Posts

Iran-Contra Cover-Up King Doesn’t Address Sessions’ Other Lies, or Conspiracy-in-Chief

Fresh off several witnesses revealing that Jeff Sessions wasn’t as offended by George Papadopoulos’ plan to pitch meetings with Putin as he claims he was, ABC reported that, Andrew McCabe approved an investigation into whether Jeff Sessions lied to Congress about his ties with Russia.

Nearly a year before Attorney General Jeff Sessions fired senior FBI official Andrew McCabe for what Sessions called a “lack of candor,” McCabe oversaw a federal criminal investigation into whether Sessions lacked candor when testifying before Congress about contacts with Russian operatives, sources familiar with the matter told ABC News.

An anonymous source tried to claim that Sessions would not have known that McCabe briefly oversaw an investigation into Sessions’ own perjury, but Sessions’ lawyer pointedly refused to confirm that.

One source told ABC News that Sessions was not aware of the investigation when he decided to fire McCabe last Friday less than 48 hours before McCabe, a former FBI deputy director, was due to retire from government and obtain a full pension, but an attorney representing Sessions declined to confirm that.

Sessions’ lawyer is Chuck Cooper. Most recently, he got famous failing spectacularly to defend Prop 8. But years and years ago, he played a key role in excusing Iran-Contra, notably by inventing the concept of pixie dusting executive orders.

Given his past as a great cover-up artist, take note of how carefully he words his more general denial.

Two months ago, Sessions was interviewed by Mueller’s team, and the federal inquiry related to his candor during his confirmation process has since been shuttered, according to a lawyer representing Sessions.

“The Special Counsel’s office has informed me that after interviewing the attorney general and conducting additional investigation, the attorney general is not under investigation for false statements or perjury in his confirmation hearing testimony and related written submissions to Congress,” attorney Chuck Cooper told ABC News on Wednesday.

The AG is not under investigation for any lies in his confirmation hearing testimony, Cooper said.

Here’s what that leaves out:

  • Obstruction charges for inventing the reason to fire Comey, pretending to be involved in the firing of US Attorneys including Preet Bharara, and for firing McCabe
  • False statements charges tied to Sessions’ later testimony before Congress
  • False statements charges tied to his Mueller testimony about whether he opposed the Russian outreach (we now know Mueller has gotten conflicting statements on this point)
  • Implication in the Russian conspiracy directly

It’s the last one that is most interesting (and where all these false statements charges are headed anyway). We now know some of the people at the March 31, 2016 meeting believe Sessions was not opposed to the Russian outreach. We know that Sessions’ close aide, Stephen Miller, was in the thick of things.

And then there’s this bizarre exchange from a November exchange with Patrick Leahy (who seems to have known that Sessions was then under investigation for lying to Congress).

Leahy asked about each item in turn.

Leahy: Let’s take this piece by piece. Did you discuss any of the following: Emails?

Sessions: Repeat the question again about emails.

Leahy: Since the 2016 campaign, have you discussed with any Russian connected official anything about emails?

Sessions: Discuss with them. I don’t recall having done any such thing.

Right after this exchange, Sessions totally balks when Leahy asks him if he has been interviewed or asked for an interview by Mueller, saying he should clear it with the Special Counsel.

Now, there was some imprecision in this questioning. It’s clear that Sessions believed he was answering the question about during the campaign, not since it.

But of the things Leahy asked about — emails, Russian interference, sanctions, or any policies or positions of the Trump campaign or presidency — Sessions ultimately not-recalled in response to just one question: the emails.

Based on the past practice Leahy had just laid out, Sessions claimed to not recall issues that he had actually done. Which would suggest Sessions is worried that there’s evidence he has discussed emails — with someone. It’s just not clear how he interpreted that question.

Sessions refused to deny he had discussed emails with a “Russian connected official” since the election.

None of these potential ties in the conspiracy are included in Cooper’s carefully worded denial (nor is Sessions’ knowing that McCabe had okayed an investigation into him for failing to meet his duty of candor, the same thing Sessions just fired McCabe for).

That speaks volumes.

In any case, it seems we’ll be hearing a lot more about Sessions’ implication in all this, in the wake of his firing of McCabe.

Asha Rangappa Demands Progressive Left Drop Bad Faith Beliefs in Op-Ed Riddled with Errors Demonstrating [FBI’s] Bad Faith

It’s my fault, apparently, that surveillance booster Devin Nunes attacked the FBI this week as part of a ploy to help Donald Trump quash the investigation into Russian involvement in his election victory. That, at least, is the claim offered by the normally rigorous Asha Rangappa in a NYT op-ed.

It’s progressive left privacy defenders like me who are to blame for Nunes’ hoax, according to Rangappa, because — she claims — “the progressive narrative” assumes the people who participate in the FISA process, people like her and her former colleagues at the FBI and the FISA judges, operate in bad faith.

But those on the left denouncing its release should realize that it was progressive and privacy advocates over the past several decades who laid the groundwork for the Nunes memo — not Republicans. That’s because the progressive narrative has focused on an assumption of bad faith on the part of the people who participate in the FISA process, not the process itself.

And then, Ragappa proceeds to roll out a bad faith “narrative” chock full of egregious errors that might lead informed readers to suspect FBI Agents operate in bad faith, drawing conclusions without doing even the most basic investigation to test her pre-conceived narrative.

Rangappa betrays from the very start that she doesn’t know the least bit about what she’s talking about. Throughout, for example, she assumes there’s a partisan split on surveillance skepticism: the progressive left fighting excessive surveillance, and a monolithic Republican party that, up until Devin Nunes’ stunt, “has never meaningfully objected” to FISA until now. As others noted to Rangappa on Twitter, the authoritarian right has objected to FISA from the start, even in the period Rangappa used what she claims was a well-ordered FISA process. That’s when Republican lawyer David Addington was boasting about using terrorist attacks as an excuse to end or bypass the regime. “We’re one bomb away from getting rid of that obnoxious [FISA] court.”

