The NYT has a story today headlined,
Senate Rejects Measure to Strengthen Cybersecurity
The NYT has a story today headlined,
Senate Rejects Measure to Strengthen Cybersecurity
The bills before Congress would not directly address the attack on the Office of Personnel Management systems, which resulted from a series of missteps that included the use of outdated detection technology, a failure to employ basic authentication techniques most Americans use for online banking, having not acted on previous security recommendations, and a lack of encryption on the data.
However, the attack bore a similar signature as those on two insurance companies and underscored the overall need for Congress to advance new policies, experts said.
“It is as clear as a bell to me that this is case and point in favor of information sharing,” said Paul Kurtz, who worked on the issue under in the Clinton, Bush and Obama administrations, and is the chief executive of TruStar, which aids companies in information sharing. “It is really terribly unfortunate that this measure failed because of the politics on Capitol Hill.”
It’s all very nice for the NYT to “report” this as a matter of Congressional dysfunction — as an example of stupid politics getting in the way of protecting the country. But even the evidence the story itself presents suggests a different story: the solution being pursued by Congress would not actually fix our most urgent cybersecurity problems. The real story is about Congressional dysfunction, but of a different kind.
Indeed, the lede and headline of the story should be something like,
Congress Responds to Devastating Hack by Pushing Bill that Wouldn’t Help
Had the NYT reported that story, it might have found far more experts, who would explain in more detail why there are a long list of things we should do before facilitating information sharing with expansive immunity and obscurity.
But somehow, it didn’t report that story, even though that’s what the evidence it presents supports.
I say bizarre because Vladeck complains that Paul “seize[d] the national spotlight in order to focus everyone’s attention on a hyper-specific question” — that of the Section 215 dragnet — when Vladeck has, at this late date, joined those of us who have long been pushing a focus on broader issues, specifically EO 12333 and Section 702. To support his claim that Paul is singularly focused on Section 215, Vladeck links to a second-hand report of a sentence in Paul’s campaign announcement, rather than to the announcement itself which (while more muddled than in other statements where Paul has named EO 12333 directly) invokes surveillance authorized by Executive Order, not the PATRIOT Act.
The president created this vast dragnet by executive order. And as president on day one, I will immediately end this unconstitutional surveillance.
Contrary to Vladeck’s miscitation, in this and other comments, Paul seized the national spotlight, in significant part, to talk about the broader issues, specifically EO 12333 and Section 702, that those pushing USA F-ReDux had set aside for future fights. Indeed, big parts of Paul’s filibuster speech — including his 10 and Ron Wyden’s 2 references to EO 12333 and his 18 and Wyden’s 3 references to 702 — sounds a lot like Vladeck’s series of posts worrying that this will be the only shot at reform and therefore regretting that we didn’t talk about the bigger issues as part of it.
Another deficiency of the USA FREEDOM Act is that it does not address bulk collection under Executive Order 12333. The bill also fails to address bulk collection under section 702 of the FISA Amendments Act.
One could say: What are you complaining about? You are getting some improvement. You still have problems, but you are getting some improvement.
I guess my point is that we are having this debate, and we don’t have it very often. We are having the debate every 3 years, and some people have tried to make this permanent, where we would never have any debate. Even though we are only having it every3 years, it is still uncertain whether I will be granted any amendments to this bill.
So, yes, I would like to address everything while we can. I think we ought to address section 702. I think we ought to–for goodness’ sake, why won’t we have some hearings on Executive Order 12333? I think they may be having them in secret, but I go back to what Senator Wyden said earlier. I think the principles of the law could be discussed in public. We don’t have to reveal how we do stuff. Do we think anybody in the world thinks we are not looking at their stuff? Why don’t we
explore the legality and the law of how we are doing it as opposed to leaving it unsaid and unknown in secret?
In other words, unlike the drone filibuster Vladeck points to as proof of “libertarian hijacking” — where Paul definitely defined his terms narrowly (but in a later iteration did succeed in getting more response from Jim Comey than Ron Wyden making demands) — Paul was arguing for precisely what Vladeck said we should be arguing about. He just has cooties, I guess is the substance of Vladeck’s argument, so Vladeck doesn’t want him as an ally.
Equally bizarre is Vladeck’s claim that, “it was the very same Senator Paul who all-but-singlehandedly torpedoed the Leahy bill back in November, helping to force the entirely unnecessary political and legal brinkmanship of the past week.” That’s bizarre because, as a matter of fact, Paul did not “singlehandedly” torpedo the bill; Bill Nelson played an equal role (and that’s even assuming the bill had enough votes to pass, which given that I know of 1 pro-cloture vote who was a no vote on passage and a significant number who weren’t committed to vote for it without improving amendment, was never a foregone conclusion). It’s easy to blame Paul because it absolves whoever it was that whipped a bill but didn’t even count all the Democratic votes on it, but Paul was in no way singlehandedly responsible.
