Posts

The 2009 Last Ditch Attempt to Undercut the FISA Court

As I laid out in this timeline, sometime in fall 2009, the NSA submitted an end-to-end report describing the Internet dragnet. Then, weeks later, David Kris wrote Reggie Walton, admitting that the had been collecting data outside the categories approved by Colleen Kollar-Kotelly in 2004 — that is, admitting that the rosy picture NSA had painted in its end-to-end report was entirely false. Sometime shortly thereafter, DOJ decided not to submit its Internet dragnet reauthorization application, effectively shutting down the Internet dragnet on or around October 30, 2009 until John “Bates-Stamp” Bates reauthorized it sometime around July 2010.

Which is why I find the discussion of the PATRIOT reauthorization during precisely that time period so interesting.

On October 1 the Senate Judiciary Committee had its first open hearing on PATRIOT reauthorization.  At that point, an effort to require Section 215 have particular ties to terrorism got shut down in an action we now know served to preserve the phone dragnet. The discussion around it created the interest for a classified briefing. On October 7, they got that briefing. Also on October 7, the Obama Administration gave Jeff Sessions a bunch of changes they wanted off of what the bill had been on October 1.

On October 8, the Senate Judiciary Committee had another open hearing on PATRIOT reauthorization. The committee adopted Sessions changes over DiFi’s already watered down version of what Pat Leahy had originally pushed on October 1 (this is what elicited Russ Feingold’s concerns about SJC acting as the Prosecutors Committee). The changes limited Section 215 protections for libraries, fixed the gag order problem with NSLs with a non-fix that is similar to one included in USA Freedom Act. Most significantly, they watered down what would have been new minimization procedures for the PRTT authority (which were ultimately stripped in any case), making clear minimization procedures should only be adopted in exceptional circumstances. As I guessed correctly at the time, this was probably done to protect the PRTT dragnet that was collecting vast amounts of Internet metadata (as well as, contrary to Jeff Sessons’ claims in the hearing, content).

They absolutely gutted the minimization procedures tied to pen registers! Pen registers are almost certainly the means by which the government is conducting the data mining of American people (using the meta-data from their calls and emails to decide whether to tap them fully). And Jeff Sesssions–I mean Barack Obama–simply gutted any requirement that the government get rid of all this meta-data when they’re done with it. They gutted any prohibitions against sharing this information widely. In fact, they’ve specified that judges should only require minimization procedures in extraordinary circumstances. Otherwise, there is very little limiting what they can do with your data and mine once they’ve collected it.

By asserting it had the authority to impose minimization procedures on the Internet dragnet, the FISC tried, utterly unsuccessfully, to prevent the NSA from illegally wiretapping Americans. When the FISC again asserted its authority to impose minimization procedures, NSA just took its toys and went overseas, where it didn’t have that meanie rubber stamp FISC to contend with.

I raise this not only because it suggests DOJ was making legislative efforts to undercut the FISC just as they discovered a huge problem with their Internet dragnet. But also because, in my opinion, the USA Freedom Act makes a similar effort to withdraw any claim the court might make to be able to impose and review compliance with minimization procedures. I don’t think it’s an Internet dragnet this time — as I’ll write later, I think it’s either location (which is fairly banal) or more interesting flow analyses. But I think Congress — with the support of civil liberties NGOs, this time — is still trying to undercut the way that FISC has best been able to impose some controls on the government’s spying.

Even as Congress Prepares to Legislate, Intelligence Community Stalling on Section 215 IG Report

I’ve been covering the DOJ Inspector General’s billion-day old review of Section 215.

  • June 2010: Then DOJ IG Glenn Fine lays out investigation
  • June 2013: Transition to Michael Horowitz stalls PATRIOT investigation
  • August 2013: The investigation has been ongoing
  • September 2013: Pat Leahy calls for an IC IG investigation into 215 and 702; IC IG Charles McCullough declines
  • December 2013: Horowitz states current investigation limited by AG/DNI declassification of earlier reports
  • April 2014: The Section 215 review has a baby!

