Posts

Useful But Not Sufficient: FBI’s FISA Fix Filing

As one of her last acts as presiding FISA judge, Rosemary Collyer ordered the government to explain how it will ensure the statement of facts in future FISA applications don’t have the same kind of errors laid out in the DOJ IG Report on Carter Page.

THEREFORE, the Court ORDERS that the government shall, no later than January 10, 2020, inform the Court in a sworn written submission of what it has done, and plans to do, to ensure that the statement of facts in each FBI application accurately and completely reflects information possessed by the FBI that is material to any issue presented by the application. In the event that the FBI at the time of that submission is not yet able to perform any of the planned steps described in the submission, it shall also include (a) a proposed timetable for implementing such measures and (b) an explanation of why, in the government’s view, the information in FBI applications submitted in the interim should be regarded as reliable.

DOJ and FBI submitted their response on Friday. (This post lays out new revelations about the FISA process in it.) While I think there are useful fixes, most laid out in FBI Director Chris Wray’s response to the IG Report itself, the fixes are insufficient to fix FISA.

The filing largely focuses on the institution and evolution of the current accuracy review process. It promises to review the memorandum guiding that process (though doesn’t set a deadline for doing so), and adds some forms and training to try to ensure that FBI Agents provide DOJ all the information that the lawyers should include in an application to FISA. One of those forms — pertaining to human sources — seems important though might lead to counterintelligence problems in the future. Another, requiring agents to provide all exculpatory information, may improve the process. But fundamentally, DOJ and FBI assume that the process they currently use just needs to be improved to make sure it works the way they intend it to.

They’re probably insufficient to fix the underlying problems in the Carter Page FISA application.

The FISA Fix Filing is based on faulty assumptions

I say that, first of all, because the FISA Fix Filing adopts certain assumptions from the DOJ IG Report that may not be valid. The FISA Fix Filing assumes that:

  • FBI was responsible for all the errors on the Carter Page application
  • The right people at FBI had the information they needed
  • The Carter Page application was an aberration

The IG Report ignored where DOJ’s National Security Division contributed to errors

As I note in this post, possibly because of institutional scope (DOJ IG cannot investigate DOJ’s prosecutors), possibly because of its own confirmation bias, the IG Report held the FBI responsible for all the information that was known to investigators, but not included in the Carter Page FISA applications. Yet the report showed that at least two of the things it says should have been included in the Page applications — Page’s own denials of a tie with Paul Manafort, and Steele’s own derogatory comments about Sergei Millian — were shared with DOJ’s Office of Intelligence, which writes the applications. Indeed, Rosemary Collyer even noted the latter example in her letter. It also shows DOJ’s National Security Division had confirmed a fact — that Carter Page had no role in the platform change at the RNC — before FBI had.

Because the FISA Fix Filing assumes FBI is responsible for everything mistakenly excluded from the applications, the proposed fixes shift even more responsibility to FBI, requiring agents, with FBI lawyers, to identify the information that should be in an application. But if — as the IG Report shows — sometimes FBI provides the relevant information but it’s not included by the lawyers, then ensuring they provide all the relevant information won’t be sufficient to fix the problem.

The focus on FBI to the detriment of NSD has one other effect. NSD includes few changes to their behaviors in the FISA Fix Filing (largely limited to training and inadequate accuracy reviews). And where they do consider changes, they do not — as ordered by the court — set deadlines for themselves.

The IG Report barely noted the import of the failure to share information in timely fashion

The IG Report deviates radically from almost twenty years of after-action reports that have consistently advocated for more sharing of national security information. It recommends that Bruce Ohr be disciplined for doing just that. Perhaps to sustain that bizarre conclusion, the IG Report focuses almost no attention on an issue that is critical to fixing the problems in the Carter Page applications: ensuring that the people submitting a FISA application have all the information available to the US government. The IG Report showed a 2 month delay before the Crossfire Hurricane team obtained the Steele reports, a month delay in getting feedback from State Department official Kathleen Kavalec, and delays in obtaining the full extent of Bruce Ohr’s knowledge on the dossier, all of which contributed to the delayed vetting of the dossier. But the IG Report doesn’t explore why this happened. And the FBI FISA Fix only addresses it by reminding agents to consult with other agencies.

In another of the 17 problems with the FISA applications, the people submitting the applications apparently did not learn that Christopher Steele had admitted meeting with Yahoo in court filings.