But the view all the more bizarre, coming from Vladeck, because if Paul singlehandedly torpedoed the bill (he didn’t) he also singlehandedly made the 2nd Circuit ruling for ACLU possible (he didn’t, but that is Vladeck’s logic). And unlike most USA F-ReDux champions, Vladeck has been very attentive– if, at times, arguably mistaken in his understanding of it — to the interaction of USA F-ReDux legislation and the courts. While USA F-ReDux is — important additional Congressional reporting requirements on PRTT and bulky 215 collection notwithstanding — definitely a worse bill than its predecessor, that’s not the measure. So long as the 2nd Circuit decision ruling against “relevant to” and finding a Fourth Amendment interest at the moment of collection rather than review stands (the government still has a few weeks to challenge it), the measure is USA F-ReDux plusthe 2nd Circuit decision as compared to USAF without the additional leverage of an appellate court ruling. There are very important things the 2nd Circuit decision may add to USA F-ReDux. Every commenter is entitled to weigh that measure themselves, but if you’re going to hold Paul responsible for torpedoing the legislation last fall you also have to credit him with buying time so the 2nd Circuit could weigh in.
Which brings me to leverage.
I was not a fan of any version of USAF because all left every key provision save the CDR function (and even some of that was left dangerously open to interpretation until HJC wrote its final bill report) subject to the whim of the Executive and/or the FISC, and the bill itself jettisoned necessary leverage over the Executive (Vladeck has written about the gutting of the FISC advocate, and a parallel gutting has happened on transparency provisions from the start). That is, rather than exercise some kind of authority over the Executive, Congress basically wrote down what the Executive wanted and passed it in a way that the Executive still had a lot of leeway to decide what it wanted to do.
I get why that happened and I don’t mean to diminish the work of those who pushed for more: the votes and leadership buy-in simply isn’t there yet to actually start limiting what Article II will do in secret.
But that means none of the other things Vladeck wants will be possible until we get more leverage. And while the outcome of the bill may be the same and/or worse, what is different about the passage of USA F-ReDux is that leadership in both house of Congress barely kept it together.
And Rand Paul, whether he has cooties or not, was key to that process.
That’s true, in large part, because Mitch McConnell was aiming to set up an urgent crisis as a way to scare people into making the bill worse. He succeeded in doing so by delaying consideration of the bill until the last minute, but when Paul — and Ron Wyden and Martin Heinrich — prevented him from getting a short-term extension to do so without lapsing the dragnet, that changed the calculus of the crisis. It meant those who had bought into the idea you need a dragnet to keep the country safe could be pressured to vote against McConnell’s efforts to weaken USA F-ReDux. (Note, there are some who have claimed that Paul objected to immediately considering USA F-ReDux Sunday night, giving McConnell his opportunity to amend the bill, but the congressional record doesn’t support that; McConnell didn’t call for immediate consideration of the bill itself until he had already filled the tree with amendments.)
And while I don’t want to minimize the utterly crucial efforts of Mike Lee to actually whip the vote, that effort was made easier by the very real threat that if the bill had to go back to the House it would die, resulting in a more permanent lapse to Section 215 and the other expired authorities. Leahy and others used that threat repeatedly, in fact, to argue that surveillance hawks needed to support an amended bill. And the threat was heightened because John Boehner had real worries that if he tried something funny, his own leadership would be at risk.
Last year, the privacy community was mostly fighting with carrots against an Executive branch that was dictating what it was willing to give up. Now, it’s fighting with carrots and sticks. We haven’t gotten the Executive branch to give up anything it didn’t already want to give up yet. But having dealt McConnell a big defeat and having the threat to do so with Boehner might make that possible going forward.
Having someone like Rand Paul, who is not afraid to be accused of having cooties, to make that possible is a critical part of that process. That doesn’t negate the efforts of anyone else (again, I’m really encouraged by Mike Lee’s role in all this). But it does mean people holding carrots but demanding things that will only be obtained with some sticks, too, ought not to dismiss the efforts to make the threat of a stick real.
Amid posts bewailing Rand Paul because the Senator’s substantial discussions of the problems with EO 12333 and Section 702 spying aren’t the substantial discussions he wants (I’ll return to these once more pressing matters have passed), Steve Vladeck has returned to the USA F-ReDux topic on which he doesn’t keep contradicting himself: the amicus.
