Hot Numbers and the 2009 Troubles

Starting in 2007, DOJ’s Inpector General Glenn Fine did a series of reports on the FBI’s use of National Security Letters and Exigent Letters. In response (and as the FBI tried to clean up the mess from its inappropriate use of those tools), in 2007 the government asked OLC for an interpretation on the Electronic Communications Privacy Act. That opinion, which was issued on November 8, 2008, ruled that ECPA barred telecom providers from responding to certain kinds of requests without legal process.

Finally, you have asked whether a provider, in answer to an oral request before service of an NSL, may tell the FBI whether a particular account exists. This information would be confined to whether a provider serves a particular subscriber or a particular phone number. We believe that ECPA ordinarily bars providers from complying with such requests.

In the last of his IG Reports on NSLs and Exigent Letters, Fine argued that that OLC opinion made two of FBI’s practices with exigent letters — “sneak peeks” and “hot numbers” — illegal.

[T]he Department’s Office of Legal Counsel concluded, and we agree, that the ECPA ordinarily bars communications service providers from telling the FBI, prior to service of legal process, whether a particular account exists. We also concluded that if that type of information falls within the ambit of “a record or other information pertaining to a subscriber to or customer of such service” under 18 USC 2702(a)(3), so does the existence of calling activity by particular hot telephone numbers, absent a qualifying emergency under 18 USC 2702(c)(4).


Therefore, we believe that the practice of obtaining calling activity information about how numbers in these matters without service of legal process violated the ECPA.


We believe the FBI should carefully review the circumstances in which FBI personnel asked the on-site communications service providers [redacted] “hot numbers” to enable the Department to determine if the FBI obtained calling activity information under circumstances that trigger discovery or other obligations in any criminal investigations or prosecutions.

The “hot number” practice is functionally equivalent to the “alert list” the NSA used on the Section 215 dragnet database, in which it checked daily incoming calls to see if there had been any US contact with both approved and unapproved identifiers; if there was activity in both cases, it would spark further investigation.

The practice Fine focused on in this report was the requests FBI would get onsite telecom providers to fill without a subpoena. But at the same time Fine was working on that series of reports (the last one wasn’t issued until 2010) he was also working on a report on the FBI’s 2006 use of Section 215 (issued in March 2008), which included two classified appendices on bulk collection programs including (presumably) the phone dragnet from May until December 2006, and the 2009 Joint IG Report on the illegal wiretap program (which would have covered the dragnet program through May 2006).

We now know that both the pre May 2006 dragnet program and the post May 2006 dragnet program included a practice that, in wake of that OLC opinion (and perhaps before), Fine would find required some legal attention (the Pen Register equivalent in a grand jury context might put the post May 2006 practice in good stead, the 2008 opinion would seem to make the use of alerts earlier illegal, along with everything else).

Which may be why the government asked Judge Reggie Walton to consider whether the dragnet program complied with ECPA for his December 12, 2008 opinion.

That’s just a hypothesis (though the December 2008 would have been the first dragnet application after the OLC memo).

But if it’s right, it makes the NSA”s “discovery” of the alert process the following month all the more ridiculous. The alert process had been in place for years. FBI was being scolded for an equivalent practice (that ended in 2006) within FBI. And yet NSA somehow didn’t think to tell Walton about it until he had ruled ECPA did not present a problem for the dragnet more generally.

These three programs — the illegal program and the exigent letters, which both became the early dragnet in 2006 — are all closely related. Once you read them in tandem, though, it makes NSA”s claims to ignorance completely incredible.

Which brings me back to a reminder I’ve made several times. In the wake of the 2009 discoveries, Pat Leahy tried to mandate a DOJ review of the ongoing Section 215 activity, an effort the Administration thwarted. Fine agreed to do one anyway … then left. His replacement, Michael Horowitz, keeps claiming he’s still working on that investigation (but only covering the activities through 2009). That investigation has been going on 1,191 days now.

Update: Another interesting timing detail. According to the White Paper, the Intelligence and Judiciary Committees had all received the initial application and Primary Order on the dragnet by December 2008. So did they wait until the Walton opinion? Or did they know the Judiciary Committees would get them as part of DOJ IG reports?