I’m more peeved, however, that Rangappa is utterly unaware that for over a decade, the libertarian right and the progressive left she demonizes have worked together to try to rein in the most dangerous kinds of surveillance. There’s even a Congressional caucus, the Fourth Amendment Caucus, where Republicans like Ted Poe, Justin Amash, and Tom Massie work with Rangappa’s loathed progressive left on reform. Amash, Mike Lee, and Rand Paul, among others, even have their name on legislative attempts to reform surveillance, partnering up with progressives like Zoe Lofgren, John Conyers, Patrick Leahy, and Ron Wyden. This has become an institutionalized coalition that someone with the most basic investigative skills ought to be able to discover.

Since Rangappa has not discovered that coalition, however, it is perhaps unsurprising she has absolutely no clue what the coalition has been doing.

In criticizing the FISA process, the left has not focused so much on fixing procedural loopholes that officials in the executive branch might exploit to maximize their legal authority. Progressives are not asking courts to raise the probable cause standard, or petitioning Congress to add more reporting requirements for the F.B.I.

Again, there are easily discoverable bills and even some laws that show the fruits of progressive left and libertarian right efforts to do just these things. In 2008, the Democrats mandated a multi-agency Inspector General on Addington’s attempt to blow up FISA, the Stellar Wind program. Progressive Pat Leahy has repeatedly mandated other Inspector General reports, which forced the disclosure of FBI’s abusive exigent letter program and that FBI flouted legal mandates regarding Section 215 for seven years (among other things). In 2011, Ron Wyden started his thus far unsuccessful attempt to require the government to disclose how many Americans are affected by Section 702. In 2013, progressive left and libertarian right Senators on the Senate Judiciary Committee tried to get the Intelligence Community Inspector General to review how the multiple parts of the government’s surveillance fit together, to no avail.

Rangappa’s apparent ignorance of this legislative history is all the more remarkable regarding the last several surveillance fights in Congress, USA Freedom Act and this year’s FISA Amendments Act reauthorization (the latter of which she has written repeatedly on). In both fights, the bipartisan privacy coalition fought for — but failed — to force the FBI to comply with the same kind of reporting requirements that the bill imposed on the NSA and CIA, the kind of reporting requirements Rangappa wishes the progressive left would demand. When a left-right coalition in the House Judiciary Committee tried again this year, the FBI stopped negotiating with HJC’s staffers, and instead negotiated exclusively with Devin Nunes and staffers from HPSCI.

With USAF, however, the privacy coalition did succeed in a few reforms (including those reporting requirements for NSA and CIA). Significantly, USAF included language requiring the FISA Court to either include an amicus for issues that present “a novel or significant interpretation of the law,” or explain why it did not. That’s a provision that attempts to fix the “procedural loophole” of having no adversary in the secret court, though it’s a provision of law the current presiding FISC judge, Rosemary Collyer, blew off in last year’s 702 reauthorization. (Note, as I’ve said repeatedly, I don’t think Collyer’s scofflaw behavior is representative of what FISC judges normally do, and so would not argue her disdain for the law feeds a “progressive narrative” that all people involved in the FISA process operated in bad faith.)

Another thing the progressive left and libertarian right won in USAF is new reporting requirements on FISA-related approvals for FISC, to parallel those DOJ must provide. Which brings me to Rangappa’s most hilarious error in an error-ridden piece (it’s an error made by multiple civil libertarians earlier in the week, which I corrected on Twitter, but Rangappa appears to mute me so wouldn’t have seen it).

To defend her claim that the FISC judge who approved the surveillance of Carter Page was operating, if anything, with more rigor than in past years, Rangappa points to EPIC’s tracker of FISA approvals and declares that the 2016 court rejected the highest number of applications in history.

We don’t know whether the memo’s allegations of abuse can be verified. It’s worth noting, however, that Barack Obama’s final year in office saw the highest number of rejected and modified FISA applications in history. This suggests that FISA applications in 2016 received more scrutiny than ever before.

Here’s why this is a belly-laughing error. As noted, USAF required the FISA Court, for the first time, to release its own record of approving applications. It released a partial report (for the period following passage of USAF) covering 2015, and its first full report for 2016. The FISC uses a dramatically different (and more useful) counting method than DOJ, because it counts what happens to any application submitted in preliminary form, whereas DOJ only counts applications submitted in final form. Here’s how the numbers for 2016 compare.

Rangappa relies on EPIC’s count, which for 2016 not only includes an error in the granted number, but adopts the AOUSC counting method just for 2016, making the methodology of its report invalid (it does have a footnote that explains the new AOUSC numbers, but not why it chose to use that number rather than the DOJ one or at least show both).

Using the only valid methodology for comparison with past years, DOJ’s intentionally misleading number, FISC rejected zero applications, which is consistent or worse than other years.

It’s not the error that’s the most amusing part, though. It’s that, to make the FISC look good, she relies on data made available, in significant part, via the efforts of a bipartisan coalition that she claims consists exclusively of lefties doing nothing but demonizing the FISA process.

If anyone has permitted a pre-existing narrative to get in the way of understanding the reality of how FISA currently functions, it’s Rangappa, not her invented progressive left.

Let me be clear. In spite of Rangappa’s invocation (both in the body of her piece and in her biography) of her membership in the FBI tribe, I don’t take her adherence to her chosen narrative in defiance of facts that she made little effort to actually learn to be representative of all FBI Agents (which is why I bracketed FBI in my title). That would be unfair to a lot of really hard-working Agents. But I can think of a goodly number of cases, some quite important, where that has happened, where Agents chased a certain set of leads more vigorously because they fit their preconceptions about who might be a culprit.

That is precisely what has happened here. A culprit, Devin Nunes — the same guy who helped the FBI dodge reporting requirements Rangappa thinks the progressive left should but is not demanding — demonized the FISA process by obscuring what really happens. And rather than holding that culprit responsible, Rangappa has invented some other bad guy to blame. All while complaining that people ever criticize her FBI tribe.

