Posts

A Dragnet of emptywheel’s Most Important Posts on Surveillance, 2007 to 2017

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten this week.

To celebrate, the emptywheel team has been sharing some of our favorite work from the last decade. This is my massive dragnet of surveillance posts.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2007

Whitehouse Reveals Smoking Gun of White House Claiming Not to Be Bound by Any Law

Just days after opening the new digs, I noticed Sheldon Whitehouse entering important details into the Senate record — notably, that John Yoo had pixie dusted EO 12333 to permit George Bush to authorize the Stellar Wind dragnet. In the ten years since, both parties worked to gradually expand spying on Americans under EO 12333, only to have Obama permit the sharing of raw EO 12333 data in its last days in office, completing the years long project of restoring Stellar Wind’s functionalities. This post, from 2016, analyzes a version of the underlying memo permitting the President to change EO 12333 without providing public notice he had done so.

2008

McConnell and Mukasey Tell Half Truths

In the wake of the Protect America Act, I started to track surveillance legislation as it was written, rather than figure out after the fact how the intelligence community snookered us. In this post, I examined the veto threats Mike McConnell and Michael Mukasey issued in response to some Russ Feingold amendments to the FISA Amendments Act and showed that the government intended to use that authority to access Americans’ communication via both what we now call back door searches and reverse targeting. “That is, one of the main purposes is to collect communications in the United States.”

9 years later, we’re still litigating this (though, since then FISC has permitted the NSA to collect entirely domestic communications under the 2014 exception).

2009

FISA + EO 12333 + [redacted] procedures = No Fourth Amendment

The Government Sez: We Don’t Have a Database of All Your Communication

After the FISCR opinion on what we now know to be the Yahoo challenge to Protect American Act first got declassified, I identified several issues that we now have much more visibility on. First, PAA permitted spying on Americans overseas under EO 12333. And it didn’t achieve particularity through the PAA, but instead through what we know to be targeting procedures, including contact chaining. Since then we’ve learned the role of SPCMA in this.

In addition, to avoid problems with back door searches, the government claimed it didn’t have a database of all our communication — a claim that, narrowly parsed might be true, but as to the intent of the question was deeply misleading. That claim is one of the reasons we’ve never had a real legal review of back door searches.

Bush’s Illegal Domestic Surveillance Program and Section 215

On PATRIOTs and JUSTICE: Feingold Aims for Justice

During the 2009 PATRIOT Act reauthorization, I continued to track what the government hated most as a way of understanding what Congress was really authorizing. I understood that Stellar Wind got replaced not just by PAA and FAA, but also by the PATRIOT authorities.

All of which is a very vague way to say we probably ought to be thinking of four programs–Bush’s illegal domestic surveillance program and the PAA/FAA program that replaced it, NSLs, Section 215 orders, and trap and trace devices–as one whole. As the authorities of one program got shut down by exposure or court rulings or internal dissent, it would migrate to another program. That might explain, for example, why Senators who opposed fishing expeditions in 2005 would come to embrace broadened use of Section 215 orders in 2009.

I guessed, for example, that the government was bulk collecting data and mining it to identify targets for surveillance.

We probably know what this is: the bulk collection and data mining of information to select targets under FISA. Feingold introduced a bajillion amendments that would have made data mining impossible, and each time Mike McConnell and Michael Mukasey would invent reasons why Feingold’s amendments would have dire consequences if they passed. And the legal information Feingold refers to is probably the way in which the Administration used EO 12333 and redacted procedures to authorize the use of data mining to select FISA targets.

Sadly, I allowed myself to get distracted by my parallel attempts to understand how the government used Section 215 to obtain TATP precursors. As more and more people confirmed that, I stopped pursuing the PATRIOT Act ties to 702 as aggressively.

2010

Throwing our PATRIOT at Assange

This may be controversial, given everything that has transpired since, but it is often forgotten what measures the US used against Wikileaks in 2010. The funding boycott is one thing (which is what led Wikileaks to embrace Bitcoin, which means it is now in great financial shape). But there’s a lot of reason to believe that the government used PATRIOT authorities to target not just Wikileaks, but its supporters and readers; this was one hint of that in real time.

2011

The March–and April or May–2004 Changes to the Illegal Wiretap Program

When the first iteration of the May 2004 Jack Goldsmith OLC memo first got released, I identified that there were multiple changes made and unpacked what some of them were. The observation that Goldsmith newly limited Stellar Wind to terrorist conversations is one another reporter would claim credit for “scooping” years later (and get the change wrong in the process). We’re now seeing the scope of targeting morph again, to include a range of domestic crimes.

Using Domestic Surveillance to Get Rapists to Spy for America

Something that is still not widely known about 702 and our other dragnets is how they are used to identify potential informants. This post, in which I note Ted Olson’s 2002 defense of using (traditional) FISA to find rapists whom FBI can then coerce to cooperate in investigations was the beginning of my focus on the topic.

2012

FISA Amendments Act: “Targeting” and “Querying” and “Searching” Are Different Things

During the 2012 702 reauthorization fight, Ron Wyden and Mark Udall tried to stop back door searches. They didn’t succeed, but their efforts to do so revealed that the government was doing so. Even back in 2012, Dianne Feinstein was using the same strategy the NSA currently uses — repeating the word “target” over and over — to deny the impact on Americans.

Sheldon Whitehouse Confirms FISA Amendments Act Permits Unwarranted Access to US Person Content

As part of the 2012 702 reauthorization, Sheldon Whitehouse said that requiring warrants to access the US person content collected incidentally would “kill the program.” I took that as confirmation of what Wyden was saying: the government was doing what we now call back door searches.

2013

20 Questions: Mike Rogers’ Vaunted Section 215 Briefings

After the Snowden leaks started, I spent a lot of time tracking bogus claims about oversight. After having pointed out that, contrary to Administration claims, Congress did not have the opportunity to be briefed on the phone dragnet before reauthorizing the PATRIOT Act in 2011, I then noted that in one of the only briefings available to non-HPSCI House members, FBI had lied by saying there had been no abuses of 215.

John Bates’ TWO Wiretapping Warnings: Why the Government Took Its Internet Dragnet Collection Overseas

Among the many posts I wrote on released FISA orders, this is among the most important (and least widely understood). It was a first glimpse into what now clearly appears to be 7 years of FISA violation by the PRTT Internet dragnet. It explains why they government moved much of that dragnet to SPCMA collection. And it laid out how John Bates used FISA clause 1809(a)(2) to force the government to destroy improperly collected data.

Federated Queries and EO 12333 FISC Workaround

In neither NSA nor FBI do the authorities work in isolation. That means you can conduct a query on federated databases and obtain redundant results in which the same data point might be obtained via two different authorities. For example, a call between Michigan and Yemen might be collected via bulk collection off a switch in or near Yemen (or any of the switches between there and the US), as well as in upstream collection from a switch entering the US (and all that’s assuming the American is not targeted). The NSA uses such redundancy to apply the optimal authority to a data point. With metadata, for example, it trained analysts to use SPCMA rather than PATRIOT authorities because they could disseminate it more easily and for more purposes. With content, NSA appears to default to PRISM where available, probably to bury the far more creative collection under EO 12333 for the same data, and also because that data comes in structured form.

Also not widely understood: the NSA can query across metadata types, returning both Internet and phone connection in the same query (which is probably all the more important now given how mobile phones collapse the distinction between telephony and Internet).

This post described how this worked with the metadata dragnets.

The Purpose(s) of the Dragnet, Revisited

The government likes to pretend it uses its dragnet only to find terrorists. But it does far more, as this analysis of some court filings lays out.

2014

The Corporate Store: Where NSA Goes to Shop Your Content and Your Lifestyle

There’s something poorly understood about the metadata dragnets NSA conducts. The contact-chaining isn’t the point. Rather, the contact-chaining serves as a kind of nomination process that puts individuals’ selectors, indefinitely, into the “corporate store,” where your identity can start attracting other related datapoints like a magnet. The contact-chaining is just a way of identifying which people are sufficiently interesting to submit them to that constant, ongoing data collection.

SPCMA: The Other NSA Dragnet Sucking In Americans

I’ve done a lot of work on SPCMA — the authorization that, starting in 2008, permitted the NSA to contact chain on and through Americans with EO 12333 data, which was one key building block to restoring access to EO 12333 analysis on Americans that had been partly ended by the hospital confrontation, and which is where much of the metadata analysis affecting Americans has long happened. This was my first comprehensive post on it.

The August 20, 2008 Correlations Opinion

A big part of both FBI and NSA’s surveillance involves correlating identities — basically, tracking all the known identities a person uses on telephony and the Internet (and financially, though we see fewer details of that), so as to be able to pull up all activities in one profile (what Bill Binney once called “dossiers”). It turns out the FISC opinion authorizing such correlations is among the documents the government still refuses to release under FOIA. Even as I was writing the post Snowden was explaining how it works with XKeyscore.

A Yahoo! Lesson for USA Freedom Act: Mission Creep

This is another post I refer back to constantly. It shows that, between the time Yahoo first discussed the kinds of information they’d have to hand over under PRISM in August 2007 and the time they got directives during their challenge, the kinds of information they were asked for expanded into all four of its business areas. This is concrete proof that it’s not just emails that Yahoo and other PRISM providers turn over — it’s also things like searches, location data, stored documents, photos, and cookies.

FISCR Used an Outdated Version of EO 12333 to Rule Protect America Act Legal

Confession: I have an entire chapter of the start of a book on the Yahoo challenge to PRISM. That’s because so much about it embodied the kind of dodgy practices the government has, at the most important times, used with the FISA Court. In this post, I showed that the documents that the government provided the FISCR hid the fact that the then-current versions of the documents had recently been modified. Using the active documents would have shown that Yahoo’s key argument — that the government could change the rules protecting Americans anytime, in secret — was correct.

2015

Is CISA the Upstream Cyber Certificate NSA Wanted But Didn’t Really Get?

Among the posts I wrote on CISA, I noted that because the main upstream 702 providers have a lot of federal business, they’ll “voluntarily” scan on any known cybersecurity signatures as part of protecting the federal government. Effectively, it gives the government the certificate it wanted, but without any of the FISA oversight or sharing restrictions. The government has repeatedly moved collection to new authorities when FISC proved too watchful of its practices.