Oh, So THAT’S Why the Government Is So Insistent Section 215 Had a Role in the Zazi Case?

There’s a remarkable passage in the Primary Order for the Section 215 dragnet that Judge Reggie Walton signed on September 3, 2009.

In addition, the Custodian of Records of [redacted] shall produce to NSA upon service of the appropriate Secondary Order an electronic copy of the same tangible things created by [redacted] for the period from 5:11 p.m. on July 9, 2009 to the date of this Order, to the extent those records still exist.

In an order authorizing the prospective collection of phone records until October 30, 2009, Walton also authorizes the retroactive collection of phone records generated between July 9 and September 3, 2009, if the telecom(s) haven’t destroyed them yet.

This seems to suggest that in an Order on July 9 (which we don’t get, but which the government references in its August 19 submission) Walton halted the program.

Boom. 5:11, July 9. No more phone records, from at least one telecom.

We don’t know why he did so either. In his June 22 Order, he referenced a May 29 Order (another one we didn’t get), responding to NSA’s very delayed disclosures that unminimized results had been shared with NSA analysts unauthorized to receive them and that CIA, FBI, and NCTC had access to the dragnet databases.  He had assigned the government a new report, due on June 18. But in that, too, the government revealed new abuses (including one — described on page 4 — that may pertain to the Internet dragnet rather than the phone dragnet; recall that the NSA offered to “review” that program at the same time they did the phone dragnet). Walton issued new homework to the NSA, requiring the government to provide a weekly report of the dissemination that occurred, with the first due July 3 and therefore the second due July 10, the day after Walton appears to have stopped the collection.

In the government’s August submission, this line seems to indicate querying has been halted.

Based on these findings and actions, the Government anticipates that it will request in the Application seeking renewal of docket number BR 09-09 authority that NSA, including certain NSA analysts who obtain appropriate approval, be permitted to resume non-automated querying of the call detail records using selectors approved by NSA.

But it doesn’t seem to reflect that collection stopped. (Note, Walton’s June Order had a docket number of 09-06, whereas the August submission bears the docket number 09-09).

So while we can’t be sure, it appears the discoveries submitted to Walton in June 2009, as well as new ones in early July, may have led him to halt production of new phone records.

And that collection was turned back on on September 3, 2009. 3 days before the NSA intercepted Najibullah Zazi’s frantic emails to Pakistan trying to get help making TATP he planned to use in a September 11 attack on NYC’s subways.

According to Matt Apuzzo and Adam Goldman’s superb Enemies Within, after discovering Zazi’s emails, FBI had used travel records to find Zazi’s suspected accomplices, Zarein Ahmedzay and Adis Medunjanin.

But when the government tried to justify the dragnet earlier this year, they pointed to the fact that Medunjanin came up in the Section 215 collection as proof of the dragnet’s value, as in this July 17 House Judiciary Committee hearing where FBI National Security Division Executive Assistant Director Stephanie Douglas testified.

Additionally, NSA ran a phone number identifiable with Mr. Zazi against the information captured under 215. NSA queried the phone number and identified other Zazi associates. One of those numbers came back to Adis Medunjanin, an Islamic extremist located in Queens, New York.

The FBI was already aware of Mr. Medunjanin, but information derived from 215 assisted in defining his — Zazi’s network and provided corroborating information relative to Medunjanin’s connection to Zazi. Just a few weeks after the initial tip by NSA, both Zazi and Medunjanin were arrested with — along with another co-conspirator. They were charged with terrorist acts and a plot to blow up the New York City subway system.

As I noted 4 years ago, Dianne Feinstein immediately started using the Zazi investigation to successfully argue that Section 215 must retain its broad relevance standard, defeating an effort by Pat Leahy to require some tie to terrorism.

Now, it may be that the FBI also used Section 215 to collect records of 3 apparently innocent people buying beauty supplies. The government has neither explained what happened to these apparently innocent people or on what basis (it may have been the Section 215 dragnet) they claimed they were associates of Zazi.

But the public case that backs up DiFi’s claims that Section 215 dragnet was central to the Zazi investigation is now limited to the fact that the FBI used the dragnet to find a Zazi associate they already knew about.

