Posts

[Photo: National Security Agency via Wikimedia]

If a Tech Amicus Falls in the Woods but Rosemary Collyer Ignores It, Would It Matter?

Six senators (Ron Wyden, Pat Leahy, Al Franken, Martin Heinrich, Richard Blumenthal, and Mike Lee) have just written presiding FISA Court judge Rosemary Collyer, urging her to add a tech amicus — or even better, a full time technical staffer — to the FISA Court.

The letter makes no mention of Collyer’s recent consideration of the 702 reauthorization certificates, nor even of any specific questions the tech amicus might consider.

That’s unfortunate. In my opinion, the letter entirely dodges the real underlying issue, at least as it pertains to Collyer, which is her unwillingness to adequately challenge or review Executive branch assertions.

In her opinion reauthorizing Section 702, Collyer apparently never once considered appointing an amicus, even a legal one (who, under the USA Freedom structure, could have suggested bringing in a technical expert). She refused to do so in a reconsideration process that — because of persistent problems arising from technical issues — stretched over seven months.

I argued then that that means Collyer broke the law, violating USA Freedom Act’s requirement that the FISC at least consider appointing an amicus on matters raising novel or significant issues and, if choosing not to do so, explain that decision.

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Without even considering an amicus, Collyer for the first time affirmatively approved the back door searches of content she knows will include entirely domestic communications, effectively affirmatively permitting the NSA to conduct warrantless searches of entirely domestic communications, and with those searches to use FISA for domestic surveillance. In approving those back door searches, Collyer did not conduct her own Fourth Amendment review of the practice.

Moreover, she adopted a claimed fix to a persistent problem — the collection of domestic communications via packet sniffing — without showing any inkling of testing whether the fix accomplished what it needed to. Significantly, in spite of 13 years of problems with packet sniffing collection under FISA, the court still has no public definition about where in a packet metadata ends and content begins, making her “abouts” fix — a fix that prohibits content sniffing without defining content — problematic at best.

I absolutely agree with these senators that the FISC should have its own technical experts.

But in Collyer’s case, the problem is larger than that. Collyer simply blew off USA Freedom Act’s obligation to consider an amicus entirely. Had she appointed Marc Zwillinger, I’m confident he would have raised concerns about the definition of content (as he did when he served as amicus on a PRTT application), whether or not he persuaded her to bring in a technical expert to further lay out the problems.

Collyer never availed herself of the expertise of Zwillinger or any other independent entity, though. And she did so in defiance of the intent of Congress, that she at least explain why she felt she didn’t need such outside expertise.

And she did so in an opinion that made it all too clear she really, really needed that help.

In my opinion, Collyer badly screwed up this year’s reauthorization certificates, kicking the problems created by upstream collection down the road, to remain a persistent FISA problem for years to come. But she did so by blowing off the clear requirement of law, not because she didn’t have technical expertise to rely on (though the technical expertise is probably necessary to finally resolve the issues raised by packet sniffing).

Yet no one but me — not even privacy advocates testifying before Congress — want to call her out for that.

Congress already told the FISA court they “shall” ask for help if they need it. Collyer demonstrably needed that help but refused to consider using it. That’s the real problem here.

I agree with these senators that FISC badly needs its own technical experts. But a technical amicus will do no good if, as Collyer did, a FISC judge fails to consult her amici.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Wyden to Coats: Admit You Know NSA Is Collecting Domestic Communications under 702

Last week, I noted that Ron Wyden had asked Director of National Intelligence Dan Coats a question akin to the one he once asked James Clapper.

Can the government use FISA Act Section 702 to collect communications it knows are entirely domestic?

Coats responded much as Clapper did four years ago.

Not to my knowledge. It would be against the law.

But, as I pointed out, Coats signed a certification based off an application that clearly admitted that the government would still collect entirely domestic communications using upstream collection. Rosemary Collyer, citing the application that Coats had certified, stated,

It will still be possible for NSA to acquire [a bundled communication] that contains a domestic communication.

When I asked the Office of Director of National Intelligence about this, they said,

Section 702(b)(4) plainly states we “may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States.” The DNI interpreted Senator Wyden’s question to ask about this provision and answered accordingly.

Yesterday, Ron Wyden wrote Dan Coats about this exchange. Noting everything I’ve just laid out, Wyden said,

That was not my question. Please provide a public response to my question, as asked at the June 7, 2017 hearing.

Wyden doesn’t do the work of parsing his question for Coats. But he appears to be making a distinction. The language ODNI’s spox pointed to discusses “intentionally acquir[ing a] communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States.” Wyden’s question, however, did not use the term “intentionally” and did not include the language about “knowing at the time of collection” that the communication is domestic.

The distinction he is making appears to be the one I pointed out in this post. In a 2010 opinion, John Bates distinguished data that NSA had no reason to know was domestic communication (in this case, categories of packet information prohibited by the FISC in 2004, effectively content as metadata, but the precedent holds for all FISA collection), which he treated as legal, from that the NSA had reason to know was domestic.

When it is not known, and there is no reason to know, that a piece of information was acquired through electronic surveillance that was not authorized by the Court’s prior orders, the information is not subject to the criminal prohibition in Section 1809(a)(2). Of course, government officials may not avoid the strictures of Section 1809(a)(2) by cultivating a state of deliberate ignorance when reasonable inquiry would likely establish that information was indeed obtained through unauthorized electronic surveillance.

If NSA knew the data it was collecting was domestic, it was illegal. If NSA didn’t know the data it was collecting was domestic, it was not illegal.

But don’t you dare deliberately cultivate ignorance about whether the data you’re collecting is domestic, John Bates warned sternly!

Here, of course, the government has told the court in its application, “Hey, we’re going to be collecting domestic communications,” but then, in testimony to Congress, said, “nah, we’re not collecting domestic communications.”

Having said in its application that it is still possible to collect domestic communications, it sure seems the government has ceded any claim to be ignorant that it is collecting domestic communications.

Which would make this collection of domestic communications illegal.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Privacy Community Lets Dan Coats Off Easy in Letter Accusing Him of Reneging on His Promise

This post may make me some enemies in DC.

But the privacy community appears to be missing some critical points in this letter accusing Dan Coats of reneging on his promise to provide an estimate of how many Americans have been sucked up in Section 702 surveillance. The letter rehearses what it claims is the history of NSA counting or not counting how many Americans get collected under Section 702, going back to 2011.

This debate began in 2011 when Senator Wyden first asked Director Clapper to provide an estimate.2 In 2012, the Inspector General of the Intelligence Community claimed that such an estimate would not be possible because the process of establishing the estimate would violate the privacy of U.S. persons, and require too many resources.3

Yet in the same letter, it claims that NSA managed to do a count of Americans implicated in upstream surveillance in 2011.