The FISA Court’s Uncelebrated Good Points

Many civil libertarians are very critical of the FISC. Not me. In this post I point out that it has policed minimization procedures, conducted real First Amendment reviews, taken notice of magistrate decisions and, in some cases, adopted the highest common denominator, and limited dissemination.

How the Government Uses Location Data from Mobile Apps

Following up on a Ron Wyden breadcrumb, I figured out that the government — under both FISA and criminal law — obtain location data from mobile apps. While the government still has to adhere to the collection standard in any given jurisdiction, obtaining the data gives the government enhanced location data tied to social media, which can implicate associates of targets as well as the target himself.

The NSA (Said It) Ate Its Illegal Domestic Content Homework before Having to Turn It in to John Bates

I’m close to being able to show that even after John Bates reauthorized the Internet metadata dragnet in 2010, it remained out of compliance (meaning NSA was always violating FISA in obtaining Internet metadata from 2002 to 2011, with a brief lapse). That case was significantly bolstered when it became clear NSA hastily replaced the Internet dragnet with obtaining metadata from upstream collection after the October 2011 upstream opinion. NSA hid the evidence of problems on intake from its IG.

FBI Asks for at Least Eight Correlations with a Single NSL

As part of my ongoing effort to catalog the collection and impact of correlations, I showed that the NSL Nick Merrill started fighting in 2004 asked for eight different kinds of correlations before even asking for location data. Ultimately, it’s these correlations as much as any specific call records that the government appears to be obtaining with NSLs.

2016

What We Know about the Section 215 Phone Dragnet and Location Data

During the lead-up to the USA Freedom Debate, the government leaked stories about receiving a fraction of US phone records, reportedly because of location concerns. The leaks were ridiculously misleading, in part because they ignored that the US got redundant collection of many of exactly the same calls they were looking for from EO 12333 collection. Yet in spite of these leaks, the few figured out that the need to be able to force Verizon and other cell carriers to strip location data was a far bigger reason to pass USAF than anything Snowden had done. This post laid out what was known about location data and the phone dragnet.

While It Is Reauthorizing FISA Amendments Act, Congress Should Reform Section 704

When Congress passed FISA Amendments Act, it made a show of providing protections to Americans overseas. One authority, Section 703, was for spying on people overseas with help of US providers, and another was for spying on Americans overseas without that help. By May 2016, I had spent some time laying out that only the second, which has less FISC oversight, was used. And I was seeing problems with its use in reporting. So I suggested maybe Congress should look into that?

It turns out that at precisely that moment, NSA was wildly scrambling to get a hold on its 704 collection, having had an IG report earlier in the year showing they couldn’t audit it, find it all, or keep it within legal boundaries. This would be the source of the delay in the 702 reauthorization in 2016, which led to the prohibition on about searches.

The Yahoo Scan: On Facilities and FISA

The discussion last year of a scan the government asked Yahoo to do of all of its users was muddled because so few people, even within the privacy community, understand how broadly the NSA has interpreted the term “selector” or “facility” that it can target for collection. The confusion remains to this day, as some in the privacy community claim HPSCI’s use of facility based language in its 702 reauthorization bill reflects new practice. This post attempts to explain what we knew about the terms in 2016 (though the various 702 reauthorization bills have offered some new clarity about the distinctions between the language the government uses).

2017

Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

Ron Wyden has been asking for a count of how many Americans get swept up under 702 for years. The IC has been inventing bogus explanations for why they can’t do that for years. This post chronicles that process and explains why the debate is so important.

The Kelihos Pen Register: Codifying an Expansive Definition of DRAS?

When DOJ used its new Rule 41 hacking warrant against the Kelihos botnet this year, most of the attention focused on that first-known usage. But I was at least as interested in the accompanying Pen Register order, which I believe may serve to codify an expansion of the dialing, routing, addressing, and signaling information the government can obtain with a PRTT. A similar codification of an expansion exists in the HJC and Lee-Leahy bills reauthorizing 702.

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

The title speaks for itself. I don’t even consider Rosemary Collyer’s 2017 approval of 702 certificates her worst FISA opinion ever. But it is part of the reason why I consider her the worst FISC judge.

It Is False that Downstream 702 Collection Consists Only of To and From Communications

I pointed out a number of things not raised in a panel on 702, not least that the authorization of EO 12333 sharing this year probably replaces some of the “about” collection function. Most of all, though, I reminded that in spite of what often gets claimed, PRISM is far more than just communications to and from a target.

UNITEDRAKE and Hacking under FISA Orders

A document leaked by Shadow Brokers reveals a bit about how NSA uses hacking on FISA targets. Perhaps most alarmingly, the same tools that conduct such hacks can be used to impersonate a user. While that might be very useful for collection purposes, it also invites very serious abuse that might create a really nasty poisonous tree.

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

In response to Glenn Gerstell’s claims that Article III courts have exercised oversight by approving FISA practices (though the reality on back door searches is not so cut and dry), I point to the case of Reaz Qadir Khan where, as Michael Mosman (who happens to serve on FISC) moved towards providing a CIPA review for surveillance techniques, Khan got a plea deal.

The NSA’s 5-Page Entirely Redacted Definition of Metadata

In 2010, John Bates redefined metadata. That five page entirely redacted definition became codified in 2011. Yet even as Congress moves to reauthorize 702, we don’t know what’s included in that definition (note: location would be included).

FISA and the Space-Time Continuum

This post talks about how NSA uses its various authorities to get around geographical and time restrictions on its spying.

The Senate Intelligence Committee 702 Bill Is a Domestic Spying Bill

This is one of the most important posts on FISA I’ve ever written. It explains how in 2014, to close an intelligence gap, the NSA got an exception to the rule it has to detask from a facility as soon as it identifies Americans using the facility. The government uses it to collect on Tor and, probably VPN, data. Because the government can keep entirely domestic communications that the DIRNSA has deemed evidence of a crime, the exception means that 702 has become a domestic spying authority for use with a broad range of crimes, not to mention anything the Attorney General deems a threat to national security.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

In a response to a rare good faith defense of FBI’s back door searches, I pointed out that the FBI is obliged to consider the least intrusive means of investigation. Yet, even while it admits that accessing content like that obtained via 702 is extremely intrusive, it nevertheless uses the technique routinely at the assessment level.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

10 Years of emptywheel: Jim’s Dimestore

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

As debate over reauthorization of Section 702 heats up, both those in favor of reform and those asking for straight reauthorization are making their cases. As part of that, I wrote a summary of the most persistent NSA (and FBI) violations of FISA for Demand Progress, called “Institutional Lack of Candor.” I did a piece for Motherboard based off the report, which also looks at how Rosermary Collyer did not use the leverage of FISA’s exclusivity clause to force NSA to purge improperly accessed data this year.

Meanwhile, NSA’s General Counsel, Glenn Gerstell, just did a speech at University of Texas laying out what he claimed is the judicial oversight over Section 702. There’s one line I find particularly interesting:

Among other things, Section 702 also enables collection of information on foreign weapons proliferators and informs our cybersecurity efforts.

Here, Gerstell appears to be laying out the three known certificates (counterterrorism, counterproliferation, and foreign government). But I wonder whether the “among other things” points to a new certificate, or to the more amorphous uses of the foreign government cert.

As for Gerstell’s argument that there’s sufficient judicial oversight, I find it laughable in several key points.

For example, here’s how Gerstell describes the amicus provision included with USA Freedom Act.

The FISC is entitled to call upon the assistance of amici when evaluating a novel or significant interpretation of the law or when it requires outside technical expertise. This amicus provision, which was added to FISA as part of the USA FREEDOM Act amendments in 2015, enables the court to draw upon additional expertise and outside perspectives when evaluating a proposed surveillance activity, thus ensuring that the FISC’s oversight remains both robust and knowledgeable. The court has designated a pool of experts in national security to serve as amicus curiae at the court’s request. Amici are specifically instructed to provide to the court “legal arguments that advance the protection of individual privacy and civil liberties,” “information related to intelligence collection or communications technology,” or any other legal arguments relevant to the issue before the court.

The FISC’s amicus provisions are more than a mere statutory wink and nod to strong judicial oversight. The court has in fact called upon its amici to assist in evaluating Section 702 activities. In 2015, the FISC appointed an amicus to analyze what the court felt were two novel or significant interpretations of law that arose as part of its review of the government’s annual application for 702 certifications. The first issue involved whether queries of 702 collection that are designed to return information concerning U.S. persons are consistent with statutory and constitutional requirements. The second question involved whether there were any statutory or constitutional concerns about preserving information collected under Section 702 for litigation purposes that would otherwise be subject to destruction under the government’s minimization procedures. On both issues, the FISC carefully considered the views of the amicus, ultimately concluding that both of the proposed procedures were reasonably tailored to protect the privacy of U.S. persons and thus permissible under both the FISA statute and the constitution. [my emphasis]

Gerstell speaks of the amicus provision as newly permitting — “entitled,” “enabled” — the FISC to consult with others. Yet the FISC always had the ability to call amici (in fact it did ask for outside help in the In Re Sealed Case provision and in a few issues in the wake of the Snowden leaks). What was new with the USAF amicus is an affirmative requirement to either use an amicus or explain why it chose not to in any matters that present a “novel or significant interpretation of the law.”

Authorization.–A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate; and

(B) may appoint an individual or organization to serve as amicus curiae, including to provide technical expertise, in any instance as such court deems appropriate or, upon motion, permit an individual or organization leave to file an amicus curiae brief.

It’s true that USAF permits the FISC to decide what counts as new, but in those cases, the law does require one or another action, not simply permit it.

Which is why it’s so funny that Gerstell harps on the inclusion of Amy Jeffress in the 2015 recertification process. Note his silence on the 2016 process, which addressed an issue that (as both my reports above make clear) is far more problematic than the ones Jeffress weighed in on? Collyer simply blew off the USAF requirement, and didn’t get the technical help she apparently badly needed. As I noted, she sort of threw up her hands and claimed there were simply no people with the technical expertise and clearance available to help.

I suspect the Intelligence Community — and possibly even the law enforcement community — will live to regret Collyer’s obstinance about asking for help, if for no other reason than we’re likely to see legal challenges because of the way she authorized back door searches on content she knows to include domestic communications.