Yet imagine! What if Reggie Walton’s stern action in response to the government’s blatantly violating dissemination rules on the dragnet prevented the FBI from finding Zazi’s associates (which wasn’t a problem, and would have been less of a problem if the NYPD hadn’t tipped of Zazi, but never mind)? What if Walton’s effort to rein in the government had prevented the FBI from thwarting an attack?

That, it seems to me, is the implicit threat. The government claims — in spite of all the evidence to the contrary — that Section 215 played a key role in thwarting one of the only real terrorist attacks since 9/11. And, I’d bet they warn in private, they might have been prevented from doing so because a pesky FISA judge halted the program because they hadn’t followed the most basic rules for it.

That, I’m guessing, is why they claim the Section 215 dragnet was central to the Zazi investigation. Not because it was. But because it raises the specter of a judge’s effort to make the government follow the law interfering with FBI’s work.

How Mike Rogers’ Excessive Secrecy in 2011 Might Kill the Dragnet

The FISA Court just released an August 29, 2013 opinion that reaffirms the court’s prior support for the Section 215 dragnet.

There’s a lot to say about the general legal interpretation of the opinion, which I may return to.

More importantly, though, the opinion relies on a demonstrably false claim to reaffirm the program: that Congress was briefed on the program.

Prior to the May 2011 congressional votes on Section 215 re-authorization, the Executive Branch provided the Intelligence Committees of both houses of Congress with letters which contained a “Report on the National Security Agency’s Bulk Collection Programs for USA PATRIOT Act Reauthorization” (Report).


The Report provided extensive and detailed information to the Committees regarding the nature and scope of this Court’s approval of the implementation of Section 215 concerning bulk telephone metadata.


Furthermore, the government stated the following in the HPSCI and SSCI Letters: “We believe that making this document available to all Members of Congress is an effective way to inform the legislative debate about reauthorization of Section 215…” Id. HPSCI Letter at 1; SSCI Letter at 1. It is clear form the letters that the Report would be made available to all Members of Congress and that HPSCI, SSCI, and Executive Branch staff would also be made available to answer any questions from Members of Congress. Id. HPSCI Letter at 2; SSCI Letter at 2.

In light of the importance of the national security programs that were set to expire, the Executive Branch and relevant congressional committees worked together to ensure that each Member of Congress knew or had the opportunity to know how Section 215 was being implemented under this Court’s Orders.

But as I have shown, because of Mike Rogers’ actions, a very large block of Congresspersons — the 93 freshmen legislators elected in 2010, save the 7 who were on the Intelligence or Judiciary Committees — appear to have had no such opportunity to learn about the program. Indeed, 65 members who voted in favor of PATRIOT reauthorization appear to have had no way of learning about the dragnet. Furthermore, we have documentary evidence that then FBI General Counsel Valerie Caproni (who was informed about abuses in the program on January 23, 2009), and then FBI Director Robert Mueller (who had to write a brief responding those abuses in August 2009) lied about whether there had been abuses in response to a question clearly designed to learn about the secret use of Section 215 during a May 13, 2011 hearing purportedly designed to replace the letter the Administration sent.

This opinion relies on a claim that has now been proven false (and actually had been by the time the opinion was written).

Judge Claire Eagan seems to know she’s basing her argument on false claims, because in a footnote she invokes the presumption of regularity.

It is unnecessary for the Court to inquire how many of the 535 individual Members of Congress took advantage of the opportunity to learn the facts about how the Executive Branch was implementing Section 215 under this Court’s Orders. Rather, the Court looks to congressional action on the whole, not the prepatory work of Individual Members in anticipation of legislation. In fact, the Court is bound to presume regularity on the part of Congress.


The ratification presumption applies here where each Member was presented with an opportunity to learn about a highly-sensitive classified program important to national security in preparation for upcoming legislative action.

But even here, Eagan relies on a false premise, that all members of Congress had the opportunity to be informed about the dragnet.

The record shows — even the Administration White Paper shows — they did not.

I’m not entirely sure how we use these facts to overturn the dragnet. But either the FISC lives up to every claim that it’s a rubber stamp, or this decision must be revisited.

