Posts

If the AG Is Involved in a Foreign Influence Operation, Does He Have to Register with Himself?

Way at the end of a CNN story on Rudy Giuliani’s grifters, Lev Parnas and Igor Fruman, this bombshell appears:

Two weeks ago when they were arrested, Parnas and Fruman were preparing to fly to Vienna, Austria, to meet Giuliani and another key figure in the impeachment investigation, Ukraine’s former prosecutor general Viktor Shokin, according to four sources familiar with their trip. Shokin is the same Ukrainian official who former Vice President Joe Biden — along with other Western leaders — had pushed to have removed over concerns he wasn’t prosecuting corruption.

While questions in Washington swirl around Shokin’s role in this controversy, Giuliani, Parnas, Fruman had specific plans for the former Ukrainian official up until the day of their arrest. According to those four sources, they told others they were headed to Vienna to help with a planned interview the next day: Shokin, they said, was scheduled to do an interview from the Austrian capital with Sean Hannity.

Through a spokesperson, Hannity said that “we never reveal our sources, potential sources, or persons they may or may not request to interview. Sean Hannity takes the first amendment seriously.”

The bullshit about how the First Amendment is why he’s not revealing his “potential source” who the TV star would have interviewed on TV got added overnight.

The news that Hannity was only saved from being a part of this influence operation by the arrest of two of its key players is news enough. But it dramatically changes the import of this news — that the night before this interview was scheduled, and after meeting with SDNY that same day, and probably after the grifters had been arrested as they tried to leave the country, the Attorney General of the United States had a meeting with Rupert Murdoch at the latter’s home.

Attorney General William P. Barr met privately Wednesday evening with Rupert Murdoch, the media mogul who is one of President Trump’s frequent confidants but whose Fox News is viewed by the president as more hostile toward him than it used to be.

The meeting was held at Mr. Murdoch’s home in New York, according to someone familiar with it. It was unclear if anyone else attended or what was discussed. Aides to both Mr. Murdoch and Mr. Barr declined requests for comment on the meeting.

So the presumed schedule for the players looks like this:

Lunch: Rudy meets with the grifters across the street from DOJ

Before the arrest: Barr informed they would be arrested (he met with SDNY that day)

Roughly 6:30: SDNY has the grifters as they prepare to fly to Vienna using one way tickets

After the arrest: Barr meets privately with Sean Hannity’s boss

This story from Parnas and Fruman’s arraignment yesterday revealed that SDNY has been monitoring twelve different phone lines.

Assistant U.S. Attorney Rebekah Donaleski told Oetken that evidence in the case that will need to be turned over to the defense was “quite voluminous.” She mentioned about 50 bank accounts and more than a dozen cell phones that were monitored in some fashion, as well as search warrants and subpoenas.

Admittedly, this number is across four different defendants (thus far), but twelve is a lot, and that word, “monitor” sure sounds like wiretapping. Which may be why Rudy is finally shopping for a defense attorney.

Wiretaps might be the kind of thing SDNY would brief Barr on if he met with prosecutors the day of the arrest. Prosecutors might also tell Barr what kind of high profile people had been caught up on the grifters’ encrypted texts, as Hannity was with Paul Manafort. In either case, it is virtually certain that Hannity was caught in the surveillance of the grifters, even if contacts between him and Rudy weren’t already obtained.

It looks bad, but given how much Barr has mainlined Fox propaganda over the last two decades, it wouldn’t be surprising if Barr attempted to protect the propaganda channels’ top entertainer.

All of which leads me back to something else: the Attorney General’s very narrow denials that he was pursuing Ukrainian dirt in the wake of the release of the Trump-Zelensky call on September 25.

At the end of August, when two top intelligence officials asked a Justice Department lawyer whether a whistle-blower’s complaint should be forwarded to Congress, they were told no, Attorney General William P. Barr and his department could handle the criminal referral against the president of the United States.

About four weeks later, the department rendered its judgment: President Trump had not violated campaign finance laws when he urged Ukraine’s president to work with Mr. Barr to investigate a political rival, former Vice President Joseph R. Biden Jr.

[snip]

The rough transcript showed that Mr. Trump believes he has that man. In a single sentence during the call with Ukraine’s leader, Mr. Trump said that he would have Rudolph W. Giuliani, his personal lawyer, and Mr. Barr reach out to help further an investigation of Mr. Biden and his younger son, Hunter Biden, who had served on the board of a Ukrainian corporation.

“I will have Mr. Giuliani give you a call, and I am also going to have Attorney General Barr call, and we will get to the bottom of it,” Mr. Trump said.

A Justice Department official said that Mr. Barr had no knowledge of the call until the director of national intelligence and the intelligence community’s inspector general sent the department the whistle-blower’s criminal referral late last month, and that Mr. Trump has not spoken with the attorney general “about having Ukraine investigate anything relating to former Vice President Biden or his son.”

Mr. Trump has not asked Mr. Barr to contact Ukraine for any reason, Mr. Barr has not communicated with Ukraine on any topic, and Mr. Barr has not spoken with Mr. Giuliani about the president’s phone call “or anything relating to Ukraine,” a Justice Department spokeswoman, Kerri Kupec, said in a statement.

[snip]

But Mr. Barr is also closely overseeing a review of the intelligence community’s decision to start a counterintelligence investigation into the Trump campaign during the 2016 election, which is being led by John Durham, the United States attorney in Connecticut. As part of that review, Mr. Durham is exploring what role, if any, a number of countries including Ukraine played in the investigation of the Trump campaign.

“While the attorney general has yet to contact Ukraine in connection with this investigation, certain Ukrainians who are not members of the government have volunteered information to Mr. Durham, which he is evaluating,” Ms. Kupec said.

According to DOJ, the following is true (or was true, as of September 25):

  • Barr had no knowledge of the call until Joseph Maguire sent the whistleblower complaint “late last month” (subsequent reporting probably moves that date back to when John Demers reviewed the transcript on August 15, and not knowing about the call is not the same thing as not knowing about the extortion attempt)
  • Trump has not spoken to Barr “about having Ukraine investigate anything relating to former Vice President Biden or his son,” which doesn’t exclude Trump asking Barr to investigate 2016, which is what the transcript more directly references
  • Trump has not asked Mr. Barr to contact Ukraine for any reason, nor has Barr communicated with Ukraine (multiple reports have noted that Barr’s wild goose chase has largely bypassed official legal request channels, which would present problems regarding the admissibility of any evidence he receives, but also would be consistent with the public reporting that he is pursuing Ukrainian dirt outside of official channels)
  • Barr has not spoken with Rudy about the call “or anything relating to Ukraine,” which doesn’t address whether he has addressed other sources of disinformation with Rudy, nor does it say whether Barr has communicated to Rudy via other channels or received a dossier of disinformation on Ukraine, sent by Rudy on White House stationary, as Pompeo did
  • Certain Ukrainians who are not members of the government have volunteered information to Mr. Durham, which he is evaluating;” this does not exclude Barr speaking to these same Ukrainians, as Barr has been with so many other parts of his wild goose chase, nor does it exclude Barr learning of the Ukrainians when he took a meeting with Joseph DiGenova and Victoria Toensing to discuss the Ukrainian oligarch whose bid to beat a bribery charge involves disinformation created by Viktor Shokin, the guy Hannity was going to interview

Given this narrow denial, it would be more likely than not that Barr knew of Firtash’s effort to use Shokin’s claim that he was unfairly targeted and encouraged John Durham to reach out to Shokin, to say nothing of several other pieces of disinformation Rudy has been floating.