As he notes (and I noted here), Mitch McConnell is (as we speak) attempting to water down the already flimsy FISC amicus via amendment. And Vladeck — as he has before — exposed the false claims that the objections to the amicus comes from the judiciary, this time as represented in the letter from Director of the Administrative Offices of US Courts James Duff.
Why is such a radical amendment to a provision in the House bill that was negotiated very carefully so necessary? According to the memo, “Amendment 1451 is responsive to the judiciary’s continual opposition to the amicus structure of the USA Freedom Act,” as manifested in “a letter to Congress from the director of the Administrative Office of the U.S. Courts.”
I don’t mean to belabor the point. If anything, as I suggested yesterday, section 401 of the House-passed USA FREEDOM Act is a terribly weak version of what should have been a very good (and unobjectionable) idea–allowing a security-cleared outside lawyer to participate in the tiny percentage of cases before the FISC that involve applications for anything besides individualized warrants (you know, the cases in which adversarial participation is already authorized).Part of why section 401 is so weak is because members of Congress have consistently allowed themselves to be snookered by (or have found it convenient to hide behind) the objections of the “judiciary.”
On the merits, though, these objections are patently unavailing. And they certainly aren’t the objections of the “judiciary.”
I’ve also tracked how others, like James Clapper, have been using these purported judiciary concerns to undercut the “advocate” that President Obama used to pretend to want.
What’s particularly interesting, however, is one of the recurrent problems the “judges” seem to keep having. Duff emphasizes that one problem with amici is the Executive would lie to the FISC if telling the truth might risk revealing useful information to an amici. And as one part of that, he focuses on USA F-ReDux’s intent to get
Designated amici are required to have access to “all relevant” legal precedent, as well as certain other materials “the court determines are relevant.
We are concerned that a lack of parallel construction in proposed clause (6)(A)(i) (apparently differentiating between access to legal precedent as opposed to access to other materials) could lead to confusion in its application.
This is what Clapper seemed to be going after last September.
Clapper signals he will make the amicus curiae something different. First, he emphasized this amicus will not interfere with ex parte communications between the court and the government. That may violate this passage of Leahy’s bill, which guarantees the special advocate have access to anything that is “relevant” to her duties.
(A) IN GENERAL.—If a court established under subsection (a) or (b) designates a special advocate to participate as an amicus curiae in a proceeding, the special advocate—
(ii) shall have access to all relevant legal precedent, and any application, certification, petition, motion, or such other materials as are relevant to the duties of the special advocate;
Given that in other parts of 50 USC 1861, “relevant” has come to mean “all,” it’s pretty amazing that Clapper says the advocate won’t have access to all communication between the government and the court.
But the really interesting thing — the reason McConnell’s as-we-speak attempt to gut the amicus further — is that the House already fixed some of this. In a manager’s amendment presented as technical clarifications (but which, on this issue, were not), Bob Goodlatte rewrote this passage:
(i) shall have access to all relevant legal precedent, and any application, certification, petition, motion, or such other materials that the court determines are relevant to the duties of the amicus curiae;
To read like this, to directly address one of Huff’s stated concerns:
(i) shall have access to any relevant legal precedent, and application, certification, petition, motion, or such other materials that the court determines are relevant to the duties of the amicus curiae;
That is, Goodlatte already gave the court complete discretion over what the amicus could access, up to and including underlying legal precedents.
Of course, all that assumes the courts will get all the information they need, which they have a long history of not doing.
Here’s the real takeaway though. The President likes to claim he supports this reform. But he has already made it clear he didn’t really want an advocate at the FISC, but would instead like the FISC to remain a rubber stamp.
Thus far, I have not seen a statement from the ACLU on last night’s developments with respect to the PATRIOT Act — the passage of cloture, McConnell’s failure to even ask for an immediate vote, followed by McConnell filing several amendments that would weaken USA F-ReDux. [Correction: here is one. h/t EG]
Indeed, no one even seems to be interested what the ACLU thinks about all this, reporting the key players to include Mitch McConnell and Richard Burr, the White House and Intelligence Agencies, and the House, especially House leadership that would be forced to shepherd any changes to USA F-ReDux back through the House, but not the ACLU.
Especially with Burr’s amendment to extend the transition period to the new phone records program to a full year. After all, ACLU’s lawsuit just got punted back to the District to see what happens now, but it was punted based on the presumption that Congress was going to fix the illegal dragnet “soon.”
A year is not “soon,” at least not in my book.