According to the Rule 13 Letter and FBI officials, although there had been open source reporting in May 2017 about Steele’s statements in the foreign litigation, the FBI did not obtain Steele’s court filings until the receipt of Senators Grassley and Graham’s January 2018 letter to DAG Rosenstein and FBI Director Christopher Wray with the filings enclosed. We found no evidence that the FBI made any attempts in May or June 2017 to obtain the filings to assist a determination of whether to change the FBI’s assessment concerning the September 23 news article in the final renewal application.

In other instance (as noted above), while NSD had affirmative knowledge that Carter Page had not been involved in the change to the RNC platform, FBI had a different view, yet this issue was not resolved to fully discount the claim in FISA applications. The IG Report also faults FBI managers (but never NSD ones) for not aggressively questioning subordinates to get a full sense of problems with the applications. All of these are information sharing problems, not errors of transparency. Making the case agent fill out forms about what he or she knows will have only limited effect on ensuring that those agents obtain all the information they need, because if they don’t know it, they won’t know to look for it.

With the Crossfire Hurricane investigation, that problem was exacerbated by the close hold of the investigation (most notably by running the investigation out of Main Justice) and, probably, by the urgency of investigating an ongoing attack while it’s happening, which likely led personnel to focus more on collecting information about the attack than exculpatory information.

The FISA Fix Filing includes a vaguely worded document describing technological improvements — including a workflow document that sounds like bureaucratic annoyance as described — that suggest FBI is considering moving some of this to the cloud.

Corrective Action #11 requires the identification and pursuit of short- and long-term technological improvements, in partnership with DOJ, that aid in consistency and accountability. I have already directed executives in the FBI’s Information Technology Branch leadership to work with our National Security Branch leadership and other relevant stakeholders to identify technological improvements that will advance these goals. To provide one example of a contemplated improvement, the FBI is considering the conversion of the revised FISA Request Form into a workflow document that would require completion of every question before it could be sent to OI. The FBI proposes to update the Court on its progress with respect to this Corrective Action in a filing made by March 27, 2020.

It’s still not clear this would fix the problem (it’s still not clear how Bruce Ohr would have shared the information he had in such a way that he wouldn’t now be threatened with firing for doing so, for example). And for a close hold investigation like this, such a cloud might not work. But it would be an improvement (if FBI could keep it secure, which is a big if).

The FISA Fix Filing does have suggests to improve information sharing. But because the scope of the problem, as defined in the IG Report, doesn’t account for information that simply doesn’t get to the people submitting the application, it’s not clear it will fix that problem.

No one knows whether the Page applications are an aberration or not

Finally, no one yet knows whether the Carter Page application was an aberration, and thus far, no one at DOJ has committed to finding out. DOJ IG has committed to doing an audit of the Woods Procedure process that failed in the Carter Page case (and the FISA Fix Filing committed to respond to any findings from that).

The Government further notes that the OIG is conducting an audit of FBI’s process for the verification of facts included in FISA applications that FBI submits to the Court, including an evaluation of whether the FBI is in compliance with its Woods Procedures requirements. The Department will work with the OIG to address any issues identified in this audit.

Yet everyone involved admits that the most serious problems with the Page applications consisted of information excluded from the application, not inaccurate information in it.

Many of the most serious issues identified by the OIG Report were … [when] relevant information is not contained in the accuracy sub-file and has not been conveyed to the OI attorney.

Doing an audit of the Woods Procedures, then, does not test the conclusion that Page’s applications are an aberration, and therefore does not test whether more substantive fixes are necessary.

DOJ IG has considered doing more — and PCLOB suggested last year they might get involved (though technically, their counterterrorism scope wouldn’t even permit them to look at counterintelligence cases like Page’s) — but thus far there’s no plan in this filing to figure out of this is a broader problem.

The existing oversight for FISA may be inadequate

There are several reasons to believe that the existing oversight regime for FISA may be inadequate.

As noted, the existing IG plan to audit the Woods Procedure is insufficient to identify whether the existing FISA Fix Filing is sufficient to fix the problem. Also as noted above, the jurisdiction of DOJ’s IG, because it cannot review the actions of prosecutors, might not (and in this case, pretty demonstrably did not) adequately review all parts of the process, because it could not subject NSD attorneys to the same scrutiny it did FBI.

Then there are shortcomings to NSD’s oversight regime — shortcomings that Judge James Boasberg — the new presiding FISA Judge and so the just now in charge of overseeing these fixes — already highlighted in an opinion on problems with Section 702 queries.

As the FISA Fix Filing describes, OI (the same office that the IG Report let off when it received information but did not include it in applications) does a certain number of oversight reviews each year. But they don’t do reviews in every FBI field office (to which FBI devolved the FISA application process some years ago), and they don’t do accuracy reviews at every office where they do an oversight review.