Update: Orin Kerr, who accepts the claims that I’ve shown to be false as true, still finds the argument about congressional consent unpersuasive.

Finally, I was deeply unimpressed by the last section of the opinion (pages 23-27), which argues that the FISC’s reading of the statute is presumptively correct because Congress knew about what the FISC was doing and didn’t amend the statute when it reenacted Section 215 in 2011. While it’s true that statutory reenactment has been construed a kind of silent approval of prior interpretations in some caselaw, I don’t know how on earth that can apply to secret court rulings by a district court that were merely made available to members of Congress, most of whom never learned of the opinions and would have no idea what they were looking at if they did. The idea underlying the doctrine of ratification is that established cases become part of the background understandings of the law. But it’s hard for me to see how decisions from a non-precedential secret court can form that background understanding, especially given that few members of Congress knew of the opinions and no one in the public did.

Update: And predictably, in a post called “Congress has no clothes,” Ben Wittes, who has been informed repeatedly that the record shows the House was not alerted to the 2011 letter, nevertheless gets his rocks off on Judge Eagan’s use of that false claim to argue the program is legal.

Perhaps the most remarkable feature of the opinion is Judge Eagan’s insistence that Congress cannot run away from her interpretation of the statute.


All told, it’s an excellent opinion for the government. It affirms the program’s legality. It pulls the folding screen away from Congress even as members seek delicately to change, leaving them nakedly implicated in a program whose memory they seem so eager to abandon on the laundry pile.

Who’s naked here, Ben?

Wyden/Udall: If Intelligence Community Is Dumb Rather than Malicious, Why Should We Trust Them?

Ron Wyden and Mark Udall just released a second statement on last week’s Section 215 dragnet document dump, taking the intelligence community’s excuse — that no one really knew what these programs were doing — at face value.

If the IC is dumb rather than malicious, they ask, why should we take their word on the value of the programs?

The intelligence community’s defense was that these violations were occurring because no one had a full grasp of how the bulk collection program actually worked.

If the assertion that ineptitude and not malice was the cause of these ongoing violations is taken at face value, it is perfectly reasonable for Congress and the American people to question whether a program that no one fully understood was an effective defense of American security at all. The fact that this program was allowed to operate this way raises serious concerns about the potential for blind spots in the NSA’s surveillance programs. It also supports our position that bulk collection ought to be ended.

The government’s misrepresentations inevitably led to the Foreign Intelligence Surveillance Court being consistently misinformed as it made binding rulings on the meaning of U.S. surveillance law. This underscores our concern that intelligence agencies’ assessments and descriptions about particular collection programs — even significant ones — are not always accurate. It is up to Congress, the courts and the public to ask the tough questions and require intelligence officials to back their assertions up with actual evidence. It is not enough to simply defer to these officials’ conclusions without challenging them. [my emphasis]

Though I get the feeling that Wyden and Udall aren’t buying this “dumb not malicious” line.

An Illegal Program Sanctioned with a Rubber Stamp Is Still That Same Illegal Program

Consider this anecdote from Barton Gellman’s story on the many violations of the NSA’s spying programs.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.


In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.

The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.

Viewed against the background of the documents on the 2009 Section 215 dragnet problems, the anecdote tells us several things:

  • The phone metadata for Egypt and for DC were both accessible from the same user interface until at least 2008
  • US phone metadata was accessible by area code, not just by single phone identifier
  • Because it internally reported this incident, NSA was well aware of that fact
  • Among all the violations reported to Reggie Walton in 2009 (see my rough summary), it did not include this one (indeed, it appears NSA has never reported it to FISC, which may be why in response to this story Walton went on the record to complain that the FISA Court relies on the NSA’s self-disclosure)

That is, this violation undermines many of the stories the NSA told Walton during the 10 month period when they were purportedly coming clean on major problems with the dragnet, starting with the claim that these problems were a surprise not identified until after he wrote the first substantive opinion — 31 months after FISC first gave it sanction — authorizing the program. (I consider the 2006 opinion authorizing the dragnet a shockingly thin document, and Walton seems to have felt the need to lay out a more substantive case for the legality of it in 2008.)

