Posts

David Kris Outlines the Internet Dragnet Elephant

Way back on page 64 (of 67) of former Assistant Attorney General for National Security David Kris’ paper “On the Bulk Collection of Tangible Things,” he invokes the elephant metaphor the President used to promise more NSA disclosures on multiple programs.

What I’m going to be pushing the IC to do is rather than have a trunk come out here and leg come out there and a tail come out there, let’s just put the whole elephant out there so people know exactly what they’re looking at.

In keeping with the President’s direction, the Intelligence Community has released many new details about the bulk telephony metadata collection program, as described above. In addition, as also noted above, the FISC itself has released significant new information. The key remaining question is whether there will be additional, authorized releases concerning intelligence activity that has not been subject to prior, unauthorized releases. [my emphasis]

Kris uses the President’s elephant to ask whether they really will disclose their intelligence programs. He mentions just the phone dragnet (even though the Administration, in response to two FOIAs, also released information about their Section 702 upstream collection programs), even as he suggests the Administration might do well to admit to other programs before they are exposed by an Edward Snowden leak.

Which is interesting, because Kris’ paper — in spite of his title and in spite of that reference to the phone dragnet — is really about what the government has declassified (the phone dragnet) as well as what the government has left partly hidden (the Internet dragnet and broader phone dragnet).

Kris discusses the PATRIOT-authorized Internet dragnet along with the phone dragnet

Kris, after all, provides the following facts about the PATRIOT-authorized Internet dragnet, citing the named sources:

  • Internet and telephony metadata was collected starting in 2001, until the 2004 hospital disagreement led to the former being moved to Pen Register/Trap & Trace authority in 2004, which was the first bulk order (“purported” NSA IG Report)
  • One company — which the “purported” IG report makes clear was an Internet one and is probably Yahoo — did not participate in the illegal wiretap program (“purported” NSA IG Report)
  • The Internet metadata collection ended in 2011 (an ODNI spokesperson in a Charlie Savage story)

Kris also points to four different Administration acknowledgements of the Internet metadata program. He refers to the 2009 and 2011 notice letters to Congress (though he focuses on the phone dragnet language in them), and the James Clapper response to Wyden and 25 other Senators. Perhaps most interestingly, Kris notes that government witness(es) have confirmed the program and the use of PR/TT to authorize it…

At a July 17, 2013 hearing of the House Judiciary Committee, government witnesses confirmed the pen-trap bulk collection.

But unlike just about every other comment in a hearing cited in his paper, Kris doesn’t quote the exchange, which went like this.

SUZAN DELBENE: The public also now knows that the telephone metadata collection is under Section 215, the Business Records provision of FISA, and that allows for the collection of tangible things. But we’ve also seen reports of a now-defunct program collecting email metadata. With regard to the email metadata program that is no longer being operated, can you confirm that the authority used to collect that data was also Section 215?

GEN. COLE: It was not. It was the Pen Register Trap and Trace Authority under FISA, which is slightly different, but it amounts to the same kind of thing. It does not involve any content. It is, again, only to and from. It doesn’t involve, I believe, information about identity. It’s just email addresses. So it’s very similar, but not under the same provision.

REP. DELBENE: And could you have used Section 215 to collect that information?

GEN. COLE: It’s hard to tell. I’d have to take a look at that.

The transcript from this hearing is up at the I Con the Record site, so it’s unclear why Kris didn’t quote it.  Read more

Could an Independent NSA Inspector General Have Prevented 3 Years of Violations?

Last week, two former Senate Intelligence Committee members proposed a fix for the NSA no one has yet floated: making NSA’s Inspector General independent. Doing so, they argue, would give the IG more leeway to direct her investigations of the NSA and provide Congress needed insight into NSA’s real activities.

But one important option has yet to be proposed: creating an independent inspector general’s office at the NSA, comparable to the office that was created within the CIA in 1989.

[snip]

Not only was the inspector general’s office viewed differently after the law was passed, but the office itself was different. It decided which of the CIA’s activities would be investigated, inspected or audited without waiting for direction or approval from agency management. Employees of the IG’s office no longer had to worry about the potential effect on their careers if their findings and conclusions were critical of the agency. They may not have always gotten everything right, but they were freer to call things as they saw them and did so, at times to the chagrin of CIA management.

Having an independent inspector general at the CIA produced other advantages for the oversight process: It gave the congressional intelligence committees a more reliable partner — an office that lawmakers could call upon to conduct investigations beyond their own capabilities — and they learned of problems they otherwise might not have come across.