Gerstell then goes on to hail Mohamed Mohamud’s challenge to 702 as an example of worthwhile Title III court oversight of the program.

In certain circumstances, challenges to surveillance programs can be brought in other federal courts across the country. One recent court case is particularly illustrative of the review of Section 702 outside of the FISC, and here is how it commenced:

A few years ago, a young man named Mohamed Mohamud was studying engineering at Oregon State University. He had emigrated to the U.S. from Somalia with his family when he was only three, and he later became a naturalized U.S. citizen. He grew up around Portland, Oregon, enjoying many typical American pursuits like music and the Los Angeles Lakers. In 2008, however, he was involved in an incident at Heathrow Airport in London during which he believed he was racially profiled by airport security. This incident set Mohamud on a path toward radicalization. He began reading jihadist literature and corresponding with other Al-Qaeda supporters. In 2010, he was arrested and indicted for his involvement in a plot to bomb the Christmas Tree Lighting Ceremony in Portland, which was scheduled to take place the day after Thanksgiving. He was eventually found guilty of attempted use of a weapon of mass destruction.

After the verdict but before his sentencing, the government provided Mohamud with a supplemental notice that it had offered into evidence or otherwise used or disclosed during the proceedings information derived from Section 702 collection. After receiving this notice, Mohamud petitioned the court for a new trial, arguing that any 702-derived information should be suppressed because, among other reasons, he claimed that Section 702 violated the Fourth Amendment. The federal district court considered Mohamud’s claims before ultimately holding that 702 was constitutional. In so holding, the court found that 702 surveillance does not trigger the Fourth Amendment’s warrant requirement because any collection of U.S. person information occurring as a result of constitutionally permissible 702 acquisitions occurs only incidentally and, even if it did trigger the warrant requirement, a foreign intelligence exception applies. The court also found that “the government’s compelling interest in protecting national security outweighed the intrusion of Section 702 surveillance on an individual’s privacy,” so the 702 collection at issue in that case was reasonable under the Fourth Amendment.

Mohamud appealed the district court’s ruling to the Ninth Circuit, where the Circuit Court again looked at the constitutionality of the 702 collection at issue, with particular scrutiny on incidental collection. The Ninth Circuit concluded that the government’s surveillance in this case was consistent with constitutional and statutory requirements; even if Mohamud had a Fourth Amendment right to privacy in any incidentally-collected communications, the government’s searches were held to be reasonable. [my emphasis]

Look carefully at what Gerstell has argued: he uses a case where DOJ introduced evidence derived from 702, but gave the legally required notice only after the entire trial was over! That is, he’s pointing to a case where DOJ broke the law as proof of how well judicial oversight works.

And that’s important because DOJ has stopped giving 702 notice again (and has never given notice in a non-terrorism case, even though it surely has used derivative information in those cases as well). Without that notice, no defendant will be able to challenge 702 in the designated manner.

Which is why I would point to a different case for what criminal court oversight of SIGINT should look like: that of Reaz Qadir Khan (whose own case was closely linked to that of Mohamud).

At first, Khan tried to force the judge in his case, Michael Mosman, to recuse because he was serving as a FISA judge at the time. Mosman stayed.

Khan then asked for notice from the government for every piece of evidence obtained by the defense, laying out the possible authorities. Things started getting squirrelly at that point, as I summarized here.

Last year, I described the effort by the Reaz Qadir Khan’s lawyers to make the government list all the surveillance it had used to catch him (which, significantly, would either be targeted off a dead man or go back to the period during with the government used Stellar Wind). In October the government wrote a letter dodging most notice. Earlier this year, Judge Michael Mosman (who happens to also be a FISA judge) deferred the notice issues until late in the CIPA process. Earlier this month, Khan plead guilty to accessory to material support for terrorism after the fact.

What I suspect happened is that Mosman, who knows more about FISA than almost all District judges because he was (and still is) serving on the court, recognized that the government had surveillance that deserved some kind of judicial scrutiny (in this case, it probably involved Stellar Wind collection, but also likely included other authorities). So he agreed to deal with it in CIPA.

And just weeks later, Khan got a plea deal.

That’s the way it should work: for a judge to be able to look at surveillance and figure out if something isn’t exactly right or, for exotic interpretations of the law that don’t pass a smell test, and in those cases provide some means for review. Here, the government appears to have gotten uninterested in subjecting its evidence for review and, as is built into CIPA, ended up making a deal instead.

Of course, that rare exception points to one of the problems with FISC.

Gerstell claims that a court that until the Snowden leaks had no Democratic appointees on it boasts a “diversity of backgrounds.”

Recognizing the importance of judicial accountability for foreign intelligence surveillance under FISA, Congress designed a specialized court authorized to operate in secret – the FISC – to encourage rigorous oversight of activities conducted under FISA. Even its structure is deliberately assembled to serve that purpose. FISC judges are selected by the Chief Justice to serve for up to seven years, on staggered terms, which guarantees continuity and subject matter expertise on critical issues. In addition, the FISC is required by statute to be composed of judges drawn from at least seven of the U.S. judicial circuits. This statutory makeup ensures that the FISC includes judges from a diversity of backgrounds and geographic regions, rather than a court that might tend toward unanimity of thought or particular judicial sympathies.

That’s poppycock. The judges tend to be conservative. Importantly, the presiding judges are always from the DC district, not even just the DC neighborhood, such as MD or EDVA.

And remarkably, almost none of the judges on the FISC have presided over terrorism cases (Mosman is from OR, which because of a mosque that the FBI has basically lived in since 9/11, has had more than its share of terrorism cases). Which means the men and women sitting in Prettyman overseeing FISA often have little to no experience on how that data might affect an American’s right to a fair trial two years down the road.

I, like Gerstell, contest the claim that the FISC is generally a rubber stamp. But I do believe it should include more of the judges who actually oversee the trials that may result, because that experience would vastly improve understanding of the import of the review. At the very least, it should include the judges from EDVA who oversee the cases that go through the CIA-Pentagon District, which also includes a great many of the country’s espionage cases.

And most of all, the practice of having one judge, always from DC, review programmatic spying programs by herself should stop. While it is absolutely the case that judges have often shown great diligence, when a judge doesn’t show adequate diligence — as I believe Collyer did not this year — it may create problems that will persist for years.

The FISC is not a rubber stamp. But neither is the judicial oversight of 702 the consistently diligent oversight Gerstell claims.

FISC Still Sitting on Government Proposal for EFF Data

When last we checked in with the new-and-improved post USA Freedom Act FISA Court, amicus Preston Burton had helped the Court finish off the Section 215 dragnet with a strong hand, in part by asking a bunch of questions that should have been asked 9 years earlier. And in a reply to the government (the reply was released belatedly), Burton made an argument that led first to a hearing on the issue and then a briefing order for ways the government might stipulate to something in the EFF lawsuits so as to permit the FISC to lift the protection order requiring all Americans’ phone records to be kept indefinitely.

Back before it was clear why FISA Judge Michael Mosman appointed him to serve as amicus addressing the issue of retention of phone dragnet data, I suggested it might have been an effort to undermine EFF’s lawsuit against the government. After all, EFF plaintiff (in the First Unitarian Church suit challenging the dragnet) CAIR surely has standing to not only sue, but sue because of the way the dragnet chaining process subjected a bunch of CAIR’s associates to further NSA analysis solely because of their First Amendment protected affiliation with CAIR. But if the government gets to destroy all the dragnet data without first admitting that fact, then it will be hard to show how CAIR got injured.

In Burton’s reply to the government’s response to his initial brief on this question, he did the opposite, pressuring the government to find some way to accord the EFF plaintiffs standing. That led — we as we saw last week  — to an order from Mosman for briefing, due on January 8, on whether there’s a way to get rid of the data. That may not end up helping EFF, but it sure has put the government in a bad mood.

That brief would have been due last Friday, but thus far it has not shown up in the FISC docket. And we don’t even know what the process from here would be, such as whether one of the newly appointed amici will be asked to help Michael Mosman determine the outcome of the EFF data, or whether the government will be able to argue whether it should have to accommodate this lawsuit without adversary. EFF did send a letter laying out what they’d like to happen, which the government submitted along with its response.

But since then we’ve heard nothing.

To Hide Why Its State Secrets Invocation Is Bogus, Government Declares Public Information Top Secret

My profuse apologies to Preston Burton.

Back before it was clear why FISA Judge Michael Mosman appointed him to serve as amicus addressing the issue of retention of phone dragnet data, I suggested it might have been an effort to undermine EFF’s lawsuit against the government. After all, EFF plaintiff (in the First Unitarian Church suit challenging the dragnet) CAIR surely has standing to not only sue, but sue because of the way the dragnet chaining process subjected a bunch of CAIR’s associates to further NSA analysis solely because of their First Amendment protected affiliation with CAIR. But if the government gets to destroy all the dragnet data without first admitting that fact, then it will be hard to show how CAIR got injured.

In Burton’s reply to the government’s response to his initial brief on this question, he did the opposite, pressuring the government to find some way to accord the EFF plaintiffs standing. That led — we as we saw last week  — to an order from Mosman for briefing, due on January 8, on whether there’s a way to get rid of the data. That may not end up helping EFF, but it sure has put the government in a bad mood.

Burton spends just a few lines of his reply addressing the foremost question before him: whether the government could keep data past November 28. His points, however, are telling, in that he doesn’t seem convinced the government actually has destroyed the data aged off in the past.

[The government response] fails to provide the Court with a clear answer as to whether and how collections that should have been destroyed actually were destroyed.

That’s interesting given that, after the NSA “destroyed” the Internet dragnet data, NSA’s own Inspector General didn’t seem entirely convinced it had gotten destroyed.

As to the EFF data, Burton responds to the government’s snippy response, which I laid out here, by first calling out the government’s non-response to his own questions. Burton notes that he asked why the government hasn’t come to some stipulation that would permit it to destroy the data, after which the government “reinvent[ed] the questions” to pertain to the identity of providers, its pending state secrets invocation, and the potential one of the suits would become a class action. Claiming his “inquiries were not quite the calamities the government conjures to avoid answering the questions,” Burton then invited the court to consider whether the government is being obstinate.