If my calculation is correct, that report has been pending for 1,616 days.

Today, in a report on the most significant challenges faced by the government, the IG explains what happened to the review: it is caught up in declassification review.

Ongoing OIG work, such as our reviews of the Department’s requests for and use of business records under Section 215 of the USA PATRIOT Reauthorization Act and the Department’s use of pen register and trap-and-trace devices under the Foreign Intelligence Surveillance Act (FISA), also address privacy concerns implicated by the use of national security authorities to collect data.  Although the OIG completed both of these reviews months ago, and we have provided classified briefings to Congress regarding them, we have been unable to release the classified reports to Congress or non-classified reports to the public because the classification review being conducted by the intelligence community, which includes the FBI, is still ongoing.

This is craziness! Congress is actively legislating on this topic … tomorrow! There’s also the matter of the secret FBI PRTT program, that I strongly suspect is a location dragnet, which this report likely covers.

But the IC is suppressing a report that has been in the works for over 4 years with a slow declassification review?

Update: From Glenn Fine’s original letter scoping out the review, here’s some of what it includes.

It will examine the number of Section 215 applications filed from 2007 through 2009, how the FBI is using the tool today, and describe any reported improper or illegal uses of the authority. Our review also will examine the progress the FBI has made in addressing recommendations contained in our prior reports that the FBI draft and implement minimization procedures specifically for information collected under Section 215 authority.

We also intend to conduct a programmatic review of the FBI’s use of its pen register and trap and trace authority under the FISA. That part of the review will examine issues such as how the FBI uses the authority to collect information, what the FBI does with the information it collects, and whether there have been any improper or illegal uses of the authority either reported by the FBI or identified by the OIG.

In addition to identifying any improper uses of these authorities (the report should provide some sense of how rigorous the First Amendment review is), it will certainly lay out how FBI has refused to implement minimization procedures are required by law and recommended in DOJ IG’s last Section 215 report (we know this to be the case because the FISC is imposing minimization procedures itself, and requiring compliance reviews).

All that would be rather important to know before extending Section 215 for another 3 years.

Surprise! DOJ IG’s 1,403 Day Old Section 215 Investigation Had a Baby!

As longtime readers know, I have long tracked a DOJ Inspector General investigation into FBI’s use of Section 215 and other PATRIOT Act authorities.

  • June 2010: Then DOJ IG Glenn Fine lays out investigation
  • June 2013: Transition to Michael Horowitz stalls PATRIOT investigation
  • August 2013: The investigation has been ongoing
  • September 2013: Pat Leahy calls for an IC IG investigation into 215 and 702; IC IG Charles McCullough declines
  • December 2013: Horowitz states current investigation limited by AG/DNI declassification of earlier reports

A good healthy obsession!

Since it’s been a while — the investigation is now 1,403 days old — yesterday I decided to nag the IG office.

They were mum on when we might finally see the report. Instead of offering details, they directed me to their new (apparently brand spanking new) “in the interest of transparency” page on their ongoing work.

It shows the long-promised report, still focusing on Section 215 use through 2009, as well as NSLs and pen register.

Use of National Security Letters, Section 215 Orders, and Pen Register and Trap-and-Trace Authorities under FISA from 2007 through 2009

The OIG is again examining the FBI’s use of NSLs and Section 215 orders for business records. This review is assessing the FBI’s progress in responding to the OIG’s recommendations in its first and second reports on the FBI’s use of NSLs and its report on the FBI’s improper use of exigent letters and other informal means to obtain telephone records. A focus of this review is the NSL subsystem, an automated workflow system for NSLs that all FBI field offices and headquarters divisions have been required to use since January 1, 2008, and the effectiveness of the subsystem in reducing or eliminating noncompliance with applicable authorities. The current review is also examining the number of NSLs issued and Section 215 applications filed by the FBI between 2007 and 2009, and any improper or illegal uses of these authorities. In addition, the review is examining the FBI’s use of its pen register and trap-and-trace authority under FISA.