First, the NSA previously undertook an effort to provide the Foreign Intelligence Surveillance Court (FISC) with a similar estimate, and “there is no evidence that this undertaking impeded any NSA operations.”5 There, in order to address the FISC’s concerns about the number of wholly domestic communications that were being collected under Section 702, the NSA “conducted a manual review of a random sample consisting of 50,440 Internet transactions taken from the more than 13.25 million Internet transactions acquired through the NSA’s upstream collection during a six month period.”6

It is absolutely true that NSA “undertook an effort” to provide the number of Americans implicated in upstream surveillance. But it was not “a similar estimate.” On the contrary, NSA only obtained an estimate of entirely domestic communications collected as part of multiple communication transactions, MCTs. It did not — not even after Bates asked — come up with an estimate of how many entirely domestic communications NSA collected via upstream collection as single communication transactions, much less an estimate of all the Americans collected.

Here’s how John Bates described it in the opinion cited in footnote 6.

NSA’s manual review focused on examining the MCTs acquired through NSA’s upstream collection in order to assess whether any contained wholly domestic communications. Sept. 7, 2011 Hearing Tr. at 13-14. As a result, once NSA determined that a transaction contained a single, discrete communication, no further analysis of that transaction was done. See August 16 Submission at 3. After the Court expressed concern that this category of transactions might also contain wholly domestic communications, NSA conducted a further review. See Sept. 9 Submission at 4. NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13.25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Now, ODNI might raise this detail and say that the 2011 review was not as intensive as the one the privacy community wants to conduct. They’d be right, not least because the upstream review should be easier to conduct than the PRISM review, even though there should be less upstream collection under the new rules (under 702, anyway — much of it would have just gone to EO 12333 collection).

But the other critical point is that, having done the sampling, NSA wasn’t even willing to give Bates the information he requested t0 explain the scope of illegal collection under Section 702.

NSA’s refusal to count all the entirely domestic communications collected in their own right is particularly important given another point that would be worth mentioning here.

It’s not so much that this debate started when Ron Wyden made his request. Rather, Ron Wyden, with Mark Udall, made a written request for such a count on the very same day, July 14, 2011, that DOJ obtained an extension to conduct the count for John Bates.

In April 2011, Wyden and Mark Udall asked for the number.

In April of 2011, our former colleague, Senator Mark Udall, and I then asked the Director of National Intelligence, James Clapper, for an estimate.

According to Clapper’s response, they sent a written letter with the request on July 14, 2011. The timing of this request is critically important because it means Wyden and Udall made the request during the period when NSA and FISA Judge John Bates were discussing the upstream violations (see this post for a timeline). As part of that long discussion Bates had NSA do analysis of how often it collected US person communications that were completely unrelated to a targeted one (MCTs). Once Bates understood the scope of the problem, he asked how many US person communications it collected that were a positive hit on the target that were the only communication collected (SCTs).

But the timing demands even closer scrutiny. On July 8, John Bates went to DOJ to express “serious concerns” — basically, warning them he might not be able to reauthorize upstream surveillance. On July 14 — the same day Wyden and Udall asked Clapper for this information — DOJ asked Bates for another extension to respond to his questions, promising more information. Clapper blew off Wyden and Udall’s request in what must be record time — on July 26. On August 16, DOJ provided their promised additional information to Bates. That ended up being a count of how many Americans were affected in MCTs.

So this debate started when Wyden, simultaneously with the FISC, asked for numbers on how many Americans were affected. But the NSA proceeded to do a count that was only partially responsive to Bates’ concerns and barely responsive to Wyden’s.

NSA did a count in 2011. But even though they had requests for a number from both other co-equal branches of government, they refused to do a responsive count, even as they were already committing the resources to doing the count.

The claim about resources made in 2011 rings hollow, because the resources were expended but the scope was narrowly drawn.

Which brings me to the last critical point here: the most likely motive for drawing the scope so narrowly even as both other co-equal branches of government were requesting the number.

In July 2010, John Bates wrote another opinion. On its face, it addressed the NSA’s collection of prohibited categories under the PR/TT Internet dragnet. But in reality, that collection was just upstream collection with some filtering to try to get down to the part of the packets that constituted metadata under rules set in 2004. Effectively, then, it was also an opinion about the deliberate collection of domestic content via upstream collection. And in that opinion, he weighed the government’s request to let it keep data it had collected that might contain entirely domestic content. Ultimately, Bates said that if the government knew it had obtained domestic content, it had to delete the data, but if it didn’t know, it could keep it.

When it is not known, and there is no reason to know, that a piece of information was acquired through electronic surveillance that was not authorized by the Court’s prior orders, the information is not subject to the criminal prohibition in Section 1809(a)(2). Of course, government officials may not avoid the strictures of Section 1809(a)(2) by cultivating a state of deliberate ignorance when reasonable inquiry would likely establish that information was indeed obtained through unauthorized electronic surveillance.

[snip]

In light of the government’s assertions of need, and in heavy reliance on the assurances of the responsible officials, the Court is prepared — albeit reluctantly — to grant the government’s request with respect to information that is not subject to Section 18099a)(2)’s prohibition. Hence, the government may access, use, and disseminate such information subject to the restrictions and procedures described above that will apply to future collection.

From that point forward, it was a precedent in the FISC that the government could obtain entirely domestic communications, provided that they didn’t know they were collecting it. But they couldn’t cultivate deliberate ignorance of what they were doing. (They still violated the precedent, but quickly destroyed all the data before they got caught in 2011.)

If the NSA knows they’re intentionally collecting entirely domestic communications, it is illegal. If the NSA doesn’t know they’re intentionally collecting entirely domestic collections, it’s not illegal.

You can see how, even with Bates’ stern warning not to deliberately cultivate ignorance, this provided a huge incentive to deliberately cultivate ignorance.

Of course, Dan Coats performed just that deliberate ignorance the other day, when Wyden made it clear Coats had signed the reauthorization certification for 702 even though the accompanying memo made it clear that the NSA would still be collection entirely domestic communications. Coats claimed they wouldn’t collect Americans’ communications even in spite of the fact that the memo accompanying his certification said it would do just that.

This is a concept the privacy community really needs to learn, quickly. Because Ron Wyden is laying all the ground work to make it clear that this is about deliberate ignorance, of just the sort that Bates said was improper, not actually a concern about resources.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Sessions Recusal: Election And/Or Russia?

Back when Jeff Sessions recused from the investigation into Trump, I noted that it was actually fairly narrow. He recused from election-related issues, but said nothing about Russia.

[T]he only thing he is recusing from is “existing or future investigations of any matters related in any way to the campaigns for President of the United States.”

There are two areas of concern regarding Trump’s ties that would not definitively be included in this recusal: Trump’s long-term ties to mobbed up businessmen with ties to Russia (a matter not known to be under investigation but which could raise concerns about compromise of Trump going forward), and discussions about policy that may involve quid pro quos (such as the unproven allegation, made in the Trump dossier, that Carter Page might take 19% in Rosneft in exchange for ending sanctions against Russia), that didn’t involve a pay-off in terms of the hacking. There are further allegations of Trump involvement in the hacking (a weak one against Paul Manafort and a much stronger one against Michael Cohen, both in the dossier), but that’s in no way the only concern raised about Trump’s ties with Russians.