On the Sessions and Trump Interviews: It’s Not Just Obstruction of Justice

There are two stories out (in addition to this piece I did for TNR) renewing the frenzy around the Mueller investigation.

First, NYT reveals that Mueller interviewed Jeff Sessions for a few hours last week.

Attorney General Jeff Sessions was questioned for several hours last week by the special counsel’s office as part of the investigation into Russia’s meddling in the election and whether the president obstructed justice since taking office, according to a Justice Department spokeswoman.

Then, WaPo reports that Mueller wants to interview Trump about the Mike Flynn and Jim Comey firings.

Within the past two weeks, the special counsel’s office has indicated to the White House that the two central subjects that investigators wish to discuss with the president are the departures of Flynn and Comey and the events surrounding their firings.

Commenters and the WaPo piece (which cites information that should only be available from a member of Trump’s legal team) suggest these developments mean Trump is looking at obstruction.

Mueller’s interest in the events that led Trump to push out Flynn and Comey indicates that his investigation is intensifying its focus on possible efforts by the president or others to obstruct or blunt the special counsel’s probe.

I’m sure obstruction absolutely is one of the things Mueller is assessing when interviewing Sessions and Trump.

But neither of these interviews, particularly not the Sessions one, is necessarily focused exclusively on obstruction.

Sessions, for example, was in a key early meeting where setting up a meeting between Putin and Trump was discussed (though Sessions claims he opposed the idea). I have noted, for example, how Sessions played dumb when asked whether he had any discussions about emails and that key Sessions aide Stephen Miller is a top candidate to have heard about emails from George Papadopoulos.

[I]t seems highly likely that on April 27 (or whenever Papadopoulos was next in DC), Miller learned that Russia had some kind of emails from Hillary.

[Stephen] Miller, recall, is Jeff Sessions’ close aide, his installment in the Administration. The NYT makes clear that Miller was interviewed by Mueller’s team recently, which means he was one of the people the government planned to interview just after locking in Papadopoulos’ plea.

Which makes this exchange from Jeff Sessions’ most recent congressional appearance, on October 18, all the more interesting. First, Patrick Leahy got the Attorney General to admit that there was a difference between not recalling something and affirmatively denying something. Leahy then pointed out that, once the meetings he had denied were disclosed, Sessions started not recalling certain things about the meetings that he had previous affirmatively denied.

Leahy: Later in March, when you did disclose such meetings, you said you could not recall what was said at the meetings. Your answer to my question was an emphatic no. It wasn’t, “I don’t recall.” You are a lawyer, I am a lawyer. You are, in fact, our nation’s top lawyer. Is there a difference between responding “no” and “I do not recall”?

Sessions: Yes.

Leahy: Thank you.

Sessions: Certainly it is, Senator Leahy.

Leahy: So if you could not recall, then you could not answer have answered my first question, yes or no, if later you said that you don’t recall what was discussed. The reason I ask is that, US intelligence intercepts reported in July that it would appear you did in fact discuss campaign issues with the Russian Ambassador.

Leahy then asked Sessions whether he had, since the election, had conversations with Russian officials about a slew of things, starting with emails. Sessions got even squirrelier than he normally is, and first attempted to answer a question Leahy didn’t ask.

Sessions: I have never had a meeting with any Russian officials to discuss any kind of coordinating campaign efforts.

So then Leahy asked about each item in turn.

Leahy: Let’s take this piece by piece. Did you discuss any of the following: Emails?

Sessions: Repeat the question again about emails.

Leahy: Since the 2016 campaign, have you discussed with any Russian connected official anything about emails?

Sessions: Discuss with them. I don’t recall having done any such thing.

Right after this exchange, Sessions totally balks when Leahy asks him if he has been interviewed or asked for an interview by Mueller, saying he should clear it with the Special Counsel.

Now, there was some imprecision in this questioning. It’s clear that Sessions believed he was answering the question about during the campaign, not since it.

But of the things Leahy asked about — emails, Russian interference, sanctions, or any policies or positions of the Trump campaign or presidency — Sessions ultimately not-recalled in response to just one question: the emails.

Based on the past practice Leahy had just laid out, Sessions claimed to not recall issues that he had actually done. Which would suggest Sessions is worried that there’s evidence he has discussed emails — with someone. It’s just not clear how he interpreted that question.

And while Trump’s firing of Comey after attempting him to drop the Flynn investigation is a key prong in any obstruction case, his role in Flynn’s non-firing is far more interesting, especially given the likelihood, given Republican efforts to claim privilege, that he was on the Mar-a-Lago side of orders directing Flynn to ask Sergey Kislyak to hold off on a response to Obama’s sanctions. While it’s certainly possible that Mueller may hold off on any examination of Trump’s personal role in any hypothetical quid pro quo with the Russians, there’s plenty of reason to believe Trump was in the loop.

And in early discussions about Sally Yates’ testimony, Adam Schiff had said she might explain why Trump waited so long to fire Mike Flynn after she warned Don McGahn he had been compromised. One obvious reason is that it allowed Flynn, who had helped set up a meeting days later, attend it. That might change the connotation of the timing of the Comey firing, just in time to report back to Russia that the firing had “taken off” the pressure created by the investigation.

President Trump told Russian officials in the Oval Office this month that firing the F.B.I. director, James B. Comey, had relieved “great pressure” on him, according to a document summarizing the meeting.

“I just fired the head of the F.B.I. He was crazy, a real nut job,” Mr. Trump said, according to the document, which was read to The New York Times by an American official. “I faced great pressure because of Russia. That’s taken off.”

Mr. Trump added, “I’m not under investigation.”

It’s crystal clear that Trump fired Comey in an attempt to stave off investigation of Mike Flynn.

But the why behind that obstruction led to the rest of the guts of the Russia investigation. And the why may implicate both Trump (as unindicted co-conspirator) and Sessions (most likely as witness) more directly in any quid pro quo pertaining to the election.