The same dynamic is not possible at the NSA today because the agency’s inspector general is appointed by and works for the NSA director. For all practical purposes, he is a member of the director’s staff and does not report directly to the intelligence committees.

I’m particularly interested in this recommendation given a few data points from the transition period between the illegal phone dragnet to the Section 215 dragnet in 2006.

As the documents submitted in 2009 make clear, the dragnet remained largely if not entirely unchanged from what it was before 2006. The initial “bug” that “arose” in 2009 was really just a “feature” — an alert system on suspect phone identifiers — of the illegal program that never got shut down or properly disclosed to the FISA Court. Many of the subsequent “bugs” (such as access to the queried data for FBI and CIA) also seem to be “features” no one turned off to keep the program legal.

And the Inspector General (from 2002 to 2006, NSA defender Joel Brenner served in that role) knew about the features of the illegal program because he was belatedly read into the illegal program in 2002 and actually provided 3 suggestions to improve oversight of it (see pages 45-46). Among other things, Brenner instituted and attended monthly due diligence meetings.

As Keith Alexander’s February 2009 declaration to Reggie Walton reveals, as the program was transferring to FISC authorization in 2006, someone in the IG office suggested NSA tell the FISA Court how the alert system worked, but NSA chose not to follow that suggestion.

Agency records indicate that, in April 2006, when the Business Records Order was being proposed, NSA’s Office of Inspector General (“OIG”) suggested to SID personnel that the alert process be spelled out in any prospective Order for clarity but this suggestion was not adopted.

More interesting still is the role of a 2006 study submitted to the FISA Court (starting at 85). Read more

Senate Intelligence Committee Open Hearings: A Platform for Liars

Pentagon Papers era NYT Counsel James Goodale has a piece in the Guardian attracting a lot of attention. In it, he says the first step to reform NSA is to fire the liars.

The NSA has lied to the Congress, the courts, and perhaps even to the president himself, but no one seems to care.

The Director of National Intelligence James R Clapper admitted he lied to Congress about the NSA metadata collection program. He said the NSA had no such program – and then added that that was the least “untruthful” remark he could make. General Keith Alexander, director of the National Security Agency, lied in 2012 that the NSA does not hold data on US citizens, and repeated similar misstatements, under oath, to Congress about the program:

We’re not authorized to do it [data collection on US citizens], nor do we do it.

NSA lawyers lied to secret Fisa court Judges John D Bates and Reggie B Walton. In recently released opinions, Bates said he had been lied to on three separate occasions and Walton said he had been lied to several times also.

But Clapper and Alexander have not been held in contempt of Congress. Nor have the Justice Department attorneys, who lied to Judges Walton and Bates, been disciplined.

And while he links to many of the best examples of James Clapper and Keith Alexander lying, he misses this.

In just its third open hearing this year, the Senate Intelligence Committee has arranged the following witnesses for tomorrow’s hearing on NSA’s spying.

Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.) today announced the committee will hold an open hearing to consider legislative changes to the Foreign Intelligence Surveillance Act, to include the NSA call records program, on Thursday, September 26, at 2 p.m.

WHAT:  Public hearing on FISA, NSA call records

WHO:

Panel I

  • Director of National Intelligence James Clapper
  • National Security AgencyDirector General Keith Alexander
  • Deputy Attorney General James Cole

Panel II

  • Ben Wittes, Brookings Institution
  • Tim Edgar, Watson Institute for International Studies, Brown University

So DiFi’s idea of an “open hearing” is to invite two established liars. And for her non-governmental witnesses, one keeps declaring Congress NAKED! in the face of evidence the government lies to them, and the other tells fanciful stories about how much data NSA shares.

It’s like DiFi goes out of her way to find liars and their apologists to testify publicly.

That’s nothing new, though. Those other two open hearings? The Global Threat Assessment hearing where Clapper assured Ron Wyden the NSA didn’t collect data on millions of Americans. And the confirmation hearing for John Brennan, who once claimed the US had killed no civilians in an entire year of drone strikes (and, if his odd mouth gestures were the tell they appeared to be, he lied about leaks to journalists including on UndieBomb 2.0 in the hearing as well.)

It’s DiFi’s committee. And if she wants every single open hearing to serve as a platform for accomplished liars, I guess that’s her prerogative.

But observers should be clear that’s the purpose of the hearings.

NSA Caught Illegally Spying on Americans and Keith Alexander’s Answer Is a Group Hug

Kevin Gosztola had a superb post yesterday on a letter NSA Deputy Director John Inglis and DIRNSA Keith Alexander sent to family members of NSA employees to make them feel better about the dragnet. It’s a two page letter attempting to convince the family members of our SIGINT spies that their mission is noble and their actions within the scope of the law.