If ACLU agrees with me, they can asks the judges to provide some relief “sooner” than a year from now, either by ordering an earlier end to the dragnet or — at the very least — requiring the NSA to pull all of ACLU’s records from their dragnet. Indeed, given the number of active court challenges the ACLU has against the government, they’d be able to argue pretty compellingly they need quicker relief than a year.
In the past, NSA has suggested it would be too onerous to pull the records of one plaintiff from the dragnet. Who knows whether they were just bullshitting judges, but if it is too onerous, that would present other issues.
All of which is my way of saying the ACLU may have a few cards of interest in their hand that no one is much considering. I’m not going to ask them what they’re holding, mind you. I like that they may be deliberating in secret to thwart efforts to extend the dragnet.
I’m just noting that they do appear to still be holding some cards…
I predicted back in April that Mitch McConnell would use the threat of straight reauthorization of a program that doesn’t do what the Intelligence Community wants to demand changes to USA F-ReDux.
And a data retention mandate — presented in the guise of a requirement that providers give notice if they plan not to retain data at least 18 months — is one the things McConnell will try to push through today.
(k) PROSPECTIVE CHANGES TO EXISTING PRACTICES RELATED TO CALL DETAIL RECORDS.—
(1) IN GENERAL.—Consistent with subsection (c)(2)(F), an electronic communication service provider that has been issued an order to produce call detail records pursuant to an order under subsection (c) shall notify the Attorney General if that service provider intends to retain its call detail records for a period less than 18 months.
(2) TIMING OF NOTICE.—A notification under paragraph (1) shall be made not less than 180 days prior to the date such electronic communications service provider intends to implement a policy to retain such records for a period less than 18 months.’’.
McConnell repeated his justification for a retention mandate last night by pointing to a provider that refused to agree to keep documents for a call record program, as he did last week. Why is Mitch worried about document retention for a call record program?
Remarkably, McConnell’s data mandate is for a shorter period of time than the 2 year data handshake the major telecoms have agreed to, according to Dianne Feinstein.
McConnell also submitted standalone amendments, the first requiring certification from James Clapper that the dragnet works before existing dragnet authorities expire, with the second one extending the expiration of the dragnet to a year.
McConnell submitted an amicus provision that simply codifies the status quo, which already permits a court to name an amicus. Significantly, McConnell’s amicus provision eliminates the reporting to Congress that Richard Burr’s bill at least had. But McConnell’s bill does include FISCR fast-track review, which I believe may actually be counterproductive. So McConnell’s amicus amendment permits the FISC to go on making shit up without any notice that’s what they’re doing.
Finally, there’s one other provision in one of two substitute bills Mitch put forward this month: an elimination of the reporting requirement of any significant FISC decisions (Section 402 is removed entirely).
Now, frankly, even in the existing USA F-ReDux, the reporting requirement permits the Executive too much discretion about what kind of details they’ll release. Even in FOIA suits, where a judge gets to weigh in, the government has been able to withhold even information that is almost certainly in the public record. Their summaries of important decisions would surely look like useless Vaughn Index summaries.
But that’s too much for Mitch McConnell — and the Intelligence Community folks whose demands he is serving. And, of course, elimination of this weak reporting requirement eliminates the only check against ongoing bulk or bulky collection, because the language surrounding Specific Selection Term includes big potential loopholes.
So consider what this means.
Over the last two weeks, Mitch McConnell has pursued policies that have led to a lapse in the phone (and CIA money transfer) dragnets. He didn’t even try to bring USA F-ReDux for an immediate vote last night; he only tried to bring up Lone Wolf and Roving Wiretap.
And his goal, for letting the dragnet expire, is to ensure the FISA Court continues to be dysfunctional.
Mitch McConnell has — according to his claims, not mine — made the country less safe with this lapse in the dragnet. All in a bid to ensure the FISC continues to operate as a rubber stamp.
NYT has a remarkable article describing how a number of hawks are willing to risk letting PATRIOT Act authorities lapse so Mitch McConnell can save face.
Senior lawmakers are scrambling this week in rare recess negotiations to agree on a face-saving change to legislation that would rein in the National Security Agency’s dragnet of phone records, with time running out on some of the government’s domestic surveillance authority.
If negotiators accept minor changes to the House bill, it will mark a significant retreat for Senator Mitch McConnell of Kentucky, the majority leader, and Senator Richard M. Burr of North Carolina, the chairman of the Senate Intelligence Committee.
Sadly, the NYT continues the typically credulous mainstream reporting on this topic. For example, Mitch McConnell never really wanted a straight reauthorization.
Mr. McConnell and Mr. Burr wanted a straight extension of the existing surveillance authority, although an appeals court judge ruled this month that such authority was illegal.