The Court can consider the government’s litigation tactics and whether it is largely responsible for the duration of the preservation orders in the California cases in deciding whether to permit it in this Docket, not the other cases, to continue to retain millions of records. The government’s unwillingness to address its various litigation positions, some of which appear to have contributed to the prolonged hold, speaks volumes.

Then Burton focuses specifically on the government’s invocation of state secrets (which it has done in Jewel but not yet in First Unitarian).

For example, its resort to incanting the state secrets privilege seems rather energetic given the robust public discussion of this program, including the [three lines redacted]. The government also states, without more, that limiting the records it holds to those belonging to plaintiff is “entirely unworkable.” This Court may fairly probe whether that conclusory declaration is sufficient or meaningful. It would perhaps be expensive and time-consuming to segregate the data or otherwise pare the archive but that is a choice the government may be required to make in deciding to continue to burrow in on its standing and procedural challenges.

The entire paragraph was stamped TS//SI/OC/NF, suggesting that the government maintains the redacted information — which contextually must be public!! — is either Top Secret or Originator Controlled.

In other words, when Burton pointed out that the government was claiming state secrets rather more “energetically” than public disclosures merited, they claimed the public reason why that was the case was Top Secret.

I’m half wondering whether the government was even going to release this filing. Remember, when the other three filings on this issue got released, I predicted there was another, missing reply.

In addition to Mosman’s opinion, the FISC released amicus Preston Burton’s memo and the government’s response on December 2; I suspect there may be a Burton reply they have not released.

[snip]

Which leads me to the detail that makes me suspect there’s a second Burton filing the government hasn’t released (I’ve asked NSD but gotten no answer, and in his opinion Mosman says only “Mr. Burton and the government submitted briefs addressing this question,” leaving open the possibility Burton submitted two): After finding no reason to hold a hearing on the issue of restarting the dragnet during the summer, Mosman did hold a hearing here (though it’s not clear whether Burton attended or not). At the hearing, Mosman ordered the government to try to come up with a way to destroy the dragnets, which it will do by January 8.

Six days later (or sometime in the last six days), voila, the missing reply, showing Burton expressing clear doubt about government’s destruction plans not to mention their invocation of state secrets, but with the already released public explanation for why he had that doubt hidden under an equally dubious invocation of secrecy.

It sure seems like the government is working awfully hard to hide the fact that its state secrets aren’t actually all that secret.

How FISC Amicus Preston Burton Helped Michael Mosman Shore up FISC’s Authority

On November 24, Judge Michael Mosman approved the government’s request to hold onto the Section 215 phone dragnet data for technical assurance purposes for three months, as well as to hold the data to comply with a preservation order in EFF’s challenge to the phone dragnet (though as with one earlier order in this series, Thomas Hogan signed the order for Mosman, who lives in Oregon). While the outcome of the decision is not a surprise, the process bears some attention, as it’s the first time a truly neutral amicus has been involved in the FISC process (though corporations, litigants, and civil rights groups have weighed in various decisions as amici).

In addition to Mosman’s opinion, the FISC released amicus Preston Burton’s memo and the government’s response on December 2; I suspect there may be a Burton reply they have not released.

Minimization procedures

As I noted in September when Mosman first appointed Burton, it wasn’t entirely clear what the FISC was asking him to review. In his order, Mosman explains that he “directed him to address whether the government’s above-described requests to retain and use BR metadata after November 28, 2015, are precluded by section 103 of the USA FREEDOM Act or any other provision of that Act.”

Burton took this to be largely a question about minimization procedures.

Instead, the Act provides that the Court shall decide issues concerning the use, retention, dissemination, and eventual destruction of the tangible things collected under the FISA business records statute as part of its oversight of the statutorily mandated minimization procedures.

He then pointed to a number of the FISC’s more assertive oversight moments over the NSA to argue that the FISC has fairly broad authorities to review minimization procedures.

Although the government is required to enumerate minimization procedures addressing the use, retention, dissemination, and (now) ultimate destruction of the metadata in its applications to the Court, the Court’s review of those procedures is not simply ministerial. And, indeed, Judge Walton’s 2009 orders, cited above, addressing deficiencies in the administration of the call detail record program made clear that the FISA Court may impose more robust minimization procedures. See also Kris, Bulk Collection at 15-17 (discussing FISA Court’s imposition of new restrictions to the telephony program). Likewise, the Court may decline to endorse procedures sought by the government See Opinion at 11-2, In re Application of the FBI for an Order Requiring the Production of Tangible Things, Docket No. BR 14-01 (March 7, 2014) (denying the government’s motion to modify the minimization procedures), amended, Opinion at S, Jn re Application of the FBI/or an Order Requiring the Production a/Tangible Things, Docket No. BR 14-01(March12, 2014). Similarly, Judge Bates found substantial deficiencies in the NSA’ s minimization procedures in Jn Re [Redacted}, 2011 WL l 0945618, at *9 (FISA Ct. Oct. 3, 2011) (Bates J.) (fmding NSA minimization procedures insufficient and inconsistent with the Fourth Amendment). As a result, the NSA amended its procedures, including reducing the data retention in issue in that case (under a differentFISA statute) from five to two years. See In Re [Redacted], 2011WL10947772, at •s (FISA Ct. Nov. 30, 2011) (Bates J.).

Particularly in the case of the two PRTT orders, the government has actually challenged FISC’s roles in imposing minimization procedures (though admittedly FISC’s role under that authority is less clear cut than under Section 215).

Burton argued that USA Freedom Act (which he abbreviated USFA) made that role even stronger.

But the USFA augmented this minimization review authority even more and dispels any suggestion that the Court may not modify the minimization procedures articulated in the government’s application. The statute’s fortification of Judicial Review provisions makes clear that Congress intended for the FISA Court to oversee these issues in the context of imposing minimization procedures that balance the government’s national security interests with privacy interests, including specifically providing for the prompt destruction of tangible things produced under the business records provisions.10 Significantly, USF A § 104 empowers the Court to assess and supplement the government’s proposed minimization procedures:

Nothing in this subsection shall limit the authority of the court established under section 103(a) to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination of nonpublicly available information concerning unconsenting United States persons, including additional particularized procedures related to the destruction of information within a reasonable time period. USFA § 104 (a)(3) (now codified at 50 U.S.C. §1861(g)(3)(emphasis supplied).

That provision applies to all information the government obtains under the business records procedure, not just call detail records. u Moreover, that amendment, set forth in USFA § 104, went into effect immediately, unlike the 180-day transition period for the revisions to the business records sections. See USFA § 109 (amendments made by §§ 101-103 take effect 180 days after enactment).12

As I said, that’s the kind of argument the government has been arguing against for 11 years, most notably in the two big Internet dragnet reauthorizations (admittedly, FISC’s role in minimization procedures there is less clear, but there is similar language about not limiting the authority of the court).

Burton sneaks in some real privacy questions

Having laid out the (as he sees it) expansive authority to review minimization procedures, Burton then does something delightful.

He poses a lot of questions that should have been asked 9 years ago.

Because of the significant privacy concerns that motivated Congress to amend the bulk collection provisions of the statute, however, the undersigned respectfully submits that, the Court should consider requiring the government to answer more fully fundamental questions regarding:

  • The current conditions, location, and security for the data archive.
  • The persons and entities to whom the NSA has given access to information provided under this program and whether that shared information will also be destroyed under the NSA destruction plan (and, if not, why not?).
  • What oversight is in place to ensure that access to the database is not “analytical” and what the government means by “non-analytical.”
  • Why testing of the adequacy of new procedures was not completed by the NSA (and whether it was even initiated) during the 180-day transition period.
  • How the government intends to destroy such information after February 29, 2016, (its proposed extinction date for the database) independent of the resolution of any litigation holds.
  • Whether the contemplated destruction will include only data that the government has collected or will include all data that it has analyzed in some fashion.

Remember, by the time Burton wrote this, he had read at least the application for the final dragnet order, and the answers to these questions were not clear from that (which is where the government lays out its more detailed minimization procedures). Public releases have made me really concerned about some of them, such as how to protect non-analytical queries from being used for analytical purposes. NSA has had tech people do analytical queries in the past, and it doesn’t audit tech activities. Similarly, when the NSA destroyed the Internet dragnet data in 2011, NSA’s IG wasn’t entirely convinced it all got destroyed, because he couldn’t see the intake side of things. So these are real issues of concern.

Burton also asked questions about the necessity behind keeping data for the EFF challenges rather than just according the plaintiffs standing.

If this Court chooses to follow Judge Walton’s approach and defer to the preservation orders issued by the other courts, the Court nonetheless should address a number of questions before deciding whether to grant the government’s preservation request:

  • Why has the government been unable to reach some stipulation with the plaintiffs to preserve only the evidence necessary for plaintiffs to meet their standing burden? Consider whether it is appropriate for the government to retain billions of irrelevant call detail records involving millions of people based on, what undersigned understands from counsel involved in that litigation, the government’s stubborn procedural challenges to standing — a situation that the government has fostered by declining to identify the particular telecommunications provider in question and/or stipulate that the plaintiff is a customer of a relevant provided.
  • As Judge Walton identified when he first denied the modification of the minimization procedures to extend the duration of preservation, the continued retention of the data at issue subjects it to risk of misuse and improper dissemination. The government should have to satisfy the Court of the security of this information in plain and meaningful terms.

(Notice how he assumes the plaintiffs might have standing which, especially for First Unitarian Church plaintiff CAIR, they should.)

Finally, perhaps channeling the justified complaint of all the tech people who review these kinds of policy questions, Burton suggested the FISC really ought to be consulting with a tech person.

This case, due to the relatively limited period of time sought by the government to accomplish its stated narrow purpose, likely does not require a difficult assessment of the reasonableness of the government’s technical retention request. To evaluate even such a limited request, however, the Court may wish to consider availing itself of technical expertise from national security experts or computer technology experts. Technical expertise is an amicus category contemplated by Congress in its reform of the FISA statutes. 50 U.S.C. § 1803 (i)(2)(B), as amended by USF A Section 401. That section alone suggests congressional expectation of greater judicial oversight of the government’s surveillance program and requests. See USF A § 401; see also Kris, Bulk Collection at 3 7 (contemplating theoretical procedures for cross-examining NSA engineers as one example of the challenges in implementing a more adversarial system for the FISA Court).