I’m particularly interested in the timing of it. As Kevin notes, the letter cites a typically obsequious post from Ben Wittes on how the Administration should have responded to WaPo’s disclosure of an internal review (just as one example, Ben claims to have read the report closely but somehow misses that 9 to 20% of violations consist of analysts breaking rules they know).

Inglis and Alexander write,

There are some in the media who are taking the time to actually study the leaked material, and they have drawn conclusions that are very different from those who are in it for a quick headline. One such legal scholar wrote that we should have made our case more forcefully by responding,

Shameful as it is that these documents were leaked, they actually should give the public great confidence both in NSA’s internal oversight mechanisms and in the executive and judicial oversight mechanisms outside the agency. They show no evidence of any intentional spying on Americans or abuse of civil liberties. They show a low rate of the sort of errors any complex system of technical collection will inevitably yield. They show robust compliance procedures on the part of the NSA.

We couldn’t agree more.

I wonder if NSA would like to send family members my way, given that I have taken even more time than Ben studying these revelations and find he’s frequently engaging in spin?

Hmm. Probably not.

But what’s most fascinating by this citation is the timing.

Ben wrote that post on August 18, in the midst of a slew of disclosures by WaPo and the Guardian.

But Inglis and Alexander wrote this letter on September 13 — last Friday — at the end of a month when all of the major US-based disclosures (save that NSA has deliberately made all of us more vulnerable to hackers) have come from the government. In the month leading up to this letter, we learned the NSA:

At the end of 2008, the NSA had authorized contact chaining off of 27,090 identifiers and analysts could go four hops deep into the data, which effectively would allow them to create a relationship map of the entire country. And they used it not just to find “terrorists,” but also people they could coerce to inform on targets.

A system the Stasi would envy!

And FISA Court judges had deemed some of the first and third practices illegal. One threatened criminal referral and the other even shut down at least part the program for a period.

Read more

DOJ Refuses to Explain How Executive Gets Away with Serial Lies to the FISA Court

USA Today’s Brad Heath asked DOJ a very good question: why haven’t the Executive Branch’s serial lies to the FISA Court ever been referred to Office of Professional Responsibility?

I’ve talked to a former OPR attorney who says the office
would ordinarily review a case in which a judge used that type of language, and that it should have
at least opened an inquiry into these.

Over the past several days, DOJ’s Brian Fallon has been stupendously prickish about Heath’s questions based on his assertion that Heath is biased in his belief that such gross misrepresentations would normally merit some kind of sanction.

I have an answer from OPR, and a FISC judge. I am not providing it to you because all you will do is seek to write around it because you are biased in favor of the idea that an inquiry should have been launched. So I will save what I have for another outlet after you publish.

[snip]

You are not actually open-minded to the idea of not writing the story. You are running it regardless. I have information that undercuts your premise, and would provide it if I thought you were able to be convinced that your story is off base. Instead, I think that to provide it to you would just allow you to cover your bases, and factor it into a story you still plan to write. So I prefer to hold onto the information and use it after the fact, with a different outlet that is more objective about whether an OPR inquiry was appropriate.

I’ve lost count of the number of times someone in the Executive Branch complains that no one comes to them to get their view on NSA-related questions.

But apparently this is what goes on. If you don’t come in with the Executive Branch’s bias, then they refuse to provide you any information.

I really look forward to seeing which journalist DOJ seems to believe will bring “balance” to this issue.

Update: Heath has published his story.

The Justice Department’s internal ethics watchdog says it never investigated repeated complaints by federal judges that the government had misled them about the NSA’s secret surveillance of Americans’ phone calls and Internet communications.

The Justice Department’s Office of Professional Responsibility routinely probes judges’ allegations that the department’s lawyers may have violated ethics rules that prohibit attorneys from misleading courts. Still, OPR said in response to a Freedom of Information Act request by USA TODAY that it had no record of ever having investigated — or even being made aware of — the scathing and, at the time, classified, critiques from the Foreign Intelligence Surveillance Court between 2009 and 2011.

DOJ insists, however, that 5 years of lying to judges is just the way things are supposed to work.

Justice spokesman Brian Fallon said in a statement Thursday that the department’s lawyers “did exactly what they should have done. The court’s opinions and facts demonstrate that the department attorneys’ representation before the court met the highest professional standards.”

Fallon continued spinning for other journalists.

Of course, if DOJ were going to investigate lawyers — as opposed to Keith Alexander or similar — for misconduct and lies, Lisa Monaco, who headed the National Security Division from 2010 until earlier this year. But she’s at the White House now, so off limits for any accountability.