Maybe Stephen Miller’s Discussions with George Papadopoulos Are Why Jeff Sessions Can’t Recall Any Email Discussions?

Over the weekend, the NYT published the best reported piece yet on the George Papadopoulos plea. I’m most intrigued by the description of how a young Russian intern turned Joseph Mifsud into a Russian expert in 2014. But the most important detail in the story is that the loathsome Stephen Miller is the Senior Policy Adviser described in the plea.

The day before he learned about the hacked emails, Mr. Papadopoulos emailed Mr. Miller, then a senior policy adviser to the campaign, saying Mr. Trump had an “open invitation” from Mr. Putin to visit Russia. The day after, he wrote Mr. Miller that he had “some interesting messages coming in from Moscow about a trip when the time is right.”

Those emails were described in court papers unsealed Oct. 30 disclosing that Mr. Papadopoulos had pleaded guilty to lying about his contacts to the F.B.I. But the documents did not identify Mr. Miller by name, citing only a “senior policy adviser.” Neither he nor his lawyer responded on Friday to requests for comment.

During interviews with Mr. Mueller’s investigators, former campaign officials now working at the White House have denied having advance knowledge of the stolen emails, according to an official familiar with those discussions. Mr. Miller was among those recently interviewed.

The NYT hints at what I laid out explicitly: FBI charged Papadopoulos for his lies because they were designed to hide whether he told the campaign about the emails Mifsud told him about. And given the timing, it seems highly likely Papadopoulos’ reference in his April 27 email (the government cites just one line from the email, so it may not be the most exciting detail) to “interesting messages coming in from Moscow,” those interesting messages included discussion about the “dirt” Russia had on Hillary in the form of emails.

That is, it seems highly likely that on April 27 (or whenever Papadopoulos was next in DC), Miller learned that Russia had some kind of emails from Hillary.

Miller, recall, is Jeff Sessions’ close aide, his installment in the Administration. The NYT makes clear that Miller was interviewed by Mueller’s team recently, which means he was one of the people the government planned to interview just after locking in Papadopoulos’ plea.

Which makes this exchange from Jeff Sessions’ most recent congressional appearance, on October 18, all the more interesting. First, Patrick Leahy got the Attorney General to admit that there was a difference between not recalling something and affirmatively denying something. Leahy then pointed out that, once the meetings he had denied were disclosed, Sessions started not recalling certain things about the meetings that he had previous affirmatively denied.

Leahy: Later in March, when you did disclose such meetings, you said you could not recall what was said at the meetings. Your answer to my question was an emphatic no. It wasn’t, “I don’t recall.” You are a lawyer, I am a lawyer. You are, in fact, our nation’s top lawyer. Is there a difference between responding “no” and “I do not recall”?

Sessions: Yes.

Leahy: Thank you.

Sessions: Certainly it is, Senator Leahy.

Leahy: So if you could not recall, then you could not answer have answered my first question, yes or no, if later you said that you don’t recall what was discussed. The reason I ask is that, US intelligence intercepts reported in July that it would appear you did in fact discuss campaign issues with the Russian Ambassador.

Leahy then asked Sessions whether he had, since the election, had conversations with Russian officials about a slew of things, starting with emails. Sessions got even squirrelier than he normally is, and first attempted to answer a question Leahy didn’t ask.

Sessions: I have never had a meeting with any Russian officials to discuss any kind of coordinating campaign efforts.

So then Leahy asked about each item in turn.

Leahy: Let’s take this piece by piece. Did you discuss any of the following: Emails?

Sessions: Repeat the question again about emails.

Leahy: Since the 2016 campaign, have you discussed with any Russian connected official anything about emails?

Sessions: Discuss with them. I don’t recall having done any such thing.

Right after this exchange, Sessions totally balks when Leahy asks him if he has been interviewed or asked for an interview by Mueller, saying he should clear it with the Special Counsel.

Now, there was some imprecision in this questioning. It’s clear that Sessions believed he was answering the question about during the campaign, not since it.

But of the things Leahy asked about — emails, Russian interference, sanctions, or any policies or positions of the Trump campaign or presidency — Sessions ultimately not-recalled in response to just one question: the emails.

Based on the past practice Leahy had just laid out, Sessions claimed to not recall issues that he had actually done. Which would suggest Sessions is worried that there’s evidence he has discussed emails — with someone. It’s just not clear how he interpreted that question.

Luckily, he’s due in the House Judiciary Committee tomorrow, when Democrats can try to get him to recall whether he spoke to his top aide, Stephen Miller, about emails the Russians were promising.

[Photo: National Security Agency via Wikimedia]

If a Tech Amicus Falls in the Woods but Rosemary Collyer Ignores It, Would It Matter?

Six senators (Ron Wyden, Pat Leahy, Al Franken, Martin Heinrich, Richard Blumenthal, and Mike Lee) have just written presiding FISA Court judge Rosemary Collyer, urging her to add a tech amicus — or even better, a full time technical staffer — to the FISA Court.

The letter makes no mention of Collyer’s recent consideration of the 702 reauthorization certificates, nor even of any specific questions the tech amicus might consider.

That’s unfortunate. In my opinion, the letter entirely dodges the real underlying issue, at least as it pertains to Collyer, which is her unwillingness to adequately challenge or review Executive branch assertions.

In her opinion reauthorizing Section 702, Collyer apparently never once considered appointing an amicus, even a legal one (who, under the USA Freedom structure, could have suggested bringing in a technical expert). She refused to do so in a reconsideration process that — because of persistent problems arising from technical issues — stretched over seven months.

I argued then that that means Collyer broke the law, violating USA Freedom Act’s requirement that the FISC at least consider appointing an amicus on matters raising novel or significant issues and, if choosing not to do so, explain that decision.

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Without even considering an amicus, Collyer for the first time affirmatively approved the back door searches of content she knows will include entirely domestic communications, effectively affirmatively permitting the NSA to conduct warrantless searches of entirely domestic communications, and with those searches to use FISA for domestic surveillance. In approving those back door searches, Collyer did not conduct her own Fourth Amendment review of the practice.

