector General has said he may be limited in what he presents in his 1,297-day old study of the use of Section 215 through 2009, started under his predecessor (who authored all the other reports), Glenn Fine, unless DOJ will declassify the earlier NSL and Section 215 reports. So there’s clearly a tie between what was done with Section 215 as it moved under FISC review and what had been done earlier with NSLs.

One thing I’m wondering about is whether FBI uses(d) NSLs to accomplish the parts of the previous programs that haven’t been authorized under the use of Section 215.

DOJ’s IG Hints at Concerns about Back Door Search Issues

In addition to focusing on whether the classification of past IG Reports will limit what he can release about the Section 215 dragnet and Section 702 content collection, DOJ Inspector General Michael Horowitz laid out one more significant civil liberties concern related to national security investigations.

Additional concerns about civil rights and liberties are likely to arise in the future. For example, significant public attention has been paid to programs authorizing the acquisition of national security information, but relatively less has been paid to the storing, handling, and use of that information. Yet after information has been lawfully collected for one investigation, crucial questions arise about whether and how that information may be stored, shared, and used in support of subsequent investigations. Similar questions arise about the impact on civil rights and liberties of conducting electronic searches of national security information and about whether and how information obtained in a national security context can be used for criminal law enforcement. As the Department continues to acquire, store, and use national security information, these issues will arise more and more frequently, and the Department must ensure that civil rights and liberties are not transgressed.

I don’t guarantee this is a reference to back door searches.

But we know that FBI has been permitted to conduct searches on content collected under traditional FISA or FISA Amendments Act since at least 2008. We know that the Intelligence Community does not believe it needs even Reasonable Articulable Suspicion — of a national security concern or of a crime — to search this data. And in the past, DOJ has argued it can use FISA-collected information to find things like evidence of rape to use to coerce people to turn informant.

So I’m going to wildarseguess that at least part of what Horowitz alludes to here pertains to whether DOJ can search this incidentally collected information in support of criminal investigations. That would of course violate the spirit of every wiretap law in the country, but given the government’s past interpretations of what the elimination of the wall between NSA and FBI means and their claims they don’t need RAS to search these databases, it is a real possibility that’s what they doing (though they may be claiming that the crimes in question are “related” to the national security claims — things like money laundering and drug sales and so forth).

I’m also interested in Horowitz’ allusion to “national security information.” Does this go beyond content? Is he worried about the use of bulk-collected data in criminal investigations?

OK, now he’s got me worried.

But note what he doesn’t say: that he’s investigating this.

Will DOJ’s 1,265-Day Old Section 215 Review Be Squelched By Past Classifications?

DOJ’s Inspector General Michael Horowitz released his annual list of challenges today (which includes a focus on prison problems). In his section on national security and civil liberties he spends 4 paragraphs calling for more information sharing before he turns to civil liberties. In that section, he once again promises the report on the use of Section 215 his office has been working on for 1,265 days.

But he adds something new. He suggests this report may be limited by whether or not DOJ and ODNI declassify sections of the past reports.

The OIG’s ongoing reviews also include our third review of the Department’s requests for business records under Section 215 of the Foreign Intelligence Surveillance Act (FISA), as well as our first review of the Department’s use of pen register and trap-and-trace devices under FISA.  Although the full versions of our prior reports on NSLs and Section 215 all remain classified, we have released unclassified versions of these reports, and we have requested that the Department and the Office of the Director of National Intelligence (ODNI) conduct declassification reviews of the full classified versions.  The results of any declassification review may also affect how much information we will be able to publish regarding our pending reviews when they are complete.

As I have noted in the past, the 2008 report includes two appendices on then-secret uses of Section 215, one of which almost certainly pertains to the phone dragnet. In addition, it includes a sharply critical section on DOJ’s failure to institute new minimization procedures specific to Section 215 (which would dramatically affect its use for the phone dragnet).

Now Horowitz is saying that, unless DOJ and ODNI declassify these past reports, he won’t be able to present in unclassified form all the findings in his current report (which covers the period through 2009, and therefore the violations discovered in that year).

Horowitz suggests something similar is going on with DOJ IG’s work on content collection as well. Both a report he did last year on the FISA Amendments Act (which may suggest the FBI has not always abided by its targeting and minimization procedures) and Glenn Fine’s DOJ-specific review on the illegal wiretap program remain classified.