Ben Wittes, Brookings Buck Naked

Ben Wittes tries to respond to my complaints that he continues to insist all of Congress had a way of knowing about the Section 215 dragnet program and its abuses — THEY ARE NAKED, Wittes proclaims over and over while accusing me of spewing a “storm of outrage.”

My case, remember, is based on two discrete facts, only one of which Wittes even tries to address in his rebuttal.

First, the 93 Representatives elected in 2010 were never provided access to the letter the Administration wrote, ostensibly to inform them about the dragnet so they could make an informed vote. Assuming that the 7 members of the House who were on the Intelligence and Judiciary Committees learned of the program, that still left 86 members of the House who never had an opportunity to read about the secret use of Section 215 and the gross violations of it. Of those, 65 voted in favor of the PATRIOT reauthorization.

Here’s how Ben responds to this, in the 28th paragraph of his response.

Ms. Wheel insists that the 65 freshman members of the House who were not provided the 2011 briefing [note his inaccurate portrayal of this fact]  might have swung the 250-153 vote for FISA reauthorization. She’s almost certainly wrong. On July 24, 2013, well after the public revelations of Section 215 bulk metadata collection hit the press and the butt-covering had begun, the House had the chance for a do-over. It voted on the Amash-Conyers amendment to halt NSA’s “indiscriminate” collection of telephony metadata. The House declined on a 217-to-205 vote to adopt it.

Ben presents evidence of a 33-vote swing at a time before the Administration released the notice letters or the White Paper that provided sanitized descriptions of the program abuses, or the Primary Order showing some other fairly troubling details of the program, to say nothing of the 2009 documents showing the government had enabled chaining four hops deep off of 27,090 approved selectors to find informants as well as terrorists, and claims it is proof that Members of Congress won’t change their vote based on full information about these programs. (At least one member has actually stated on the record he would now vote differently on Amash-Conyers given some of these more recent revelations.)

Ben’s argument remains the same then — pointing at votes that happen without full information about a program as proof that Congress supports that program. NAKED!

But Ben fails to even hint at the other critical fact here, the evidence we have about the briefings that those 83 and other House members had available, in spite of the fact he makes this assertion:

So we know beyond any shadow of a doubt that the administration wanted members to have certain detailed information about the program. We also know that there were a lot of briefings by that administration concerning this program to those same members [another false claim–all but two of the briefings were limited to Senators or Judiciary and Intelligence Committees] in the same time frame as the administration wanted those members to read that briefing paper.

Hmmmm. Wonder what they could have been talking about in those briefings….

It’s telling, here, that Ben doesn’t link to this post — which was a direct response to one of Ben’s other attempts to insist THOSE CONGRESSMEN ARE NAKED — nor to this one — which was still up on Emptywheel’s front page when I wrote this post and which quotes Ben’s NAKED post. That, in spite of the fact that Ben included this tweet among those he so courteously collected to support his assertion about my “storm of outrage” that he ignored the actual facts.

All of those would alert his readers to this detail, from one of just two out of the long list of briefings Ben posted that actually could have informed House members not on the Intelligence or Judiciary Committees. DOJ’s own account of what happened at the May 13, 2011 briefing — which Ben is sure adequately briefed those who attended about the dragnet — records this exchange.

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

A Member of Congress — surely picking up on public details Ben recites as proof they had some way of knowing about the dragnet — actually asked a question that goes to the heart of the dragnet and its problems. Feingold says Section 215 has been abused. Has it? And in response, two members of the Administration, Valerie Caproni and Robert Mueller — the people Ben is certain “beyond any shadow of a doubt” wanted Members of Congress to be informed — say the FBI had no knowledge of abuse.

Read more

By “Secret Law” Did They Mean “Not Written Down”?

For years, Ron Wyden and Mark Udall have been calling the secret interpretation of Section 215 “secret law.”

I’ve always thought they meant that figuratively. The law got made by the FISA Court in secret, but there’s an opinion there somewhere, laying out the interpretation of the law. It’s just secret.

Ever since the release of the first documents responsive to the EFF/ACLU FOIAs, I’ve begun to wonder. What we’ve seen include:

Neither of those were comprehensive. And the “supplemental opinion” would seem to suggest it supplemented … something.

Yesterday, we got what appears to be a (shoddy) comprehensive opinion.

That opinion cites an earlier opinion from the FISA Court that is not, however, cited in either the 2006 or 2008 opinions. That earlier opinion examines how bulk collection affects the Fourth Amendment.