Burton ended his memo reiterating his recommendation that FISC get more information.

In light of the significant privacy interests affected by the creation and retention of the database, the undersigned urges the Court as part of its statutory oversight of the minimization procedures to demand full and meaningful information concerning the condition of the data at issue, the data’s security, and its contemplated destruction as a condition of any retention beyond November 28, 2015.

The government is not amused

Predictably, the government balked at Burton’s invitation to use his expansive reading of the authority of the FISC to review minimization procedures to bolster the current ones.

Amicus curiae’ s analysis of Section 104 of the USA FREEDOM Act could be interpreted as suggesting an opportunity for the Court to re-examine the minimization procedures applicable for other business records productions in this proceeding. Consistent with the Court’s order appointing amicus curiae, the Government has limited its response to the issue identified in that order.

Frankly, I’m not sure what the government distinguishes between Burton’s proposal to reexamine existing minimization procedures and what is covered by the order in question, because they do respond to a number of the questions he raised in his brief.

For example, they provide these details about where the dragnet lives (which, as it turns out, is at Fort Meade, not the UT data center).

As described in the Application in docket number BR 15-99 and prior docket numbers, NSA stores and processes the bulk call detail records in repositories within secure networks under NSA’ s control. Those repositories (servers, networked storage devices, and backup tapes in locked containers) are located in NSA’s secure, access-controlled facilities at Fort George G. Meade, Maryland. As further described in those applications, NSA restricts access to the records to authorized personnel who have received appropriate and adequate training. Electronic access to the call detail records requires a user authentication credential. Physical access to the location where NSA stores and processes the call detail records requires an approval by NSA management and must be conducted in teams of no less than two persons.

Also note that there is currently a requirement that techs access the raw data in two person teams. That is likely a change that post-dates Snowden.

Curiously, the NSA says they can destroy all the phone dragnet data in a month.

NSA anticipates it can complete destruction of the bulk call detail records and related chain summaries within one month of being relieved of its litigation preservation obligations.

They appear to have taken far less time to destroy the Internet dragnet data, further supporting the appearance they did it very hastily to avoid having to report back to John Bates on the status of their dragnet.

Finally, they make clear what had already been clear to me: the existing query results will remain at NSA.

Information obtained or derived from call detail records which has been previously disseminated in accordance with approved minimization procedures will not be recalled or destroyed.2 Also, select query results generated by pre-November 29, 2015, queries of the bulk records that formed the basis of a dissemination in accordance with approved minimization procedures will not be destroyed.

2 This practice does not differ from similar circumstances where, for example Court-authorized electronic surveillance and/or physical search authorities under Title I or III expire. While raw (unminimized) information is handled and destroyed in accordance with applicable minimization procedures, prior authorized disseminations and the material underpinning those disseminations are not recalled or otherwise destroyed.

This means that everyone within two or three degrees of a target that the NSA has found interesting — potentially over the last decade — will remain available and subject to NSA’s analytical toys from here on out.

Let’s hope CAIR gets standing to challenge what has happened to their IDs then.

Which may be why the government gets snippiest in response to Burton’s question about why they’re going to keep billions of phone records rather than just reach some accommodation with EFF.

The suggestions by amicus curiae that this Court address (or perhaps even resolve) significant substantive questions at issue in underlying civil litigation,, see Amicus Mem. of Law at 27, are exactly the kinds of inquiries the Court previously recognized were inappropriate for it to resolve. Opinion and Order, docket number BR 14-01at5 (“it is appropriate for [the district court for the Northern District of California], rather than the FISC, to determine what BR metadata is relevant to that litigation”). This Court should adopt the same view. In particular, the suggestion that the Government disclose national security information concerning the identity of providers, information subject to a pending state secrets privilege assertion, is inappropriate, and the suggestion by amicus that the government stipulate to Article III standing in those cases is unfounded as a matter of law. Finally, the suggestion that preservation of bulk call detail records can be limited solely to the plaintiffs in multiple pending putative class actions is entirely unworkable. For the reasons more particularly set out above, until the Government is relieved of its preservation obligations, the data is secure.

Which leads me to the detail that makes me suspect there’s a second Burton filing the government hasn’t released (I’ve asked NSD but gotten no answer, and in his opinion Mosman says only “Mr. Burton and the government submitted briefs addressing this question,” leaving open the possibility Burton submitted two): After finding no reason to hold a hearing on the issue of restarting the dragnet during the summer, Mosman did hold a hearing here (though it’s not clear whether Burton attended or not). At the hearing, Mosman ordered the government to try to come up with a way to destroy the dragnets, which it will do by January 8.

During the hearing held on November 20, 2015, the Court directed the government to submit its assessment of whether the cessation of bulk collection on November 28, 2015, will moot the claims of the plaintiffs in the Northern District of California litigation relating to the BR Metadata program and thus provide a basis for moving to lift the preservation orders. The Court further directed the government to address whether, even if the California plaintiffs’ claims are not moot, there might be a basis for seeking to lift the preservation orders with respect to the BR Metadata that is not associated with the plaintiffs. The government intends to make its submission on these issues by January 8, 2016.

And, as Mosman’s opinion makes clear, he ordered them to write up a free-standing copy of the minimization procedures that will govern the dragnet data retained from here on out.

The minimization procedures that the government proposes using after the production ceases on November 28, 2015 are in important respects substantially more restrictive than those currently in effect. The procedures that will apply after November 28, which were initially included as part of the broader set of procedures set forth in the application, were resubmitted by the government in a standalone document on November 24, 2015 (“November 24, 2015 Minimization Procedures”).

They would have submitted them on the day Mosman (via Hogan’s signature) approved the request to keep the data. In other words, Mosman made the government generate a document to make it crystal clear the more restrictive rules apply to the dragnet going forward.

The value of the amicus

Whether it was Mosman’s intent when he appointed Burton or not (remember, for better and worse, under USAF the amicus has to do what the FISC asks), his appointment served several purposes.

First, it set Mosman up to make it very clear that the FISC sees the minimization procedures required under USAF do give the FISC expanded authority.

The USA FREEDOM Act made several minimization-related changes to Section 1861. For instance, Section 1861 now provides that, before granting a business records application, the Court must expressly find that the minimization procedures put forth by the government “meet the definition ofminimiz.ation procedures under subsection (g).” See Pub. L. No. 114-23, § 104(a)(l), 129 Stat. at 272. This change is not substantive, however, as such a finding was previously implicit in the broader finding required by Section 1861 ( c )(1) – i.e, “that the application meets the requirements of subsection (a) and (b).” Among the requirements of subsection (b) was – and still is – the requirement that the application include an enumeration of Attorney General-approved minimization procedures that meet the definition set forth in subsection (g). Another change is the addition of a “rule of construction” confirming the Court’s authority “to impose additional, particularized minimization procedures with regard to the production, retention, or dissemination” of certain information regarding United States persons, including “procedures related to the destruction of information within a reasonable time period.” See id. § 104(a)(2), 129 Stat. at 272. A third new provision that takes effect on November 29, 2015, states that orders compelling the ongoing, targeted production of “call detail records” must direct the government to adopt minimization procedures containing certain requirements relating to the destruction of such records. See id Pub. L. No. 114-23, § 10l(b)(3)(F)(vii), 129 Stat. at 270-71.

Remember, it took 7 years — including 4 years of FISC-imposed minimization requirements and reviews — before the government met the requirements of the law as passed in 2006. Significantly, Burton got a classified version of the IG report laying out that delay to read, so he surely knows more about that delay than we do.

In addition, Burton set up the FISC to demand more assurances from the government and — potentially — to push it to come to some more reasonable accommodation with EFF than they otherwise might. Remember, when presiding over the criminal case of Raez Qadir Khan, Mosman was going to grant CIPA discovery on the surveillance used to catch Khan, some of which almost certainly included one (Stellar Wind) or another (the PRTT Internet dragnet) of the illegal dragnets, which led almost immediately to a plea deal.

I’m, frankly, pleasantly surprised. Whether it was Mosman’s intent or not, even picking someone without an obvious brief for privacy, Burton helped Mosman shore up the authority of the FISC to ride herd over government spying (and given Judge Hogan’s involvement along the way, he presumably did so with the assent of the presiding FISC judge).

In any case, Mosman was happy with how it all worked out, as he included this footnote in his opinion.

The Court wishes to thank Mr. Burton for his work in this matter. His written and oral presentations were extremely informative to the Court’s consideration of the issues addressed herein. The Court is grateful for his willingness to serve in this capacity.

John Bates, speaking inappropriately on behalf of the FISA Court during USAF debates, squealed mightily about the role an amicus had. Admittedly, the current form is closer to what Bates (who I’ve always suspected was speaking on behalf of John Roberts more than the court) wanted than what reformers wanted.

But at least in this instance, the amicus helped the FISC shore up its authority vis a vis the government.

Update: Richard Posey notes the reference to Burton’s “oral” presentations in the thank you footnote, which suggests he was at the November 20 hearing.  Read more

The NSA (Said It) Ate Its Illegal Domestic Content Homework before Having to Turn It in to John Bates

The question of whether NSA can keep its Section 215 dragnet data past November 28 has been fully briefed for at least 10 days, but Judge Michael Mosman has not yet decided whether the NSA can keep it — at least not publicly. But given what the NSA IG Report on NSA’s destruction of the Internet dragnet says (liberated by Charlie Savage and available starting on PDF 60), we should assume the NSA may be hanging onto that data anyway.

This IG Report documents NSA’s very hasty decision to shut down the Internet dragnet and destroy all the data associated with it at the end of 2011, in the wake of John Bates’ October 3, 2011 opinion finding, for the second time, that if NSA knew it had collected US person content, it would be guilty of illegal wiretapping. And even with the redactions, it’s clear the IG isn’t entirely certain NSA really destroyed all those records.

The report adds yet more evidence to support the theory that the NSA shut down the PRTT program because it recognized it amounted to illegal wiretapping. The evidence to support that claim is laid out in the timeline and working notes below.