OI’s Oversight Section conducts oversight reviews at approximately 25-30 FBI field offices annually. During those reviews, OI assesses compliance with Court-approved minimization and querying procedures, as well as the Court orders. Pursuant to the 2009 Memorandum, OI also conducts accuracy reviews of a subset of cases as part of these oversight reviews to ensure compliance with the Woods Procedures and to ensure the accuracy of the facts in the applicable FISA application. 5 OI may conduct more than one accuracy review at a particular field office, depending on the number ofFISA applications submitted by the office and factors such as whether there are identified cases where errors have previously been reported or where there is potential for use of FISA information in a criminal prosecution. OI has also, as a matter of general practice,_ conducted accuracy reviews of FISA applications for which the FBI has requested affirmative use of FISA-obtained or -derived information in a proceeding against an aggrieved person. See 50U.S.C. §§ 1806(c), 1825(d).

During these reviews, OI attorneys verify that every factual statement in the categories of review described in footnote 5 is supported by a copy of the most authoritative document that exists or, in enumerated exceptions, by an appropriate alternate document. With regard specifically to human source reporting included in an application, the 2009 Memorandum requires that the accuracy sub-file include the reporting that is referenced in the application and further requires that the FBI must provide the reviewing attorney with redacted documentation from the confidential human source sub-file substantiating all factual assertions regarding the source’s reliability and background.

As Boasberg noted in his 702 opinion last year, this partial review may result in problems going unaddressed for years.

Personnel from the Office of Intelligence (OI) within the Department of Justice’s National Security Division (NSD) visit about half of the FBI’s field offices for oversight purposes in a given year. Id at 35 & n 42. Moreover OI understandably devotes more resources to offices that use FISA authorities more frequently, so those offices [redacted] are visited annually, id at 35 n. 42, which necessitates that some other offices go for periods of two years or more between oversight visits. The intervals of time between oversight visits at a given location may contribute to lengthy delays in detecting querying violations and reporting them to the FISC. See, e.g., Jan. 18, 2019, Notice [redacted] had been conducting improper queries in a training context since 2011, but the practice was not discovered until 2017).

Furthermore, OI’s review of a subset of a subset of applications targeting Americans only reviews for things included in the application, not things excluded from it.

OI’s accuracy reviews cover four areas: (1) facts establishing probable cause to believe that the target is a foreign power or an agent of a foreign power; (2) the fact and manner of FBI’s verification that the target uses or is about to use each targeted facility and that property subject to search is or is about to be owned, used, possessed by, or in transit to or from the target; (3) the basis for the asserted U.S. person status of the target(s) and the means of verification; and (4) the factual accuracy of the related criminal matters section, such as types of criminal investigative techniques used (e.g., subpoenas) and dates of pertinent actions in the criminal case.

DOJ admits that this is a problem, and considers doing a check for the kind of information excluded from Carter Page’s applications, but doesn’t commit to doing so and (again, unlike FBI) doesn’t give itself a deadline to do so.

Admittedly, these accuracy reviews do not check for the completeness of the facts included in the application. That is, if additional, relevant information is not contained in the accuracy sub-file and has not been conveyed to the OI attorney, these accuracy reviews would not uncover the problem. Many of the most serious issues identified by the OIG Report were of this nature. Accordingly, OI is considering how to expand at least a subset of its existing accuracy reviews at FBI field offices to check for the completeness of the factual information contained in the application being reviewed. NSD will provide a further update to the Court on any such expansion of the existing accuracy reviews.

Improving these oversight reviews will have a salutary effect on all FISA authorities, not just individualized orders. Since Boasberg has already identified the inadequacies of the current reviews, I would hope he’d ask for at least an improved oversight regime.

Treating alleged subpoenas like they’re not subpoenas

There’s a change promised that I’m unsure about: Chris Wray’s voluntary decision to subject Section 215 and pen register orders to heightened accuracy reviews.

Currently, the accuracy of facts contained in applications for pen register and trap and trace surveillance pursuant to 50 U.S.C. § 1841 , et seq. , or applications for business records pursuant to 50 U.S. C. § 1861 , et seq. , must, prior to submission to the Court, be reviewed for accuracy by the case agent and must be verified as true and correct under penalty ofpeijury pursuant to 28 U.S.C. § 1746 by the Supervisory Special Agent or other designated federal official submitting the application. Historically, the Woods Procedures described herein have not been formally applied by the FBI to applications for pen register and trap and trace surveillance or business records. As discussed in the FBI Declaration, FBI will begin to formally apply accuracy procedures to such applications and proposes to update the Court on this action by March 27, 2020.