But something else undermined that story: the pretense that the entire program arose from virgin birth in 2006.

Indeed, we know (though the government hasn’t actually admitted it, even though Ron Wyden has asked them to) that the Section 215 dragnet is actually just a part of the Dick Cheney’s illegal surveillance program placed under court sanction. Here’s how the NSA’s own draft IG Report (which was completed right smack dab in the middle of the discussions between Walton and the NSA about these violations) describes some aspects of the program, including the alert program that was part of the initial “discovery” of the violations.

(TS//SII/OC/NF) Analysis. NSA used a variety of tools to conduct metadata analysis and view the results. NSA’s primary tool for conducting metadata analysis, for PSP and traditional SIGINT collection, was MAINWAY. MAINWAY was used for storage, contact chaining, and for analyzing large volumes of global communications metadata. At the beginning of the PSP, only the “SIGINT Navigator” tool was available to view MAINWAY output. Over time, new tools and new processes, such as automated chaining alerting, were created to improve analysts’ efficiency. To obtain the most complete results, analysts used data collected under PSP and non-PSP authorities. Typically, they analyzed networks with two degrees of separation (two hops) from the target. Analysts determined if resulting information was reportable.

(TS//SII/OC/NF) In addition, an automated chaining alert process was created to alert analysts of new potentially reportable selectors. Previously approved selectors were compared to incoming MAINWAY data authorized by the PSP, E.O. 12333, or the FISC. Alerts of direct contacts with approved selectors were reported to NSA analysts for further analysis and potential reporting to FBI and CIA.

And here’s where the IG Report admits this all became the Section 215 dragnet.

(TS//SV/NF) According to NSA General Counsel Vito Potenza, the decision to transition telephony metadata to the Business Records Order was driven by a private sector company. After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephony metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order. 11

(TS//SII/NF) As with the PR/TT Order, DoJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisers. Their previous experience in drafting the PR/TT Order made this process more efficient.

Read more

The Irony of Booz Vice Chair Mike McConnell’s Timing

Please support this kind of weedy journalism

I’m in the process of going really deep in the weeds on this Section 215 stuff, just adjusting my earlier timelines.

Several of us have noted the curious timing of the discovery of the problems with Section 215 dragnet. November 2, 2008 was the stated high number of identifiers which the NSA could contact chain, at 27,090 (though when NSA started cleaning this stuff up they only audited back through November 1, 2008).

On December 10, 2008, two analysts (whom I wildarseguess suspect were actually FBI Agents) start doing searches on unapproved identifiers, doing 280 over the next month and a half.

On December 11 and 12, 2008, Reggie Walton wrote the first systematic opinion on this program and approved a new Primary Order.

On December 15, 2008, the NSA stopped one of its abusive alert system processes.

On January 9, 2009, NSA told folks at DOJ’s National Security Division about them.

By January 15, 2009, NSA had seemingly purged thousands of identifiers from its alert list, because on that day (five days before the inauguration) it had only 17,835, down from 27,090 two days before Obama was elected.

January 20, 2009: Obama took the oath as President, replacing George Bush.

That, of course, led to change at key positions. One which I find remarkably interesting, however was that of Mike McConnell, who had spent two years as Director of National Intelligence (just long enough to get immunity for those who did all this illegally under Cheney’s program). McConnell left on January 27, 2009, leading to a delay on (reported) DNI involvement in this until his replacement Dennis Blair came in on January 29. Blair was briefed on this on his second day in office, January 30, 2009.

I don’t know — because the documents don’t say (see, especially, Keith Alexander’s chart on page 25 of his declaration that is totally non-responsive about anyone in DNI who would have known about these problems)– how much the revolving Intelligence Contractor Exec McConnell knew about NSA’s extension of the illegal Cheney program, illegally, under the FISC sanctioned Section 215 order.

But remember: as Vice Chair of Booz, Mike McConnell was (sort of) Edward Snowden’s boss until the latter absconded with proof of these gross violations under McConnell’s tenure at DNI.