But it also shows a report not mentioned in Michael Horowitz’ last report.

A report on the dragnet.

Bulk Telephony Review

The OIG is reviewing the FBI’s use of information derived from the National Security Agency’s (NSA) collection of telephony metadata obtained from certain telecommunications service providers under Section 215 of the Patriot Act. The review will examine the FBI’s procedures for receiving, processing, and disseminating leads the NSA develops from the metadata, and any changes that have been made to these procedures over time. The review will also examine how FBI field offices respond to leads, and the scope and type of information field offices collect as a result of any investigative activity that is initiated. In addition, the review will examine the role the leads have had in FBI counterterrorism efforts.

In truth, this investigation may not be all that distinct from the known PATRIOT authorities investigation. The minimization procedures for both — and therefore the way the information gets used, an issue central to both investigations — appear to be the same. And to the extent that the number of 215 orders with minimization procedures has been growing since 2010 indicates the FBI is collecting other information in bulk, the programs may well interrelate.

At first, I thought that this investigation, with the very significant exception of the way the dragnet serves to identify informants, might not reveal anything that problematic. Upon review, I’m not so sure. I’ll explain why in a follow-up report.

The one big difference between the two investigations, however (and I’ll discuss this at more length in the follow-up), is that dragnet investigation, unlike the PATRIOT Authority one, appears not to be time delimited. Whereas the older investigation only looks at practices through 2009, the dragnet investigation appears to be examining on-going practices. It seems to be investigating all the 215-related issues identified by Pat Leahy that the IC IG should investigate that come under DOJ’s jurisdiction.

So bad news good news! DOJ is still, 1,403 days later, investigating how the FBI used PATRIOT Act authorities 5 years ago, meaning more recent developments are not getting much attention.

But there is a potentially related investigation looking at what the FBI ingests from the phone dragnet (at least the small part relating to Section 215) right now.

The “McCain Committee” Would Be Full of NSA Defenders

Imagine a McCain Committee as the inheritor of the tradition of Frank Church and Otis Pike.

(Yes, I did that to make bmaz’ head explode.)

That seems to be what John McCain intends with his resolution calling for a Committee to Investigate the Dragnet. (h/t Steven Aftergood)

Only, McCain proposes to investigate not just whether NSA has engaged in things it was not authorized to do. But also to investigate Snowden’s leaks themselves and the potential role of contractors in making leaks more likely.

All that said, I might be excited about McCain’s proposal to review the dragnet, as described:

(3) The nature and scope of National Security Agency intelligence-collection programs, operations, and activities, including intelligence-collection programs affecting Americans, that were the subject matter of the unauthorized disclosure, including–

(A) the extent of domestic surveillance authorized by law;

(B) the legal authority that served as the basis for the National Security Agency intelligence-collection programs, operations, and activities that are the subject matter of those disclosures;

(C) the extent to which such programs, operations, and activities that were the subject matter of such unauthorized disclosures may have gone beyond what was authorized by law or permitted under the Constitution of the United States;

(D) the extent and sufficiency of oversight of such programs, operations, and activities by Congress and the Executive Branch; and

(E) the need for greater transparency and more effective congressional oversight of intelligence community activities.

There’s just one problem with McCain’s proposal.

Here’s the list of the people who would be on the Committee (he provides titles, I’m providing names):

  • Diane Feinstein
  • Saxby Chambliss
  • Carl Levin
  • Jim Inhofe
  • Tom Carper
  • Tom Coburn
  • Robert Menendez
  • Bob Corker
  • Pat Leahy
  • Chuck Grassley
  • Jello Jay Rockefeller
  • John Thune
  • A Harry Reid pick
  • A Mitch McConnell pick

There are a number of very big NSA defenders on this list — in addition to DiFi and Saxby, both Jello Jay and Coburn are Intel Committee members who have never questioned the dragnet (indeed, Coburn has called for getting rid of the controls on the phone dragnet!). Chuck Grassley, too, has generally been supportive of the dragnet in SJC hearings on the subject. Most of the rest are simply not the caliber of people who might critically assess the dragnet much less show real interest in Americans’ privacy. Only Carl Levin and Pat Leahy, alone among the 12 named members, have been explicitly skeptical of the dragnet at all.