False. Burr revealed what they want Friday night. They want to move bulky Internet production back to NSLs. They want to expand the current dragnet to include Internet calls and even straight IP (and, oddly, documents!), and they want to expand it well beyond its counterterrorism focus to include all foreign intelligence. They want to criminalize whistleblowing about this law in particular. They want to eliminate all special privacy protections — over the standard NSA ones — for US persons.
And very importantly, they want to use the claim to need a 2-year transition period to finally obtain the authorities for NSA to conduct the bulk collection they actually want to do, in which place they’ll be well positioned to claim having the government retain the data is most efficient.
I could go on. But after Friday night no journalists with any self-respect should propagate Mitch’s “straight reauthorization” canard, which — it was clear over a month ago — was only ever a negotiating tactic.
NYT also falsely claims Burr wants just Lone Wolf and Roving Wiretap made permanent.
Mr. Burr wants the so-called lone wolf and roving authorities to be made permanent to avoid cliffhangers like the one Congress finds itself in now. The House bill would extend them to December 2019.
The title to that section of Burr’s bill reads,
PERMANENT AUTHORITY FOR ACCESS TO BUSINESS RECORDS, ROVING SURVEILLANCE, AND INDIVIDUAL TERRORISTS AS AGENTS OF FOREIGN POWERS UNDER THE FOREIGN INTELLIGENCE SURVEILLANCE ACT OF 1978 [my emphasis]
And the language of it repeals both parts of both laws that include a sunset.
But the really absurd part of this story — and to be fair, NYT has to report these arguments as if they’re serious, and I should be grateful they have been recorded in all their absurdity — is that Burr and Nunes are now claiming that the largest phone companies in the US don’t know how to 1) store data, or 2) “search stored phone data after a warrant [actually, a Reasonable Articulable Suspicion order, not a warrant] is issued, then communicate the results to the government.”
The two men have said phone companies, which would collect the data instead of the N.S.A. under the USA Freedom Act, are not equipped to handle the task.
Leaders of the House Intelligence and Judiciary Committees from both parties, along with supporters in the Senate, said they could assuage the concerns of Senate Republicans by adding a certification process to ensure that telephone companies had developed the technology they needed to store the reams of data that were now gathered by the government. If the technology could not be certified, a longer transition period would kick in.
Mr. Burr said he would like that period to be two years, a proposal not very likely to be accepted by the House.
“The question is whether the technology can be developed in time, over a six-month window,” Mr. Nunes said in an interview. “I think it can be. I was at N.S.A. reviewing this 10 days ago.”
He added: “We believe six months works, but it wouldn’t be bad to have a little longer.”
But even that change has irked lawmakers, who worked for months on the compromise that passed the House. Representative Adam B. Schiff of California, the ranking Democrat on the House Intelligence Committee, said the technology in question — the ability to search stored phone data after a warrant is issued, then communicate the results to the government — was “a pretty minor deal” that could easily meet a certification deadline.
The men overseeing our intelligence community claim to not understand that phone companies store this information — and respond to lawful government requests for it — every day.
In truth, this is likely another ploy to expand the role of providers down the road (as happened under PRISM), after we’ve all become less vigilant — beyond simply providing phone records (as these silly Congressmen claim) to doing far more analysis.
After all, the only way these claims make sense, is if the government expects to get real pushback from providers going forward — and that’s not going to happen if all they want is call records delivered to the government, which telecoms have been doing forever.
So that’s the likely play: to set up some mechanism whereby the hawks can claim — in 6 months time — that telecoms are unwilling or unable (the same standard they use for drones killing!) to do what the government will ask. At which point we’ll be fighting to get the government out of an expanded dragnet business.
One more thing.
The Republicans also claim that the telecoms have been harassed by privacy advocates.
Republicans have also expressed a desire to protect the phone companies against harassment from privacy activists over their participation in a new surveillance program.
This is likely a bid to do something to shroud the dragnets (it won’t be just telecom going forward) in secrecy from here on out. Probably not the act-specific Espionage Act, like Burr wants, but probably some other means to ensure that no one ever gets standing to challenge what will still be an unconstitutional program going forward.
I guess they hope we won’t notice because we’re laughing at their other batty excuses so hard?
As I noted here, given the content of the radical bill Richard Burr introduced on Friday, it appears likely that his claim Section 215 sIpported an IP dragnet was no misstatement, as he claimed when I called him on it. But that — and the misstatements Mitch McConnell made on Friday about the bill — are not the only lies the authoritarians have been telling.