The report tells how, in early 2011, NSA started assessing whether the Internet dragnet was worth keeping under the form John Bates had approved in July 2010, which was more comprehensive and permissive than what got shut down around October 30, 2009. NSA would have had SPCMA running in big analytical departments by then, plus FAA, so they would have been obtaining these benefits over the PRTT dragnet already. Then, on a date that remains redacted, the Signals Intelligence Division asked to end the dragnet and destroy all the data. That date has to post-date September 10, 2011 (that’s roughly when the last dragnet order was approved), because SID was advising to not renew the order, meaning it happened entirely during the last authorization period. Given the redaction length it’s likely to be October (it appears too short to be September), but could be anytime before November 10. [Update: As late as October 17, SID was still working on a training program that covered PRTT, in addition to BRFISA, so it presumably post-dates that date.] That means that decision happened at virtually the same time or after, but not long after, John Bates raised the problem of wiretapping violations under FISA Section 1809(a)(2) again on October 3, 2011, just 15 months after having warned NSA about Section 1809(a)(2) violations with the PRTT dragnet.

The report explains why SID wanted to end the dragnet, though three of four explanations are redacted. If we assume bullets would be prioritized, the reason we’ve been given — that NSA could do what it needed to do with SPCMA and FAA — is only the third most important reason. The IG puts what seems like a non sequitur in the middle of that paragraph. “In addition, notwithstanding restrictions stemming from the FISC’s recent concerns regarding upstream collection, FAA §702 has emerged as another critical source for collection of Internet communications of foreign terrorists” (which seems to further support that the decision post-dated that ruling). Indeed, this is not only a non sequitur, it’s crazy. Everyone already knew FAA was useful. Which suggests it may not be a non sequitur at all, but instead something that follows off of the redacted discussions.

Given the length of the redacted date (it is one character longer than “9 December 2011”), we can say with some confidence that Keith Alexander approved the end and destruction of the dragnet between November 10 and 30 — during the same period the government was considering appealing Bates’ ruling, close to the day — November 22 — NSA submitted a motion arguing that Section 1809(a)(2)’s wiretapping rules don’t apply to it, and the day, a week later, it told John Bates it could not segregate the pre-October 31 dragnet data from post October 31 dragnet data.

Think how busy a time this already was for the legal and tech people, given the scramble to keep upstream 702 approved! And yet, at precisely the same time, they decided they should nuke the dragnet, and nuke it immediately, before the existing dragnet order expired, creating another headache for the legal and tech people. My apologies to the people who missed Thanksgiving dinner in 2011 dealing with both these headaches at once.

Not only did NSA nuke the dragnet, but they did it quickly. As I said, it appears Alexander approved nuking it November 10 or later. By December 9, it was gone.

At least, it was gone as far as the IG can tell. As far as the 5 parts of the dragnet (which appear to be the analyst facing side) that the technical repository people handled, that process started on December 2, with the IG reviewing the “before” state, and ended mostly on December 7, with final confirmation happening on December 9, the day NSA would otherwise have had to have new approval of the dragnet. As to the the intake side, those folks started destroying the dragnet before the IG could come by and check their before status:

However, S3 had completed its purge before we had the opportunity to observe. As a result we were able to review the [data acquisition database] purge procedures only for reasonableness; we were not able to do the before and after comparisons that we did for the TD systems and databases disclosed to us.

Poof! All gone, before the IG can even come over and take a look at what they actually had.

Importantly, the IG stresses that his team doesn’t have a way of proving the dragnet isn’t hidden somewhere in NSA’s servers.

It is important to note that we lack the necessary system accesses and technical resources to search NSA’s networks to independently verify that only the disclosed repositories stored PR/TT metadata.

That’s probably why the IG repeatedly says he is confirming purging of the data from all the “disclosed” databases (@nailbomb3 observed this point last night). Perhaps he’s just being lawyerly by including that caveat. Perhaps he remembers how he discovered in 2009 that every single record the NSA had received over the five year life of the dragnet had violated Colleen Kollar-Kotelly’s orders, even in spite of 25 spot checks. Perhaps the redacted explanations for eliminating the dragnet explain the urgency, and therefore raise some concerns. Perhaps he just rightly believes that when people don’t let you check their work — as NSA did not by refusing him access to NSA’s systems generally — there’s more likelihood of hanky panky.

But when NSA tells — say — the EFF, which was already several years into a lawsuit against the NSA for illegal collection of US person content from telecom switches, and which already had a 4- year old protection order covering the data relevant to that suit, that this data got purged in 2011?

Even NSA’s IG says he thinks it did but he can’t be sure.

But what we can be sure of is, after John Bates gave NSA a second warning that he would hold them responsible for wiretapping if they kept illegally collecting US person content, the entire Internet dragnet got nuked within 70 days — gone!!! — all before anyone would have to check in with John Bates again in connection with the December 9 reauthorization and tell him what was going on with the Internet dragnet.

Update: Added clarification language.

Update: The Q2 2011 IOB report (reporting on the period through June 30, 2011) shows a 2-paragraph long, entirely redacted violation (PDF 10), which represents a probably more substantive discussion than the systematic overcollection that shut down the system in 2009.

Read more

Michael Mosman’s Deadlines Raise (More) Questions about the FISC Advocate

In the series of letters purporting to speak for “the judiciary,” Director of the Administrative Office of US Courts John Bates and (after Duff replaced him) James Duff expressed concern about how a FISC amicus would affect the timeliness of proceedings before the court. Bates worried that any involvement of an amicus would require even more lead time than the current one week requirement in FISC applications. He also worried that the presumption an amicus (and potentially tech experts) would have access to information might set off disputes with the Executive over whether they could really have it. Duff apparently worried that the perception that an amicus would oppose the government would lead the government to delay in handing over materials to the FISC.

Which is why I’m interesting in the briefing order Chief FISC Judge Thomas Hogan, signing for Michael Mosman, issued on Wednesday (see below for a timeline).

Back on September 17, Mosman appointed spook lawyer Preston Burton amicus. As part of that order, he gave the government 4 days to refuse to share information with Burton, but otherwise required Burton receive the application and primary order in this docket.

(Pursuant to 50 U.S.C. § 1803(i)(6)(A)(i), the Court has determined that the government’s application (including exhibits and attachments) and the full, unredacted Primary Order in this docket are relevant to the duties of the amicus. By September 22, 2015, or after receiving confirmation from SEPS that the amicus has received the appropriate clearances and access approvals for such materials, whichever is later, the Clerk of the Court shall make these materials available to the amicus.

Yet even after the almost month long delay in deciding to appoint someone and deciding that someone would be Burton, it still took Mosman two weeks after the date when Burton was supposed to have received the relevant information on this issue before setting deadlines. And in setting his deadlines, Mosman has basically left himself only 2 weeks during which time he will have to to decide the issue and the government will have to prepare to keep or destroy the data in question (in past data destruction efforts it has taken a fairly long time). That could be particularly problematic if Mosman ends up requiring the government to pull the data from EFF’s clients from the data retained under their protection order.

On November 28, the order authorizing the retention of this data expires.

To be fair, Mosman is definitely making a more concerted effort to comply with the appearance if not the intent of USA F-ReDux’s amicus provision than, say, Dennis Saylor (who blew if off entirely). And there may be aspects of this process — and FISC’s presumed effort to start coming up with a panel of amici by November 29 — that will take more time than future instances down the road.

Still, it’s hard to understand the almost 3 week delay in setting a briefing schedule.

Unless the government slow-walked giving even a spook lawyer not explicitly ordered to represent the interests of privacy approval to receive and then a packet of documents to review.

I suspect this represents a stall by the government, not FISC (though again, the month long delay in deciding to appoint an amicus didn’t help things, and FISC’s thus far 4 month delay in picking amici likely doesn’t help either). But whatever the cause of the delay, it may indicate a reluctance on someone’s part to use the amicus as intended.

Timeline

July 27: ODNI declares that “NSA has determined” that “NSA will allow technical personnel to continue to have access to the historical metadata for an additional three months”

By August 20: Government asks for permission to retain data past November 28 (the government must submit major FISA orders at least a week in advance)

August 27: Mosman approves dragnet order, defers decision on data retention

September 17: Mosman appoints Burton and orders the government to cough up its application and the full order

September 21: Last date by which government can complain about sharing information with Burton

September 22: Date by which Burton must receive application and order

October 7: Mosman sets deadlines

October 29: Deadline for Burton’s first brief

November 6: Deadline for Government response

November 10: Deadline for Burton reply, if any

November 28: Expiration of authorization to retain data

Preston Burton Was Not Necessarily Appointed to Represent Privacy Interests; Was He Appointed to Undercut EFF?

In my post on Michael Mosman’s appointment of Preston Burton as an amicus to decide whether NSA should be permitted to keep bulk telephony data collected under section 215 past November 28, 2015 I noted he was appointed pursuant to provisions of USA F-ReDux. But I want to correct something: Burton was not — at least not necessarily — appointed to protect civil liberties and privacy.

In his order appointing Burton, here’s how Mosman cited USA F-ReDux.

This appointment is made pursuant to section, 103(i)(2)(B) of the Foreign Intelligence Surveillance Act (“FISA”), codified at 50 U.S.C. § 1803(i)(2)(B), as most recently amended by the USA FREEDOM Act, Pub. L. No. 114-23, 129 Stat. 268, 272 (2015).

[snip]

By the terms of 50 U.S.C. § 1803(i)(2)(A), the Court “shall appoint” to serve as amicus curiae an individual who has been designated as eligible for such service under section 1803(i)(l) “to assist … in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate.” Under section 1803(i)(l), the presiding judges of the Foreign Intelligence Surveillance Court and the Foreign Intelligence Surveillance Court of Review have until November 29, 2015, to jointly designate individuals to serve as amici under section  1803(i)(l). 1 To date, no such designations have been made. Under present circumstances, therefore, the appointment of such an individual “is not appropriate” under section 1803(i)(2)(A), because, as of yet, there are no designated individuals who can serve.

Section 1803(i)(2)(B) provides that the Court “may appoint an individual or organization to serve as amicus curiae … in any instance as such court deems appropriate.” Persons appointed under this provision need not have been designated under section 1803(i)(l ). Pursuant to section l 803(i)(3)(B), however, they must “be persons who are determined to be eligible for access to classified information, if such access is necessary to participate in the matters in which they may be appointed.”