What is absolutely certain, though, is that DOJ’s narrow denial in no way denies that Barr’s wild goose chase has incorporated materials that Rudy obtained as a result of the extortion attempt with Ukraine.

Indeed, back in the halcyon days before the grifters were arrested, frothy right wingers — up to and including close Rudy associate Michael Mukasey — keyed on DOJ’s confirmation that Durham was reviewing materials from Ukraine, as if that validated Rudy’s efforts. Back before Parnas and Fruman were arrested, the frothy right boasted that Durham had received these Ukrainian “leads.”

Which may be why Bill Barr’s DOJ did two things — consider the call transcript, and not the full whistleblower complaint, as the referral, and not forward the complaint to FEC as required under a standing MOU — that prevented others from identifying the ties between Parnas and Fruman (whom DOJ has repeatedly said Barr knew were being investigated) and the President’s July 25 call. To say nothing of the way his OLC treated his implication by the call as Top Secret, even though the White House itself considered it less classified.

Already, we have three solid pieces of evidence that Bill Barr’s DOJ engaged in a cover-up in a failed attempt to prevent anyone from tying the Parnas and Fruman influence campaign, his own wild goose chase, and the President’s extortion of Ukraine together.

But if Barr shared information learned about an ongoing investigation to prevent Hannity from embarrassment or even legal jeopardy, that would be a far more significant step.

Update: In the wake of Mick Mulvaney’s confirmation that Trump withheld duly appropriated funding from Ukraine to coerce it to cooperate in the Durham investigation, three different outlets did articles on what Durham is up to (NYT, NBC, CNN). Although all three provided new details on the investigation generally, none provided details describing from which Ukrainians Durham has received information.

Judicial Watch Reveals Reza Zarrab’s Lawyer May Have Pitched Rosenstein on Special Counsel Pick

I love when Judicial Watch liberates documents they think are damning but actually demonstrate that conspiracy theories are false, as they did when they liberated Bruce Ohr documents showing he actually helped the FBI vet the Steele dossier. Then there’s the recent release showing that current US Attorney George Terwilliger was pushing Bill Barr’s theory that Jim Comey deserved to be fired the weekend before Robert Mueller was hired.

But there’s something potentially more important in that batch.

The WaPo’s coverage of Rudy Giuliani and Michael Mukasey’s efforts to pressure Rex Tillerson to push DOJ to release Turkish money launderer Reza Zarrab contextualizes the fall 2017 meeting by recalling that Trump and Erdogan met on May 16, 2017


The two leaders finished their first meeting and performed their ceremonial handshake at about 1PM.

Just half an hour earlier, at 12:30 PM, Andrew McCabe had explained to Rod Rosenstein that he had opened an investigation into Donald Trump. The two then discussed Rosenstein’s thoughts about appointing a special prosecutor. Rosenstein said he was choosing between two candidates, one (who must be Mueller) who could start immediately.

At 1:09, former Deputy Attorney General Mark Filip (and Bill Barr colleague) called Rosenstein from his Kirkland and Ellis phone, left a message, and asked Rosenstein to call him.

At 3:25, Rosenstein wrote back and told him “Mukasey might call.” It’s unclear whether this is Marc or Michael Mukasey, but it doesn’t much matter, because Michael was already representing Zarrab and Marc was very very close to Giuliani.

In other words, within hours after Erdogan met Trump at the White House and asked for Zarrab’s release, someone effectively representing Zarrab appeared to be in touch with Rosenstein, who then suggested that whichever Mukasey it was call Filip.

The thing is, by all appearances, this Mukasey call pertained to question about hiring a Special Counsel. That’s because shortly thereafter, Rosenstein writes Filip back and tells him he’s going with Mueller (which suggests Filip may have been his other candidate).

If all that’s right, it suggests one of Zarrab’s lawyers may have weighed in on the Special Counsel decision just minutes after Erdogan requested Trump release him and (simultaneously) a key McCabe-Rosenstein meeting.

That’s not all that surprising. After all, the Mike Flynn investigation had already developed to include at least two of four strands, the lies about Russia and the lies about Turkey.

But then Rosenstein chose to appoint Mueller, not his other choice (who may have been Filip).

From that moment, Republicans were pushing the Bill Barr line. And Bill Barr is now in charge (and was, for the closure of the Mueller investigation). And that push may have had as much to do with Turkey as it did Russia.

In Days before Robert Mueller Got Hired, DOJ Immediately Forwarded Bill Barr’s Op-Ed Approving of Comey’s Firing to Rod Rosenstein

Judicial Watch released another set of files, from the days leading up to his appointment of Robert Mueller, that they think are incriminating for stupid reasons that aren’t.

There’s two emails that might, actually, be damning. The very conservative former Deputy Attorney General Mark Filip emailed Rod Rosenstein asking him to call. Rosenstein answered, first, by saying that “Mukasey” was going to call, and imploring Filip to listen to him. That’s scandalous in any case, because the son of Michael Mukasey (who was Filip’s onetime boss) was representing affiliated players here. Then Rosenstein wrote back and seemed to tell Filip he was hiring Mueller. Was Filip the other candidate Rosenstein considered?

The more interesting detail is how DOJ treated Bill Barr’s May 12, 2017 op-ed applauding Trump’s decision to fire Jim Comey. In it Barr condemned how Comey handled the Hillary investigation, then said that his firing wouldn’t affect the Russian investigation (but not addressing Trump’s comments about that being the purpose of firing Comey).

Jeff Sessions’ spox, who received it from the “RNC War Room,” sent it to Rosenstein’s office the morning after the op-ed was posted, during the weekend he was contemplating hiring Mueller.

But even before that, DAG employee (and current EDVA US Attorney) George Terwilliger forwarded it (though not the RNC War Room version) as well, telling Rosenstein it was the most important thing for him to read that weekend.

At the very least, the close attention the op-ed (which largely parroted the ginned up reasons Rosenstein gave for firing Comey) received are intriguing, as is the choice from the RNC War Room to send it out.

But it’s also a hell of a way for Rosenstein to meet his future boss.

Jay Sekulow Seems Worried that Trump’s “Collusion” Is Visible from Space

Donald Trump’s defense team must believe he’s in the clear, because they’ve gone back to their previous hobbies: Rudy Giuliani’s been engaging in international graft, and Jay Sekulow has been hunting for conspiracy theories in FOIA searches.

In one of two recent FOIA conspiracy efforts, Sekulow obtained documents pertaining to EO 12333 sharing rules passed in the last days of the Obama Administration. While the sharing rules explicitly prohibit disseminations “for the purpose of affecting the political process in the United States,” I did note at the time would enable the FBI to obtain more information on Russian targets.

One of the documents liberated by Sekulow includes a bullet point that reads,

The time spent by our staffs on crafting the document, the significance of these procedures to intelligence integration, and the level of public interest in their completion all contribute to my personal interest in having procedures signed by the Attorney General before the conclusion of the Administration.

Another is an email from James Clapper’s General Counsel, Bob Litt, saying, “Really really want to get this done .. and so does the Boss.”

From that, Sekulow claims that the sharing rules — an effort that started under Trump ally Michael Mukasey and which, as an EO, Trump could change at will — are part of a Deep State plot to spy on Trump.

Consider what we now know about the nature and degree of Deep State opposition to President Trump.