The OIG has also conducted oversight of other programs designed to acquire national security and foreign intelligence information, including the FBI’s use of Section 702 of the FISA Amendments Act (FAA), which authorizes the targeting of non-U.S. persons reasonably believed to be located outside the United States to acquire foreign intelligence information.  The OIG’s 2012 review culminated in a classified report released to the Department and to Congress that assessed, among other things, the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity and the FBI’s compliance with the targeting and minimization procedures required under the FAA.  Especially in light of the fact that Congress reauthorized the FAA for another 5 years last session, we believe the findings and recommendations in our report will be of continuing benefit to the Department as it seeks to ensure the responsible use of this foreign intelligence tool.  This report also was included in our request to the Department and ODNI for a declassification review, as was the full, classified version of our 2009 report on the President’s Surveillance Program, which described certain intelligence-gathering activities that took place prior to the enactment of the FAA. [my emphasis]

Elsewhere, Horowitz alludes to the Snowden leaks. Clearly, much of what appears in the 2009 and 2012 reports has been covered in leaks and releases to Congress. And yet, it seems, someone is stalling the declassification of DOJ IG’s work.

What has DOJ’s IG found that Eric Holder and James Clapper are trying to hide?

Guidance Directive [Redacted]”'>The FBI’s Official “CAIR Has Cooties Guidance Directive [Redacted]”

I had just about come to the conclusion that Michael Horowitz, DOJ’s Inspector General who took over after Glenn Fine retired in 2010, was a worthy successor. In recent weeks, Horowitz has released reports critical of DOJ’s handling of classified information, its refusal to account for drones’ unique risks to privacy, and the Bureau of Alcohol, Tobacco, and Firearms’ use of “churning” (money-making) operations.

But then I read this report — on the FBI’s Interactions with the Council on American-Islamic Relations — and I got literally sick to my stomach.

The report purports to determine whether the FBI complies with Agency guidance — the title and issuing authority for which are redacted in the report, which is why I am referring to it as the “Cooties Guidance Directive [Redacted]” throughout, even where it is redacted in direct quotes — that FBI personnel are not to engage in any community outreach with people from CAIR. For results, it shows that in three of five cases where FBI personnel did engage (or almost engage!) with people from CAIR, the personnel either didn’t consult with the FBI entity the IG deems to be in charge of this policy (which is probably the Counterterrorism Division, but the IG Report redacts that too), or consulted instead with the Office of Public Affairs, which is in charge of community outreach.

In response to these shocking (!!) results, Congressman Frank Wolf has already called for heads to roll.

But what the report actually shows is, first of all, how in response to two non-criminal pieces of evidence — a meeting between men who would go on to found CAIR and Hamas, which was not yet a designated a terrorist organization, and CAIR’s designation as an unindicted co-conspirator in the Holy Land Foundation case (the publication of which was subsequently deemed a violation of the group’s Fifth Amendment rights) — the FBI formulated a formal policy to treat that organization as if it has cooties.

And yet, even the language the IG repeats about this policy makes it clear that the FBI was operating on a policy of “guilty until proven innocent.”

The guidance specifically stated that, until the FBI could determine whether there continued to be a connection between CAIR or its executives and Hamas, “the FBI does not view CAIR as an appropriate liaison partner” for non-investigative activities.

That is, for the entire 5 year period versions of this policy have been in place, FBI has maintained that so long as it doesn’t develop evidence that CAIR has no ties to Hamas, then FBI will treat the organization and its officials as if they do have such ties by refusing to let them on FBI property or attend any CAIR-affiliated events. And we’re supposed to believe, I guess, that the FBI has used not a single one of their intrusive investigative methods to try to prove or disprove this allegation in the interim 5 years, and so it just will never know whether the allegation is correct or not, and so must operate on the playground Cooties standard.

Heck, in one of the “incidents” the report investigates, the local FBI office actually vetted an event participant to make sure his service on CAIR’s local board didn’t taint all his other community ties so badly that he should not participate in the event.

Yet whether or not a particular CAIR representative [redacted] is irrelevant to the Cooties Guidance Directive  [Redacted] to deny the organization access to the FBI in such non-investigative community-outreach activities.

And the IG Report — Michael Horowitz’ report — judges that vetting that found this gentleman to be innocent was not sufficient reason to ignore the Cooties Guidance Directive [Redacted]. The Report seems to endorse the view that vetting notwithstanding, this guy had a formal role in CAIR that made all his other roles in the Muslim community suspect and that’s the way things work in America.

Then there’s the underlying logic. The entire policy is premised on a bizarre belief that it is exploitative for a Muslim organization to advertise its willingness to work with the FBI.