Moreover, she adopted a claimed fix to a persistent problem — the collection of domestic communications via packet sniffing — without showing any inkling of testing whether the fix accomplished what it needed to. Significantly, in spite of 13 years of problems with packet sniffing collection under FISA, the court still has no public definition about where in a packet metadata ends and content begins, making her “abouts” fix — a fix that prohibits content sniffing without defining content — problematic at best.

I absolutely agree with these senators that the FISC should have its own technical experts.

But in Collyer’s case, the problem is larger than that. Collyer simply blew off USA Freedom Act’s obligation to consider an amicus entirely. Had she appointed Marc Zwillinger, I’m confident he would have raised concerns about the definition of content (as he did when he served as amicus on a PRTT application), whether or not he persuaded her to bring in a technical expert to further lay out the problems.

Collyer never availed herself of the expertise of Zwillinger or any other independent entity, though. And she did so in defiance of the intent of Congress, that she at least explain why she felt she didn’t need such outside expertise.

And she did so in an opinion that made it all too clear she really, really needed that help.

In my opinion, Collyer badly screwed up this year’s reauthorization certificates, kicking the problems created by upstream collection down the road, to remain a persistent FISA problem for years to come. But she did so by blowing off the clear requirement of law, not because she didn’t have technical expertise to rely on (though the technical expertise is probably necessary to finally resolve the issues raised by packet sniffing).

Yet no one but me — not even privacy advocates testifying before Congress — want to call her out for that.

Congress already told the FISA court they “shall” ask for help if they need it. Collyer demonstrably needed that help but refused to consider using it. That’s the real problem here.

I agree with these senators that FISC badly needs its own technical experts. But a technical amicus will do no good if, as Collyer did, a FISC judge fails to consult her amici.

Senate Narrowly Avoids Voting Themselves to Become “Typos”

The McCain (Cornyn) amendment to the Judiciary Appropriations bill that would let them get Electronic Communication Transaction Records with a National Security Letter just narrowly failed to get cloture, with Dan Sullivan flipping his vote to yes near the end but Mike Crapo, a likely no vote, not voting. The final vote was 59-37.

The floor debate leading up to the vote featured a few notable exchanges. Richard Burr was an absolutely douchebag, saying Ron “Wyden is consistently against providing LE the tools it needs to defend the American people.” He did so in a speech admitting that, “My colleague says this wouldn’t stop SB or Orlando. He’s 100% correct.”

Burr also insisted that we can’t let the Lone Wolf provision, which allegedly has never been used, expire. It was extended just last year and doesn’t expire until 2019.

More interesting though was the debate between Burr and Leahy over whether the FBI can’t obtain ECTRs because of a typo in the law as passed in 1993. Leahy basically described that Congress had affirmatively decided not to include ECTRs in NSLs (implicit in this, Congress also did not decide to include it in the 2001 expansion). Burr claimed that Congress meant to include it but didn’t in some kind of oversight.

Here’s how Mazie Hirono and Martin Heinrich described the debate in the report on the Intelligence Authorization, which has a version of the ECTR change.

The FBI has compared expanding these authorities to fixing a “typo” in the Electronic Communications Privacy Act (ECPA).

However, during consideration of ECPA reform legislation in 1993, the House Judiciary Committee said in its committee report that “Exempt from the judicial scrutiny normally
required for compulsory process, the national security letter is an extraordinary device. New applications are disfavored.”

The House Judiciary Committee report also makes clear that the bill’s changes to Section 2709(b) of ECPA were a “modification of the language originally proposed by the
FBI.”

This does not support claims that the removal of the ECTR language was a “typo.”

Burr effectively argued that because law enforcement wanted ECTRs to be included back in 1993, they were meant to be included, and Congress’ exclusion of them was just a typo.

In short, a member of the Senate just argued that if Congress affirmatively decides not to capitulate to every demand of law enforcement, it must be considered a “typo” and not legally binding law.

For the moment, the Senate voted down making itself a “typo,” but Mitch McConnell filed a motion to reconsider, meaning he can bring the vote back up as soon as he arm twists one more vote.

 

Why Is the Government Poison-Pilling ECPA Reform?

Back in 2009, the Obama Administration had Jeff Sessions gut an effort by Dianne Feinstein to gut an effort by Patrick Leahy to gut an effort by Russ Feingold to halt the phone and Internet dragnet programs (as well as, probably, some Post Cut Through Dialed Digit collections we don’t yet know about).

See what Jeff Sesssions–I mean Barack Obama–did in complete secrecy and behind the cover of Jeff Sessions’ skirts the other night?

They absolutely gutted the minimization procedures tied to pen registers! Pen registers are almost certainly the means by which the government is conducting the data mining of American people (using the meta-data from their calls and emails to decide whether to tap them fully). And Jeff Sesssions–I mean Barack Obama–simply gutted any requirement that the government get rid of all this meta-data when they’re done with it. They gutted any prohibitions against sharing this information widely. In fact, they’ve specified that judges should only require minimization procedures in extraordinary circumstances. Otherwise, there is very little limiting what they can do with your data and mine once they’ve collected it. [no idea why I was spelling Sessions with 3 ses]

At each stage of this gutting process, Feingold’s effort to end bulk collection got watered down until, with Sessons’ amendments, the Internet dragnet was permitted to operate as it had been. Almost the very same time this happened, NSA’s General Counsel finally admitted that every single record the agency had collected under the dragnet program had violated the category restrictions set back in 2004. Probably 20 days later, Reggie Walton would shut down the dragnet until at least July 2010.

But before that happened, the Administration made what appears to be — now knowing all that we know now — an effort to legalize the illegal Internet dragnet that had replaced the prior illegal Internet dragnet.

I think that past history provides an instructive lens with which to review what may happen to ECPA reform on Thursday. A version of the bill, which would require the government to obtain a warrant for any data held on the cloud, passed the House unanimously. But several amendments have been added to the bill in the Senate Judiciary Committee that I think are designed to serve as poison pills to kill the bill.