McCain proposes a Select Committee to investigate the dragnet. And he proposes to fill it with people who are really happy with the dragnet as it currently exists.

Update: Just to give a sense of how terrible this make-up for a Select Committee is, compare it with the bipartisan list of 26 Senators who asked James Clapper for more information on other uses of Section 215 last June. Just one Senator from that list — Pat Leahy — would be on McCain’s committee.

Update: Haha! Via Matt Sledge, DiFi shot McCain’s idea down pretty quickly.

When FBI Director Jim Comey Ate 20 Journalists for Lunch, NSL Edition

Yesterday, charismatic FBI Director Jim Comey had what was alternately described as a “lunchtime interview” and a “roundtable” with a bunch of journalists. (See NYT, ABC, AFP, NPR, McClatchy, HuffPo, LAT, WSJ, Politico, AP)

Where he proceeded to eat them for lunch.

While he addressed many topics, it appears one of his key goals was to lobby to keep National Security Letter authority as is rather than adopt the NSA Review Group’s recommended changes.

Here’s how Politico described it (I don’t mean to pick on Josh Gerstein; his was one of the most thorough reports of what Comey said, even in spite of writing one of the single bylined stories; the outlets above all published some version of this story.)

“The national security letter is not only among the most highly regulated things the FBI does, but a very important building block tool of our national security investigations,” Comey said. “What worries me about their suggestion that we impose a judicial procedure on NSLs, is that it would actually make it harder for us to do national security investigations than bank fraud investigations.”

Comey said applying to a judge for a letter to track down an internet user who made a post indicating an interest in carrying out a terrorist bombing would take days or perhaps weeks, even if more judges were added to the court.

“Being able to do it in a reasonably expeditious way is really important to our investigations. So one of my worries about the proposal in the review group is it would add or introduce a delay,” he said. The director did say he believed there was merit to the review panel’s suggestion that such national security letters not come with a permanent bar on the recipient discussing the order with anyone other than legal counsel.

“We ought to be able to work something out that adopts a nondisclosure regime that is more acceptable to a broader array of folks than the one we have now,” he said.

Comey acknowledged that the FBI process for issuing such letters was too lax several years ago, but insisted it has since been fixed and is now rigorous and heavily audited. “No doubt the process for NSLs was broken in some ways six years ago or longer. It is not broken today. And so I don’t know why we would make natioanls [sic] security investigations harder in that respect than criminal investigations,” he said. He also said doing so would likely encourage his agents to go through prosecutors to get a grand jury subpoena instead—a process that doesn’t require the same number of approvals. [my emphasis]

Here’s the problem with this (aside from the hilarious claims that a program with no external oversight is the most “highly regulated” thing the FBI does, as bolded).

The journalists all, without an exception I’ve found, permitted Comey to misrepresent the Review Group’s two recommendations pertaining to National Security Letters (though HuffPo did include additional reporting noting that two of the Review Group members were Comey’s law professors and he thinks their emphasis is on gag orders preventing recipients from discussing the orders).

I described what the Review Group’s NSL recommendations were here (Julian Sanchez also did a good post).

But to understand why this is important enough for me to be an asshole over, it helps to see Review Group Recommendation 1, affecting the Section 215 dragnet, next to Review Group Recommendation 2, affecting NSLs.

Recommendation 1

We recommend that section 215 should be amended to authorize the Foreign Intelligence Surveillance Court to issue a section 215 order compelling a third party to disclose otherwise private information about particular individuals only if [it  finds that

(1)] the government has reasonable grounds to believe that the particular information sought is relevant to an authorized investigation intended to protect “against international terrorism or clandestine intelligence activities” and

(2) like a subpoena, the order is reasonable in focus, scope, and breadth.