Here, the Court finds it appropriate to appoint Preston Burton as amicus curiae under section 1803(i)(2)(B). Mr. Burton is well qualified to assist the Court in considering the issue specified herein. The Security and Emergency Planning Staff (SEPS) of the Department of Justice has advised that he is eligible for access to classified information.

Effectively, he points to the new language on amicus curiae as “codifying” the authority FISC already had (and has already used, when permitting Center for National Security Studies to file an amicus on phone dragnet orders and tech companies to submit amici briefs in discussions about transparency, though the latter was dismissed before the court considered those briefs, not to mention FISCR’s permission of ACLU and NACDL to submit briefs in In Re Sealed Case in 2002).

He then notes that he cannot appoint one of the 5 selected amici set up to consider “novel or significant interpretation of law” because FISC hasn’t gotten around to appointing those 5 people yet (they have until early December to do so and seem to be taking their time).

He then points to a second means of appointing an amicus — 1803(i)(2)(B) — which says the court “may” appoint an amicus “in any instance as such court deems appropriate or, upon motion, permit an individual or organization leave to file an amicus curiae brief,” as his basis for appointing Burton.

Mosman doesn’t explain why he “finds it appropriate” to appoint an amicus here, unlike when he deemed FreedomWorks an amicus addressing the issue of whether USA F-ReDux restored the phone dragnet to its prior state and therefore justified another phone dragnet order. This is what he said in that instance.

The Court finds that the government’s application “presents a novel or significant interpretation of the law” within the meaning of section 103(i)(2)(A). Because, understandably, no one has yet been designated as eligible to be appointed as an amicus curiae under section 103(i)(2)(A), appointment under that provision is not appropriate. Instead, the Court has chosen to appoint the Movants as amici curiae under section 103(i)(2)(B) for the limited purpose of presenting their legal arguments as stated in the Motion in Opposition and subsequent submissions to date.

Nor does Mosman explain what, in particular, qualifies Burton to serve as amicus here, which might provide some insight as to why he decided it appropriate to appoint an amicus at all. He just says he’s qualified and is eligible for access to classified information. Even under the appointed amici, FISC can appoint someone for reasons other than privacy, and that’s all the more true for this optional appointment.

So reports — including by me! — that Burton would represent the interests of civil liberties may not be correct. For all we know, he could be representing the interests of the spies or DC Madams.

I find Mosman’s silence on his appointment of Burton interesting for two reasons.

First, the genesis of this entire request and deferral is unclear. Back in July — after it had gotten its first post-USA F-ReDux order, and a month before this current one was approved — ODNI issued a statement out of the blue asserting they could keep the data.

On June 29, 2015, the Foreign Intelligence Surveillance Court approved the Government’s application to resume the Section 215 bulk telephony metadata program pursuant to the USA FREEDOM Act’s 180-day transition provision. As part of our effort to transition to the new authority, we have evaluated whether NSA should maintain access to the historical metadata after the conclusion of that 180-day period.

NSA has determined that analytic access to that historical metadata collected under Section 215 (any data collected before November 29, 2015) will cease on November 29, 2015. However, solely for data integrity purposes to verify the records produced under the new targeted production authorized by the USA FREEDOM Act, NSA will allow technical personnel to continue to have access to the historical metadata for an additional three months.

Separately, NSA remains under a continuing legal obligation to preserve its bulk 215 telephony metadata collection until civil litigation regarding the program is resolved, or the relevant courts relieve NSA of such obligations. The telephony metadata preserved solely because of preservation obligations in pending civil litigation will not be used or accessed for any other purpose, and, as soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations.

When that second dragnet order came out in August, I noticed NSA had applied for authority to keep the data, but that Mosman had deferred his answer to whether they could.

The Application requests authority for the Government to retain BR metadata after November 28, 2015, in accordance with the Opinion and Order of this Court issued on March 12,. 2014 in docket number BR 14-01, and subject to the conditions stated therein, including the requirement to notify this Court of any material developments in civil litigation pertaining to such BR metadata. The Application also requests authority, for a period ending on February 29, 2016 for appropriately trained and authorized technical personnel (described in subparagraph B. above) to access BR metadata to verify the completeness and accuracy of call detail records produced under the targeted production orders authorized by the USA FREEDOM Act. The Court is taking these requests under advisement and will address them in a subsequent order or orders. Accordingly, this Primary Order does not authorize the retention and use of BR metadata beyond November 28, 2015.

So for some reason, ODNI was asserting they were going to keep the data before they had asked whether they could — or perhaps when ODNI made that assertion someone at DOJ or in FISC realized they needed to ask permission first. I have asked ODNI for an explanation on this. Update: ODNI General Counsel Bob Litt didn’t exactly explain the timing, but did say “No one ever had any doubt that we would have to ask the court” for permission to keep this data.

But I also find Mosman’s silence about why he appointed Burton curious given that the FISC judge clearly thinks both retention issues — whether the data should be retained under EFF’s protection order issued in NDCA, and whether the data can be retained for 3 months after expiration of the 6 month extension for technical verification — are at issue.

That’s because there’s a far more qualified potential amicus to address the EFF retention issue: EFF. Indeed, Jon Eisenberg, who argued the al-Haramain suit, is a Special Counsel associated with EFF, and he either still has or is qualified to have a Top Secret clearance, and still gets classified documents in Gitmo detainee suits. Particularly given DOJ’s serial failure to accurately represent the nature of EFF’s suit (post one, post two, post three), and DOJ’s failure to notice Reggie Walton (to say nothing of Yahoo itself) of all issues relevant to Yahoo’s challenge of Protect America Act, it would be far better to have someone who has worked on these issues already and who at least has an association with EFF to weigh in, because the FISC is going to get a far better idea of the issues involved, including the stakes for privacy. So why did Mosman appoint a less qualified amicus to address this issue?

Luckily, in deeming FreedomWorks an appropriate amicus in June, Mosman has demonstrated a willingness to appoint amici for the other reason permitted under 103(i)(2)(B), because an organization asks for leave to file one. So maybe EFF should ask! I’ve asked EFF if they will respond to this appointment, but have not received an answer.

The big question, in that situation, would be whether EFF would be given the same information he has already promised to Burton, which includes the application to the court. Again, given DOJ’s serial misinformation of the court on the EFF request, it would sure be interesting to see what representations it made in that application.

Q: Whose Secrets Are More Sensitive than the DC Madam’s? A: NSA’s.

On September 17, FISC Judge Michael Mosman appointed the first known amicus under the terms laid out in USA F-ReDux; notice of which got posted yesterday (Mosman could have done so before USA F-ReDux, of course, but he did cite the statute in making the appointment). The question this amicus will help him determine is whether FISC should permit the government to retain bulk collected data past November 28, when the six month extension of the program ends. The government wants to retain the data it is collecting today for three months to make sure the new dragnet program collects the same data as the last one. But the data in question also includes data being held under an old protection order renewed last year as part of EFF’s suits against government dragnets; I suspect that data would show the extent to which one of the plaintiffs in EFF’s First Unitarian Church suit was dragnetted, and as such is critical to showing injury in that suit.

Mosman had deferred the decision on whether or not to let the government keep that data when he signed the August 28 dragnet order.

So who is the lawyer who will represent the interests of civil liberties and privacy in this question? [Update: In this post, I note Mosman may not have appointed Burton to represent privacy at all.]

White collar defense attorney Preston Burton. In addition to Russian moles Aldrich Ames and Robert Hanssen, Burton represented Monica Lewinsky and the DC Madam, Deborah Jeane Palfrey.

Burton is, undoubtedly, an excellent lawyer. And his experience representing the biggest spies of the last several decades surely qualifies him to work with the phone dragnet data, including data that probably shows NSA mapped out an entire civil liberties’ organization’s structure using the phone dragnet 5 years ago. Though given this description, it’s not clear Burton would learn of that information from the government’s application, which is what he’ll get.

Pursuant to 50 U.S.C. § l 803(i)(6)(A)(i), the Court has detennined that the government’s application (including exhibits and attachments) and the full, unredacted Primary Order in this docket are relevant to the duties of the amicus. By September 22, 2015, or after receiving confirmation from SEPS that the amicus has received the appropriate clearances and access approvals for such materials, whichever is later, the Clerk of the Court shall make these materials available to the amicus.

Moreover, remember the government can claim privilege over this data and not share it with Burton. Mosman even invited the government to tell the Court sharing information with Burton was not consistent with national security (though he set a deadline for doing so for September 21, so I assume they did not complain).

But it’s entirely unclear to me why Burton would be picked to represent the privacy interests of Americans, including those whose First Amendment rights had been violated under this program, in deciding whether to keep or destroy this data. Mosman made no mention of those interests when he explained his choice.

Mr. Burton is well qualified to assist the Court in considering the issue specified herein. The Security and Emergency Planning Staff (SEPS) of the Department of Justice has advised that he is eligible for access to classified information.

Which is why I take this to be one more in the series of Burton’s famous clients, in which discretion about DC’s secrets is the most important factor.

In Reauthorizing the Dragnet, FISC Makes a Mockery of the Amicus Provision

Between a ruling by Dennis Saylor issued on June 17, while I was away, and a ruling by Michael Mosman issued and released today, the FISA Court has done the predictable: ruled both that the lapse of the PATRIOT Act on June 1 did not mean the law reverted to its pre-PATRIOT status (meaning that it permitted collection of records beyond hotel and rental car records), and ruled that the dragnet can continue for 6 more months.

In other words, the government is back in the business of conducting a domestic dragnet of phone records. Huzzah!

As I said, the FISC’s ultimate rulings — that it will treat USA F-ReDux as if it passed before the lapse (a fair but contestable opinion) and that it will permit the dragnet to resume for 6 months — are unsurprising. It’s how they get there, and how they deal with the passage of USA F-ReDux and the rebuke from the 2nd Circuit finding the dragnet unlawful, that I find interesting.

Reading both together, in my opinion, shows how increasingly illegitimate the FISC is making itself. It did so in two ways, which I’ll address in two posts. In this one, I’ll treat the FISC’s differing approaches to the amicus provision.