FBI has, for years, told the public these are mere grand jury subpoena equivalents, and so the privacy impact is not that great. That Wray thinks these need accuracy reviews suggests they’re more intrusive than that, in which case by all means FBI should add these reviews.

But as I suggested in this post, some of the problems with the Carter Page applications might have been avoided had the Crossfire Hurricane team obtained call records from both Page and George Papadopoulos early in the process, which would not only have confirmed Page’s accurate claim that Paul Manafort never returned his emails (undermining a key claim from the dossier), but it would have revealed Papadopoulos’ interactions with suspect Russian asset Joseph Mifsud, thereby pinpointing where the investigative focus should have been (and making it a lot harder for Papadopoulos to obstruct the investigation in the way he did). The IG Report doesn’t ask why this didn’t happen, but it seems an important question because if the FBI chose not to use ostensibly less intrusive legal process because existing Section 215 applications are not worth the trouble, then making the purportedly less-intrusive applications even more onerous will only lead to a rush to use full FISA, as appears to have happened here.

Further breaking the affiant-officer of the court relationship

One of the more insightful observations from the IG Report described how OI attorneys and FBI agents applying for FISA orders don’t work as closely as prosecutors and agents on a normal case.

NSD officials told us that the nature of FISA practice requires that OI rely on the FBI agents who are familiar with the investigation to provide accurate and complete information. Unlike federal prosecutors, OI attorneys are usually not involved in an investigation, or even aware of a case’s existence, unless and until OI receives a request to initiate a FISA application. Once OI receives a FISA request, OI attorneys generally interact with field offices remotely and do not have broad access to FBI case files or sensitive source files. NSD officials cautioned that even if OI received broader access to FBI case and source files, they still believe that the case agents and source handling agents are better positioned to identify all relevant information in the files.

The proposed FISA fixes seem to derive from this OI viewpoint, that because OI don’t work closely with agents they need to replace cooperation that is often inadequate on normal criminal investigations with a process that has even less cooperation for applications that are supposed to have a higher degree of candor.

The FISA Fix Filing seems to envision FBI lawyers picking up this slack, but especially since DOJ devolved the application process to Field Agents some years ago, it’s not clear, at all, why this would result in better lawyering.

Formalizing the role of FBI attorneys in the legal review process for FISA applications, to include identification of the point at which SES-level FBI OGC personnel will be involved, which positions may serve as the supervisory legal reviewer, and establishing the documentation required for the legal review;

[snip]

Corrective Action #7 requires the formalization of the role of FBI attorneys in the legal review process for FISA applications, to include identification of the point at which SES-level FBI OGC personnel will be involved, which positions may serve as the supervisory legal reviewer, and establishing the documentation required for the legal reviewer. Through this Corrective Action, the FBI seeks to encourage legal engagement throughout the FISA process, while still ensuring that case agents and field supervisors maintain ownership of their contributions.

As it is, the FISA process requires a more senior agent to be the affiant on an application, which in at least one of the Page applications, resulted in someone who had less knowledge of the case making the attestation under penalty of perjury.

It may be that these changes go in the opposite direction from where FISA should go, which would be closer to the criminal warrant model where a judge will have an FBI affiant who anticipates taking the stand at a trial (and therefore needs to retain his or her integrity to avoid damaging the case), and an office of the court signing off on applications (whom judges can sanction directly). That is, by introducing more layers and absolving OI from some of the direct responsibility for the process, these proposed changes may make FISA worse, not better.

Remarkably, the court might consider something far more effective.

On Friday, Boasberg appointed David Kris as amicus for this consideration. Kris literally wrote the book on all this, in addition to writing the 2001 OLC memo that eliminated the wall between the intelligence collected under FISA and the prosecutions that arise out of them. In a recent podcast, he mused that the way to fix all this may be to give defendants review of their applications, something always envisioned by Congress, but something no defendant has done. That — along with a more robust oversight process — seems like it has a better chance of changing the way the FBI and DOJ approach FISA applications than adding a bunch more checklists for the process.

The frothy right is in a lather over Kris’ appointment, which is a testament to how little these people (up to and especially Devin Nunes) understand FISA. But he has the institutional clout to be able to recommend real fixes to FISA, rather than a bunch of paperwork to try to make the Woods Procedure to work the way it’s supposed to.

DOJ could, voluntarily, provide review to more defendants. Alternately, Congress could mandate it in whatever bill reauthorizes Section 215 this year. Or Kris could suggest that’s the kind of thing that should happen.