There have been public revelations about the infamous disgrace known as the Steele dossier, a report by a former British spy funded by the Hillary Clinton campaign that made false and baseless allegations against presidential candidate Trump.

There were also documented abuses of the Foreign Intelligence Surveillance Act that led to an FBI investigation – codenamed Crossfire Hurricane – of possible ties between the Trump presidential campaign and Russia. Special Counsel Robert Mueller later concluded after an exhaustive investigation lasting nearly two years that the Trump campaign did not conspire with Russia to advance Trump’s election chances.

We are also now aware of Director of National Intelligence Clapper’s open hostility to President Trump and intentional leaking by senior law enforcement and intelligence officials who were also hostile to Trump.

All of these facts point to a coordinated effort across agencies during the Obama administration to oppose the incoming Trump administration.

What’s utterly drop dead hysterical, however, is something else one document liberated by the Commander-in-Chief’s personal attorney reveals. It describes what agency is most anxious to start getting NSA’s data: the National Geospatial-Intelligence Agency.

Several Intelligence Community elements, including the Defense Intelligence Agency and the National Geospatial-Intelligence Agency, have identified missions that would benefit from access to NSA [redacted]. NSA also supports the procedures.

In other words, the changes that Sekulow are sure came about to spy on Trump were done, in large part, for the benefit of the agency that engages in our satellite collection.

Which must mean that the President’s personal defense attorney worries that his “collusion” is visible from space.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In Defense of Suspected Russian Agent Carter Page, Michael Mukasey Just Gave Defense Attorneys a Big Gift

In my post laying out the damage the Nunes memo might have caused, I predicted that defense attorneys would use the release of the memo — and the language Don McGahn used to claim its release served a public interest — to support their arguments that defendants should get to review the underlying application for a FISA warrant.

In the 40 year history of FISA, no defendant who got notice that FISA data was being used against them in prosecution has been able to review the application used against them. Because Nunes released this information so frivolously, because White House Counsel Don McGahn, in his cover memo, suggested this was a time when “public interest in disclosure of [FISA materials] outweighs any need to protect the information, the memo lowers the bar for release of FISA-related information going forward.

I assume Carter Page, if he is charged, will successfully be able to win review of his FISA application (and think that would be entirely appropriate); that may mean he doesn’t get charged or, if he does, Mueller has to bend over backwards to avoid using FISA material.

But I also assume — and hope — that this disclosure ends the 40 year drought on the release of information, which the original drafters of FISA envisioned would be appropriate in certain circumstances. I think this the one salutary benefit of this memo; it makes it more likely that FISA will work the way it is supposed to going forward.

I even think it possible that the release of this information may affect the response to Keith Gartenlaub’s pending appeal in the Ninth Circuit. His is a case that merits FISA review, and whereas the court might have hesitated to give him that in the past, it would be far easier for them to do so here.

Former Attorney General Michael Mukasey, fresh off trying to broker the release of sanctions violator Reza Zarrab, just gave defense attorneys another big gift.

In a WSJ op-ed that ignores all the holes in the Nunes memo and pretends two guilty pleas about lies about negotiations with Russians have nothing to do with an investigation into “collusion” with Russians, he says that Carter Page’s FISA application should be made public so we can figure out whether DOJ misled the FISA Court.

I believe that at a minimum, the public should get access to a carefully redacted copy of the FISA application and renewals, so we can see whether officials behaved unlawfully by misleading a court;

Remember: when defendants who’ve gotten FISA notice ask to see their own applications to see whether “officials behaved unlawfully by misleading a court,” one thing the government has to do to keep the application secret is submit a declaration from the Attorney General saying that FISA applications are so sensitive they can never be shared with defendants. In the declaration Eric Holder submitted in the Gartenlaub case, for example, he claimed,

Based on the facts and considerations set forth below, I hereby claim that it would harm the national security of the United States to disclose or hold an adversary hearing with respect to the FISA Materials.

[snip]

I certify that the unauthorized disclosure of the FISA Materials that are classified at the “TOP SECRET” level could reasonably be expected to cause exceptionally grave damage to the national security of the United States. I further certify that the unauthorized disclosure of the FISA materials that are classified at the “SECRET” level could be expected to cause serious damage to the national security of the United States. The FISA Materials contain sensitive and classified information concerning United States intelligence sources and methods and other information related to efforts of the United States to conduct national security investigations, including the manner and means by which those investigations are conducted. As a result, the unauthorized disclosure of the information could harm the national security interests of the United States.

I’m sure Holder was using boilerplate that Mukasey himself used, when he submitted similar declarations to courts.

Remember, Gartenlaub is awaiting a ruling from the Ninth Circuit on whether he should be able to access his FISA application to see whether officials misled the FISA Court. The government has been claiming over and over that accessing his FISA application to do so would be too dangerous.

And yet, here we have one of the most hawkish Attorneys General in recent history telling the world that even the public release of FISA applications to do just that would be useful.

A Dragnet of emptywheel’s Most Important Posts on Surveillance, 2007 to 2017

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten this week.

To celebrate, the emptywheel team has been sharing some of our favorite work from the last decade. This is my massive dragnet of surveillance posts.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2007

Whitehouse Reveals Smoking Gun of White House Claiming Not to Be Bound by Any Law

Just days after opening the new digs, I noticed Sheldon Whitehouse entering important details into the Senate record — notably, that John Yoo had pixie dusted EO 12333 to permit George Bush to authorize the Stellar Wind dragnet. In the ten years since, both parties worked to gradually expand spying on Americans under EO 12333, only to have Obama permit the sharing of raw EO 12333 data in its last days in office, completing the years long project of restoring Stellar Wind’s functionalities. This post, from 2016, analyzes a version of the underlying memo permitting the President to change EO 12333 without providing public notice he had done so.

2008

McConnell and Mukasey Tell Half Truths

In the wake of the Protect America Act, I started to track surveillance legislation as it was written, rather than figure out after the fact how the intelligence community snookered us. In this post, I examined the veto threats Mike McConnell and Michael Mukasey issued in response to some Russ Feingold amendments to the FISA Amendments Act and showed that the government intended to use that authority to access Americans’ communication via both what we now call back door searches and reverse targeting. “That is, one of the main purposes is to collect communications in the United States.”

9 years later, we’re still litigating this (though, since then FISC has permitted the NSA to collect entirely domestic communications under the 2014 exception).

2009

FISA + EO 12333 + [redacted] procedures = No Fourth Amendment

The Government Sez: We Don’t Have a Database of All Your Communication

After the FISCR opinion on what we now know to be the Yahoo challenge to Protect American Act first got declassified, I identified several issues that we now have much more visibility on. First, PAA permitted spying on Americans overseas under EO 12333. And it didn’t achieve particularity through the PAA, but instead through what we know to be targeting procedures, including contact chaining. Since then we’ve learned the role of SPCMA in this.

In addition, to avoid problems with back door searches, the government claimed it didn’t have a database of all our communication — a claim that, narrowly parsed might be true, but as to the intent of the question was deeply misleading. That claim is one of the reasons we’ve never had a real legal review of back door searches.

Bush’s Illegal Domestic Surveillance Program and Section 215

On PATRIOTs and JUSTICE: Feingold Aims for Justice

During the 2009 PATRIOT Act reauthorization, I continued to track what the government hated most as a way of understanding what Congress was really authorizing. I understood that Stellar Wind got replaced not just by PAA and FAA, but also by the PATRIOT authorities.