Here, the government is requesting daily production of certain telephony metadata in bulk belonging to companies without specifying the particular number of an individual. This Court had reason to analyze this distinction in a similar context in [redacted]. In that case, this Court found that “regarding the breadth of the proposed surveillance, it is noteworthy that the application of the Fourth Amendment depends on the government’s intruding into some individual’s reasonable expectation of privacy.” Id. at 62. The Court noted that Fourth Amendment rights are personal and individual, see id. (citing Steagald v. United States, 451 U.S. 204, 219 (1981); Rakas v. Illinois, 439 U.S. 128, 133 (1978) (“‘Fourth Amendment rights are personal rights which … may not be vicariously asserted.,) (quoting Alderman v. United States, 394 U.S. 165, 174 (1969))), and that “[s]o long as no individual has a reasonable expectation of privacy in meta data, the large number of persons whose communications will be subjected to the … surveillance is irrelevant to the issue of whether a Fourth Amendment search or seizure will occur.” Id. at 63. Put another way, where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.

[snip]

Furthermore, for the reasons stated in [redacted] and discussed above, this Court finds that the volume of records being acquired does not alter this conclusion. [my emphasis]

Note while this pertains to metadata, there’s no indication it addressed phone metadata.

Later, it cites two earlier FISC cases.

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.”  [my emphasis]

Both, apparently, relied on the Pen Register statute, not Section 215, and one was fairly recent (2010 — perhaps that’s the geolocation one?).

But it appears not to reference an earlier Section 215 phone metadata case, not even to lay out the rationale for relevance and bulk collection.

In addition to references to these earlier apparently non-215 phone data precedents, Eagan also cites the government’s 2006 Memorandum of Law.

Accompanying the government’s first application for the bulk production of telephone company metadata was a Memorandum of Law which argued that “[i]nformation is ‘relevant’ to an authorized international terrorism investigation if it bears upon, or is pertinent to, that investigation.” Mem. of Law in Support of App. for Certain Tangible Things for Investigations to Protect Against International Terrorism, Docket No. BR 06- 05 (filed May 23, 2006), at 13-14 (quoting dictionary definitions, Oppenheimer Fund, Inc. v. Sanders, 437 U.S. 340, 351 (1978), and Fed. R. Evid. 4012°).

Normally, a judge would cite a precedential opinion, showing that another judge had agreed with such definitions. Not here. Eagan cites the government’s own memorandum for the definition for relevant. (She cites that memorandum at least two more times in her opinion.)

Which seems to suggest this 2013 opinion — one written after widespread leaks of the program — constitutes the first opinion systematically rationalizing this program.

Well over 7 years after it started.

There’s one more detail that seems to support this conclusion. The White Paper describes how the Administration shared significant FISC materials with the Intelligence and Judiciary Committees.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

So in 2007 DOJ started providing “all significant pleadings.” By the end of the following year — perhaps not coincidentally, the same month Walton wrote his supplemental opinion — the committees got “the initial application and primary order.”

The initial application (including, presumably, that same 2006 Memorandum of Law cited by Eagan) and the primary order, the same order we got last week. No mention of the initial opinion.

It appears there is no initial opinion.

One more detail that I’ve mentioned, but bears mentioning again. The judge that appears to have allowed the government to start collecting the phone records of every American without laying out his legal rationale for allowing them to do so, Malcolm Howard? He served as Deputy Special Counsel in the Nixon-Ford White House, when a young Dick Cheney was learning the ropes as Assistant to the President and then Chief of Staff.

Perhaps they learned the ropes together?

Update: Remember how the White Paper had to dig up an outdated version of the OED to support its definition of “relevant”?

the Administration decided to use a 24-year old edition of the Oxford English Dictionary for this definition.

Standing alone, “relevant” is a broad term that connotes anything “[b]earing upon, connected with, [or] pertinent to” a specified subject matter. 13 Oxford English Dictionary 561 (2d ed. 1989).

Note, that appears to be the same one used in the 2006 Administration Memorandum of Law. There’s nothing that surprising about that — I suspect substantial parts of the White Paper were lifted from that Memorandum.

But it is the kind of thing both Malcolm Howard and Claire Eagan might have challenged — and an adversary probably would have.

It appears neither did. Which is just one measure of the degree to which those judges simply rubber stamped whatever the government put before them.

Hot Numbers and the 2009 Troubles

Starting in 2007, DOJ’s Inpector General Glenn Fine did a series of reports on the FBI’s use of National Security Letters and Exigent Letters. In response (and as the FBI tried to clean up the mess from its inappropriate use of those tools), in 2007 the government asked OLC for an interpretation on the Electronic Communications Privacy Act. That opinion, which was issued on November 8, 2008, ruled that ECPA barred telecom providers from responding to certain kinds of requests without legal process.