The first is language that would let the FBI resume obtaining Electronic Communication Transaction Records with just a National Security Letter (similar language got added to the Intelligence Authorization; I’ll return to this issue, which I think has been curiously reported).

The second is language that would provide a vast emergency exception to the new warrant requirement, as described by Jennifer Daskal in this post.

[T]here has been relatively little attention to an equally, if not more, troubling emergency authorization provision being offered by Sen. Jeff Sessions. (An excellent post by Al Gidari and op-ed by a retired DC homicide detective are two examples to the contrary.)

The amendment would allow the government to bypass the warrant requirement in times of claimed emergency. Specifically, it would mandate that providers turn over sought-after data in response to a claimed emergency from federal, state, or local law enforcement officials. Under current law, companies are permitted, but not required, to comply with such emergency — and warrantless — requests for data.

There are two huge problems with this proposal. First, it appears to be responding to a problem that doesn’t exist. Companies already have discretion to make emergency disclosures to governmental officials, and proponents of the legislation have failed to identify a single instance in which providers failed to disclose sought-after information in response to an actual, life-threatening emergency. To the contrary, the data suggest that providers do in fact regularly cooperate in response to emergency requests. (See the discussion here.)

Second, and of particular concern, the emergency disclosure mandate operates with no judicial backstop. None. Whatsoever. This is in direct contrast with the provisions in both the Wiretap Act and Foreign Intelligence Surveillance Act (FISA) that require companies to comply with emergency disclosure orders, but then also require subsequent post-hoc review by a court. Under the Wiretap Act, an emergency order has to be followed up with an application for a court authorization within 48 hours (see 18 U.S.C. § 2518(7)). And under FISA, an emergency order has to be followed with an application to the court within 7 days (see 50 U.S.C. § 1805(5)). If the order isn’t filed or the court application denied, the collection has to cease.

The proposed Sessions amendment, by contrast, allows the government to claim emergency and compel production of emails, without any back-end review.

Albert Gidari notes that providers are already getting a ton of emergency requests, and a good number of them turn out to be unfounded.

For the last 15 years, providers have routinely assisted law enforcement in emergency cases by voluntarily disclosing stored content and transactional information as permitted by section 2702 (b)(8) and (c)(4) of Title 18. Providers recently began including data about emergency disclosures in their transparency reports and the data is illuminating. For example, for the period January to June 2015, Google reports that it received 236 requests affecting 351 user accounts and that it produced data in 69% of the cases. For July to December 2015, Microsoft reports that it received 146 requests affecting 226 users and that it produced content in 8% of the cases, transactional information in 54% of the cases and that it rejected about 20% of the requests. For the same period, Facebook reports that it received 855 requests affecting 1223 users and that it produced some data in response in 74% of the cases. Traditional residential and wireless phone companies receive orders of magnitude more emergency requests. AT&T, for example, reports receiving 56,359 requests affecting 62,829 users. Verizon reports getting approximately 50,000 requests from law enforcement each year.

[snip]

Remember, in an emergency, there is no court oversight or legal process in advance of the disclosure. For over 15 years, Congress correctly has relied on providers to make a good faith determination that there is an emergency that requires disclosure before legal process can be obtained. Providers have procedures and trained personnel to winnow out the non-emergency cases and to deal with some law enforcement agencies for whom the term “emergency” is an elastic concept and its definition expansive.

Part of the problem, and the temptation, is that there is no nunc pro tunc court order or oversight for emergency requests or disclosures. Law enforcement does not have to show a court after the fact that the disclosure was warranted at the time; indeed, no one may ever know about the request or disclosure at all if it doesn’t result in a criminal proceeding where the evidence is introduced at trial. In wiretaps and pen register emergencies, the law requires providers to cut off continued disclosure if law enforcement hasn’t applied for an order within 48 hours.  But if disclosure were mandatory for stored content, all of a user’s content would be out the door and no court would ever be the wiser. At least today, under the voluntary disclosure rules, providers stand in the way of excessive or non-emergency disclosures.

[snip]

A very common experience among providers when the factual basis of an emergency request is questioned is that the requesting agency simply withdraws the request, never to be heard from again. This suggests that to some, emergency requests are viewed as shortcuts or pretexts for expediting an investigation. In other cases when questioned, agents withdraw the emergency request and return with proper legal process in hand shortly thereafter, which suggests it was no emergency at all but rather an inconvenience to procure process. In still other cases, some agents refuse to reveal the circumstances giving rise to the putative emergency. This is why some providers require written certification of an emergency and a short statement of the facts so as to create a record of events — putting it in writing goes a long way to ensuring an emergency exists that requires disclosure. But when all is in place, providers respond promptly, often within an hour because most have a professional, well-trained team available 7×24.

In other words, what seems to happen now, is law enforcement use emergency requests to go on fishing expeditions, some of which are thwarted by provider gatekeeping. Jeff Sessions — the guy who 7 years ago helped the Obama Administration preserve the dragnets — now wants to make it so these fishing expeditions will have no oversight at all, a move that would make ECPA reform meaningless.

The effort to lard up ECPA reform with things that make surveillance worse (not to mention the government’s disinterest in reforming ECPA since 2007, when it first started identifying language it wanted to reform) has my spidey sense tingling. The FBI has claimed, repeatedly, in sworn testimony, that since the 2010 Warshak decision in the Sixth Circuit, it has adopted that ruling everywhere (meaning that it has obtained a warrant for stored email). If that’s true, it should have no objection to ECPA reform. And yet … it does.

I’m guessing these emergency requests are why. I suspect, too, that there are some providers that we haven’t even thought of that are even more permissive when turning over “emergency” content than the telecoms.

 

District Attorneys Use Spying as Cover To Demand a Law Enforcement Back Door

In response to a question Senate Intelligence Committee Chair Richard Burr posed during his committee’s Global Threat hearing yesterday, Jim Comey admitted that “going dark” is “overwhelmingly … a problem that local law enforcement sees” as they try to prosecute even things as mundane as a car accident.