Among other things, this rough outline suggests this wasn’t so much a “discovery” of violations, it was an attempt to hide what at least some people knew were systematic and gross violations of the Section 215 program, just before Obama came in and replaced some of the top players.

But I do find it ironic that McConnell’s company, Booz, played its small part in making all this clear.

Imagine the Administration Lying to Congress about the Dragnet

As fundraising week comes to a close, please support this site

In a piece bemoaning the possibility that the dragnet programs created in secret might be scaled back now that citizens know what they entail, Ben Wittes lets his imagination run wild.

Imagine you were a high-level decision-maker in a clandestine intelligence agency. Imagine that you had played by the rules Congress had laid out for you, worked with oversight mechanisms to fix errors when they happened, and erected strict compliance regimes to minimize mistakes in a mind-bogglingly complex system of signals intelligence collection. Imagine further that when the programs became public, there was a firestorm anyway. Imagine that nearly half of the House of Representatives, pretending it had no idea what you had been doing, voted to end key collection activity. Imagine that in response to the firestorm, the President of the United States—after initially defending the intelligence community—said that what was really needed was more transparency and described the debate as healthy. Imagine that journalists construed every fact they learned in light of the need to keep feeding at the trough of a source who had stolen a huge volume of highly classified materials and taken it to China and Russia. [my emphasis]

Now, Ben sets up a few straw men here: journalists may have gotten some details wrong, but they’re probably doing better on accuracy than the Agencies that have all the information at hand, which continue to tell easily demonstrable lies. He suggests Obama is interested in debate, abundant evidence to the contrary. He excuses the NSA’s compliance problems because of complexity, when they introduced that complexity to make programs do what they legally weren’t supposed to (for example, allowing illegal access via 3 other systems and by 3 other agencies and inventing a pre-archive archive to skirt the rules in the case of the phone dragnet program). He suggests the NSA played by Congress’ rules, when in fact the FISC sets rules, and it says the government has repeatedly violated those rules and “misrepresented” claims about doing so.

But those straw men are nothing compared to the claim that those in the House who voted to defund the phone dragnet were “pretending it had no idea what you had been doing.”

The record shows that the 2011 PATRIOT Act extension was passed with the support of 65 people — enough to make the difference in the vote — who had had no opportunity to learn about the Section 215 dragnet except at hearings that didn’t provide notice of what they would present. Moreover, the record shows that when someone at one of (the only one of?) those hearings asked a question specifically designed to learn about problems with the dragnet, here’s what happened.

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

Then FBI Director Robert Mueller and then-General Counsel Valerie Caproni (the Administration waited to release the dragnet materials Monday almost until the second Caproni got confirmed to lifetime tenure as a judge) gave that answer in spite of the fact that Mueller had to submit a declaration to Judge Reggie Walton to explain why the program was important enough to keep in spite of the many abuses. Walton ordered that declaration, in part, because the government’s explanations about their gross violations “strain[] credulity,” according to Walton. And one of the abuses involved FBI getting access to this data directly.

But FBI knows nothing, Colonel Klink.

And even in what notice the government made somewhat available to Congress (but which Mike Rogers did not pass on), it provided just a one paragraph description of the abuses that would take a page to lay out in skeleton bullet form.

In other words, the record shows that many of those who voted against the dragnet in fact had no idea what the government had been doing, both about the dragnet itself, and about the abuses of the dragnet program.

And note, when almost half the House voted to defund the dragnet, they still hadn’t been informed of the full extent of these abuses (because the Administration was withholding the relevant opinions).

Congress is moving to rein in a program that the Executive Branch operated illegally for 5 years, then operated with FISC sanction for 7 years while abusing the terms of that sanction for at least 3 years. In Wittes imagination, that’s a bad thing.

Update: Also note Valerie Caproni got briefed on these abuses January 23, 2009.

Working Thread: Section 215 Dragnet Document Dump, Part II

It’s fundraising week. Please support the work I do with a donation.

This is part of a working thread on yesterday’s Section 215 dragnet. Part I is here. The documents are here.

IG Report

(i) Note that the cover letter was signed by the Acting IG, Brian McAndrew, but the report itself was signed by Joel Brenner.

(3) The IG Report uses a lot of passive voice where it should assign some responsibility for implementing controls.