Finally, you have asked whether a provider, in answer to an oral request before service of an NSL, may tell the FBI whether a particular account exists. This information would be confined to whether a provider serves a particular subscriber or a particular phone number. We believe that ECPA ordinarily bars providers from complying with such requests.

In the last of his IG Reports on NSLs and Exigent Letters, Fine argued that that OLC opinion made two of FBI’s practices with exigent letters — “sneak peeks” and “hot numbers” — illegal.

[T]he Department’s Office of Legal Counsel concluded, and we agree, that the ECPA ordinarily bars communications service providers from telling the FBI, prior to service of legal process, whether a particular account exists. We also concluded that if that type of information falls within the ambit of “a record or other information pertaining to a subscriber to or customer of such service” under 18 USC 2702(a)(3), so does the existence of calling activity by particular hot telephone numbers, absent a qualifying emergency under 18 USC 2702(c)(4).

[snip]

Therefore, we believe that the practice of obtaining calling activity information about how numbers in these matters without service of legal process violated the ECPA.

[snip]

We believe the FBI should carefully review the circumstances in which FBI personnel asked the on-site communications service providers [redacted] “hot numbers” to enable the Department to determine if the FBI obtained calling activity information under circumstances that trigger discovery or other obligations in any criminal investigations or prosecutions.

The “hot number” practice is functionally equivalent to the “alert list” the NSA used on the Section 215 dragnet database, in which it checked daily incoming calls to see if there had been any US contact with both approved and unapproved identifiers; if there was activity in both cases, it would spark further investigation.

The practice Fine focused on in this report was the requests FBI would get onsite telecom providers to fill without a subpoena. But at the same time Fine was working on that series of reports (the last one wasn’t issued until 2010) he was also working on a report on the FBI’s 2006 use of Section 215 (issued in March 2008), which included two classified appendices on bulk collection programs including (presumably) the phone dragnet from May until December 2006, and the 2009 Joint IG Report on the illegal wiretap program (which would have covered the dragnet program through May 2006).

We now know that both the pre May 2006 dragnet program and the post May 2006 dragnet program included a practice that, in wake of that OLC opinion (and perhaps before), Fine would find required some legal attention (the Pen Register equivalent in a grand jury context might put the post May 2006 practice in good stead, the 2008 opinion would seem to make the use of alerts earlier illegal, along with everything else).

Which may be why the government asked Judge Reggie Walton to consider whether the dragnet program complied with ECPA for his December 12, 2008 opinion.

That’s just a hypothesis (though the December 2008 would have been the first dragnet application after the OLC memo).

But if it’s right, it makes the NSA”s “discovery” of the alert process the following month all the more ridiculous. The alert process had been in place for years. FBI was being scolded for an equivalent practice (that ended in 2006) within FBI. And yet NSA somehow didn’t think to tell Walton about it until he had ruled ECPA did not present a problem for the dragnet more generally.

These three programs — the illegal program and the exigent letters, which both became the early dragnet in 2006 — are all closely related. Once you read them in tandem, though, it makes NSA”s claims to ignorance completely incredible.

Which brings me back to a reminder I’ve made several times. In the wake of the 2009 discoveries, Pat Leahy tried to mandate a DOJ review of the ongoing Section 215 activity, an effort the Administration thwarted. Fine agreed to do one anyway … then left. His replacement, Michael Horowitz, keeps claiming he’s still working on that investigation (but only covering the activities through 2009). That investigation has been going on 1,191 days now.

Update: Another interesting timing detail. According to the White Paper, the Intelligence and Judiciary Committees had all received the initial application and Primary Order on the dragnet by December 2008. So did they wait until the Walton opinion? Or did they know the Judiciary Committees would get them as part of DOJ IG reports?

Oh, So THAT’S Why the Government Is So Insistent Section 215 Had a Role in the Zazi Case?

There’s a remarkable passage in the Primary Order for the Section 215 dragnet that Judge Reggie Walton signed on September 3, 2009.

In addition, the Custodian of Records of [redacted] shall produce to NSA upon service of the appropriate Secondary Order an electronic copy of the same tangible things created by [redacted] for the period from 5:11 p.m. on July 9, 2009 to the date of this Order, to the extent those records still exist.

In an order authorizing the prospective collection of phone records until October 30, 2009, Walton also authorizes the retroactive collection of phone records generated between July 9 and September 3, 2009, if the telecom(s) haven’t destroyed them yet.