Which is why I was so interested that Jim Comey emphasized something else in his testimony (see this post on this topic) — issues pertaining to Russia. [my emphasis throughout]

We concluded it made little sense to report it to Attorney General Sessions, who we expected would likely recuse himself from involvement in Russia-related investigations. (He did so two weeks later.)

This came up in his hearing yesterday, as well. First Wyden asked why Sessions was involved in Comey’s firing if he got fired for continuing to investigate Mike Flynn’s ties to Russia.

WYDEN: Let me turn to the attorney general. In your statement, you said that you and the FBI leadership team decided not to discuss the president’s actions with Attorney General Sessions, even though he had not recused himself. What was it about the attorney general’s interactions with the Russians or his behavior with regard to the investigation that would have led the entire leadership of the FBI to make this decision?

COMEY: Our judgment, as I recall, is that he was very close to and inevitably going to recuse himself for a variety of reasons. We also were aware of facts that I can’t discuss in an opening setting that would make his continued engagement in a Russia-related investigation problematic. So we were convinced — in fact, I think we’d already heard the career people were recommending that he recuse himself, that he was not going to be in contact with Russia-related matters much longer. That turned out to be the case.

WYDEN: How would you characterize Attorney General Sessions’s adherence to his recusal? In particular, with regard to his involvement in your firing, which the president has acknowledged was because of the Russian investigation.

COMEY: That’s a question I can’t answer. I think it is a reasonable question. If, as the president said, I was fired because of the Russia investigation, why was the attorney general involved in that chain? I don’t know.

Then Kamala Harris asked whether there had been any official guidance on recusal.

HARRIS: Thank you. As a former attorney general, I have a series of questions in connection with your connection with the attorney general while you were FBI director. What is your understanding of the parameters of Attorney General Sessions’ recusal from the Russia investigation?

COMEY: I think it’s described in a written release from DOJ which I don’t remember sitting here but the gist is he will be recused from all matters relating to Russia or the campaign. Or the activities of Russia and the ’16 election or something like that.

HARRIS: So, is your knowledge of the extent of the recusal based on the public statements he’s made?

COMEY: Correct.

HARRIS: Is there any kind of memorandum issued from the attorney general to the FBI outlining the parameters of his recusal?

COMEY: Not that I’m aware of.

In every comment, Comey emphasized the Russian aspect. Indeed, most of his comments only mention Russia; just one instance mentions the election.

Indeed, yesterday’s hearing made it clear that Comey believed Sessions should be recused from Russia-related issues because of unclassified issues that include his undisclosed two (now three) conversations with Russian Ambassador Sergey Kislyak.

After yesterday’s hearing, DOJ issued a statement (reproduced in its entirely below), and also released an email that appears to serve as the written guidance on Sessions’ recusal. Yesterday’s statement makes the limitation to election-related issues even more explicit.

Given Attorney General Sessions’ participation in President Trump’s campaign, it was for that reason, and that reason alone, the Attorney General made the decision on March 2, 2017 to recuse himself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

So while the email directive does state Sessions’ recusal “extends to Department responses to Congressional and media inquiries related to any such investigations,” not a single thing from DOJ ever mentions the word Russia.

There are actually many important potential implications of this.

It may mean, for example, that Sessions feels he had every right to help Trump fire Comey for his aggressive investigation in Russian issues — even in spite of the fact that his own actions may be reviewed in the Russian investigation — because the Flynn investigation pertained to issues that happened after the election.

More alarmingly, it may mean that there will be a squabble about the scope of Robert Mueller’s special counsel investigation, which has already started digging into matters of Russian corruption that go back years, because Rod Rosenstein overstepped the scope of his own authority based on the limits of Sessions’ recusal.

Jim Comey thinks that as soon as February 14, it was clear that Sessions had to recuse from Russian related issues. Instead (all the evidence suggests) he recused only from election related issues.

The difference in understanding here is troubling.

Update: A friend notes that Jeff Sessions basically relied on Rod Rosenstein’s letter in recommending Trump fire Comey.

[F]or the reasons expressed by the Deputy Attorney General in the attached memorandum, I have concluded that a fresh start is needed at the leadership of the FBI.

The friend suggested that because Comey’s actions implicated the election, that means Sessions intervened in matter pertaining to the election (albeit for Trump’s opponent).

I’m not so sure. The phrasing of Rosenstein’s letter here is critical. Democrats may be angry at Comey for reopening the investigation (and sending a sure-to-leak letter to a stable of GOP Committee Chairs) days before the election. So to Democrats, Comey’s handing of the Hillary investigation pertains to the election.

But Rosenstein frames the issue in terms of “usurp[ing] the Attorney General’s authority” and “supplant[ing] federal prosecutors and assum[ing] control of the Justice Department.” While Rosenstein cites Eric Holder and Donald Ayer describing how Comey’s actions violated long-standing policies pertaining to comments in advance of elections, the Deputy Attorney General himself pitches it as insubordination.

Update: On Twitter Charlie Savage suggested the scope of the recusal could be taken from the language of Comey’s confirmation of the investigation in a HPSCI hearing on March 20, arguing that on March 2, when Sessions recused, the investigation and its ties to campaign members who spoke to Russians had not yet been disclosed.

I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government’s efforts to interfere in the 2016 presidential election and that includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia’s efforts. As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed.

Except this statement says nothing about Jeff Sessions’ recusal, and in Thursday’s testimony, Comey said he was unaware of a memo aside from Sessions public statement. As noted above, the email that DOJ has now pointed to says nothing about Russia.

Plus, even if the recusal originally intended to include the secret Russia investigation, the statement written on Thursday, very clearly in response to Comey’s testimony and repeated claims that Sessions had to recuse from Russia-related issues, said the only reason Sessions recused was because of the campaign tie. And as I noted in my original post on the scope of Sessions’ recusal, he played games in his admission of conversations with Sergey Kislyak as to whether they pertained to Russia.

Update: In a March 6 letter to SJC claiming he didn’t need to correct his false testimony on conversations with Sergey Kislyak, Sessions said that his recusal should cover Russian contacts with the Trump transition and administration.

The March 3, 2017, letter also asked why I had not recused myself from “Russian contacts with the Trump transition team and administration.” I understand the scope of the recusal as described in the Department’s press release would include any such matters.

This would seem to conflict with Thursday’s statement.