Update: David Kris submitted his recommendations to Boasberg. Like me, he finds Wray’s plan useful but not sufficient. Like me he notes that the agents doing the investigation should be the ones signing off on affidavits (and he suggests the FISC review more applications until new procedures are in place). Kris also focuses on cultural changes that need to happen.

One thing he doesn’t do is review DOJ’s role (though he does argue that part of this stems from conflict between DOJ and FBI).

He also notes that DOJ has not imposed deadlines for itself.

The Revelations about FISA Bureaucracy in FBI’s FISA Fix Filing

The government submitted the filing ordered by now (thankfully) former FISA presiding Judge Rosemary Collyer on Friday, explaining how it’ll avoid the problems identified in the DOJ IG Report on Carter Page. As I’ll show in a follow-up, I believe the changes — with one possible exception — are worthwhile, if inadequate to the task.

In this post, however, I’d like to lay out what the filing reveals about two aspects of the FISA process that I did not know before.

Other agencies and state and local law enforcement can use FISA: While minimization procedures have revealed that FBI can share FISA information with other agencies, including state and local authorities, this filing reveals those other agencies can serve as the affiant for FISA applications.

Agents from other federal law enforcement agencies or state or local law enforcement officers serving on a Joint Terrorism Task Force with the FBI may, in some cases, act as the declarants for applications submitted by the FBI after reviewing receiving the necessary training. In the case of state or local law enforcement officers, such officers are deputized as Special Deputy United States Marshals for this purpose. (4)

I’ve never heard of this before and there are a whole lot of questions this raises, both about whether non-DOJ agencies are submitting FISA applications (CIA would be unsurprising, but ICE would be alarming and under this administration, not at all crazy), but also about the accountability for people who aren’t Federal employees. How many “Special Deputy United States Marshals” does SDNY have, for example, and was FISA used during the worst excesses of its intelligence program?

The timeline of updates to the Woods Procedures: The filing explains (I’m sure some of this is public, but it’s laid out here as well) that the Woods Procedures have been updated:

  • On February 2, 2006, FBI reminded its agents they need to,”create, maintain, and update a sub-file that contains all materials that document the support for each factual assertion contained in FISA applications.” Given the timing, this change may have been part of the effort to clean up Stellar Wind, which had been used to substantiate FISA applications without notice for the previous five years.
  • On March 24, 2006, DOJ’s OIPR advised the court about the sub-file requirement, though focused especially on ensuring that, “the federal official currently handling the source (or the federal official who is responsible for liaison to another entity who is handling the source) [confirms] that the source remains reliable, and that all material information regarding the reliability of the source is reported accurately in the FISA application.” This would have been the period when the FBI was cleaning up after Katrina Leung, one of the worst double agents in recent history, so may have pertained to her reporting.
  • In February 2009, NSD and FBI together required the FBI to remove any asserted fact for which there is no documentation, and do so retroactively. It also implemented quarterly accuracy reviews that have since been made semi-annual. The Section 215 disclosures in this same time period suggest Bush got sloppy in its last years, so this may have reflected a need to clean that up, too.
  • August 2016. There was an update to the Woods Procedure and 2009 Memorandum in 2016, but the filing doesn’t describe it (or why).

How OI’s accuracy reviews work:

As DOJ has revealed in the past, OI’s Oversight Section does FISA oversight reviews at 25-30  (of the 56) Field offices a year. They review the compliance with minimization and querying procedures, the latter of which only recently got imposed.

In addition, they do an accuracy review of a subset of FISA applications that reviews:

  • The facts establishing probable cause to believe that the target is a foreign power or agent thereof
  • The verification process that the targeted facilities are used by, owned by, possessed by, or in transit to or from the target
  • The basis for the US person status of the target
  • The factual accuracy of the related criminal matters section, such as types of criminal investigative techniques used (e.g., subpoenas) and dates of pertinent actions in the criminal case

As the filing makes clear, “these accuracy reviews do not check for the completeness of the facts included in the application,” which is the real source of the problems identified in the Page application. Right now, OI is “considering” expanding a subset of reviews to check for completeness, but is not committing to doing so.

Two things are of interest here. The definition of FISA “facilities,” has long been of interest, not least because the government likes to pretend it consists mostly of phone numbers and email addresses. Indeed, 2007, FISC approved a broad definition of “facility” that can be used to target suspects of a terrorist group (and, presumably now, other clandestine networks), in large numbers. The language in this bullet all comes from statute, but the use of “about to be used,” would support the kind of monitoring of a new computer or phone we’ve heard of. This language also might support the monitoring of Amazon and bank accounts. The validation of facilities (both to be sure Page was still using them and to sustain FISA coverage to be able to get to new ones) was something important to the renewal process of Page’s FISAs.