Burr: Can you, for the American people, set a percentage of how much of that is terrorism and how much of that fear is law enforcement and prosecutions that take place in every town in America every day?

Comey: Yeah I’d say this problem we call going dark, which as Director Clapper mentioned, is the growing use of encryption, both to lock devices when they sit there and to cover communications as they move over fiber optic cables is actually overwhelmingly affecting law enforcement. Because it affects cops and prosecutors and sheriffs and detectives trying to make murder cases, car accident cases, kidnapping cases, drug cases. It has an impact on our national security work, but overwhelmingly this is a problem that local law enforcement sees.

Much later in the hearing Burr — whose committee oversees the intelligence but not the law enforcement function of FBI, which functions are overseen by the Senate Judiciary Committee — returned to the issue of encryption. Indeed, he seemed to back Comey’s point — that local law enforcement is facing a bigger problem with encryption than intelligence agencies — by describing District Attorneys from big cities and small towns complaining to him about encryption.

I’ve had more District Attorneys come to me that I have the individuals at this table. The District Attorneys have come to me because they’re beginning to get to a situation where they can’t prosecute cases. This is town by town, city by city, county by county, and state by state. And it ranges from Cy Vance in New York to a rural town of 2,000 in North Carolina.

Of course, the needs and concerns of these District Attorneys are the Senate Judiciary Committee’s job to oversee, not Burr’s. But he managed to make it his issue by calling those local law enforcement officials “those who complete the complement of our intelligence community” in promising to take up the issue (though he did make clear he was not speaking for the committee in his determination on the issue).

One of the responsibilities of this committee is to make sure that those of you at at the table and those that comp — complete the complement of our intelligence community have the tools through how we authorize that you need. [sic]

Burr raised ISIS wannabes and earlier in the hearing Comey revealed the FBI still hadn’t been able to crack one of a number of phones owned by the perpetrators of the San Bernardino attack. And it is important for the FBI to understand whether the San Bernardino attack was directed by people in Saudi Arabia or Pakistan that Tashfeen Malik associated with before coming to this country planning to engage in Jihad.

But only an hour before Jim Comey got done explaining that the real urgency here is to investigate drug cases and car accident cases, not that terrorist attack.

The balance between security, intelligence collection, and law enforcement is going to look different if you’re weighing drug investigations against the personal privacy of millions than if you’re discussing terrorist communications, largely behind closed doors.

Yet Richard Burr is not above pretending this about terrorism when it’s really about local law enforcement.

CISA Overwhelmingly Passes, 74-21

Update: Thought I’d put a list of Senators people should thank for voting against CISA.

GOP: Crapo, Daines, Heller, Lee, Risch, and Sullivan. (Paul voted against cloture but did not vote today.)

Dems: Baldwin, Booker, Brown, Cardin, Coons, Franken, Leahy, Markey, Menendez, Merkley, Sanders, Tester, Udall, Warren, Wyden


Just now, the Senate voted to pass the Cyber Information Sharing Act by a vote of 74 to 21. While 7 more people voted against the bill than had voted against cloture last week (Update: the new votes were Cardin and Tester, Crapo, Daines, Heller, Lee, Risch, and Sullivan, with Paul not voting), this is still a resounding vote for a bill that will authorize domestic spying with no court review in this country.

The amendment voting process was interesting of its own accord. Most appallingly, just after Patrick Leahy cast his 15,000th vote on another amendment — which led to a break to talk about what a wonderful person he is, as well as a speech from him about how the Senate is the conscience of the country — Leahy’s colleagues voted 57 to 39 against his amendment that would have stopped the creation of a new FOIA exemption for CISA. So right after honoring Leahy, his colleagues kicked one of his key issues, FOIA, in the ass.

More telling, though, were the votes on the Wyden and Heller amendments, the first two that came up today.

Wyden’s amendment would have required more stringent scrubbing of personal data before sharing it with the federal government. The amendment failed by a vote of 55-41 — still a big margin, but enough to sustain a filibuster. Particularly given that Harry Reid switched votes at the last minute, I believe that vote was designed to show enough support for a better bill to strengthen the hand of those pushing for that in conference (the House bills are better on this point). The amendment had the support of a number of Republicans — Crapo, Daines, Gardner, Heller, Lee, Murkowksi, and Sullivan — some of whom would vote against passage. Most of the Democrats who voted against Wyden’s amendment — Carper, Feinstein, Heitkamp, Kaine, King, Manchin, McCaskill, Mikulski, Nelson, Warner, Whitehouse — consistently voted against any amendment that would improve the bill (and Whitehouse even voted for Tom Cotton’s bad amendment).

The vote on Heller’s amendment looked almost nothing like Wyden’s. Sure, the amendment would have changed just two words in the bill, requiring the government to have a higher standard for information it shared internally. But it got a very different crowd supporting it, with a range of authoritarian Republicans like Barrasso, Cassidy, Enzi, Ernst, and Hoeven — voting in favor. That made the vote on the bill much closer. So Reid, along with at least 7 other Democrats who voted for Wyden’s amendment, including Brown, Klobuchar, Murphy, Schatz, Schumer, Shaheen, and Stabenow, voted against Heller’s weaker amendment. While some of these Democrats — Klobuchar, Schumer, and probably Shaheen and Stabenow — are affirmatively pro-unconstitutional spying anyway, the swing, especially from Sherrod Brown, who voted against the bill as a whole, makes it clear that these are opportunistic votes to achieve an outcome. Heller’s vote fell just short 49-47, and would have passed had some of those Dems voted in favor (the GOP Presidential candidates were not present, but that probably would have been at best a wash and possibly a one vote net against, since Cruz voted for cloture last week). Ultimately, I think Reid and these other Dems are moving to try to deliver something closer to what the White House wants, which is still unconstitutional domestic spying.