______________________________________________________________________________

FOR IMMEDIATE RELEASE

THURSDAY, JUNE 8, 2017

DEPARTMENT OF JUSTICE ISSUES STATEMENT ON TESTIMONY OF FORMER FBI DIRECTOR JAMES COMEY

 

WASHINGTON – In response to testimony given today by former FBI Director James Comey, Department of Justice Spokesman Ian Prior issued the following statement:

  • Shortly after being sworn in, Attorney General Sessions began consulting with career Department of Justice ethics officials to determine whether he should recuse himself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

Those discussions were centered upon 28 CFR 45.2, which provides that a Department of Justice attorney should not participate in investigations that may involve entities or individuals with whom the attorney has a political or personal relationship. That regulation goes on to define “political relationship” as:

“[A] close identification with an elected official, a candidate (whether or not successful) for elective, public office, a political party, or a campaign organization, arising from service as a principal adviser thereto or a principal official thereof ***”

Given Attorney General Sessions’ participation in President Trump’s campaign, it was for that reason, and that reason alone, the Attorney General made the decision on March 2, 2017 to recuse himself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

  • In his testimony, Mr. Comey stated that he was “not *** aware of” “any kind of memorandum issued from the Attorney General or the Department of Justice to the FBI outlining the parameters of [the Attorney General’s] recusal.” However, on March 2, 2017, the Attorney General’s Chief of Staff sent the attached email specifically informing Mr. Comey and other relevant Department officials of the recusal and its parameters, and advising that each of them instruct their staff “not to brief the Attorney General *** about, or otherwise involve the Attorney General *** in, any such matters described.”
  • During his testimony, Mr. Comey confirmed that he did not inform the Attorney General of his concerns about the substance of any one-on-one conversation he had with the President. Mr. Comey said, following a morning threat briefing, that he wanted to ensure he and his FBI staff were following proper communications protocol with the White House. The Attorney General was not silent; he responded to this comment by saying that the FBI and Department of Justice needed to be careful about following appropriate policies regarding contacts with the White House.
  • Despite previous inaccurate media reports, Mr. Comey did not say that he ever asked anyone at the Department of Justice for more resources related to this investigation.
  • In conclusion, it is important to note that after his initial meeting with career ethics officials regarding recusal (and including the period prior to his formal recusal on March 2, 2017), the Attorney General has not been briefed on or participated in any investigation within the scope of his recusal.

# # #

17-631

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Dan Coats Just Confirmed He Signed the Section 702 Certificate without Even Reading the Accompanying Memo

Today, the Senate Intelligence Committee had a hearing on Section 702 of FISA. It basically went something like this:

It’s okay that we have a massive dragnet because the men running it are very honorable and diligent.

The men running the dragnet refuse to answer a series of straight questions, and when they do, they’re either wrong or deeply dishonest.

I’ll lay that out in more detail later.

But the most important example is an exchange between Ron Wyden and Dan Coats that will reverberate like Clapper’s now famous answer to Wyden that they don’t “wittingly” collect on millions of Americans. It went like this:

Wyden: Can the government use FISA 702 to collect communications it knows are entirely domestic?

Coats: Not to my knowledge. It would be against the law.

Coats’ knowledge should necessarily extend at least as far as Rosemary Collyer’s opinion reauthorizing the dragnet that Coats oversees, which was, after all, the topic of the hearing. And that opinion makes it quite clear that even under the new more limited regime, the NSA can collect entirely domestic communications.

Indeed, the passage makes clear that that example was presented in the memo tied to the certification about Section 702 that Coats signed (but did not release publicly). Effectively, Dan Coats signed a certificate on March 30 stating that this collection was alright.

I’m not sure what this example refers to. Collyer claims it has to do with MCTs, though like Dan Coats, she didn’t seem to understand the program she approved. There are multiple ways I know of where entirely domestic communications may be collected under 702, which I’ll write about in the near future.

In any case, if Dan Coats was being truthful in response to Wyden’s question, then he, at the same time, admitted that he certified a program without even reading the accompanying memorandum, and certainly without understanding the privacy problems with the program as constituted.

He either lied to Wyden. Or admitted that the current 702 certification was signed by someone who didn’t understand what he was attesting to.

Update: I did a version of this (including comment on Mike Rogers’ testimony) for Motherboard. It includes this explanation for Coats’ comment.

Section 702(b)(4) plainly states we ‘may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States.’ The DNI interpreted Senator Wyden’s question to ask about this provision and answered accordingly.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Upstream “About” Problem Probably Pertains to SCTs, not MCTs

Much of the reporting on the reason NSA is shutting down Section 702 authorized upstream “about” collection has assumed the problem pertains to multiple communication transactions, which is when emails get sent in batches, which can include targeted emails (meaning they include a selector tied to an approved foreign target) as well as untargeted, completely domestic ones. But we know that upstream collection also collects single communication transactions that constituted entirely domestic communications, which would happen if an email from one American to another included the selector (and remember, the selector can be things beyond email and phone numbers; it might include things like encryption keys or dark web forum addresses). Collection of a completely domestic SCT would happen for different technical reasons than an MCT: it would happen whenever an Internet communication between two Americans transited overseas and got caught in filters purportedly focused exclusively on international traffic. Here’s how John Bates described SCTs in his October 3, 2011 opinion on the upstream problems.

In addition to these MCTs, NSA likely acquires tends of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic “about” SCT if it is routed internationally.

And I think the problem at issue probably pertains to the SCTs, not to MCTs.

The NSA statement on the issue says nothing that would suggest this is a problem with MCTs. Indeed, its example of an “about” collection is an SCT — an email that itself contains the designated selector.

An example of an “about” email communication is one that includes the targeted email address in the text or body of the email, even though the email is between two persons who are not themselves targets. The independent Privacy and Civil Liberties Oversight Board described these collection methods in an exhaustive report published in 2014.

More tellingly, Ron Wyden’s statement about the risk of the practice also describes an SCT — an American’s email that got collected because she mentioned the targeted selector.

“This change ends a practice that could result in Americans’ communications being collected without a warrant merely for mentioning a foreign target,”

The government hasn’t liked to talk much about SCTs. It appears to have made no mention of them in the notice to Congress of upstream problems leading up to reauthorization in 2012. And when Bates asked NSA to count SCTs as part of upstream discussions in 2011, it basically refused to do so. Bates came up with his own estimate of 46,000 communications a year (which represented the majority of the domestic communications collected via upstream surveillance). Ron Wyden has been pushing for a real estimate since literally the same period Bates was making his own up.

But basically, the government has been permitted to collect entirely domestic communications of Americans using targeted selectors since 2007, even as Internet usage means more and more completely domestic communications will transit overseas.

And SCTs are the ones most likely to show up in a query of a US person communication.

That’s because, when Bates was trying to sort through these issues in 2011, he viewed SCTs differently than he did MCTs, figuring that an SCT might itself have foreign intelligence value, whereas a completely unrelated email would not.