(4) Note this recommendation is redacted but almost certainly is S 215 or S 332, based on the distribution list.

(4) Note the definition of processing.

(8) Note the finding the info assurance was adequate turned out to be wrong, as people were just wandering into this database.

(9) The audits OIG was supposed to conduct didn’t happen, per the description on page 31 of the Alexander declaration. This is sort of a big deal. Was OIG excluded (as they had been under the illegal program)? Or did they just not do their job?

(13) Note the review started immediately after the program started and by its own admission “did not conduct a full range of compliance and/or substantive testing.”

(18) Curious whether NSA introduced the word “archive” in the table.

(19) The language on metadata retention is another tell: they describe not “keeping” the data but “keeping it online” while avoiding mention of archive.

Compliance Incidents, Feb 26, 2009 & Supplemental Alexader

(4) Three different analysts querying databases. Again the timing on this is interesting, from day after election to day after transferring power. Note there’s still no discussion of where all those other identifiers went.

(SAlexander 2) Note the reference to telecoms remains unredacted.

Read more

Keith Alexander’s Ignorance By Design

Oops! Forgot to encourage you all to support this work with a donation

One of the most publicized lines from yesterday’s FOIA disclosures comes from Keith Alexander’s declaration to Reggie Walton on how the Section 215 dragnet went so horribly awry. He claims — without explaining the basis for his knowledge — that no one knew how all this worked.

Furthermore, from a technical standpoint, there was no single person who had a complete technical understanding of the BR FISA system architecture. (Alexander 19)

The comment comes amidst a section that discusses not system architecture, but simple legal compliance, in which Alexander describes how,

  • NSA’s lawyers consistently gave incorrect data to FISC over 3 years time
  • NSA’s lawyers exempted a whole class of data — that not yet “archived” — from the plain meaning of the law

At the beginning of this particular section, he says his knowledge comes from,

Reviews of NSA records and discussions with relevant NSA personnel (Alexander 16)

But at the beginning of Alexander’s declaration, he states his statements,

are based on my personal knowledge, information provided to me by my subordinates in the course of my official duties, advice of counsel, and conclusions reached in accordance therewith. (Alexander 2)

That is, for the declaration overall, Alexander says he only spoke to “counsel” and other NSA people in “the course of [his] official duties,” and there only with subordinates. Admittedly, all NSA personnel should be his subordinates, but it is curious he doesn’t describe the NSA personnel he spoke with as such.

That’s important, because throughout this section, Alexander’s statements are caveated with “it appears” introductions.

… the inaccurate description of the BR FISA alert list initially appears to have occurred to a mistaken belief …(Alexander 17)

… Therefore, it appears there was never a complete understanding among the key personnel who reviewed the report … (Alexander 18)

… Nevertheless, it appears clear in hindsight from discussions with the relevant personnel as well as reviews of NSA’s internal records that the focus was almost always on whether analysts were contact chaining the Agency’s repository of BR FISA data in compliance … (Alexander 18)

Now perhaps Alexander spoke to the people who actually knew what went on. It turns out they would, in significant part, be lawyers. Counsel.

Though that’s rarely reflected in his descriptions. In perhaps just one sentence, he makes an assertion about what the SIGINT Directorate and the OGC [counsel] “realized,” though note he doesn’t specify a single human subject for that realization.

Or perhaps he spoke only to “relevant personnel” who provided him information in the course of his normal duties.

But one thing is clear: he either doesn’t claim actual knowledge about the subject he is addressing beyond what actually got documented, the most important topic in his declaration. Or he does, but for some reason he was, in this matter alone, uncomfortable asserting that as a clear fact.

Yet somehow, having spoken to remarkably few people, he somehow feels confident claiming no one knew about the entire architecture (an irrelevant issue to the legal and management problem at hand)?

I would suggest Alexander’s lawyers [counsel!] — the very people who provided false information to the court and false advice to NSA personnel — might have a good deal more certainty about what happened than Alexander. But somehow they managed to avoid making sworn declarations to the court about those subjects.