This seems to suggest that in an Order on July 9 (which we don’t get, but which the government references in its August 19 submission) Walton halted the program.

Boom. 5:11, July 9. No more phone records, from at least one telecom.

We don’t know why he did so either. In his June 22 Order, he referenced a May 29 Order (another one we didn’t get), responding to NSA’s very delayed disclosures that unminimized results had been shared with NSA analysts unauthorized to receive them and that CIA, FBI, and NCTC had access to the dragnet databases.  He had assigned the government a new report, due on June 18. But in that, too, the government revealed new abuses (including one — described on page 4 — that may pertain to the Internet dragnet rather than the phone dragnet; recall that the NSA offered to “review” that program at the same time they did the phone dragnet). Walton issued new homework to the NSA, requiring the government to provide a weekly report of the dissemination that occurred, with the first due July 3 and therefore the second due July 10, the day after Walton appears to have stopped the collection.

In the government’s August submission, this line seems to indicate querying has been halted.

Based on these findings and actions, the Government anticipates that it will request in the Application seeking renewal of docket number BR 09-09 authority that NSA, including certain NSA analysts who obtain appropriate approval, be permitted to resume non-automated querying of the call detail records using selectors approved by NSA.

But it doesn’t seem to reflect that collection stopped. (Note, Walton’s June Order had a docket number of 09-06, whereas the August submission bears the docket number 09-09).

So while we can’t be sure, it appears the discoveries submitted to Walton in June 2009, as well as new ones in early July, may have led him to halt production of new phone records.

And that collection was turned back on on September 3, 2009. 3 days before the NSA intercepted Najibullah Zazi’s frantic emails to Pakistan trying to get help making TATP he planned to use in a September 11 attack on NYC’s subways.

According to Matt Apuzzo and Adam Goldman’s superb Enemies Within, after discovering Zazi’s emails, FBI had used travel records to find Zazi’s suspected accomplices, Zarein Ahmedzay and Adis Medunjanin.

But when the government tried to justify the dragnet earlier this year, they pointed to the fact that Medunjanin came up in the Section 215 collection as proof of the dragnet’s value, as in this July 17 House Judiciary Committee hearing where FBI National Security Division Executive Assistant Director Stephanie Douglas testified.

Additionally, NSA ran a phone number identifiable with Mr. Zazi against the information captured under 215. NSA queried the phone number and identified other Zazi associates. One of those numbers came back to Adis Medunjanin, an Islamic extremist located in Queens, New York.

The FBI was already aware of Mr. Medunjanin, but information derived from 215 assisted in defining his — Zazi’s network and provided corroborating information relative to Medunjanin’s connection to Zazi. Just a few weeks after the initial tip by NSA, both Zazi and Medunjanin were arrested with — along with another co-conspirator. They were charged with terrorist acts and a plot to blow up the New York City subway system.

As I noted 4 years ago, Dianne Feinstein immediately started using the Zazi investigation to successfully argue that Section 215 must retain its broad relevance standard, defeating an effort by Pat Leahy to require some tie to terrorism.

Now, it may be that the FBI also used Section 215 to collect records of 3 apparently innocent people buying beauty supplies. The government has neither explained what happened to these apparently innocent people or on what basis (it may have been the Section 215 dragnet) they claimed they were associates of Zazi.

But the public case that backs up DiFi’s claims that Section 215 dragnet was central to the Zazi investigation is now limited to the fact that the FBI used the dragnet to find a Zazi associate they already knew about.

Yet imagine! What if Reggie Walton’s stern action in response to the government’s blatantly violating dissemination rules on the dragnet prevented the FBI from finding Zazi’s associates (which wasn’t a problem, and would have been less of a problem if the NYPD hadn’t tipped of Zazi, but never mind)? What if Walton’s effort to rein in the government had prevented the FBI from thwarting an attack?

That, it seems to me, is the implicit threat. The government claims — in spite of all the evidence to the contrary — that Section 215 played a key role in thwarting one of the only real terrorist attacks since 9/11. And, I’d bet they warn in private, they might have been prevented from doing so because a pesky FISA judge halted the program because they hadn’t followed the most basic rules for it.

That, I’m guessing, is why they claim the Section 215 dragnet was central to the Zazi investigation. Not because it was. But because it raises the specter of a judge’s effort to make the government follow the law interfering with FBI’s work.

How Mike Rogers’ Excessive Secrecy in 2011 Might Kill the Dragnet

The FISA Court just released an August 29, 2013 opinion that reaffirms the court’s prior support for the Section 215 dragnet.