NSA’s upstream collection also likely results in the acquisition of tens of thousands of wholly SCTs that contain references to targeted selectors. See supra, pages 33-34 & note 33 (discussing the limits [redacted] Although the collection of wholly domestic “about” SCTs is troubling, they do not raise the same minimization-related concerns as discrete, wholly domestic communications that are neither to, from, nor about targeted selectors, or as discrete communications that are neither to, from, nor about targeted selectors, to any target, either of which may be contained within MCTs. The Court has effectively concluded that certain communications containing a reference to a targeted selector are reasonably likely to contain foreign intelligence information, including communications between non-target accounts that contain the name of the targeted facility in the body of the message. See Docket No. 07-449, May 31, 2007 Primary Order at 12 (finding probable cause to believe that certain “about” communications were “themselves being sent and/or received by one of the targeted foreign powers”). Insofar as the discrete, wholly domestic “about” communications at issue here are communications between non-target accounts that contain the name of the targeted facility, the same conclusion applies to them. Accordingly, in the language of FISA’s definition of minimization procedures, the acquisition of wholly domestic communications about targeted selectors will generally be “consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information.” See 50 U.S.C. 1801(h)(1). Nevertheless, the Court understands that in the event NSA identifies a discrete, wholly domestic “about” communication in its databases, the communication will be destroyed upon recognition.

Accordingly, most of the special minimization procedures pertaining to upstream collection — most importantly, that it be segregated in a special database — don’t apply to SCTs.

Importantly, that destroy upon recognition is not absolute: if an analyst sees it and determines a communication has Foreign Intelligence value or is evidence of a crime (or two other things), then it can be retained, with DIRNSA approval. Of course, some kinds of selectors — such as certain dark web addresses and encryption keys — might by themselves be evidence of a crime, meaning a back door search could (hypothetically at least) lead directly to an American being implicated via 702 collection.

There are just two special limits that would protect these completely domestic SCTs: a two year — rather than five year — aging off process. And the rule that appears to have gotten broken: NSA can’t do queries on US persons (that is, back door searches) on upstream collection.

Identifiers of an identifiable U.S. person may not be used as terms to identify and select for analysis any Internet communication acquired through NSA’s upstream collection techniques.

That’s the importance of this post — describing violations involving the use of US person selectors to search upstream communications. It shows how it was possible, in 2013 and 2014, for analysts to “inadvertently” do back door searches on upstream collection. Those violations almost certainly occurred with SCTs, not MCTs, because SCTs would be the ones in general repositories that analysts who weren’t specially trained would access.

We can see in those past violations how a US person search on upstream content might happen. In 2013, analysts would avoid searching on upstream data by formally excluding it as part of their search term (maybe by adding “NOT upstream” to their query). But on “many” occasions, analysts forget to exclude “upstream” in their back door searches on US person identifiers (and none of the unredacted discussion seems to have suggested requiring them to find a better approach to prevent searches on upstream data). Then, in 2014, ODNI and DOJ seemed to think that analysts were doing searches on identifiers they didn’t know were US person identifiers and as a result doing US person searches on upstream data because they hadn’t thought about excluding it (and, in fact, the wording of the minimization procedures permit searches using selectors that are not yet identifiable as US person selectors).

We’ll find out soon enough what the current inadvertent method of searching upstream collected data using US person selectors is. But the point is, under the minimization procedures, MCTs would be segregated from general repositories but SCTs would not be, and so the mistakes are going to be easier to make (and the volume of entirely domestic communications will be greater) with SCTs. To fix the SCT problem you’d either have to move all upstream about content out of general repositories, find a better way to avoid collecting domestic communications that transited internationally, stop doing back door searches, or stop collecting on about. They’re choosing the latter option. (Note, if this were an MCT problem, then you could just delete all about MCTs on intake.)

Here’s the rub though. If the problem with upstream collection arises because so many entirely domestic US person communications now transit internationally, then shutting down upstream collection will not offer much further protection for US persons, because SCTs are — by definition! — communications that the NSA claims were transiting internationally, and so would be readily available under EO 12333 collection. And EO 12333 collection is now easier to share under Obama’s EO 12333 sharing guidelines that were passed even as the debate about what to do about upstream collection was taking place. Those guidelines do prohibit the agencies from using “a query, identifier, or other selection term that is intended to select domestic communications,” but if NSA couldn’t prevent that with the heightened scrutiny that happens under FISA, how are they going to prevent it under EO 12333 analysis?

Now, to be fair, to do a content query of EO 12333 data, you’d need to get Attorney General (Jeff Sessions!) authorization or the head of the agency, the latter of which may be used for two entirely redacted reasons.

Still, if I’m right and the problem is SCTs, then ending upstream collection under Section 702 simply shifts the privacy problems under a new shell.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The ISP/ECTR Workaround: The New Broadband Rules May Be Not So Much What They’ll Sell, But What They Give Away

Senator Ed Markey and seven of his colleagues (Franken, Blumenthal, Warren, Sanders, Wyden, Leahy, and Van Hollen) just sent letters to major ISP providers (AT&T, Comcast, Charter, Verizon, Sprint, T-Mobile, and CenturyLink, the latter of which I find most interesting for the purposes of this post) regarding what practices they’ll follow in the wake of Congressional Review Act overturning President Obama’s broadband privacy rules.

The letters focus on a lot of consumer right issues — such as whether customers will learn of any changes in a provider’s privacy policy, the ability to opt in or out, forced arbitration, data breach provisions, and de-identification. That’s all great stuff and I look forward to the answers Markey gets; the information will be as useful as the information he has obtained from wireless providers about information they keep.

But towards the end, the letters include what I’ll call “Wyden questions,” not because I know they came from him, but because they address issues about which he has long been obsessed. There’s one on location, reflecting a concern that providers might presume consent from customers, resulting in the sharing of their location data with third parties.

Under Section 222 of the Communications Act, carriers may not disclose subscriber location information without the “express prior authorization of the customer”.  Over each of the last three years, how many times did your company disclose to third parties individually identifiable customer location data or other Customer Proprietary Network Information with a customer’s express prior authorization?  Does your company obtain the consent from the subscriber directly?  If not, and the third party obtains the consent (or claims they do), do you request or retain a copy of documentation showing that the customer provided such consent?

More interesting still is the question asking whether providers would retain and provide — in response to a National Security Letter — “netflow” records.

Many ISPs retain so called “netflow” records, related to their customers’ internet usage. Do you retain netflow records for your customers’ web browsing activity? If so, for how long do you retain them? Will you disclose netflow records pursuant to a National Security Letter, or only court orders?

Remember, on several occasions last year, Republicans tried to change the rules of National Security Letters so as to permit the FBI to demand providers to turn over “electronic communications transactional records” (ECTRs) with just a National Security Letter. The FBI always asks for ECTRs on NSLs, but a number of providers started refusing to turn them over in the wake of a 2008 OLC decision stating they weren’t included under the law. And Republicans have been trying to force through language that would permit FBI to always obtain such things.

While the discussion about ECTRs started by focusing on email and then moved to URLs, the possibility that FBI had been and wanted to obtain netflow data had been made apparent by — among other things — Nick Merrill’s efforts to declassify the NSL he received in 2004. As he described in a 2015 declaration,

Electronic communication service providers can also record internet “NetFlow” data. This data consists of a set of packets that travel between two points. Routers can be set to automatically record a list of all the NetFlows that they see, or all the NetFlows to or from a specific IP ,address. This NetFlow data can essentially provide a complete history of each electronic communications service used by a particular Internet user.