The June 2011 EC also reiterated that CAIR was not prohibited from “maintaining a relationship with the FBI regarding civil rights or criminal violations; however, civil rights and criminal squads should be cognizant CAIR has exploited these relationships in the past.”


The end result of this incident- CAIR posting on its website of a photograph showing the SAC speaking at the event and a description of CAIR’s Civil Rights Director moderating his speech is the sort of exploitation of contact with the FBI that the Cooties Guidance
Directive [Redacted] was intended to avoid.

I don’t get it. If CAIR really were a terrorist sleeper cell, wouldn’t advertising their willingness to associate with the FBI completely ruin all their terrorist Cred, and therefore neutralize whatever threat they presented?

In any case, on the one hand, the report chronicles how the federal agency in charge of investigating civil rights abuses basically treated an entire constitutionally protected civil rights organization as guilty without charging it with any crime.

But then there’s the fact that, after responding to a request to fear-mongers in Congress, this report saw the light of day in the fashion it appears.

As noted above, the IG Report seems to accept this premise of guilty until proven innocent without noting the problem underlying it. Like, you know, the Constitution. In places, the language of the report even echos that of a presumption of guilt, as in this passage where it berates OPA for actually treating an individual with multiple formal ties to the Muslim community as such, rather than as someone branded solely by his affiliation with CAIR.

It appears that OPA provided guidance that effectively reversed the presumption against CAIR participation in non-investigatory FBI activities in this instance. OPA indicated that it wanted to ensure that there was sufficient justification for excluding the CAIR participant apart from his role in CAIR.

Then there’s the way in which this was released. While the actual Cooties Guidance  Directive [Redacted] is classified, nothing else in the report seems like it should be (though the FBI has removed the classification marks from the paragraphs to hide the basis for their claims that this is classified). In particular, FBI or DOJ or OIG has chosen to redact anything that would make it clear whether this is an actual policy, or just guidance on which CTD and OPA disagree (in their complaint about the report, the ACLU notes that it doesn’t appear to have gone through the formal policy-making process). And yet, having hidden that information, the IG presents it as if the failure to implement the Cooties Guidance Directive [Redacted] is a graver problem than the upending of presumption of innocence.

Finally, there are a few tonal issues. For example, the report presents this view — from a Chicago SAC who twice blew off the Cootie Guidance Directive [Redacted] — as if his basic civility presents a problem.

He stated that if DHS considered CAIR officials to be part of the community and invited them to the Roundtable, the FBI was not going to deny them entry at the door.

In another instance, it quotes another violating SAC as using the term “Islamophobia” (PDF 22), but presents the term in scare quotes. This is borderline McCarthyist shit, treating the language of people fighting terrorists by treating Muslims as human beings as some kind of brand against them.

Finally, there’s the timing of this. The fear-mongers requested this report in March 2012 — over 20 months after after the Section 215 IG Report that we’ve been waiting for for 1,224 days got started. Three of four of what are probably interviews with those deemed in violation of this guidance took place over the course of 8 days in August and September of 2012 (the last took place in July, which makes me wonder whether that was added to beef up an otherwise thin report.)

But then the report didn’t get released until a second state CAIR affiliate starts challenging the FBI’s killing of a Muslim person. And the IG Report got released on the very same day that CAIR released a major report on Islamophobia (or, as the IG appears to treat it, “Islamophobia.”)

The whole thing seems designed not to make the FBI a more orderly place (if that were the purpose, then it might be better to focus on how the Cooties Guidance Directive
[Redacted] became formal policy — if it did — without going through formal policy channels). Rather, it seems designed to foment a kind of McCarthyism within FBI targeted at those counterterrorism investigators who believe the best way to fight Islamic extremists is to treat Muslims as partners in rooting out violence.

Hot Numbers and the 2009 Troubles

Starting in 2007, DOJ’s Inpector General Glenn Fine did a series of reports on the FBI’s use of National Security Letters and Exigent Letters. In response (and as the FBI tried to clean up the mess from its inappropriate use of those tools), in 2007 the government asked OLC for an interpretation on the Electronic Communications Privacy Act. That opinion, which was issued on November 8, 2008, ruled that ECPA barred telecom providers from responding to certain kinds of requests without legal process.

Finally, you have asked whether a provider, in answer to an oral request before service of an NSL, may tell the FBI whether a particular account exists. This information would be confined to whether a provider serves a particular subscriber or a particular phone number. We believe that ECPA ordinarily bars providers from complying with such requests.