Just after USA F-ReDux failed in the Senate Friday night and Barbara Boxer tried to call it back up for a vote, Mitch McConnell falsely claimed that Dianne Feinstein was involved in Burr’s radical bill. Senator Feinstein actually had to interrupt and point out that not only doesn’t she think Burr’s bill is the way to go, but that pushing for it might put all the expiring provisions at risk. (h/t Steven Aftergood for pulling Congressional Research Service records)
McCONNELL. Mr. President, the Senate has demonstrated that the House-passed bill lacks the support of 60 Senators. I would urge a “yes” vote on the 2-month extension. Senator Burr, the chairman of the Intelligence Committee, and Senator Feinstein, the ranking member, as we all know, have been working on a proposal that they think would improve the version that the Senate has not accepted that the House sent over. It would allow the committee to work on this bill, refine it, and bring it before us for consideration. So the 2-month extension, it strikes me, would be in the best interest of getting an outcome that is acceptable to both the Senate and the House and hopefully the President.
Mrs. FEINSTEIN. Mr. President, if I may a point of personal privilege. Mr. President, I would like to correct the majority leader, regretfully. I did not support the Burr bill. I do not believe that is the way to go. I have taken a good look at this. For those who want reform and want to prevent the government from holding the data, the FREEDOM Act is the only way to do it. The House has passed it. The President wants it. All of the intelligence personnel have agreed to it, and I think not to pass that bill is really to throw the whole program–that whole section 215 as well as the whole business records, the “lone wolf,” the roving wiretaps–into serious legal jeopardy.
That is, of course, precisely what has happened. In his bid to ram through Burr’s expanded dragnet, Mitch has now made it increasingly likely that all the expiring provisions will lapse on June 1.
On May 7, the very same day the Second Circuit ruled that Congress has to say specifically what a surveillance bill means for the bill to mean that thing, Richard Burr engaged in a staged colloquy on the Senate floor where he claimed that the Section 215 bulk collection program collects IP addresses. After Andrew Blake alerted me to that and I wrote it up, Burr stuffed the claim into the memory hole and claimed, dubiously, to have made a misstatement in a planned colloquy.
Then, after Mitch McConnell created a crisis by missing the first Section 215 reauthorization deadlines, Burr submitted a bill that would immediately permit the bulk collection of IP addresses, plus a whole lot more, falsely telling reporters this was a “compromise” bill that would ensure a smooth transition between the current (phone) dragnet and its replacement system.
Which strongly suggests Burr’s initial “misstatement” was simply an attempt to create a legislative record approving a vast expansion of the current dragnet that, when he got caught, led Burr to submit a bill that actually would implement that in fact.
This has convinced me we’re going to need to watch these authoritarians like hawks, to prevent them from creating the appearance of authorizing vast surveillance systems without general knowledge that’s what’s happening.
So I reviewed the speech Mitch made on Friday (this appears after 4:30 to 15:00; unlike Burr’s speech, the congressional record does reflect what Mitch actually said; h/t Steve Aftergood for Congressional Record transcript). And amid misleading claims about what the “compromise” bill Burr was working on, Mitch suggested something remarkable: among the data he’s demanding be retained are documents, not just call data.
I’ve placed the key part of Mitch’s comments below the rule, with my interspersed comments. As I show, one thing Mitch does is accuse providers of an unwillingness to provide data when in fact what he means is far more extensive cooperation. But I’m particularly interested in what he says about data retention:
The problem, of course, is that the providers have made it abundantly clear that they will not commit to retaining the data for any period of time as contemplated by the House-passed bill unless they are legally required to do so. There is no such requirement in the bill. For example, one provider said the following: “[We are] not prepared to commit to voluntarily retain documents for any particular period of time pursuant to the proposed USA FREEDOM Act if not otherwise required by law.”
Now, one credulous journalist told me the other day that telecoms were refusing to speak to the Administration at all, which he presumably parroted from sources like Mitch. That’s funny, because not only did the telecom key to making the program work — Verizon — provide testimony to Congress (which is worth reviewing, because Verizon Associate General Counsel — and former FBI lawyer — Michael Woods pointed to precisely what the dragnet would encompass under Burr’s bill, including VOIP, peer-to-peer, and IP collection), but Senator Feinstein has repeatedly made clear the telecoms have agreed with the President to keep data for two years.
Furthermore, McConnell’s quotation of this line from a (surely highly classified letter) cannot be relied on. Verizon at first refused to retain data before it made its data handshake with the President. So when did this provider send this letter, and does their stance remain the same? Mitch doesn’t say, and given how many other misleading comments he made in his speech, it’s unwise to trust him on this point.
Most curiously, though, look at what they’re refusing to keep. Not phone data! But documents.