 

Recommendation 2

We recommend that statutes that authorize the issuance of National Security Letters should be amended to permit the issuance of National Security Letters only upon a judicial finding that:

(1) the government has reasonable grounds to believe that the particular information sought is relevant to an authorized investigation intended to protect “against international terrorism or clandestine intelligence activities” and

(2) like a subpoena, the order is reasonable in focus, scope, and breadth.

[punctuation and spacing altered in brackets]

That is, Recommendation 1 (affecting Section 215) and Recommendation 2 (affecting NSLs) are — in the clauses changing the standard of review to eliminate bulk collection — substantively exactly the same. And while the NSLs require judicial review to get to any enforceable of standard of review — which is definitely one huge proposed change to the NSLs — viewed together like this, it is clear that at least as significant a goal of the Review Group is to end bulk collection under any authority.

Particularly when you consider Recommendation 3, which recommends real minimization procedures for NSLs.

The Review Group recommended judicial review of NSLs, sure. But it also recommended either preventing or (given the likelihood this has been going on) eliminating  bulk collection.

And yet a room full of — in some cases — very good journalists allowed the FBI Director to criticize what they all reported as the Review Group’s recommendation that NSL’s undergo judicial review without even mentioning he misrepresented the recommendation, addressing only a fraction of what the Review Group recommended.

Read more

After Meeting with Obama, Bob Goodlatte Calls for Reform of Phone Dragnet

Bob Goodlatte, the Chair of the House Judiciary Committee, voted against the Amash-Conyers Amendment that would have defunded the phone dragnet. Nor is he a named cosponsor of the USA Freedom Act, the Leahy-Sensenbrenner bill that would reform the dragnet.

Which is why it is particularly notable that he’s the one member of Congress cited by name in a story reporting on skepticism that Obama will actually reform the NSA.

President Obama met with hand-picked lawmakers at the White House on Thursday to discuss the National Security Agency’s controversial spying programs, the main event of a week full of meetings at the White House focusing on potential reforms for the maligned federal agency.

[snip]

At least some of the lawmakers left the meeting unconvinced that the president is going to do enough to curtail the NSA’s activities. House Judiciary Committee Chairman Bob Goodlatte, R-Va., said “it’s increasingly clear that we need to take legislative action to reform” the NSA’s intelligence gathering.

“If the president believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security,” Goodlatte said in a statement. “Americans’ civil liberties are at stake in this debate.”

If the President has not yet been able to convince Goodlatte the phone dragnet is necessary, if Goodlatte walks out of meeting with the President calling to legislatively roll back the phone dragnet, it might just have a shot at passing.

Update: Here’s Goodlatte’s full statement.

Over the course of the past several months, I have urged President Obama to bring more transparency to the National Security Agency’s intelligence-gathering programs in order to regain the trust of the American people. In particular, if the President believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security. The President has unique information about the merits of these programs and the extent of their usefulness. This information is critical to informing Congress on how far to go in reforming the programs. Americans’ civil liberties are at stake in this debate.

With each new revelation of the scope of these programs, it’s increasingly clear that we need to take legislative action to reform some of our nation’s intelligence-gathering programs to ensure that they adequately protect Americans’ civil liberties and operate in a sensible manner. We also need to ensure the laws are clear so that the U.S. tech industry is not disadvantaged vis-à-vis their foreign competitors. The House Judiciary Committee, which has primary jurisdiction over the legal framework of these programs, has conducted aggressive oversight on this issue and will be instrumental to reforming the Foreign Intelligence Surveillance Act. I am committed to working with members of Congress and Senators from both political parties, House leaders, and President Obama to ensure our nation’s intelligence collection programs include real protections for Americans’ civil liberties, robust oversight, and additional transparency. [my emphasis]

 

The FBI (or NSA?)’s Bulk National Security Letters

Say, did you notice that the NSA Review Group, like the Leahy-Sensenbrenner bill before it, endorsed dramatic restrictions on National Security Letters?