In the last of his IG Reports on NSLs and Exigent Letters, Fine argued that that OLC opinion made two of FBI’s practices with exigent letters — “sneak peeks” and “hot numbers” — illegal.

[T]he Department’s Office of Legal Counsel concluded, and we agree, that the ECPA ordinarily bars communications service providers from telling the FBI, prior to service of legal process, whether a particular account exists. We also concluded that if that type of information falls within the ambit of “a record or other information pertaining to a subscriber to or customer of such service” under 18 USC 2702(a)(3), so does the existence of calling activity by particular hot telephone numbers, absent a qualifying emergency under 18 USC 2702(c)(4).


Therefore, we believe that the practice of obtaining calling activity information about how numbers in these matters without service of legal process violated the ECPA.


We believe the FBI should carefully review the circumstances in which FBI personnel asked the on-site communications service providers [redacted] “hot numbers” to enable the Department to determine if the FBI obtained calling activity information under circumstances that trigger discovery or other obligations in any criminal investigations or prosecutions.

The “hot number” practice is functionally equivalent to the “alert list” the NSA used on the Section 215 dragnet database, in which it checked daily incoming calls to see if there had been any US contact with both approved and unapproved identifiers; if there was activity in both cases, it would spark further investigation.

The practice Fine focused on in this report was the requests FBI would get onsite telecom providers to fill without a subpoena. But at the same time Fine was working on that series of reports (the last one wasn’t issued until 2010) he was also working on a report on the FBI’s 2006 use of Section 215 (issued in March 2008), which included two classified appendices on bulk collection programs including (presumably) the phone dragnet from May until December 2006, and the 2009 Joint IG Report on the illegal wiretap program (which would have covered the dragnet program through May 2006).

We now know that both the pre May 2006 dragnet program and the post May 2006 dragnet program included a practice that, in wake of that OLC opinion (and perhaps before), Fine would find required some legal attention (the Pen Register equivalent in a grand jury context might put the post May 2006 practice in good stead, the 2008 opinion would seem to make the use of alerts earlier illegal, along with everything else).

Which may be why the government asked Judge Reggie Walton to consider whether the dragnet program complied with ECPA for his December 12, 2008 opinion.

That’s just a hypothesis (though the December 2008 would have been the first dragnet application after the OLC memo).

But if it’s right, it makes the NSA”s “discovery” of the alert process the following month all the more ridiculous. The alert process had been in place for years. FBI was being scolded for an equivalent practice (that ended in 2006) within FBI. And yet NSA somehow didn’t think to tell Walton about it until he had ruled ECPA did not present a problem for the dragnet more generally.

These three programs — the illegal program and the exigent letters, which both became the early dragnet in 2006 — are all closely related. Once you read them in tandem, though, it makes NSA”s claims to ignorance completely incredible.

Which brings me back to a reminder I’ve made several times. In the wake of the 2009 discoveries, Pat Leahy tried to mandate a DOJ review of the ongoing Section 215 activity, an effort the Administration thwarted. Fine agreed to do one anyway … then left. His replacement, Michael Horowitz, keeps claiming he’s still working on that investigation (but only covering the activities through 2009). That investigation has been going on 1,191 days now.

Update: Another interesting timing detail. According to the White Paper, the Intelligence and Judiciary Committees had all received the initial application and Primary Order on the dragnet by December 2008. So did they wait until the Walton opinion? Or did they know the Judiciary Committees would get them as part of DOJ IG reports?

If by “New” IG Investigation You Mean 1,155 Days Old

Shane Harris reads the DOJ IG Report on its civil liberties related work and reports that it is investigating the use of Section 215 of the PATRIOT Act.

The Department of Justice Inspector General, which has issued several critical reports over the years about FBI surveillance, is again looking into the bureau’s use of powerful and secretive orders for information about Americans.

A new review is examining “any improper or illegal uses” of the FBI’s surveillance authorities under Section 215 of the Patriot Act. That’s the portion of the law that allows the government to collect Americans’ phone records en masse. And in what appears to be a first review of its kind, the IG will also look at the FBI’s use of pen register and trap-and-trace authority under the Foreign Intelligence Surveillance Act. These are the authorities that allow the bureau to track the metadata of communications made to and from phone numbers and email accounts.

Only this is not a new review. Now-retired DOJ IG Glenn Fine first laid out his plans for the investigation on June 15, 2010 in a letter to Pat Leahy. I reported on the April update on that investigation and the related back story here, 6 weeks ago.