All of which is a very vague way to say we probably ought to be thinking of four programs–Bush’s illegal domestic surveillance program and the PAA/FAA program that replaced it, NSLs, Section 215 orders, and trap and trace devices–as one whole. As the authorities of one program got shut down by exposure or court rulings or internal dissent, it would migrate to another program. That might explain, for example, why Senators who opposed fishing expeditions in 2005 would come to embrace broadened use of Section 215 orders in 2009.

I guessed, for example, that the government was bulk collecting data and mining it to identify targets for surveillance.

We probably know what this is: the bulk collection and data mining of information to select targets under FISA. Feingold introduced a bajillion amendments that would have made data mining impossible, and each time Mike McConnell and Michael Mukasey would invent reasons why Feingold’s amendments would have dire consequences if they passed. And the legal information Feingold refers to is probably the way in which the Administration used EO 12333 and redacted procedures to authorize the use of data mining to select FISA targets.

Sadly, I allowed myself to get distracted by my parallel attempts to understand how the government used Section 215 to obtain TATP precursors. As more and more people confirmed that, I stopped pursuing the PATRIOT Act ties to 702 as aggressively.

2010

Throwing our PATRIOT at Assange

This may be controversial, given everything that has transpired since, but it is often forgotten what measures the US used against Wikileaks in 2010. The funding boycott is one thing (which is what led Wikileaks to embrace Bitcoin, which means it is now in great financial shape). But there’s a lot of reason to believe that the government used PATRIOT authorities to target not just Wikileaks, but its supporters and readers; this was one hint of that in real time.

2011

The March–and April or May–2004 Changes to the Illegal Wiretap Program

When the first iteration of the May 2004 Jack Goldsmith OLC memo first got released, I identified that there were multiple changes made and unpacked what some of them were. The observation that Goldsmith newly limited Stellar Wind to terrorist conversations is one another reporter would claim credit for “scooping” years later (and get the change wrong in the process). We’re now seeing the scope of targeting morph again, to include a range of domestic crimes.

Using Domestic Surveillance to Get Rapists to Spy for America

Something that is still not widely known about 702 and our other dragnets is how they are used to identify potential informants. This post, in which I note Ted Olson’s 2002 defense of using (traditional) FISA to find rapists whom FBI can then coerce to cooperate in investigations was the beginning of my focus on the topic.

2012

FISA Amendments Act: “Targeting” and “Querying” and “Searching” Are Different Things

During the 2012 702 reauthorization fight, Ron Wyden and Mark Udall tried to stop back door searches. They didn’t succeed, but their efforts to do so revealed that the government was doing so. Even back in 2012, Dianne Feinstein was using the same strategy the NSA currently uses — repeating the word “target” over and over — to deny the impact on Americans.

Sheldon Whitehouse Confirms FISA Amendments Act Permits Unwarranted Access to US Person Content

As part of the 2012 702 reauthorization, Sheldon Whitehouse said that requiring warrants to access the US person content collected incidentally would “kill the program.” I took that as confirmation of what Wyden was saying: the government was doing what we now call back door searches.

2013

20 Questions: Mike Rogers’ Vaunted Section 215 Briefings

After the Snowden leaks started, I spent a lot of time tracking bogus claims about oversight. After having pointed out that, contrary to Administration claims, Congress did not have the opportunity to be briefed on the phone dragnet before reauthorizing the PATRIOT Act in 2011, I then noted that in one of the only briefings available to non-HPSCI House members, FBI had lied by saying there had been no abuses of 215.

John Bates’ TWO Wiretapping Warnings: Why the Government Took Its Internet Dragnet Collection Overseas

Among the many posts I wrote on released FISA orders, this is among the most important (and least widely understood). It was a first glimpse into what now clearly appears to be 7 years of FISA violation by the PRTT Internet dragnet. It explains why they government moved much of that dragnet to SPCMA collection. And it laid out how John Bates used FISA clause 1809(a)(2) to force the government to destroy improperly collected data.

Federated Queries and EO 12333 FISC Workaround

In neither NSA nor FBI do the authorities work in isolation. That means you can conduct a query on federated databases and obtain redundant results in which the same data point might be obtained via two different authorities. For example, a call between Michigan and Yemen might be collected via bulk collection off a switch in or near Yemen (or any of the switches between there and the US), as well as in upstream collection from a switch entering the US (and all that’s assuming the American is not targeted). The NSA uses such redundancy to apply the optimal authority to a data point. With metadata, for example, it trained analysts to use SPCMA rather than PATRIOT authorities because they could disseminate it more easily and for more purposes. With content, NSA appears to default to PRISM where available, probably to bury the far more creative collection under EO 12333 for the same data, and also because that data comes in structured form.

Also not widely understood: the NSA can query across metadata types, returning both Internet and phone connection in the same query (which is probably all the more important now given how mobile phones collapse the distinction between telephony and Internet).

This post described how this worked with the metadata dragnets.

The Purpose(s) of the Dragnet, Revisited

The government likes to pretend it uses its dragnet only to find terrorists. But it does far more, as this analysis of some court filings lays out.

2014

The Corporate Store: Where NSA Goes to Shop Your Content and Your Lifestyle

There’s something poorly understood about the metadata dragnets NSA conducts. The contact-chaining isn’t the point. Rather, the contact-chaining serves as a kind of nomination process that puts individuals’ selectors, indefinitely, into the “corporate store,” where your identity can start attracting other related datapoints like a magnet. The contact-chaining is just a way of identifying which people are sufficiently interesting to submit them to that constant, ongoing data collection.

SPCMA: The Other NSA Dragnet Sucking In Americans

I’ve done a lot of work on SPCMA — the authorization that, starting in 2008, permitted the NSA to contact chain on and through Americans with EO 12333 data, which was one key building block to restoring access to EO 12333 analysis on Americans that had been partly ended by the hospital confrontation, and which is where much of the metadata analysis affecting Americans has long happened. This was my first comprehensive post on it.

The August 20, 2008 Correlations Opinion

A big part of both FBI and NSA’s surveillance involves correlating identities — basically, tracking all the known identities a person uses on telephony and the Internet (and financially, though we see fewer details of that), so as to be able to pull up all activities in one profile (what Bill Binney once called “dossiers”). It turns out the FISC opinion authorizing such correlations is among the documents the government still refuses to release under FOIA. Even as I was writing the post Snowden was explaining how it works with XKeyscore.

A Yahoo! Lesson for USA Freedom Act: Mission Creep

This is another post I refer back to constantly. It shows that, between the time Yahoo first discussed the kinds of information they’d have to hand over under PRISM in August 2007 and the time they got directives during their challenge, the kinds of information they were asked for expanded into all four of its business areas. This is concrete proof that it’s not just emails that Yahoo and other PRISM providers turn over — it’s also things like searches, location data, stored documents, photos, and cookies.

FISCR Used an Outdated Version of EO 12333 to Rule Protect America Act Legal

Confession: I have an entire chapter of the start of a book on the Yahoo challenge to PRISM. That’s because so much about it embodied the kind of dodgy practices the government has, at the most important times, used with the FISA Court. In this post, I showed that the documents that the government provided the FISCR hid the fact that the then-current versions of the documents had recently been modified. Using the active documents would have shown that Yahoo’s key argument — that the government could change the rules protecting Americans anytime, in secret — was correct.

2015

Is CISA the Upstream Cyber Certificate NSA Wanted But Didn’t Really Get?