Both USA F-ReDux and Burr’s bill only protect messaging contents, not other kinds of content (and Burr’s excludes anything that might be Dialing, Routing Addressing and Signaling data from his definition of content, which is the definition John Bates adopted in 2010 to be able to permit NSA to resume collecting Internet metadata in bulk). Both include remote computing services (cloud services) among the providers envisioned to be included not just under the bill, but under the “Call Detail Record” provision.
Perhaps there’s some other connotation for this use of the word “documents.” Remember, I think the major target of data retention mandates is Apple, because Jim Comey wants iMessage data that would only be available from their cloud.
But documents? What the hell kind of “Call Detail Records” is Mitch planning on here?
One more thing is remarkable about this. Mitch is suggesting it will take longer for providers to comply with this system than it took them to comply with Protect America Act. Yahoo, for example, challenged its orders and immediately refused to comply on November 8, 2007. Yet, even in spite of challenging that order and appealing, Yahoo started complying with it on May 5, 2008, that same 180-time frame envisioned here. And virtually all of the major providers already have some kind of compliance mechanism in place, either through PRISM (Apple, Google, and Microsoft) or upstream 702 compliance (AT&T and Verizon).
Last night, Mitch McConnell dealt himself a humiliating defeat. As I correctly predicted a month before events played out, McConnell tried to create a panic that would permit him and Richard Burr to demand changes — including iMessage retention, among other things — to USA F-ReDux. That is, in fact, what Mitch attempted to do, as is evident from the authoritarian power grab Burr released around 8:30 last night (that is, technically after the Administration had already missed the FISA Court deadline to renew the dragnet).
Contrary to a lot of absolutely horrible reporting on Burr’s bill, it does not actually resemble USA F-ReDux.
As I laid out here, it would start by gutting ECPA, such that the FBI could resume using NSLs to do the bulky Internet collection that moved to Section 215 production in 2009.
It also vastly expanded the application of the call record function (which it very explicitly applied to electronic communications providers, meaning it would include all Internet production, though that is probably what USA F-ReDux does implicitly), such that it could be used against Americans for any counterterrorism or counterintelligence (which includes leaks and cybersecurity) function, and for foreigners (which would chain onto Americans) for any foreign intelligence purpose. The chaining function includes the same vague language from USA F-ReDux which, in the absence of the limiting language in the House Judiciary Committee bill report, probably lets the government chain on session identifying information (like location and cookies, but possibly even things like address books) to do pattern analysis on providers’ data. Plus, the bill might even permit the government to do this chaining in provider data, because it doesn’t define a key “permit access” term.
Burr’s bill applies EO 12333 minimization procedures (and notice), not the stronger Section 215 ones Congress mandated in 2006; while USA F-ReDux data will already be shared far more widely than it is now, this would ensure that no defendant ever gets to challenge this collection. It imposes a 3-year data retention mandate (which would be a significant new burden on both Verizon and Apple). It appears to flip the amicus provision on its head, such that if Verizon or Apple challenged retention or any other part of the program, the FISC could provide a lawyer for the tech companies and tell that lawyer to fight for retention. And in the piece de la resistance, the bill creates its very own Espionage Act imposing 10 year prison terms for anyone who reveals precisely what’s happening in this expanded querying function at providers.
It is, in short, the forced-deputization of the nation’s communications providers to conduct EO 12333 spying on Americans within America.
Had Mitch had his way, after both USA F-ReDux and his 2-month straight reauthorization failed to get cloture, he would have asked for a week extension, during which the House would have been forced to come back to work and accept — under threat of “going dark” — some of the things demanded in Burr’s bill.
It didn’t work out.
But as it was, USA F-ReDux had far more support than the short-term reauthorization. Both McConnell and Rand Paul voted against both, for very different reasons. The difference in the vote results, however, was that Joe Donnelly (D), Jeff Flake (R), Ron Johnson (R), James Lankford (R), Bill Nelson (D), Tim Scott (R), and Dan Sullivan (R) voted yes to both. McConnell’s preferred option didn’t even get a majority of the vote, because he lost a chunk of his members.
Then McConnell played the hand he believed would give himself and Burr leverage. The plan — as I stated — was to get a very short term reauthorization passed and in that period force through changes with the House (never mind that permitting that to happen might have cost Boehner his Speakership, that’s what McConnell and Burr had in mind).
First, McConnell asked for unanimous consent to pass an extension to June 8. (h/t joanneleon for making the clip) But Paul, reminding that this country’s founders opposed General Warrants and demanding 2 majority vote amendments, objected. McConnell then asked for a June 5 extension, to which Ron Wyden objected. McConnell asked for an extension to June 3. Martin Heinrich objected. McConnell asked for an extension to June 2. Paul objected.