So in effect, this question (whether or not it comes from Wyden) would reflect a concern that that would become available if these providers were willing to respond to FBI’s requests for ECTRs, and may remain widely available because of the change in the broadband rules. It also reminds me of Wyden’s neverending quest to liberate an OLC memo John Yoo wrote as part of Stellar Wind, but which purportedly pertains to cybersecurity.

In wake of the broadband rule change, AT&T, Verizon, and Comcast (but not, for example, CenturyLink) have assured customers they won’t change their practices and won’t be selling individual customers’ data.

But I’m not seeing any of the providers making assurances about what they’ll be giving away to the government.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Raw Versus Cooked: Could NSC Monitor FBI’s Investigation?

Multiple people,including Bart Gellman and Josh Marshall, are now arguing that the reason Ezra Cohen-Watnick and Michael Ellis found intercepts involving Trump’s people is that they were monitoring FBI’s investigation of the investigation.

I certainly think the Trump people would like to do that — and would be willing to stoop to that. I even believe that the response to the Russian hack last year had some counterintelligence problems, though probably not on the FBI side.

But there are some details that may limit how much the NSC can monitor the investigation.

First, Devin Nunes has always been very clear: the intercepts he was shown have nothing to do with Russia. That’s not, itself, determinative. After all, Cohen-Watnick and Ellis might have found a bunch of Russian intercepts, but only shared the non-Russian ones so Nunes could make a stink without being accused of endangering the investigation. Also, it’s possible that intercepts involving other countries — most notably Turkey, but there are other countries that might be even more interesting, including Ukraine or Syria — would impact any Russian investigation.

Also note that among the many things Nunes appears not to understand about surveillance is that there are two ways an American’s name can be visible outside the circle of analysts doing the initial review of them: their names can be put into finished intelligence reports that get circulated more broadly, with customers asking to have the name unmasked after the fact. Alternately, their names can be found off of subsequent searches of raw data. At the NSA and CIA, searches for US person content are somewhat controlled. At FBI they are not only not controlled, but they are routine even for criminal investigations. So if, say, General Flynn (or Paul Manafort) were under investigation for failing to register as a foreign agent, the FBI would routinely search their database of raw FISA material on his name. (These are the “back door searches” Ron Wyden has been screaming about for years, concerns which people like Devin Nunes have previously dismissed on national security grounds.) And we have every reason to believe that counterintelligence intercepts of Russians in the US are among the raw feeds that the FBI gets. So if Flynn had conversations with Russians (or Turks) in the US, we should assume that FBI saw them as a routine matter if Flynn became the subject of an investigation at all. We should also assume that the FBI did a search on every Sergey Kislyak intercept in their possession, so they will have read everything that got picked up, including all recorded calls with Trump aides.

On March 15, the House Intelligence Committee asked the NSA, CIA, and FBI for information on unmasking. I don’t believe that request asked about access to US person names on subsequent searches or raw material. Furthermore, at least as of last week, the FBI was not rushing to comply with that request. As I noted after the Jim Comey hearing before HPSCI, none of the Republicans concerned about these issues seemed to have any basic clue about FBI’s searches on raw data. If Nunes doesn’t know (and he appears not to), it’s unlikely Ellis knows, who was until this month Nunes’ aide.

But there’s one other thing that may prevent NSC from obtaining information about the investigation: FBI sometimes uses what are called “ad hoc databases” that include raw FISA data (and probably, post EO 12333 sharing rule changes, raw EO 12333 data) tied to particular investigations. It’s unclear what conditions might necessitate the use of an ad hoc database (see page 25ff for a discussion of them), but if security concerns would encourage their use, it would be likely to have one here, an investigation which Comey described as being so sensitive he delayed briefing the Gang of Four. Ad hoc databases are restricted to those working on investigations, and include specific records of those authorized to access the database. So if FBI were using an ad hoc database for this investigation, it would be even harder for the NSC to learn what they were looking at.

If the FBI’s investigation relies on raw intelligence — and it would be unfathomable that it does not, because it would probably receive the raw FISA data tied to such an investigation routinely, and EO 12333 sharing rules specifically envision the sharing of raw data associated with counterintelligence investigations — then the NSC’s access to finished intelligence reports would provide little insight into the investigation (Nunes was a bit unclear on whether that’s what he was looking at, but the entire premise of his complaints is that these were finished reports).

But while we’re worrying about whether and how Trump would monitor an investigation into his aides, remember that in 2002, Jay Bybee wrote a memo authorizing the sharing of grand jury information with the President and his close advisors including for counterintelligence investigations.

In addition, the Patriot Act recently amended 6(e) and Title III specifically to provide that matters involving foreign intelligence or counterintelligence or foreign intelligence information may be disclosed by any attorney for the government (and in the case of Title III, also by an investigative or law enforcement officer) to certain federal officials in order to assist those officials in carrying out their duties. Federal officials who are included within these provisions may include, for example, the President, attorneys within the White House Counsel’s Office, the President’s Chief of Staff, the National Security Advisor, and officials within the Central Intelligence Agency and the Department of Defense.

[snip]

Although the new provision in Rule 6(e) permitting disclosure also requires that any disclosures be reported to the district court responsible for supervising the grand jury, we conclude that disclosures made to the President fall outside the scope of the reporting requirement contained in that amendment, as do related subsequent disclosures made to other officials on the President’s behalf.

In other words, Trump could demand that he — or his National Security Advisor! — get information on any grand jury investigations, including those covering counterintelligence cases. And no judge would be given notice of that.

With Jeff Sessions’ recusal, that’s far less likely to happen than it might have been. But understand that the Executive Branch believes that the President can learn about the happenings in grand jury investigations of the sort that might target his aides.

Update: additional details have been added to this post after it was first posted.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Ron Wyden’s Complaints about Section 702

In this post, I reviewed the Intelligence Community’s dubious history of refusing to count how many Americans get swept up under FISA Section 702. Of particular note, I showed that when Wyden first asked for a number of how many Americans were sucked up, the NSA was in the process of conducting a partial count (on how many Americans were caught up in one kind of upstream collection); yet the government neither told Wyden that count was going on or answered his question. Even the limited count NSA conducted resulted in a FISC ruling that the US person collection violated the Constitution.

I wanted to turn, now, to the litany of concerns about Section 702 Ron Wyden laid out earlier this week.

Ultimately, Wyden’s biggest concern is about reverse targeting.

But before he gets there, he lays out a number of ways Americans can be sucked in, some of which are familiar, some of which are less so.

Upstream collection

For example, he lays out MCTs (when a completely unrelated communication is sucked in with a targeted one) and SCTs (when an about communication picks up an entirely domestic communication). About this, Wyden notes no foreigners need to be involved.

The law only requires that one of the parties to the communication who again could be another American is overseas and even that requirement is hard for the government to meet in practice. So the implications here ought to be pretty obvious. You don’t even have to be communicating with one of the government’s targets to be swept up in Foreign Intelligence Surveillance Act collection. You don’t even have to be communicating with a foreigner.

Note, especially, his point that the requirement that one communication be overseas “is hard for the government to meet in practice.”