Among the posts I wrote on CISA, I noted that because the main upstream 702 providers have a lot of federal business, they’ll “voluntarily” scan on any known cybersecurity signatures as part of protecting the federal government. Effectively, it gives the government the certificate it wanted, but without any of the FISA oversight or sharing restrictions. The government has repeatedly moved collection to new authorities when FISC proved too watchful of its practices.

The FISA Court’s Uncelebrated Good Points

Many civil libertarians are very critical of the FISC. Not me. In this post I point out that it has policed minimization procedures, conducted real First Amendment reviews, taken notice of magistrate decisions and, in some cases, adopted the highest common denominator, and limited dissemination.

How the Government Uses Location Data from Mobile Apps

Following up on a Ron Wyden breadcrumb, I figured out that the government — under both FISA and criminal law — obtain location data from mobile apps. While the government still has to adhere to the collection standard in any given jurisdiction, obtaining the data gives the government enhanced location data tied to social media, which can implicate associates of targets as well as the target himself.

The NSA (Said It) Ate Its Illegal Domestic Content Homework before Having to Turn It in to John Bates

I’m close to being able to show that even after John Bates reauthorized the Internet metadata dragnet in 2010, it remained out of compliance (meaning NSA was always violating FISA in obtaining Internet metadata from 2002 to 2011, with a brief lapse). That case was significantly bolstered when it became clear NSA hastily replaced the Internet dragnet with obtaining metadata from upstream collection after the October 2011 upstream opinion. NSA hid the evidence of problems on intake from its IG.

FBI Asks for at Least Eight Correlations with a Single NSL

As part of my ongoing effort to catalog the collection and impact of correlations, I showed that the NSL Nick Merrill started fighting in 2004 asked for eight different kinds of correlations before even asking for location data. Ultimately, it’s these correlations as much as any specific call records that the government appears to be obtaining with NSLs.

2016

What We Know about the Section 215 Phone Dragnet and Location Data

During the lead-up to the USA Freedom Debate, the government leaked stories about receiving a fraction of US phone records, reportedly because of location concerns. The leaks were ridiculously misleading, in part because they ignored that the US got redundant collection of many of exactly the same calls they were looking for from EO 12333 collection. Yet in spite of these leaks, the few figured out that the need to be able to force Verizon and other cell carriers to strip location data was a far bigger reason to pass USAF than anything Snowden had done. This post laid out what was known about location data and the phone dragnet.

While It Is Reauthorizing FISA Amendments Act, Congress Should Reform Section 704

When Congress passed FISA Amendments Act, it made a show of providing protections to Americans overseas. One authority, Section 703, was for spying on people overseas with help of US providers, and another was for spying on Americans overseas without that help. By May 2016, I had spent some time laying out that only the second, which has less FISC oversight, was used. And I was seeing problems with its use in reporting. So I suggested maybe Congress should look into that?

It turns out that at precisely that moment, NSA was wildly scrambling to get a hold on its 704 collection, having had an IG report earlier in the year showing they couldn’t audit it, find it all, or keep it within legal boundaries. This would be the source of the delay in the 702 reauthorization in 2016, which led to the prohibition on about searches.

The Yahoo Scan: On Facilities and FISA

The discussion last year of a scan the government asked Yahoo to do of all of its users was muddled because so few people, even within the privacy community, understand how broadly the NSA has interpreted the term “selector” or “facility” that it can target for collection. The confusion remains to this day, as some in the privacy community claim HPSCI’s use of facility based language in its 702 reauthorization bill reflects new practice. This post attempts to explain what we knew about the terms in 2016 (though the various 702 reauthorization bills have offered some new clarity about the distinctions between the language the government uses).

2017

Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

Ron Wyden has been asking for a count of how many Americans get swept up under 702 for years. The IC has been inventing bogus explanations for why they can’t do that for years. This post chronicles that process and explains why the debate is so important.

The Kelihos Pen Register: Codifying an Expansive Definition of DRAS?

When DOJ used its new Rule 41 hacking warrant against the Kelihos botnet this year, most of the attention focused on that first-known usage. But I was at least as interested in the accompanying Pen Register order, which I believe may serve to codify an expansion of the dialing, routing, addressing, and signaling information the government can obtain with a PRTT. A similar codification of an expansion exists in the HJC and Lee-Leahy bills reauthorizing 702.

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

The title speaks for itself. I don’t even consider Rosemary Collyer’s 2017 approval of 702 certificates her worst FISA opinion ever. But it is part of the reason why I consider her the worst FISC judge.

It Is False that Downstream 702 Collection Consists Only of To and From Communications

I pointed out a number of things not raised in a panel on 702, not least that the authorization of EO 12333 sharing this year probably replaces some of the “about” collection function. Most of all, though, I reminded that in spite of what often gets claimed, PRISM is far more than just communications to and from a target.

UNITEDRAKE and Hacking under FISA Orders

A document leaked by Shadow Brokers reveals a bit about how NSA uses hacking on FISA targets. Perhaps most alarmingly, the same tools that conduct such hacks can be used to impersonate a user. While that might be very useful for collection purposes, it also invites very serious abuse that might create a really nasty poisonous tree.

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

In response to Glenn Gerstell’s claims that Article III courts have exercised oversight by approving FISA practices (though the reality on back door searches is not so cut and dry), I point to the case of Reaz Qadir Khan where, as Michael Mosman (who happens to serve on FISC) moved towards providing a CIPA review for surveillance techniques, Khan got a plea deal.

The NSA’s 5-Page Entirely Redacted Definition of Metadata

In 2010, John Bates redefined metadata. That five page entirely redacted definition became codified in 2011. Yet even as Congress moves to reauthorize 702, we don’t know what’s included in that definition (note: location would be included).

FISA and the Space-Time Continuum

This post talks about how NSA uses its various authorities to get around geographical and time restrictions on its spying.

The Senate Intelligence Committee 702 Bill Is a Domestic Spying Bill

This is one of the most important posts on FISA I’ve ever written. It explains how in 2014, to close an intelligence gap, the NSA got an exception to the rule it has to detask from a facility as soon as it identifies Americans using the facility. The government uses it to collect on Tor and, probably VPN, data. Because the government can keep entirely domestic communications that the DIRNSA has deemed evidence of a crime, the exception means that 702 has become a domestic spying authority for use with a broad range of crimes, not to mention anything the Attorney General deems a threat to national security.

“Hype:” How FBI Decided Searching 702 Content Was the Least Intrusive Means

In a response to a rare good faith defense of FBI’s back door searches, I pointed out that the FBI is obliged to consider the least intrusive means of investigation. Yet, even while it admits that accessing content like that obtained via 702 is extremely intrusive, it nevertheless uses the technique routinely at the assessment level.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

10 Years of emptywheel: Jim’s Dimestore

The Flynn-Turkey Deal Raises the Obstruction Stakes for the Preet Bharara Firing

Twitter is abuzz this morning with the WSJ story (this is the NBC version of it; here’s a paywall free link) that Mike Flynn and his spawn hoped to make up to $15 million for kidnapping Fethullah Gulen and delivering him to Turkey.

Investigators for Special Counsel Robert Mueller’s probe into Russia’s interference with the U.S. presidential election recently questioned witnesses about the alleged December 2016 meeting between Flynn and senior Turkish officials, two people knowledgeable with the interviews said. The questions were part of a line of inquiry regarding Flynn’s lobbying efforts on behalf of Turkey.

Mueller’s investigation into Flynn’s potential deal with Turkey was first reported by The Wall Street Journal.