Richard Burr seemed certain that this will go to conference, which means people like he, DiFi, and Tom Carper will try to make this worse as people from the House point out that there are far more people who oppose this kind of unfettered spying in the House. We shall see.

For now, however, the Senate has embraced a truly awful bill.

Update, all amendment roll calls

Wyden: 41-55-4

Heller: 47-49-4

Leahy: 37-59-4

Franken: 35-60-5

Coons: 41-54-5

Cotton amendment: 22-73-5

Final passage: 74-21-5

What Is the Point of the SEC ECPA-Reform Power Grab?

Last week, the Senate Judiciary Committee had a hearing on Electronic Communication Privacy Act reform, the main goal of which is to provide protection for content served on a third party’s server. Because reform is looking more inevitable in Congress (the House version of the bill has more sponsors than any other), government agencies used the hearing as an opportunity to present their wish list for the bill. That includes asking for an expansion of the status quo for civil agencies, with witnesses from SEC, DOJ, and FTC testifying (DOJ also made some other requests that I hope to return to).

Effectively, the civil agencies want to create some kind of court order that will provide them access to stored content. A number of the agencies’ witnesses — especially SEC’s Andrew Ceresney — claimed that a warrant is the same as an order, which culminated in Sheldon Whitehouse arguing (after 45:30) that an order requiring court review is actually less intrusive than a warrant because the latter is conducted ex parte.

It took until CDT policy counsel (and former ACLU lawyer) Chris Calabrese to explain why that’s not true (after 2:08):

We have conflated two really different and very different things in this committee today. One is a court, some kind of court based on a subpoena and one is a probable cause warrant. These are not the same thing. A subpoena gives you access to all information that is relevant. As pursuant, relevant to a civil investigation, a civil infraction. So if you make a mistake on your taxes, that’s a potential civil infraction. Nothing that has been put forward by the SEC would do anything but be a dramatic expansion of their authority to get at ordinary people’s in-boxes. Not just the subjects of investigation, but ordinary folks who may be witnesses. Those people would have the–everything in their in-boxes that was relevant to an investigation, so a dramatic amount of information, as opposed to probable cause of evidence of a crime. That’s a really troubling privacy invasion.

I’m utterly sympathetic with Calabrese’s (and the EFF’s) argument that the bid for some kind of civil investigative order is a power grab designed to bypass probable cause.

But I wonder whether there isn’t another kind of power grab going on as well — a bid to force banks to be investigated in a certain kind of fashion.

It was really hard, to begin with, to have former and (presumably) future Debevoise & Plimpton white collar defense attorney Andrew Ceresney to talk about how seriously SEC takes it job of  “the swift and vigorous pursuit of those who have broken the securities laws through the use of all lawful tools available to us,” as he said in his testimony and during the hearing. There’s just been no evidence of it.

Moreover, as Ceresney admitted, SEC hasn’t tried to obtain email records via an order since the US v. Warshak decision required a warrant in the 6th Circuit, even though SEC believes its approach — getting an order but also providing notice to the target — isn’t governed by Warshak. As SEC Chair Mary Jo White (another revolving door Debevoise & Plimpton white collar defense attorney) said earlier this year,

“We’ve not, to date, to my know­ledge, pro­ceeded to sub­poena the ISPs,” White said. “But that is something that we think is a crit­ic­al au­thor­ity to be able to main­tain, done in the right way and with suf­fi­cient so­li­cit­ous­ness.”

For five years, the SEC hasn’t even tried to use this authority, all while insisting they needed it — even while promising they would remain “solicitous,” if there were any worries about that.

Claims that the SEC needed such authority might be more convincing if SEC was actually pursuing crooks, but there’s little evidence of that.

Which is why I’m interested in this passage, from a letter White sent to Pat Leahy in April 2013 and appended to Ceresney’s testimony, explaining why SEC can’t have DOJ obtain orders for this material.

DOJ only has authority to seek search warrants to advance its own investigations, not SEC investigations. Thus, the Commission cannot request that the DOJ apply for a search warrant on the SEC’s behalf. Second, many SEC investigations of potential civil securities law violations do not involve a parallel criminal investigation, and thus there is no practical potential avenue for obtaining a search warrant in those cases. The large category of cases handled by the SEC without criminal involvement, however, have real investor impact, and are vital to our ability to protect- and, where feasible, make whole – harmed investors.

The only times when SEC would need their fancy new order is if the subject of an investigation refuses to turn information voluntarily, and the threat that they could obtain an order anyway is, according to Ceresney, they key reason SEC wants to maintain this authority (though he didn’t argue the apparent absence of authority has been responsible for SEC’s indolence over the last 5 years). But that act, refusing to cooperate, would get companies more closely into criminal action and — especially under DOJ’s purportedly new policy of demanding that companies offer up their criminal employees — into real risk of forgoing any leniency for cooperation. But White is saying (or was, in 2013, when it was clear Eric Holder’s DOJ wasn’t going to prosecute) that SEC can’t ask DOJ to subpoena something because that would entail a potentially criminal investigation.

Well yeah, that’s the point.

Then add in the presumption here. One problem with prosecuting corporations is they hide their crimes behind attorney-client and trade secret privileges. I presume that’s partly what Sally Yates meant in her new “policy” memo, noting that investigations require a “painstaking review of corporate documents … which may be difficult to collect because of legal restrictions.” SEC’s policy would be designed for maximal privilege claims, because it would involve the subject in the process.

 

If the legislation were so structured, an individual would have the ability to raise with a court any privilege, relevancy, or other concerns before the communications are provided by an ISP, while civil law enforcement would still maintain a limited avenue to access existing electronic communications in appropriate circumstances from ISPs.

 

Other criminals don’t get this treatment. Perhaps the problems posed by financial crime — as well as the necessity for broader relevancy based evidence requests — are unique, though I’m not sure I buy that.

But that does seem to be a presumption behind this SEC power grab: retention of the special treatment financial criminals get that has thus far resulted in their impunity.