Both efforts set out to address the most extreme privacy risks posed by — the perception was — the NSA, yet both would impose new rules on NSLs, which are primarily used by the FBI. And both efforts would attempt to at least limit (and therefore presumably end) any bulk collection with NSLs.

Leahy-Sensenbrenner provides specific changes to both the statute authorizing communications collection and the one authorizing financial data collection. In the case of toll records, the changes look like this:

Required Certification.— The Director of the Federal Bureau of Investigation, or his designee in a position not lower than Deputy Assistant Director at Bureau headquarters or a Special Agent in Charge in a Bureau field office designated by the Director may request the name, address, length of service, and local and long distance toll billing records of a person or entity if the Director (or his designee) certifies in writing to the wire or electronic communication service provider to which the request is made that—

(1) the name, address, length of service, and toll billing records sought are relevant and material to an authorized investigation to protect against international terrorism or clandestine intelligence activities, provided that such an investigation of a United States person is not conducted solely on the basis of activities protected by the First Amendment to the Constitution of the United States; and

(2) there are reasonable grounds to believe that the name, address, length of service, and toll billing records sought pertain to—

(A) a foreign power or agent of a foreign power;

(B) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or

(C) an individual in contact with, or known to, a suspected agent of a foreign power. [my emphasis]

In addition, Leahy-Sensenbrenner would make NSL gags harder to sustain.

The Review Group went even further with respect to the basic NSL requests. It recommended (as its 2nd and 3rd recommendations, stuck right in the middle of its Section 215 discussion!) not only limiting bulk collection with NSLs, but requiring judicial review and adding minimization procedures to them.

Recommendation 2 We recommend that statutes that authorize the issuance of National Security Letters should be amended to permit the issuance of National Security Letters only upon a judicial finding that:

(1) the government has reasonable grounds to believe that the particular information sought is relevant to an authorized investigation intended to protect “against international terrorism or clandestine intelligence activities” and

(2) like a subpoena, the order is reasonable in focus, scope, and breadth.

Recommendation 3 We recommend that all statutes authorizing the use of National Security Letters should be amended to require the use of the same oversight, minimization, retention, and dissemination standards that currently govern the use of section 215 orders. [my emphasis]

There are two possible reasons why Leahy-Sensenbrenner and the Review Group would offer such similar reforms. First, it’s possible they worry that limiting bulk collection on Section 215 without limiting it on NSLs would lead the government to use NSLs instead.

Far more likely, both would propose such reforms because they know NSLs had already been used for bulk collection. (We know DOJ used bulk NSLs in its efforts to fix its exigent letter problems, but that involved just 3 bulk orders, all 3 issued in 2006.)

Which would be alarming because — as the Review Group points out — in FY2012 (which extends from October 1, 2011 to September 30, 2012), the FBI issued 21,000 NSLs, “primarily for subscriber information.” DOJ’s reports to Congress reported 16,511 NSL requests in 2011 and 15,229 in 2012 that weren’t subscriber information only, so roughly 5,500 of that 21,000 were just subscriber information. But the FBI could very well be issuing bulk orders for both toll records and financial records.

That’s a lot of potential bulk orders.

And, as the Review Group makes clear in its list of reasons the NSLs are ripe for abuse, the FBI doesn’t treat this data with the same care that NSA purportedly treats the phone dragnet data.

[T]he oversight and minimization requirements governing the use of NSLs are much less rigorous than those imposed in the use of section 215 orders.

So data from potentially thousands of bulk orders, covering both toll and financial records, may be sitting on FBI’s servers, with few access, dissemination, and age-off restrictions.

No wonder the Review Group thinks the NSLs should be subject to the same kind of judicial scrutiny as the other laws repurposed for bulk collection.

There is one final—and important— issue about NSLs. For all the well-established reasons for requiring neutral and detached judges to decide when government investigators may invade an individual’s privacy, there is a strong argument that NSLs should not be issued by the FBI itself. Although administrative subpoenas are often issued by administrative agencies, foreign intelligence investigations are especially likely to implicate highly sensitive and personal information and to have potentially severe consequences for the individuals under investigation. We are unable to identify a principled reason why NSLs should be issued by FBI officials when section 215 orders and orders for pen register and trap-and-trace surveillance must be issued by the FISC.