Four people familiar with the investigation said Mueller is looking into whether Flynn discussed in the late December meeting orchestrating the return to Turkey of a chief rival of Turkish President Recep Erdogan who lives in the U.S. Additionally, three people familiar with the probe said investigators are examining whether Flynn and other participants discussed a way to free a Turkish-Iranian gold trader, Reza Zarrab, who is jailed in the U.S. Zarrab is facing federal charges that he helped Iran skirt U.S. sanctions.

The story has already been told; what’s new about this iteration of it is the eye-popping pay-off, as well as more details about the timing and location of a second meeting.

The meeting allegedly took place at the upscale 21 Club restaurant in New York, just blocks always from Trump Tower where Flynn was serving on the presidential transition team. Flynn was offered upwards of $15 million, to be paid directly or indirectly, if he could complete the deal, according to two sources familiar with the meeting.

Mostly, the focus has been on the kidnapping part of the story (perhaps, in part, because Republicans tried to attack James Woolsey for his involvement in it a few weeks back). But, because of the timeline, I think the far more interesting side of it is the inclusion of a deal on the Reza Zarrab prosecution — because that implicates Trump’s decision to fire Preet Bharara, substantiating a parallel case to his firing of Jim Comey.

As noted, SDNY is prosecuting Zarrab for laundering Turkish gold into Iranian coffers. Rudy Giuliani and Michael Mukasey are representing Zarrab, with Giuliani going so far as brokering a deal that would trade foreign policy cooperation for Zarrab’s release even while defying pressure from DOJ about explaining his role in it. Because the case implicates Recep Tayyip Erdogan personally, the impending trial has led to increasing diplomatic tensions with Turkey.

By November 30, Trump assured Preet, as he did Comey, that he would stay on in the Trump Administration. But that changed when, in March, Trump unexpectedly asked for the resignation of almost all US Attorneys. Preet forced the issue and made Trump fire him; early reports suggested Marc Mukasey might replace Preet. Since then, Jeff Sessions has struggled to explain his own role in the firing, which could be an important element to proving the reasons behind it. In the same hearing, it came out that Trump has personally interviewed potential successors for Preet.

In the wake of the Preet firing, those watching closely honed in on the connection between increasing scrutiny on Flynn’s ties with Turkey and the firing.

There’s another reason we should all be alarmed by the unceremonious firing of Preet Bharara, outgoing U.S. attorney for the Southern District of New York.

Bharara is presently involved in a case against Reza Zarrab, a dual Iranian-Turkish national accused of violating U.S. sanctions against Iran. Investigators initially focused on Zarrab’s sanctions evasion. They then discovered that Zarrab was in close contact with Turkey’s President Tayyip Erdogan, who used Illicit funds to provide weapons, financing and logistics for jihadi groups in Syria including ISIS.

Bharara has a reputation as a non-partisan professional. He is known for independence and resisting direction, which led to tensions with the Justice Department and the U.S. Department of State.

As it happens, Bharara’s dismissal occurred the same day [actually Flynn filed his FARA registration on March 7] former National Security Adviser Gen. Michael Flynn admitted to obscuring ties with Turkish interests in violation of the Foreign Agent Registration Act. Bharara’s dismissal also occurred in the wake of recent contact between Berat Albayrak, Erdogan’s son-in-law, and Jared Kushner.

What this story provides is — like the Comey firing and not coincidentally also tied to Mike Flynn’s actions — important timing. In November, Trump promised to keep Preet. In December, Flynn continued his discussions with the Turks. In March, just after DOJ started forcing Flynn to reveal details about his work for Turkey, Trump reneged on his promise to Preet and — in the guise of firing everyone — fired Preet.

Here’s what the timeline looks like:

November 30: Trump tells Preet he can stay

Mid-December: Flynn has meeting discussing $15 million payoff for doing Turkey’s bidding

March 7: Flynn submits delated FARA registration ending in November

March 11: Trump fires Preet

Given Sessions’ confusion about whether he was really involved in that decision, I would bet there’s a paper trail showing he provided, as he did for the Comey firing, cover for a decision that had already been made.

The one other important detail of this story, which follows on stories from yesterday, is that Mueller has implicated Flynn Jr in this deal. That reportedly is already making Flynn Sr consider pleading, to protect his son.

But if he does that, he may be forced to disclose how closely Trump was involved in these discussions to sell US policy to Turkey to enrich a staffer.

FBI’s Back Door Searches: Explicit Permission … and Before That

I have written numerous times about the timing of authorization for FBI to do back door searches. There’s a passage of the November 6, 2015 FISC opinion finding those searches to be constitutional that some have taken to clearly date the authority. But I believe the (unredacted sections of the) passage are being misread.

As Judge Thomas Hogan describes, “Queries by FBI personnel of Section 702-acquired data…

Screen Shot 2016-04-20 at 8.53.44 PM

As the unredacted parts of the section make clear, queries for both foreign intelligence information or evidence of a crime “have been explicitly permitted by the FBI Minimization Procedures since 2009.” [my emphasis] The footnote goes onto describe how Minimization Procedures approved by Attorney General Mukasey on October 22, 2008 and submitted on some redacted date were approved by an opinion issued on April 7, 2009.

Already, that’s a curious set of details. If the minimization procedures were approved in October 2008, normally they’d be submitted close to right away, though it’s not clear that that happened. But why bother, given that FISC had just approved FAA certifications on September 4 (this timing resembles what had happened earlier that year, when the government significantly changed the program within days of getting certificates approved)?  In any case, James Clapper’s censors want to hide what those dates were. One likely reason they might have done so would be to hide the dates from defendants, including a few of the ones challenging 702. Another would be to obscure how the approval process went after passage of FISA Amendments Act, specifically given that the FISA Court of Review finalized its Yahoo opinion in August of that year, in which it relied on DOJ’s promise that “there is no database” of incidentally collected US person information.

There Is No Database

But two other things suggest that’s not the end of the story. First, the use of “explicitly” suggests there may have been a period before FISC approved the minimization procedures when such a practice was approved but perhaps not explicitly. Perhaps that simply refers to that lag period, between the time Mukasey approved those minimization procedures and the time FISC approved them.

But then there’s that redacted paragraph (the next footnote, 25, starts after it). Hogan adds something to his discussion beyond his description of the explicit approval of those minimization procedures.

As I have pointed out, Mukasey (writing with then Director of National Intelligence Mike McConnell, who would also have to approve any PRISM minimization procedures) made it clear in response to a Russ Feingold amendment of FISA Amendments Act in February of 2008 that they intended to spy in Americans under PRISM.

So it sure seems likely the Administration at the very least had FBI back door searches planned, if not already in the works, well before FISC approved the minimization procedures in 2009. That’s probably what Hogan explained in that paragraph, but James Clapper apparently believes it would be legally inconvenient to mention that.

There’s More to the SPCMA Document

Long time readers likely know I’ve been obsessed with the decision, which as far as we currently know started in 2007 after Alberto Gonzales and (since returned as FBI General Counsel) James Baker left DOJ, to let DOD chain through US person identifiers on metadata collected under EO 12333, what gets described as Special Procedures Governing Communications Metadata Analysis, or SPCMA. Here’s a post that describes it at more length.