There’s a lot to say about the general legal interpretation of the opinion, which I may return to.

More importantly, though, the opinion relies on a demonstrably false claim to reaffirm the program: that Congress was briefed on the program.

Prior to the May 2011 congressional votes on Section 215 re-authorization, the Executive Branch provided the Intelligence Committees of both houses of Congress with letters which contained a “Report on the National Security Agency’s Bulk Collection Programs for USA PATRIOT Act Reauthorization” (Report).

[snip]

The Report provided extensive and detailed information to the Committees regarding the nature and scope of this Court’s approval of the implementation of Section 215 concerning bulk telephone metadata.

[snip]

Furthermore, the government stated the following in the HPSCI and SSCI Letters: “We believe that making this document available to all Members of Congress is an effective way to inform the legislative debate about reauthorization of Section 215…” Id. HPSCI Letter at 1; SSCI Letter at 1. It is clear form the letters that the Report would be made available to all Members of Congress and that HPSCI, SSCI, and Executive Branch staff would also be made available to answer any questions from Members of Congress. Id. HPSCI Letter at 2; SSCI Letter at 2.

In light of the importance of the national security programs that were set to expire, the Executive Branch and relevant congressional committees worked together to ensure that each Member of Congress knew or had the opportunity to know how Section 215 was being implemented under this Court’s Orders.

But as I have shown, because of Mike Rogers’ actions, a very large block of Congresspersons — the 93 freshmen legislators elected in 2010, save the 7 who were on the Intelligence or Judiciary Committees — appear to have had no such opportunity to learn about the program. Indeed, 65 members who voted in favor of PATRIOT reauthorization appear to have had no way of learning about the dragnet. Furthermore, we have documentary evidence that then FBI General Counsel Valerie Caproni (who was informed about abuses in the program on January 23, 2009), and then FBI Director Robert Mueller (who had to write a brief responding those abuses in August 2009) lied about whether there had been abuses in response to a question clearly designed to learn about the secret use of Section 215 during a May 13, 2011 hearing purportedly designed to replace the letter the Administration sent.

This opinion relies on a claim that has now been proven false (and actually had been by the time the opinion was written).

Judge Claire Eagan seems to know she’s basing her argument on false claims, because in a footnote she invokes the presumption of regularity.

It is unnecessary for the Court to inquire how many of the 535 individual Members of Congress took advantage of the opportunity to learn the facts about how the Executive Branch was implementing Section 215 under this Court’s Orders. Rather, the Court looks to congressional action on the whole, not the prepatory work of Individual Members in anticipation of legislation. In fact, the Court is bound to presume regularity on the part of Congress.

[snip]

The ratification presumption applies here where each Member was presented with an opportunity to learn about a highly-sensitive classified program important to national security in preparation for upcoming legislative action.

But even here, Eagan relies on a false premise, that all members of Congress had the opportunity to be informed about the dragnet.

The record shows — even the Administration White Paper shows — they did not.

I’m not entirely sure how we use these facts to overturn the dragnet. But either the FISC lives up to every claim that it’s a rubber stamp, or this decision must be revisited.

Update: Orin Kerr, who accepts the claims that I’ve shown to be false as true, still finds the argument about congressional consent unpersuasive.

Finally, I was deeply unimpressed by the last section of the opinion (pages 23-27), which argues that the FISC’s reading of the statute is presumptively correct because Congress knew about what the FISC was doing and didn’t amend the statute when it reenacted Section 215 in 2011. While it’s true that statutory reenactment has been construed a kind of silent approval of prior interpretations in some caselaw, I don’t know how on earth that can apply to secret court rulings by a district court that were merely made available to members of Congress, most of whom never learned of the opinions and would have no idea what they were looking at if they did. The idea underlying the doctrine of ratification is that established cases become part of the background understandings of the law. But it’s hard for me to see how decisions from a non-precedential secret court can form that background understanding, especially given that few members of Congress knew of the opinions and no one in the public did.

Update: And predictably, in a post called “Congress has no clothes,” Ben Wittes, who has been informed repeatedly that the record shows the House was not alerted to the 2011 letter, nevertheless gets his rocks off on Judge Eagan’s use of that false claim to argue the program is legal.

Perhaps the most remarkable feature of the opinion is Judge Eagan’s insistence that Congress cannot run away from her interpretation of the statute.

[snip]

All told, it’s an excellent opinion for the government. It affirms the program’s legality. It pulls the folding screen away from Congress even as members seek delicately to change, leaving them nakedly implicated in a program whose memory they seem so eager to abandon on the laundry pile.

Who’s naked here, Ben?