Which is precisely the reason why the Administration is fighting this.

While the focus on reforms Obama may reject has centered on the phone dragnet collection, anonymous sources are also saying the government can’t accept the Review Group proposal for NSLs.

Civil liberties groups would like Obama to rein in the government’s use of so-called “national security letters,” which allow the FBI and other agencies to compel individuals and organizations to turn over business records without any independent or judicial review.

A senior administration official said no final decisions had been made yet, but some operational agencies have concerns about limiting the use of these letters because it would raise the bar for intelligence investigations above that for criminal ones.

Which is understandable, so long as you ignore the high likelihood these are bulk orders. But once you imagine how many Americans’ records this might include if any significant number of NSLs are bulk orders, then it seems utterly shocking no judge reviews the requests.

That’s presumably one of the reasons the Administration wants to rush through its recommendations before we think too hard about the implications of bulk NSL orders.

The Maneuvers to Get Ahead of the NSA Review Group Recommendations

Here’s a quick summary of all the events happening in response to the NSA Review Group report:

Tuesday, January 7: James Clapper “and other Intelligence Community Leaders” meet with Geoffrey Stone, Cass Sunstein, and Peter Swire; SSCI holds closed briefing with Review Group

Wednesday, January 8: Obama meets with Intelligence Community leaders; Obama meets with PCLOB; NatSec Aides and Congressional staffers meet in Situation Room

Thursday, January 9: Obama meets with (reportedly invited) Dianne Feinstein, Saxby Chambliss, Mike Rogers, Dutch Ruppersberger, Pat Leahy, Chuck Grassley, Bob Goodlatte, John Conyers, Ron Wyden, Mark Udall, and Jim Sensenbrenner

Tuesday, January 14: Review Group testifies publicly before Senate Judiciary Committee

PCLOB, which I believe has a better understanding of the dragnet than several members of the Review Group, was supposed to present its own recommendations sometime this month, and the White House claims to be conducting its own internal review which is finishing up work.

I raise this schedule to point to the several times when Obama will meet with advocates for reform in a venue where some horse-trading can go on. Not only will he meet with PCLOB before their recommendations come out (as he met with the Review Group), but he will have the sponsors of legislation that would reform NSA and FBI’s counterterrorism programs, as well as Wyden and Udall, in a room with a larger number of opponents of reform.

Jay Carney said today Obama will introduce his own “reforms” before the State of the Union on January 28. But I wouldn’t be surprised if Obama moved to pre-empt these other discussions even earlier than that, as he did with the Review Group suggestion that the Director of the NSA position be split from the Cybercommand position.

Will he try to get an agreement from the legislative critics to withdraw their legislation if he makes some changes as executive prerogative?

The Leahy-Sensenbrenner Language on Back Door Searches Improves But Doesn’t Eliminate the Back Door

As the top Intelligence Community lawyers have made clear, the IC maintains it can search US person data incidentally collected under Section 702 without any suspicion, as well as for the purposes of making algorithms, cracking encryption, and to protect property.

The Leahy-Sensenbrenner bill tries to rein in this problem. And its fix is far better than what we’ve got now. But it almost certainly won’t fix the underlying problem.

Here’s what the law would do to the “Limitations” section of Section 702. The underlined language is new.

(b) Limitations

(1) IN GENERAL.—An acquisition

(A) may not intentionally target any person known at the time of acquisition to be located in the United States;

(B) may not intentionally target a person reasonably believed to be located outside the United States if a significant purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States;

(C) may not intentionally target a United States person reasonably believed to be located outside the United States;

(D) may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States; and

(E) shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.

(2) CLARIFICATION ON PROHIBITION ON SEARCHING OF COLLECTIONS OF COMMUNICATIONS OF UNITED STATES PERSONS.—

(A) IN GENERAL.—Except as provided in subparagraph (B), no officer or employee of the United States may conduct a search of a collection of communications acquired under this section in an effort to find communications of a particular United States person (other than a corporation).