The language on criminal matters reveals how the FBI deals with parallel investigations, such as the one that happened with Keith Gartenlaub (where they government used both criminal subpoenas and FISA searches, which ultimately led to a child porn prosecution unrelated to any FISA suspicion). I knew this section existed, but thought it did so just to comply with a statutory requirement, when targeting US persons, that their clandestine activities may involve violating criminal statute. But this language makes it clear that this part of the FISA application also serves to provide notice of such parallel proceedings. Given that the FBI has to declare that they can’t obtain information under FISA via other means, this raises more questions about the degree to which FISA can serve as an additive authority for certain kinds of investigations that will let the FBI use techniques they wouldn’t use otherwise.

The section on OI reviews also reveals that they review FISA applications before information from an application is used in a proceeding against someone picked up in it.

OI has also, as a matter of general practice, conducted accuracy reviews ofFISA applications for which the FBI has requested affirmative use ofFISA-obtained or -derived information in a proceeding against an aggrieved person.

It’s hard to tell whether this is a good thing or a bad thing. That’s because it doesn’t necessarily help the defendant. After all, if the OI review discovers problems with FISA applications, then DOJ would be more likely to parallel construct the prosecution, thereby burying a problematic part of the investigation. And a review at the period when FBI is already considering using it in a proceeding is too late in the process to protect the civil liberties of the person who is aggrieved if there was a problem with the application.

The section describing these reviews also reveals that, “in enumerated exceptions,” the FBI doesn’t have to rely on “the most authoritative document that exists” in the Woods Procedure. A footnote makes clear that one of the areas where the application itself may not include everything in the underlying documentation is human sources, which permits the lawyer submitting the application to ask a human source coordinator to verify the application matches the underlying documentation. Remember that the language about Christopher Steele used in the Carter Page application didn’t come from his handling agent’s assessment, but it came from a serialized intelligence report based off his reporting. That’s not what this describes, but may be one of the reasons the FBI took that shortcut.

Amy Berman Jackson Disputes Claims of “Exculpatory” Information on Russia and Ukraine

For all its import showing the problems with Carter Page’s FISA application, I’ll eventually show the DOJ IG Report  commits some of the same errors of inclusion and exclusion of important information that it accuses FBI of. Most importantly, it treats as exculpatory comments that George Papadopoulos made to Stephan Halper and another informant in fall 2016 when the FBI agents involved rightly (the record now confirms) suspected Papadopoulos’ answer was a cover story. Notably, Rosemary Collyer did not include the Papadopoulos comments in her letter to the government yesterday, suggesting she doesn’t think exclusion of those comments to be noteworthy.

Given Michael Horowitz’s focus on FBI’s withholding of exculpatory information (which they absolutely did, on a number of occasions), I find the focus of Amy Berman Jackson’s comments at Rick Gates’ sentencing hearing yesterday notable. (Thanks to CNN for culling these comments from the transcript.)

Some of the comments — including some focusing on Ukraine — seemed targeted at Republicans debating impeachment. For example, she emphasized that Gates’ information was not hearsay, and it implicated individuals associated with Ukraine and Russia.

Mr. Gates provided information — not hearsay, but information — based on his personal knowledge, meetings he attended, conversations in which he was a participant and information that was verified with contemporaneous records of numerous, undeniable contacts and communications between individuals associated with the presidential campaign, primarily but not only Manafort, and individuals associated with Russia and Ukraine.

ABJ likely recognizes, as I have emphasized, that Paul Manafort’s August 2, 2016 meeting with Konstantin Kilimnik and its aftermath — including his booking $2.4 million from pro-Russian Ukrainian oligarchs eight days later — represents a clearcut case of Ukraine interfering in the 2016 election.

She also takes a shot at those claiming there was no basis for the investigation into Russia, and suggests that obstruction successfully prevented prosecutors from charging the underlying coordination.

Gates’ debriefings, his multiple incriminatory bits of evidence on matters of grave and international importance are a reminder that there was an ample basis for the decision makers at the highest level of the United States Department of Justice — the United States Department of Justice of this administration — to authorize and pursue a law enforcement investigation into whether there was any coordination between the campaign and the known foreign interference in the election, as well as into whether there had been any attempt to obstruct that investigation, and to leave no stone unturned, no matter what the prosecutors determined they had evidence to prove at the end of that investigation.

And she emphasizes that pursuing this investigation was critical for election security.

Gates’ information alone warranted, indeed demanded, further investigation from the standpoint of our national security, the integrity of our elections and the enforcement of our criminal laws.