We first learned about SPCMA in June 2013, when the Guardian published a 16-page document pertaining to the approval process that had been leaked by Edward Snowden. That document consisted of:

  • A ten page memo dated November 20, 2007, from Assistant Attorney General for National Security Ken Wainstein and Acting OLC Head Steve Bradbury, analyzing the legality of SPCMA and recommending approval of the change.
  • Appendix A, consisting of a cover sheet and a two-page approval memo signed by Robert Gates on October 19, 2007 and Michael Mukasey on January 3, 2008. As I noted in this post, the signature line had to be altered after the fact to indicate Mukasey was signing it, suggesting that then Acting Attorney General Peter Keisler had refused.
  • Appendix B, a September 28, 2006 memo written to Office of Intelligence and Policy head James Baker (this was the predecessor to the NSD at DOJ) by NSA’s General Counsel Vito Potenza requesting he approve what became SPCMA (Baker did not approve it).

Though it is not included in what Snowden leaked, the memo describes a third Appendix, Appendix C:

On July 20, 2004, the General Counsel of CIA wrote to the General Counsel of NSA and to the Counsel for Intelligence Policy asking that CIA receive from NSA United States communications metadata that NSA does not currently provide to CIA. The letter from CIA is attached at Tab C.

The government has not released an official version of the packet such as it got leaked by Snowden. However, it did release Appendix A, the approval memo, in Fall 2014 as part of the declassification of the Yahoo challenge to the Protect America Act. As I laid out in this post, the government not only got this document approved after the passage of PAA and while Yahoo was challenging orders received under it, but DOJ tried to hide it from FISC Judge Reggie Walton. They only handed it over — though without the context of the approval memo that made it clear it was about contact chaining including Americans — after he had scolded DOJ several times about not handing over all the documentation related to PAA.

DOJ did not submit the procedures to FISC in a February 20, 2008 collection of documents they submitted after being ordered to by Judge Walton after he caught them hiding other materials; they did not submit them until March 14, 2008.

So to sum up: We have 16 pages (the memo and two of three appendices) thanks to Edward Snowden, and we have an official copy of just the 2-page approval memo, released on the context of the Yahoo declassification.

I lay all this out because this entry, in the National Security Division Vaughn Index provided to ACLU last month, is undoubtedly this same memo.

Screen Shot 2016-03-06 at 3.36.12 PM

The date is the same, the description is almost the same. The only difference is that the withheld document has 20 pages, as compared to the 16 pages that Snowden gave us.

From that I conclude that the 2004 CIA memo is four pages long (three, plus a cover sheet). Note the date: squarely during the period when spooks were trying to put discontinued parts of Stellar Wind under some kind of legal authority.

Here’s how the NSA declared Exemptions 1 and 3 over this document.

56. NSD fully withheld Document 4 on its Vaughn index in part because the release of any portion of that document would disclose classified information about functions or activities of NSA. The document is a 20-page document dated 20 November 2007 and is described as NSD Legal Memo on Amending DoD Procedures and Accompanying Documentation.” This document. including its full title, was withheld in full under Exemption 1 and Exemption 3. I have reviewed the information withheld and determined that the information is currently and properly classified at the SECRET level in accordance with EO 13526 because the release of this information could reasonably be expected to cause serious damage to the national security. The information withheld pertains to intelligence activities, intelligence sources or methods, or cryptology. or the vulnerabilities or capabilities of systems or projects relating to the national security and therefore meets the criteria for classification set for in Sections 1.4(c) and 1.4(g) of EO 13526. The harm to national security of releasing any portion of this document and the reasons that no portion of this document can be released without disclosing classified information cannot be fully described on the public record. As a result my ex parte. in camera classified declaration more fully explains why this document was withheld in full.

57. The information withheld in N 0 Document 4 also relates to a “function of the National Security Agency” 50 U.S.C. § 3605. Indeed. this information relates to one of NSA’s primary functions, its SIGINT mission. Any disclosure of the withheld information would reveal NSA ·s capabilities and the tradecraft used to carry out this vital mission. Further. revealing these details would disclose “information with respect to lNSA ‘s] activities” in furtherance of its SIGINT mission. 50 U .. C. § 3605. Therefore. the information withheld is also protected from release by statute and is exempt from release based on FOIA Exemption 3. 5 U.S.C. § 552(b)(3).

The government asserted secrecy over the title of an already (and officially) released document in a recent EFF challenge, so this would not be the first time the government claimed the title of an already released document was secret to prevent nasty civil liberties groups from confirming that a FOIAed document was the same as a previously known one.

In NSD’s declaration, Bradley Weigmann indicated that “the vast majority” of the document pertained to attorney-client privilege.

NSD Document 17, the vast majority of a certain memorandum in NSD Document 4, and an email message in NSD Document 31 are protected by the attorney-client privilege. These documents discuss legal issues pertaining to an NSA program, set forth legal advice prepared by NSD lawyers for other attorneys to assist those other attorneys in representing the Government, and were sought by a decision-maker for the Government to obtain legal advice on questions of law and indeed reflect such advice. As such, NSD Document 17, the vast majority of a certain memorandum in NSD Document 4, and an email message in NSD Document 31 are protected from disclosure under the attorney-client privilege.

More interestingly, by referring to “an NSA program” it seemed to tie this document with this 2003 OIPR memo.

Screen Shot 2016-03-06 at 3.54.01 PM

And this November 12, 2013 email (written during a period in the aftermath of the Snowden releases as the government was trying to decide how to respond to various FOIAs as well as Yahoo’s request to unseal its challenge, not to mention after ACLU submitted this FOIA, which was actually submitted before the first Snowden leaks).

Screen Shot 2016-03-06 at 3.55.25 PM

Note, NSD won’t tell us what date in 2003 someone at OIPR (already headed by James Baker, one of the few people briefed on Stellar Wind) wrote about “an NSA program” that appears to be tied the chaining on US person metadata.

I have long believed one of the known but still as yet undescribed modifications to Stellar Wind (there is still at least one, though I believe there are two) enacted after the hospital confrontation in 2004 has to have been either at CIA or DOD, because it doesn’t appear in the unredacted NSA IG Report Snowden gave us. Here, we see CIA unsuccessfully asking for US person metadata at the time everyone was re-establishing Stellar Wind under more legal cover. Assuming NSA document 4 is this memo, the only thing the government is withholding that we haven’t seen yet is the CIA memo. I have a lot more suspicions about this program, too, that I still need to write up.

But I suspect they’re hiding these documents from us — and just as importantly, from the FISA Court — to prevent us from putting the various details of how US person metadata has been used over time. Or rather, to prevent us from laying out how the point of these foreign-targeted surveillance programs is to spy on Americans.

ACLU has already told the government they’re challenging the withholding of these documents.

What We Know about the Section 215 Phone Dragnet and Location Data

Last month’s squabble between Marco Rubio and Ted Cruz about USA Freedom Act led a number of USAF boosters to belatedly understand what I’ve been writing for years: that USAF expanded the universe of people whose records would be collected under the program, and would therefore expose more completely innocent people, along with more potential suspects, to the full analytical tradecraft of the NSA, indefinitely.

In an attempt to explain why that might be so, Julian Sanchez wrote this post, focusing on the limits on location data collection that restricted cell phone collection. Sanchez ignores two other likely factors — the probable inclusion of Internet phone calls and the ability to do certain kinds of connection chaining — that mark key new functionalities in the program which would have posed difficulties prior to USAF. But he also misses a lot of the public facts about location collection and cell phones under the Section 215 dragnet.  This post will lay those out.