By my math, that means this IG Investigation of abuses we know occurred in 2009 has been going on  1,155 days. And the investigation remains focused on abuses that happened 2 PATRIOT Act extensions ago, rather than what is going on with the program now.

DOJ’s IG, at least under Fine, was very good at rooting out problems with intelligence programs. But we have yet to hear much from his replacement, Michael Horowitz (who has been on the job for 16 months after a long delay in both nominating and confirming him), to indicate one way or another whether he’ll be as good as Fine.

We do know he’s taking his sweet time reviewing problems that happened 4 years ago.

On the Refusal to Exercise Oversight over Vast Surveillance Programs, Episode 117

The Joint IG Report on the illegal wiretap program left out all discussion of what happened to the Internet and (to a lesser extent) phone metadata collection that got moved into Pen Register/Trap&Trace and Section 215 collection, respectively, as described by the NSA Draft IG Report (see page 39 ff).

The transition of certain PSP-authorized activities to FISC orders is described in detail in Section 5 of the classified report and Chapter Five of the DOJ OIG Report. Further details regarding this transition are classified and therefore cannot be addressed in this unclassified report.

But the report did make it clear that Glenn Fine, then DOJ’s Inspector General, had recommended DOJ and other Intelligence Committee agencies track whether these programs were useful in their new form.

As noted above, certain activities that were originally authorized as part of the PSP have subsequently been authorized under orders issued by the FISC. The DOJ OIG believes that DOJ and other IC agencies should continue to assess the value of information derived from such activities to the government’s counterterrorism efforts.


Finally, the collection activities pursued under the PSP, and under FISA following the PSP’s transition to that authority, involved unprecedented collection activities. We believe the retention and use by IC organizations of information collected under the PSP and FISA should be carefully monitored.

The Joint IG Report came out in July 2009. The debate over extending the PATRIOT Act started in earnest in September 2009.

Yet not only wasn’t that review baked into the extension, but when Patrick Leahy tried to include additional oversight that would include, among other things,

  • Mandate further audits of some of these provisions, such as the use of pen registers
  • Give the Court oversight over the minimization procedures for the use of Section 215 and pen register and trap and trace devices
  • Require that Section 215 and pen registers only be granted if authorities can show that the requested information has ties to terrorism

Dianne Feinstein got Leahy to take much of that out in a substitute bill, and then Jeff Sessions, seemingly working on behalf of the Administration, gutted things further in the Senate markup. It was fairly clear then that the IC — if not the Administration personally — wanted to make sure this oversight did not get added to the PATRIOT Act.

And it didn’t.

The next year, Glenn Fine — who, of course, was the guy who recommended increased oversight in the first place — said he’d do the reviews anyway.

We intend to initiate another review examining the FBI’s use of NSLs and Section 215 orders for business records. Among other issues, our review will assess the FBI’s progress in responding to the OIG’s recommendations in the prior reports. In addition, we intend to examine the number of NSLs issued by the FBI from 2007 through 2009, and we will closely examine the automated system to generate and track NSLs that the FBI implemented to address the deficiencies identified in the OIG reports.

In addition, our review will cover the FBI’s use of Section 215 orders for business records. It will examine the number of Section 215 applications filed from 2007 through 2009, how the FBI is using the tool today, and describe any reported improper or illegal uses of the authority. Our review will also examine the progress the FBI has made in addressing recommendations contained our prior reports that the FBI draft and implement minimization procedures specifically for information collected under Section 215 authority.

We also intend to conduct a programmatic review of the FBI’s use of its pen register and trap and trace authority under the FISA. That part of the review will examine issues such as how the FBI uses the authority to collect information, what the FBI does with the information it collects, and whether there have been any improper or illegal uses of the authority either reported by the FBI or identified by the OIG. [my emphasis]

Writing in 2010, when both metadata collection programs were still ongoing under these authorities, this basically laid out a plan to review all the secret metadata collection hidden inside these authorities.

Fine wrote that in June; in November of that year, he announced his resignation, saying he wanted to pursue new professional challenges.

Read more

The Intelligence Community’s Willful Ignorance about Americans Caught in 702 Surveillance

Given the Intelligence Community’s reluctant and partial disclosures on the Section 702 (PRISM/FAA) collection, I want to return to a squabble from last fall, before Congress reauthorized FAA.

As you’ll recall, Ron Wyden tried to get the IC to disclose the number of Americans whose communication had been reviewed under Section 702. The IC dicked around long enough to ensure Wyden didn’t get an answer in time to make a political stink about it. When they finally gave him an answer, they said providing such a number would violate the privacy of Americans.