But there’s a line in here that seems directed at the discussion surrounding the IG Report.

One cannot possibly maintain that this was all exculpatory information. It included firsthand information about confidential campaign polling data being transmitted at the direction of the head of the campaign to one of those individuals to be shared with Russian and Ukrainian oligarchs.

The investigation into whether Trump’s campaign coordinated with Russia in its election interference started 3 days before Roger Stone spoke to Trump about how to optimize the WikiLeaks releases. It started 5 days before Trump’s campaign manager met with Konstantin Kilimnik to explain how he planned to win the investigation, discussed carving up Ukraine to Russia’s liking (an effort Manafort pursued for over a year afterwards), and how to get paid by his Ukrainian and Russian paymasters. It started 11 days before Manafort booked $2.4 million in revenues — to be received in November — from his Ukrainian paymasters.

Again, ABJ has seen more of the underlying evidence from this investigation than anyone. And she sure seems to think that Bill Barr, Donald Trump, and Michael Horowitz are dismissing the seriousness of this investigation.

Rosemary Collyer Responds to the DOJ IG Report in Fairly Blasé Fashion

Judge Rosemary Collyer just released a four page order responding to the DOJ IG Report showing problems with Carter Page’s FISA applications.

Before I explain the letter further, let me just explain for those who haven’t followed my FISA work. Collyer is the presiding judge of the court. Traditionally, it falls to the presiding judge to scold DOJ when things go haywire, and so it was to be expected that Collyer would write this. Collyer is nowhere near the most aggressive presiding judge in the court’s history (that honor might go to Reggie Walton, though Royce Lamberth was presiding when the Woods Procedures that weren’t followed here were introduced after he bitched about systematic problems). As an example, she wrote what I consider to be among the worst programmatic FISA opinions not written by a Dick Cheney flunkie, and she was reluctant to implement the new amicus mandated by Congress in the USA Freedom Act.

Predictably, while this is a sharp opinion, it’s not that onerous. She starts by spending a page explaining why candor is so important for the FISC, language that is probably for the benefit of those unfamiliar with the court. She cites three prior opinions complaining about lack of candor, just one of which I consider among the greatest hits.

She then reviews the problems laid out in the IG Report she considers most important, citing:

  • The failure to explain Carter Page’s past relationship with the CIA
  • Exaggerations about the degree to which Christopher Steele’s reporting had been corroborated
  • Contradictions of Steele’s claims made by his sub-source
  • Page’s denials he had worked closely with Paul Manafort
  • Page’s denials he knew the two Russians described in the Steele dossier
  • Details suggesting claims attributed to Sergei Millian in the dossier were unreliable

In addition, Collyer dedicates a paragraph to describing Kevin Clinesmith’s alteration of an email to hide Page’s prior CIA relationship, alluding to a prior order in which she seems to have ordered a review of everything he had touched.

In addition, while the fourth electronic surveillance application for Mr. Page was being prepared, an attorney in the FBI’s Office of General Counsel (OGC) engaged in conduct that apparently was intended to mislead the FBI agent who ultimately swore to the facts in that application about whether Mr. Page had been a source of another government agency. See id. at 252-56. The information about the OGC attorney’s conduct in the OIG report is consistent with classified submissions made to the FISC by the government on October 25, 2019, and November 27, 2019. Because the conduct ofthe OGC attorney gave rise to serious concerns about the accuracy and completeness of the information provided to the FISC in any matter in which the OGC attorney was involved, the Court ordered the government on December 5, 2019, to, among other things, provide certain information addressing those concerns.

In addition to ordering the declassification of that December 5 order, Collyer also ordered the FBI to explain, by January 10, what they’re going to do to fix the more general problem.

THEREFORE, the Court ORDERS that the government shall, no later than January 10, 2020, inform the Court in a sworn written submission of what it has done, and plans to do, to ensure that the statement of facts in each FBI application accurately and completely reflects information possessed by the FBI that is material to any issue presented by the application. In the event that the FBI at the time of that submission is not yet able to perform any of the planned steps described in the submission, it shall also include (a) a proposed timetable for implementing such measures and (b) an explanation of why, in the government’s view, the information in FBI applications submitted in the interim should be regarded as reliable.

So she’s not calling for the FISC itself to do anything different. FBI will likely provide a plan implementing the FISC-based recommendations made by Michael Horowitz, as well as additional updates to the Woods Procedures.

This is, in the grand scheme of things, an order deferring to the government to fix the problem, not an order designed to impose new requirements (of the kind Lamberth himself ordered years ago) from the court until FBI proves it has cleaned up its act.