McConnell’s bid failed. And he ultimately scheduled the Senate to return on Sunday afternoon, May 31.
By far the most likely outcome at this point is that enough Senators — likely candidates are Mark Kirk, Angus King, John McCain, Joni Ernst, or Susan Collins — flip their vote on USA F-ReDux, which will then be rushed to President Obama just hours before Section 215 (and with it, Lone Wolf and Roving Wiretaps) expires on June 1. But even that (because of when McConnell scheduled it) probably requires Paul to agree to an immediate vote.
But if not, it won’t be the immediate end of the world.
On this issue, too, the reporting has been horrible, even to almost universal misrepresentation of what Jim Comey said about the importance of expiring provisions — I’ve laid out what he really said and what it means here. Comey cares first and foremost about the other Section 215 uses, almost surely the bulky Internet collection that moved there in 2009. But those orders, because they’re tied to existing investigations (of presumably more focused subject than the standing counterterrorism investigation to justify the phone dragnet), they will be grand-fathered at least until whatever expiration date they have hits, if not longer. So FBI will be anxious to restore that authority (or move it back to NSLs as Burr’s bill would do), especially since unlike the phone dragnet, there aren’t other ways to get the data. But there’s some time left to do that.
Comey also said the Roving Wiretap is critical. I’m guessing that’s because they use it to target things like Tor relays. But if that’s the primary secretly redefined function, they likely have learned enough about the Tor relays they’re parked on to get individual warrants. And here, too, the FBI likely won’t have to detask until expiration days on these FISA orders come due.
As for the phone dragnet and the Lone Wolf? Those are less urgent, according to Comey.
Now, that might help the Republicans who want to jam through some of Burr’s demands, since most moderate reformers assume the phone dragnet is the most important function that expires. Except that McConnell and others have spent so long pretending that this is about a phone dragnet that in truth doesn’t really work, that skittish Republicans are likely to want to appear to do all they can to keep the phone dragnet afloat.
As I said, the most likely outcome is that a number of people flip their vote and help pass USA F-ReDux.
But as with last night’s “debate,” no one really knows for sure.
As some of you were live-commenting yesterday, Rand Paul conducted a 10.5 hour filibuster of the USA F-ReDux last night.
A lot of journalists are calling it meaningless. But it may not be. As Sunlight Foundation explains, by occupying the floor for the balance of yesterday, Paul may have prevented Mitch McConnell from invoking cloture on his short-term reauthorization, leaving only USA F-ReDux as the only legislation that might possibly get through the Senate before House members start leaving for recess tonight.
What does the currently ongoing filibuster have to do with this? It’s not just that it stalls the vote in the Senate and wedges it up closer to Section 215’s expiration. If Paul and his allies get to midnight tonight, as far as we can tell, it stops the Senate from considering any bill other than the House-passed USA FREEDOM Act, or, by default, sunset before Saturday. Without this filibuster, McConnell could have moved today to proceed on from the trade vote to USA FREEDOM or the 2-month reauthorization (though the Senate will have a cloture vote on trade tomorrow no matter what), and in turn begun the cloture process, which would have matured Friday. While the House is supposed to be out on Friday, keeping the House for another day, versus through the weekend and into Memorial Day, is a bit different.
All that said, I suspect there was an underlying deal here.
That’s true because the 9 or so people who supported Paul in this filibuster were all USA F-ReDux supporters (and of them, only Ron Wyden has called for significant amendment process, which is what Paul said he was fighting for with his filibuster).
More telling, Paul stopped 11 minutes short of midnight. And McConnell seemed to expect that — he had Bill Cassidy come on the floor to submit the highways bill for cloture.
In other words, McConnell could have, but didn’t, file cloture on his short-term reauthorization last night.
It’s quite possible that the Senators from KY made an agreement to get themselves out of holes they had created for themselves, Paul, in pushing against the bill, and McConnell, in leveraging such that sunset of Section 215 became a real possibility. By appearing to be left with no choice but USAF, McConnell could then whip it, and ensure it passes, to be quickly sent to Obama for signature. If McConnell really whipped it, Paul could even cast a symbolic vote against it.
If that ends up happening, Paul’s filibuster will not be a waste. It would have prevented — or been the tactic that allowed all sides to accept the prevention — of the bill getting worse in the Senate, which was always a real possibility.
But no one should be breaking out tequila to celebrate a PATRIOT Sunset yet.
Update: McConnell apparently just filed cloture on his short-term reauthorization. That would put the vote on Saturday, with the House having to come back to deal with it.