I defer to [the NSA Inspector General’s] conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Ultimately, this statement seemed to be as much about resource allocation as anything else — the NSA and IC IGs would need more staff to accomplish the tast. (I must say, I do find it interesting the ICIG has time to investigate 375 leaks but not enough time to find out how many Americans are being spied on.)

But look at how closely the government is purportedly tracking US person data.

These procedures require that the acquisition of information is conducted, to the greatest extent reasonably feasible, to minimize the acquisition of information not relevant to the authorized foreign intelligence purpose.

Any inadvertently acquired communication of or concerning a U.S. person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.


Any information collected after a foreign target enters the U.S. –or prior to a discovery that any target erroneously believed to be foreign was in fact a U.S. person– must be promptly destroyed unless that information meets specific, limited criteria approved by the Foreign Intelligence Surveillance Court.

The dissemination of any information about U.S. persons is expressly prohibited unless it is necessary to understand foreign intelligence or assess its importance; is evidence of a crime; or indicates a threat of death or serious bodily harm.

Now, these passages ought to make people more worried about privacy than not. Stated clearly, it says the government believes it can collect and keep US person content if it deems that content “relevant” to the reason they collected the information.

Remember two things: this collection is not limited to use with terrorism; it can be used for espionage investigations, hacking, or any foreign intelligence purpose. And the government has already deemed every single one of our phone records to be “relevant” to an umbrella terror investigation, so the definition of relevance the government has developed in secret is unbelievably broad and persmissive.

That collection — the people whose content is reviewed and deemed relevant and kept — is the universe of people Wyden wanted to count. And the government is making decisions about the relevance of them in secret, but not tracking the process by which they do so.

Note too that the government can disseminate US person communications if “it is necessary to understand foreign intelligence.” This is not news (which is why it is so appalling that people were fighting over whether the government could listen to US person calls or read their emails). It is part of traditional FISA, too. (It was using that excuse that John Bolton was learning about what his rivals were negotiating with the North Koreans.) But given how much more information an analyst can access both because she is accessing all Internet activity and not just phone, but also because more associated communications are sucked up with a target, it means many more US persons’ communications might be disseminated. It’s not clear, by the way, such dissemination would exclude privileged conversations between lawyers and clients, or discussions between journalists and sources.

And this second group of people — the ones whose communications are being circulated — are counted.

Though we’re not allowed to know what those numbers are.

Here’s what the DOJ Inspector General Michael Horowitz had to say about a statutorily required review of the 702 collection he recently completed (I think, but it’s not entirely clear, that Horowitz didn’t finish this review until after FAA was renewed last year — I know he didn’t finish it before the Judiciary and Intelligence Committees passed it out).

Inspector General Michael E. Horowitz of the United States Department of Justice Office of the Inspector General (OIG) recently issued a report examining the activities of the Federal Bureau of Investigation (FBI) under Section 702 of the Foreign Intelligence Surveillance Act Amendments Act of 2008 (Act). Section 702 authorizes the targeting of non-U.S. persons reasonably believed to be outside the United States for the purpose of acquiring foreign intelligence information. The Act required that the Inspector General conduct a review of the Department’s role in this process and, in conjunction with this review, the OIG reviewed the number of disseminated FBI intelligence reports containing a reference to a U.S. person identity, the number of U.S. person identities subsequently disseminated in response to requests for identities not referred to by name or title in the original reporting, the number of targets later determined to be located in the United States, and whether communications of such targets were reviewed. See 50 U.S.C. 1881a(l)(2)(B) and (C). The OIG also reviewed the FBI’s compliance with the targeting and minimization procedures required under the Act.

The final report has been issued and delivered to the relevant Congressional oversight and intelligence committees, as well as leadership offices. Because the report is classified, its contents cannot be disclosed to the public.

In other words, the DOJ IG counted — because the law required him to — the following:

  • The number of US person-related communication that got disseminated in a first dissemination of intelligence 
  • The number of US persons whose identity identified in a follow-up on an original dissemination
  • The number of targets originally believed to be foreign who end up being US persons (note, the NSA conveniently doesn’t explain what the specific criteria are that would allow the government to keep these communications … I wonder why?)

But it did not count how many US persons’ communications were reviewed but not disseminated, many of which may be retained under the relevance standard.

In general, when the government chooses not to count things, there’s a reason it doesn’t want to.