Tasking errors

Wyden describes accidental targeting — which (given my review of all available reporting, at least) is very closely policed.

The first are targeting mistakes in which contrary to the law, the target turns out to be an American or someone in the United States. The full impact of these mistakes on law-abiding Americans is not readily apparent. The most recent public report on section 702 noted that there were compliance incidents involving surveillance of foreigners in the United States and surveillance of Americans.

Tasking problems are closely policed, but as Wyden notes, the most recent report showed a number of tasking problems, representing a big spike in the number of such compliance problems.

My working hypothesis is that the increase in identified tasking problems stems from the implementation of additional documentation in response to the PCLOB report. Most of this spike is related to one office completely misapplying a certificate (which makes me wonder if there’s a new, possibly fourth, certificate). But there were also tasking errors. The unredacted section actually says none of these affected US persons and people in the US, but there are three paragraphs redacted that may describe older tasking problems.

One foreigner list-servs

Wyden also notes that it only takes one person on an email to grant the entire email foreignness designation.

It is also important to note that the government is prohibited from collecting communications only when the sender of an e-mail and everyone receiving that e-mail are in the United States. So an American in the United States can send an e-mail to another American in the United States, but if the e-mail also goes to an overseas target, it’s going to be collected. So that then brings us to the different kinds of collection under section 702 and how it affects the liberties of our people in different ways.

Imagine a group of people — say hackers — collaborating on some IRC channel where one known participant was foreign. That would meet the foreignness designation and lead to the collection of everyone, American or not, participating.

American business people doing business overseas

Wyden also emphasizes that the definition of “foreign intelligence” is so broad that the target doesn’t have to be suspected of any wrongdoing.

The statute requires that the collection be conducted, quote, to acquire foreign intelligence information. As implemented the standard for targeting individuals under the program is that the government has reason to believe that these persons possess or are expected to receive or are likely to communicate foreign intelligence information. Obviously that is broad. It doesn’t even require that a target be suspected of wrongdoing.

And it’s in that context that he raises the possibility that an “American business leader” could easily be collected.

[T]hink about how easy it would be for an American business leader to be in contact with a broad set of potential targets of this program. Consider how easy it would be for Americans communicating with other Americans to forward the e-mails of these people. All of this could be collected by the government.

Of course, any business person could be collected in such a way (or scientists, which appears to be what has gotten a lot of Chinese-American scientists in trouble).

Reverse targeting

But as I said, Wyden seems most concerned about the standard for reverse targeting, which he raised as a newly urgent concern in 2013. According to the standard currently implemented, reverse targeting is extremely rare — perhaps just three instances, with the most recent occurring in the December 2014 to May 2015 period.

One of NSA’s tasking errors involved the tasking of a facility that was used by a nonUnited States person located outside the United States that was determined to involve reverse targeting.

[snip]

In this incident, the Attorney General authorized the targeting of the United States person pursuant to Section 705(b) of FISA. This reverse targeting incident resulted from an NSA analyst misunderstanding the reverse targeting prohibition and not because an NSA analyst intentionally attempted to violate Section 702 or NSA policy.

The American being targeted was overseas and got targeted, under Section 705(b) anyway. A completely redacted footnote excuses the analyst’s error.

But Wyden suggests that several other factors may lead to more reverse targeting than gets identified by the current standard of review. He suggests back door searches (which he notes Bush didn’t do, at least not for the first several years of PRISM, though I suspect it actually happened at FBI) make the problem worse.

This issue was concerning in 2008 when the Foreign Intelligence Surveillance Act amendments passed with a prohibition on reverse targeting, but that was before the Congress knew about the collection of e-mails that are only about a foreign target and that could be to and from Americans. That was before the Obama administration sought and obtained authority to conduct warrantless searches for communications to, from and about Americans out of section 702 PRISM collection.

[snip]

Before 2011, the FISA court prohibited, prohibited queries for U.S. persons. I’m going to repeat that: Under the Bush Administration and the first two years of the Obama Administration, it was not possible to conduct these back-door, warrantless searches of law-abiding Americans. Then the Obama Administration sought to change the rules and obtained authority to conduct them.

While he doesn’t provide much detail, he points to the expanded ability of those doing the back door searches (presumably, I’d imagine, those at CIA and FBI) to also nominate people for targeting.

Each of the agencies authorized to conduct these warrantless searches, the N.S.A., the F.B.I., the C.I.A., are also authorized to identify the overseas targets of section 702. The agencies that have developed an interest in Americans’ communications and are actually looking for these communications are the same agencies that are in a position to encourage ongoing collection of those communications by targeting the overseas party.

Such targeting still has to undergo NSA targeting review, meaning the actual target has to be overseas and have, according to NSA’s review team, foreign intelligence value unto himself. But it would be fairly easy for the FBI to target someone known to communicate prolifically with an American to be able to get the American’s side of the conversation. To make things worse, FBI has devolved its targeting to field offices, and I’m not convinced the reviews of field offices are as rigorous as they were at Headquarters. Not all field offices even get reviewed (though I assume the ones doing the most foreign targeting are), and the tracking on US persons caught up in all this has diminished with the devolution.

I share Wyden’s concerns — especially given NSA’s dodgy response to the Snowden documents released last year.

Given the volume of information the NSA and, derivatively, CIA and FBI, collect, it would be very easy to get away with reverse targeting, particularly the more you move targeting into the hands of people leading investigations, as has happened at FBI.

Wyden is not the only one concerned about this. Ted Lieu, fresh off the classified 702 briefing last week, seemed pretty concerned as well (as well as Rand Paul, though I’m not sure if Paul has had briefing on this). We won’t get the kind of granularity we need to understand how big of a problem this is.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Ron Wyden’s History of Bogus Excuses for Not Counting 702 US Person Collection

The other day, Ron Wyden gave a long speech on FISA Section 702, purportedly explaining why he was voting against Dan Coats to be Director of National Intelligence. Wyden voted against Coats because his former colleague would not commit to providing a number of the number of Americans swept up under Section 702. Given that it’s always a good idea to read Wyden closely, I wanted to summarize what he said. I’ll look at his complaints in a separate post, but for now I wanted to focus on Wyden’s description of the bogus explanations James Clapper and others gave Wyden in his past efforts to get the number of Americans sucked up in 702. I summarized the known exchanges that occurred on this issue before Clapper’s famous “not wittingly” lie here.

In 2011, both Wyden and John Bates were asking for numbers at the same time — NSA refused both

The first request for a count is temporally significant(update: I think I just missed this one in the past). In April 2011, Wyden and Mark Udall asked for the number.

In April of 2011, our former colleague, Senator Mark Udall, and I then asked the Director of National Intelligence, James Clapper, for an estimate.

According to Clapper’s response, they sent a written letter with the request on July 14, 2011. The timing of this request is critically important because it means Wyden and Udall made the request during the period when NSA and FISA Judge John Bates were discussing the upstream violations (see this post for a timeline). As part of that long discussion Bates had NSA do analysis of how often it collected US person communications that were completely unrelated to a targeted one (MCTs). Once Bates understood the scope of the problem, he asked how many US person communications it collected that were a positive hit on the target that were the only communication collected (SCTs).