USA F-ReDux was a deeply flawed bill (and some of my predictions about its weaknesses are already being fulfilled). But it was also intended as a somewhat flaccid critique of the FISC, particularly with its weak requirement for an amicus and its stated intent, if not an effective implementation, to rein in bulk collection.

Congress at least claimed to be telling the FISC it had overstepped both its general role by authorizing programmatic collection orders and its specific interpretation of Section 215. One of its solutions was a demand that FISC stop winging it.

The Court’s response to that was rather surly.

A timeline may help to show why.

June 1: Section 215 lapses

June 2: USA F-ReDux passes and government applies to restart the dragnet

June 5: Ken Cuccinelli and FreedomWorks challenge the dragnet but not resumption of post-PATRIOT Section 215 (Section 109)

June 5: Michael Mosman orders government response by June 12, a supplemental brief from FreedomWorks on Section 109 by June 12, immediate release of government’s June 2 memorandum of law

June 12: Government submits its response and FreedomWorks submits its Section 109 briefing, followed by short response to government submission

June 17: In response to two non-bulk applications, Dennis Saylor rules he doesn’t need amicus briefing to decide Section 109 question then rules in favor of restoration of post-PATRIOT Section 215

June 29: Michael Mosman decides to waive the 7-day application rule, decides to treat FreedomWorks as the amicus in this case while denying all other request for relief, and issues order restarting dragnet for until November 29 (the longest dragnet order ever)

After having been told by Congress FISC needs to start consulting with an amicus on novel issues, two judges dealt with that instruction differently.

In part, what happened here (as has happened in the past, notably when Colleen Kollar-Kotelly was reviewing the first Protect America Act certifications while Reggie Walton was presiding over Yahoo’s challenge to their orders) is that one FISC judge, Saylor, was ruling whether two new orders (BR 15-77 and 15-78) could be approved giving the lapse in Section 215 (which became a ruling on how to interpret Section 109) while another FISC judge, Mosman, was reviewing what to do with the FreedomWorks challenge. That meant both judges were reviewing what to do with Section 109 at the same time. On June 5, Mosman ordered up the briefing that would make FreedomWorks an amicus without telling them they were serving as such until today. FreedomWorks did offer up this possibility when they said they were “amenable to [designation as an amicus curiae] by this Court, as an alternative to proceeding under this Motion in Opposition,” but they also repeatedly requested an oral hearing, most recently a full 17 days ago.

The Court now turns to the Movants’ alternative request to participate as amici curiae. Congress, through the enactment of the USA FREEDOM Act, has expressed a clear preference for greater amicus curiae involvement in certain types of FISC proceedings.

[Mosman reviews of the amicus language of the law]

The Court finds that the government’s application “presents a novel or significant interpretation of the law” within the meaning of section 103(i)(2)(A). Because, understandably, no one has yet been designated as eligible to be appointed as an amicus curiae under section 103(i)(2)(A), appointment under that provision is not appropriate. Instead, the Court has chosen to appoint the Movants as amici curiae under section 103(i)(2)(B) for the limited purpose of presenting their legal arguments as stated in the Motion in Opposition and subsequent submissions to date.7

7 [footnote talking about courts’ broad discretion on how they use amicus]

That is, on June 29, Mosman found this circumstance requires an amicus under the law, and relied on briefing ordered way back on June 5 and delivered on June 12, while denying any hearing in the interim.

Meanwhile, in a June 17 ruling addressing what I consider the more controversial of the two questions Mosman treated — whether the lapse reverted Section 215 to its pre-PATRIOT status — Saylor used this logic to decide he didn’t need to use an amicus.

[3 paragraphs laying out how 103(i)(2)(A) requires an amicus unless the court finds it is not appropriate, while section 103(i)(2)(B) permits the appointment of an amicus]

The question presented here is a legal question: in essence, whether the “business records” provision of FISA has reverted to the form it took before the adoption of the USA PATRIOT Act in October 2001. That question is solely a matter of statutory interpretation; it presents no issues of fact, or application of facts to law, and requires no particular knowledge or expertise in technological or scientific issues to resolve. The issue is thus whether an amicus curiae should be appointed to assist the court in resolving that specific legal issue.

The legal question here is undoubtedly “significant” within the meaning of Section 1803(i)(2)(A). If Section 501 no longer provides that the government can apply for or obtain orders requiring the production of a broad range of business records and other tangible things under the statute, that will have a substantial effect on the intelligence-gathering capabilities of the government. It is likely “novel,” as well, as the issue has not been addressed by any court (indeed, the USA FREEDOM Act, is only two weeks old). The appointment of an amicus curiae would therefore appear to be presumptively required, unless the court specifically finds that such an appointment is “not appropriate.”

Because the the statute is new, the court is faced for the first time with the question of when it is “not appropriate” to appoint an amicus curiae. There is no obvious precedent on which to draw. Moreover, the court as a whole has not had an opportunity to consider or adopt any rules addressing the designation of amicus curiae.

The statute provides some limited guidance, in that it clearly contemplates that there will be circumstances where an amicus curiae is unnecessary (that is, “not appropriate”) even though an application presents a “novel or significant interpretation of the law.” At a minimum, it seems likely that those circumstances would include situations where the court concludes that it does not need the assistance or advice of amicus curiae because the legal question is relatively simple, or is capable of only a single reasonable or rational outcome. In other words, Congress must have intended the court need not appoint amicus curiae to point out obvious legal issues or obvious legal conclusions, even if the issue presented was “novel or significant.” Accordingly, the court believes that if the appropriate outcome is sufficiently clear, such that no reasonable jurist would reach a different decision, the appointment of an amicus curiae is not required under the statute.

This is such an instance. Although the statutory framework is somewhat tangled, the choice before the court is actually clear and stark: as described below, it can apply well established principles of statutory construction and interpret the USA FREEDOM Act in a manner that gives meaning to all its provisions, or it can ignore those principles and conclude that Congress passed an irrational statute with multiple superfluous parts.

That is, 5 days after FreedomWorks submitted briefing on the particular issue in question — Section 109 — Saylor decided he did not need an amicus even though this was obviously a novel issue. While FreedomWorks only addressed one of its responses to the question of the lapse, it did argue that, “Congress was fully aware ofthe problems associated with passing the expiration date and they chose to do nothing to fix those problems.”

And Saylor did not do what Mosman did, recognize that even though there wasn’t an amicus position set up, the court could easily find one, even if it asked the amicus to brief under 103(i)(2)(B). Indeed, by June 17, former SSCI Counsel Michael Davidson — literally the expert on FISA sunset provisions — had written a JustSecurity post describing the lapse as a “huge problem.” So by the time Saylor had suggested that “no reasonable jurist” could disagree with him, the author of the sunset provision in question had already disagreed with him. Why not invite Davidson to submit a brief?

It seems Mosman either disagrees with Saylor’s conclusion about the seriousness of Congress’ “preference for greater amicus curiae involvement” (though, having read Saylor’s opinion, he does say appointment under 103(i)(2)(A) “is not appropriate,” though without adopting his logic for that language in the least), or has been swayed by the criticism of people like Liza Goitein and Steve Vladeck responding to Saylor’s earlier opinion.

All that said, having found a way to incorporate an amicus — even one not knowingly acting as such during briefing — Mosman than goes on to completely ignore what the government and JudicialWatch said about the lapse — instead just declaring that “the government has the better end of the dispute” — and to justify that judgment, simply quoting from Saylor.

On June 1, 2015, the language of section 501 reverted to how it read on October 25, 2001. See page 2 supra. The government contends that the USA FREEDOM Act, enacted on June 2, 2015, restored the version of section 501 that had been in effect immediately before the June 1 reversion, subject to amendments made by that Act. Response at 4. Movants contend that the USA FREEDOM Act had no such effect. Supplemental Brief at 1-2. The Court concludes that the government has the better of this dispute.

Another judge of this Court recently held that the USA FREEDOM Act effectively restored the version of section 501 that had been in effect immediately before the June 1 sunset. See In reApplication of the FBI for Orders Requiring the Production ofTangible Things, Docket Nos. BR 15-77, 15-78, Mem. Op. (June 17, 2015). In reaching that conclusion, the Court noted that, after June 1, Congress had the power to reinstate the lapsed language and could exercise that power “by enacting any form of words” making clear “its intention to do so.” Id. at 9 (internal quotation marks omitted). The Court found that Congress indicated such an intention through section 705(a) of the USA FREEDOM Act, which amended the pertinent sunset clause8 by striking the date “June 1, 2015,” and replacing it with “December 15, 2019.” Id. at 7-9. Applying fundamental canons of statutory interpretation, the Court determined that understanding section 705(a) to have reinstated the recently-lapsed language of section 501 of FISA was necessary to give effect to the language of the amended sunset clause, as well as to amendments to section 501 of FISA made by sections 101 through 107 of the USA FREEDOM Act, and to fit the affected provisions into a coherent and harmonious whole. Id. at 10-12. The Court adopts the same reasoning and reaches the same result in this case.

JudicialWatch’s argument was the mirror image of Saylor’s — that “Congress was fully aware of the problems associated with passing the expiration date and they chose to do nothing to fix those problems” — and yet Mosman doesn’t deal with it in the least. His colleague had ruled, and so the government must have the better side of the argument.

That’s basically the logic Mosman uses on the underlying question, which I hope to return to. Even in making a symbolic nod to the amicus, Mosman is still engaging in the legally suspect navel gazing that has become the signature of the FISC.

Mind you, I’m not surprised by all this. That was very clearly what was going to happen to the amicus, and one reason why I said it’d be likely a 9-year process until we had an advocate that would make the FISC a legitimate court.

But this little exhibition of navel gazing has only reinforced my belief that we should not wait that long. There is no reason to have a FISC anymore, not now that virtually every District court has the ability to conduct the kind of classified reviews that FISC judges do. And as we’re about to see (Jameel Jaffer promised he’s going to ask the 2nd Circuit for an injunction today), the competing jurisdictions that in this case let District Court judges dismiss Appellate judges as less preferable than the government are going to create legal confusion for the foreseeable future (though one the government and FISC are likely going to negate by using the new fast track review process I warned about).

The FISC is beyond saving. We should stop trying.