Update: The list of people who knew about this stuff on Alexander 25-26 is of particular interest. Two OGC lawyers and 3 program managers had access to both what was allowed to analysts and what was reported to the court (though Alexander helpfully notes, “[t]his does not mean that an individual who was on distribution for the reports was actually familiar with the contents of the reports.”

Alexander also says he had conversations with the people on distribution of the original email drafting language for the court.

Alexander goes on to note there were a lot of people that knew of how the alerts worked but, “[b]ased on information available to me, I conclude it is unlikely that this category of personnel knew how the Agency had described the alert process to the Court.”


How Many People Are Included in Contact Chaining with 27,090 Numbers?

I’ve decided that if I could have a nickel for every time I’ve said “I told the apologists so” as I’ve read these documents, I’d be Warren Buffet. But I don’t get a nickel for predicting the NSA is as bad as it is. So I could use your help to keep doing what I do. 

One of the most stunning revelations from ODNI’s conference call with Officials Who Can’t Be Quoted Because They Might Be Lying is that only 11% of the numbers the NSA was comparing daily business record collections against should have been included.

Those numbers are presented in the government’s first response to Reggie Walton’s order for more information.

In short, the system was designed to compare both SIGINT and BR metadata against the identifiers on the alert list but only to permit alerts generated from RAS-approved identifiers to be used to conduct contact chaining [redacted] of the BR metadata. As a result, the majority of telephone identifiers compared against the incoming BR metadata in the rebuilt alert list were not RAS-approved. See id. at 4, 7-8. For example, as of January 15, 2009, the date of NSD’s first notice to the Court regarding this issue, only 1,935 of the 17,835 identifiers on the alert list were RAS-approved. (10-11)

This means that every day, the NSA was comparing names they thought maybe might could be terrorist numbers, as well as numbers they actually had reason to believe actually were, with all the phone records in the US to see if Americans were talking to these people. [Update: And to clarify, the 89% on the list who were “compared” to the daily business record take weren’t contact chained — NSA just checked to see if they should look further.]

As I said, per the Officials Who Can’t Be Quoted Because They Might Be Lying who gave today’s conference call, that’s as bad as it gets.

But it appears to get worse.

You see, as NSA was confessing all this to DOJ’s National Security Division, they were also cleaning up their lists (the January 15 numbers come from a week after NSD first got involved). And it appears that before they started their confessional process (in the days before Obama took over from George Bush), they had far more people on their list. And they were contact-chaining those numbers.

At the meeting on January 9, 2009, NSA and NSA also identified that the reports filed with the Court have incorrectly stated the number of identifiers on the alert list. Each report included the number of telephone identifiers purported on the alert list. See, e.g., NSA 120-Day Report to the FISC (Dec. 11, 2008), docket number BR 08-08 (Ex. B to the Government’s application in docket number BR 08-13), at 11 (“As of November 2, 2008, the last day of the reporting period herein, NSA had included a total of 27,090 telephone identifiers on the alert list . . . .”). In fact, NSA reports that these numbers did not reflect the total number of identifiers on the alert list; they actually represented the total number of identifiers included on the “station table” (NSA’s historical record of RAS determinations) as currently RAS-approved) (i.e., approved for contact chaining [redacted]

This appears to mean the NSA could (they don’t say whether they did) conduct chaining two or three degrees deep on all these potential maybe might could be terrorists.

If those 27,090 talked to 10 people in the US, and those 270,090 people in the US regularly talked to 40 people in the US, and those people talked to 40, then it would potentially incorporate 433 millio–oh wait! That’s more people than live in the US!

That is, there’s a potential that, by contact chaining that many people, this actually represented a comprehensive dragnet of all the networked relationships in the US until the days before Obama became President.

And they lied to Reggie Walton about it as they got their first real legal review of the program.

But honest, all this was really just unintentional.

Update: Later in the filing, the government admits they were doing more than 3 hops until early 2009.

Second, NSA is implementing software changes to its system that will limit to three the number of “hops” permitted from a RAS-approved seed identifier.

This means those 27,090 identifiers that were in use on November 1, 2008 (at which point it became clear Obama would win the election) could have been contact chained far deeper into American contacts. This makes it very likely that that “contact chaining” actually did include everyone in the US.