But the timing demands even closer scrutiny. On July 8, John Bates went to DOJ to express “serious concerns” — basically, warning them he might not be able to reauthorize upstream surveillance. On July 14 — the same day Wyden and Udall asked Clapper for this information — DOJ asked Bates for another extension to respond to his questions, promising more information. Clapper blew off Wyden and Udall’s request in what must be record time — on July 26. On August 16, DOJ provided their promised additional information to Bates. That ended up being a count of how many Americans were affected in MCTs.

That means Clapper claimed he couldn’t offer a number even as NSA was doing precisely the kind of count that Wyden and Udall wanted, albeit for just one kind of 702 collection. And, as Wyden suggested in his speech, Clapper’s answer was non-responsive, answering how many US persons had their communications reviewed, rather than how many had their communications collected.

In July of that year, the director wrote back and said, and I quote, it was not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the authority of the Foreign Intelligence Surveillance Act. He suggested reviewing the classified number of disseminated intelligence reports containing a reference to a U.S. Person, but that is very different than the number of Americans whose communications have been collected in the first place. And that’s what this is all about.

Then, after the government presented the information on how many US persons were collected via MCTs to Bates in August, Bates asked them to go back and count SCTs.

NSA refused.

Both FISC and members of SSCI were asking for this information in the same time period, and NSA refused to provide the count.

Since NSA wouldn’t help him, Bates invented an estimate himself, calculating that some 46,000 entirely domestic communications were collected under upstream collection each year.

NSA’s manual review focused on examining the MCTs acquired through NSA’s upstream collection in order to assess whether any contained wholly domestic communications. Sept. 7, 2011 Hearing Tr. at 13-14. As a result, once NSA determined that a transaction contained a single discrete communication, no further analysis of that transaction was done. See Aug. 16 Submission at 3. After the Court expressed concern that this category of transactions might also contain wholly domestic communications, NSA conducted a further review. See Sept. 9 Submission at 4. NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13, 25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Presumably, Wyden learned that NSA had been doing such a count in October, well after Clapper had given his first non-responsive answer.

The 2012 privacy violation claim

Wyden skips the next request he made, when on May 4, 2012, he and Udall asked the Intelligence Community Inspector General Charles McCullough for a number (I laid out the timing of the request in this post). When they also tried to include language in the FAA reauthorization requiring the IGs to come up with a number, SSCI refused, citing their outstanding request to McCullough. Of course, McCullough did not get back to the Senators with his refusal to do such a count until after the bill had passed out of committee. He responded by saying NSA IG George Ellard didn’t have the capacity for such a review, and besides, it would violate the privacy of Americans to find out how much NSA was violating their privacy.

I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Clapper blows off 12 Senators

In response, Wyden rounded up some privacy minded Senators to sign onto a letter asking for an estimate of the number. In this week’s speech, Wyden noted that he said he’d be willing to take an estimate. He didn’t remind his listeners that he and his friends also asked whether such an estimate had been done.

  • Have any entities made any estimates — even imprecise estimates — about how many US communications have been collected under section 702 authorities?

The answer to that question — at least with regards to upstream collection — was yes. NSA had estimated the MCTs and Bates, using their estimate, had made an even rougher estimate of the SCTs. But as I noted here, members of Congress relying on the purported disclosure to Congress about the upstream violations wouldn’t know that — or that the upstream violations involved entirely US person collection. As Wyden noted in his speech, Congress didn’t get this information before the reauthorized FAA.

We still got no answer. And section 702 was reauthorized without this necessary information.

Clapper’s least untruthful answer

Wyden also doesn’t address Clapper’s famous March 2013 lie. Since the exposure of the phone dragnet, most discussions have assumed Wyden was probing only about that program. But the question, as asked, absolutely applied to incidental collection.

Wyden: Does the NSA collect any type of data, at all, on millions, or hundreds of millions of Americans?

Clapper: No sir.

Wyden: It does not?

Clapper: There are cases where they could inadvertently, perhaps, uh, collect, but not wittingly.

Indeed, several of Clapper’s many excuses claim he was thinking of content when he responded. Even if he were, his first answer would still be yes: the NSA collects on so many millions of Americans incidentally that it refuses to count it. But Clapper’s “not wittingly” response is almost certainly not a goof, since he gave it after Wyden had provided a day’s warning the question would be asked and after two different John Bates’ opinions that made it clear that he would forgive the collection of content so long as NSA didn’t know about it, but once they knew about it, then it would become illegal. The not wittingly response reinforces my firm belief that the reason the government refuses to count this is because then a great deal of their Section 702 collection would be deemed illegal under those two FISC precedents.

Clapper’s blow-off becomes Dan Coats’ blow-off

Which is where Wyden brings us up to date, with both house of Congress asking for such a number and — after promises it would be forthcoming — not getting it.

So last year looking at the prospect of the law coming up, there was a renewed effort to find out how many law-abiding Americans are getting swept up in these searches of foreigners. In April 2016 a bipartisan letter from members of the House Judiciary Committee asked the Director of National Intelligence for a public estimate of the number of communications or transactions involving United States persons are collected under section 702 on an annual basis. This letter coming from the House Democrats and Republicans, again asked for a rough estimate. This bipartisan group suggested working with director clapper to determine the methodology to get this estimate.

In December there were hints in the news media that something might be forthcoming, but now we’re here with a new administration considering the nomination of the next head of the intelligence community who has said that reauthorizing section 702 is his top legislative priority and that there is no answer in sight to the question Democrats and Republicans have been asking for over six years. How many innocent law-abiding Americans are getting swept up in these searches under a law that targets foreigners overseas?

There’s one tiny tidbit he doesn’t mention here. Coats never answered that he wouldn’t provide an answer. Rather, he said he didn’t understand the technical difficulties behind providing one (not even after participating in the 2012 vote where this was discussed). In his confirmation hearing, Coats explained one reason why he couldn’t learn what the technical difficulties were before he was confirmed. When he resigned the Senate, his clearance had lapsed, and during his confirmation process, his new clearance was being processed. That meant that for this — and any other classified question that Coats might want to consider anew — he was unable to get information.

The Senate doesn’t seem to care about this serial obstruction, however. Coats was confirmed with an 85-12 vote, with the following Senators voting against confirmation.

Baldwin (D-WI)
Booker (D-NJ)
Duckworth (D-IL)
Gillibrand (D-NY)
Harris (D-CA)
Markey (D-MA)
Merkley (D-OR)
Paul (R-KY)
Sanders (I-VT)
Udall (D-NM)
Warren (D-MA)
Wyden (D-OR)

Given how hard the IC is trying to hide this, the actual exposure of US persons must be fairly significant. We’ll see whether Congress finds another way to force this information out of the IC.

Updated with more granular timing on the 2011 exchange.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.