Read more

The FBI and CIA Unminimized Collections and the Holes in Article III Review of FISA Amendments Act

In my piece confirming that the NSA can search on US person data collected incidentally in Section 702 collection, I pointed to these two paragraphs from the minimization procedures.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures  adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

It’s not clear what this entails.

But Dianne Feinstein once defended the FISA Amendments Act authorization to search on US person information by pointing to Nidal Hasan. Remember, his emails were picked up on a generalized collection of Anwar al-Awlaki’s communications, which should have been a traditional FISA warrant, but may have been conducted via the same software tools as FAA collection. In which case, the kind of access described in the Webster report would provide one idea of what this looks like from the FBI side. That process has almost certainly been streamlined, given that the god-awlful software the FBI used prevented it from pulling the entire stream of Hasan’s emails to Awlaki.

First, the FBI’s database of intercepts sucked. When the first Hasan intercepts came in, it allowed only keyword searches; tests the Webster team ran showed it would have taken some finesse even to return all the contacts between Hasan and Awlaki consistently. More importantly, it was not until February 2009 that the database provided some way to link related emails, so the Awlaki team in San Diego relied on spreadsheets, notes, or just their memory to link intercepts. (91) But even then, the database only linked formal emails; a number of Hasan’s “emails” to Awlaki were actually web contacts, (100) which would not trigger the database’s automatic linking function. In any case, it appears the Awlaki team never pulled all the emails between Hasan and Awlaki and read them together, which would have made Hasan seem much more worrisome (though when the San Diego agent set the alert for the second email, he searched and found the first one).

Even before this was streamlined, the collection seemed to lack real minimization. Though to be fair, the Agents spending a third of their days reading Awlaki’s emails were drowning and really had an incentive to get reports out as quickly as possible. But they seemed to be in the business of sending out reports with IDs, not the reverse.

In addition, we know that subsequent to that time, the FBI started using this collection (and, I’m quite certain, Samir Khan’s), as a tripwire — what they call “Strategic Collections.”

The Hasan attack (and presumably subsequent investigations, as well as the Umar Farouk Abdulmutallab attack) appears to have brought about a change in the way wiretaps like Awlaki’s are treated. Now, such wiretaps–deemed Strategic Collections–will have additional follow-up and management oversight.

The Hasan matter shows that certain [redacted] [intelligence collections] [redacted] serve a dual role, providing intelligence on the target while also serving as a means of identifying otherwise unknown persons with potentially radical or violent intent or susceptibilities. The identification and designation of Strategic Collections [redacted] will allow the FBI to focus additional resources–and, when appropriate, those of [redacted] [other government agencies]–on collections most likely to serve as “trip wires.” This will, in turn, increase the scrutiny of information that is most likely to implicate persons in the process of violent radicalization–or, indeed, who have radicalized with violent intent. This will also provide Strategic Collections [redacted] with a significant element of program management, managed review, and quality control that was lacking in the pre-Fort Hood [review of information acquired in the Aulaqi investigation] [redacted].

If implemented prior to November 5, 2009, this process would have [redacted] [enhanced] the FBI’s ability to [redacted] identify potential subjects for “trip wire” and other “standalone” counterterrorism assessments or investigations. (99)

Many many many of the aspirational terrorists the FBI rolled up in 2010 and afterwards were people who had communicated or followed Awlaki or Khan. And to the extent we’ve prosecuted a bunch of wayward youth who can’t pull together a plot without the FBI’s assistance, that ought to be a concern on many levels.

Because it would mean this unminimized production is part of the Terror Manufacturing Industry. (Mind you, the FBI was doing this with their own surveillance based off Hal Turner in the 00s, so it’s not an approach limited to Muslim radicals.)

To the extent that FAA collection might be sent to FBI as a way to identify non-criminal leads to criminalize, it’s a problem, particularly if the FISA Court doesn’t see what minimization the FBI uses.

Read more