The short version is this: the FISC appears to have imposed some limits on prospective cell location collection under Section 215 even as the phone dragnet moved over to it, and it was not until August 2011 that NSA started collecting cell phone records — stripped of location — from AT&T under Section 215 collection rules. The NSA was clearly getting “domestic” records from cell phones prior to that point, though it’s possible they weren’t coming from Section 215 data. Indeed, the only known “successes” of the phone dragnet — Basaaly Moalin and Adis Medunjanin — identified cell phones. It’s not clear whether those came from EO 12333, secondary database information that didn’t include location, or something else.

Here’s the more detailed explanation, along with a timeline of key dates:

There is significant circumstantial evidence that by February 17, 2006 — two months before the FISA Court approved the use of Section 215 of the PATRIOT Act to aspire to collect all Americans’ phone records — the FISA Court required briefing on the use of “hybrid” requests to get real-time location data from targets using a FISA Pen Register together with a Section 215 order. The move appears to have been a reaction to a series of magistrates’ rulings against a parallel practice in criminal cases. The briefing order came in advance of the 2006 PATRIOT Act reauthorization going into effect, which newly limited Section 215 requests to things that could be obtained with a grand jury subpoena. Because some courts had required more than a subpoena to obtain location, it appears, FISC reviewed the practice in the FISC — and, given the BR/PR numbers reported in IG Reports, ended, sometime before the end of 2006 though not immediately.

The FISC taking notice of criminal rulings and restricting FISC-authorized collection accordingly would be consistent with information provided in response to a January 2014 Ron Wyden query about what standards the FBI uses for obtaining location data under FISA. To get historic data (at least according to the letter), FBI used a 215 order at that point. But because some district courts (this was written in 2014, before some states and circuits had weighed in on prospective location collection, not to mention the 11th circuit ruling on historical location data under US v. Davis) require a warrant, “the FBI elects to seek prospective CSLI pursuant to a full content FISA order, thus matching the higher standard imposed in some U.S. districts.” In other words, as soon as some criminal courts started requiring a warrant, FISC apparently adopted that standard. If FISC continued to adopt criminal precedents, then at least after the first US v. Davis ruling, it would have and might still require a warrant (that is, an individualized FISA order) even for historical cell location data (though Davis did not apply to Stingrays).

FISC doesn’t always adopt the criminal court standard; at least until 2009 and by all appearances still, for example, FISC permits the collection, then minimization, of Post Cut Through Dialed Digits collected using FISA Pen Registers, whereas in the criminal context FBI does not collect PCTDD. But the FISC does take notice of, and respond to — even imposing a higher national security standard than what exists at some district levels — criminal court decisions. So the developments affecting location collection in magistrate, district, and circuit courts would be one limit on the government’s ability to collect location under FISA.

That wouldn’t necessarily prevent NSA from collecting cell records using a Section 215 order, at least until the Davis decision. After all, does that count as historic (a daily collection of records each day) or prospective (the approval to collect data going forward in 90 day approvals)? Plus, given the PCTDD and some other later FISA decisions, it’s possible FISC would have permitted the government to collect but minimize location data. But the decisions in criminal courts likely gave FISC pause, especially considering the magnitude of the production.

Then there’s the chaos of the program up to 2009.

At least between January 2008 and March 2009, and to some degree for the entire period preceding the 2009 clean-up of the phone and Internet dragnets, the NSA was applying EO 12333 standards to FISC-authorized metadata collection. In January 2008, NSA co-mingled 215 and EO 12333 data in either a repository or interface, and when the shit started hitting the fan the next year, analysts were instructed to distinguish the two authorities by date (which would have been useless to do). Not long after this data was co-mingled in 2008, FISC first approved IMEI and IMSI as identifiers for use in Section 215 chaining. In other words, any restrictions on cell collection in this period may have been meaningless, because NSA wasn’t heeding FISC’s restrictions on PATRIOT authorized collection, nor could it distinguish between the data it got under EO 12333 and Section 215.

Few people seem to get this point, but at least during 2008, and probably during the entire period leading up to 2009, there was no appreciable analytical border between where the EO 12333 phone dragnet ended and the Section 215 one began.

There’s no unredacted evidence (aside from the IMEI/IMSI permission) the NSA was collecting cell phone records under Section 215 before the 2009 process, though in 2009, both Sprint and Verizon (even AT&T, though to a much less significant level) had to separate out their entirely foreign collection from their domestic, meaning they were turning over data subject to EO 12333 and Section 215 together for years. That’s also roughly the point when NSA moved toward XML coding of data on intake, clearly identifying where and under what authority it obtained the data. Thus, it’s only from that point forward where (at least according to what we know) the data collected under Section 215 would clearly have adhered to any restrictions imposed on location.

In 2010, the NSA first started experimenting with smaller collections of records including location data at a time when Verizon Wireless was named on primary orders. And we have two separate documents describing what NSA considered its first collection of cell data under Section 215 on August 29, 2011. But it did so only after AT&T had stripped the location data from the records.

It appears Verizon never did the same (indeed, Verizon objected to any request to do so in testimony leading up to USAF’s passage). The telecoms used different methods of delivering call records under the program. In fact, in August 2, 2012, NSA’s IG described the orders as requiring telecoms to produce “certain call detail records (CDRs) or telephony metadata,” which may differentiate records that (which may just be AT&T) got processed before turning over. Also in 2009, part of Verizon ended its contract with the FBI to provide special compliance with NSLs. Both things may have affected Verizon’s ability or willingness to custom what it was delivering to NSA, as compared to AT&T.

All of which suggests that at least Verizon could not or chose not to do what AT&T did: strip location data from its call records. Section 215, before USAF, could only require providers to turn over records they kept, it could not require, as USAF may, provision of records under the form required by the government. Additionally, under Section 215, providers did not get compensated after the first two dragnet orders.

All that said, the dragnet has identified cell phones! In fact, the only known “successes” under Section 215 — the discovery of Basaaly Moalin’s T-Mobile cell phone and the discovery of Adis Medunjanin’s unknown, but believed to be Verizon, cell phone — did, and they are cell phones from companies that didn’t turn over records. In addition, there’s another case, cited in a 2009 Robert Mueller declaration preceding the Medunjanin discovery, that found a US-based cell phone.

There are several possible explanations for that. The first is that these phones were identified based off calls from landlines and/or off backbone records (so the phone number would be identified, but not the cell information). But note that, in the Moalin case, there are no known land lines involved in the presumed chain from Ayro to Moalin.

Another possibility — a very real possibility with some of these — is that the underlying records weren’t collected under Section 215 at all, but were instead collected under EO 12333 (though Moalin’s phone was identified before Michael Mukasey signed off on procedures permitting the chaining through US person records). That’s all the more likely given that all the known hits were collected before the point in 2009 when the FISC started requiring providers to separate out foreign (EO 12333) collection from domestic and international (Section 215) collection. In other words, the Section 215 phone dragnet may have been working swimmingly up until 2009 because NSA was breaking the rules, but as soon as it started abiding by the rules — and adhering to FISC’s increasingly strict limits on cell location data — it all of a sudden became virtually useless given the likelihood that potential terrorism targets would use exclusively cell and/or Internet calls just as they came to bypass telephony lines. Though as that happened, the permissions on tracking US persons via records collected under EO 12333, including doing location analysis, grew far more permissive.

In any case, at least in recent years, it’s clear that by giving notice and adjusting policy to match districts, the FISC and FBI made it very difficult to collect prospective location records under FISA, and therefore absent some means of forcing telecoms to strip their records before turning them over, to collect cell data.

Read more