Which leaves it up to Congress to impose any more substantive fixes.

How Twelve Years of Warning and Six Years of Plodding Reform Finally Forced FBI to Do Minimal FISA Oversight

Earlier this week, the government released the reauthorization package for the 2018 Section 702 certificates of FISA. With the release, they disclosed significant legal fights about the way FBI was doing queries on raw data, what we often call “back door searches.” Those fights are, rightly, being portrayed as Fourth Amendment abuses. But they are, also, the result of the FISA Court finally discovering in 2018, after 11 years, that back door searches work like some of us have been saying they do all along, a discovery that came about because of procedural changes in the interim.

As such, I think this is wrong to consider “FISA abuse” (and I say that as someone who was very likely personally affected by the practices in question). It was, instead, a case where the court discovered that FBI using 702 as it had been permitted to use it by FISC was a violation of the Fourth Amendment.

As such, this package reflects a number of things:

  • A condemnation of how the government has been using 702 (and its predecessor PAA) for 12 years
  • A (partial — but thus far by far the most significant one) success of the new oversight mechanisms put in place post-Snowden
  • An opportunity to reform FISA — and FBI — more systematically

This post will explain what happened from a FISA standpoint. A follow-up post will explain why this should lead to questions about FBI practices more generally.

The background

This opinion came about because every year the government must obtain new certificates for its 702 collection, the collection “targeted” at foreigners overseas that is, nevertheless, designed to collect content on how those foreigners are interacting with Americans. Last we had public data, there were three certificates: counterterrorism, counterproliferation, and “foreign government,” which is a too-broadly scoped counterintelligence function. As part of that yearly process, the government must get FISC approval to any changes to its certificates, which are a package of rules on how they will use Section 702. In addition, the court conducts a general review of all the violations reported over the previous year.

Originally, those certificates included proposed targeting (governing who you can target) and minimization (governing what you can do once you start collecting) procedures; last year was the first year the agencies were required to submit querying procedures governing the way agencies (to include NSA, CIA, National Counterterrorism Center, and FBI) access raw data using US person identifiers. The submission of those new querying procedures are what led to the court’s discovery that FBI’s practices violated the Fourth Amendment.

In the years leading up to the 2018 certification, the following happened:

  • In 2013, Edward Snowden’s leaks made it clear that those of us raising concerns about Section 702 minimization since 2007 were correct
  • In 2014, the Privacy and Civil Liberties Oversight Board (which had become operational for the first time in its existence almost simultaneously with Snowden’s leaks) recommended that CIA and FBI have to explain why they were querying US person content in raw data
  • In 2015, Congress passed the USA Freedom Act, the most successful reform of which reflected Congress’ intent that the FISA Court start consulting amicus curiae when considering novel legal questions
  • In 2015, amicus Amy Jeffress (who admitted she didn’t know much about 702 when first consulted) raised questions about how queries were conducted, only to have the court make minimal changes to current practice — in part, by not considering what an FBI assessment was
  • In the 2017 opinion authorizing that year’s 702 package, Rosemary Collyer approved an expansion of back door searches without — as Congress intended — appointing an amicus to help her understand the ways the legal solution the government implemented didn’t do what she believed it did; that brought some (though not nearly enough) attention to whether FISC was fulfilling the intent of Congress on amici
  • In the 2017 Reauthorization (which was actually approved in early 2018), Congress newly required agencies accessing raw data to submit querying procedures along with their targeting and minimization procedures in the annual certification process, effectively codifying the record-keeping suggestion PCLOB had made over two years earlier

When reviewing the reauthorization application submitted in March 2018, Judge James Boasberg considered that new 2017 requirement a novel legal question, so appointed Jonathan Cederbaum and Amy Jeffress, the latter of whom also added John Cella, to the amicus team. By appointing those amici to review the querying procedures, Boasberg operationalized five years of reforms, which led him to discover that practices that had been in place for over a decade violated the Fourth Amendment.

When the agencies submitted their querying procedures in March 2018, all of them except FBI complied with the demand to track and explain the foreign intelligence purpose for US person queries separately. FBI, by contrast, said they already kept records of all their queries, covering both US persons and non-US persons, so they didn’t have to make a change. One justification it offered for not keeping US person-specific records as required by the law is that Congress exempted it from the reporting requirements it imposed on other agencies in 2015, even though FBI admitted that it was supposed to keep queries not just for the public reports from which they argued they were exempted, but also for the periodical reviews that DOJ and ODNI make of its queries for oversight purposes. FBI Director Christopher Wray then submitted a supplemental declaration, offering not to fix the technical limitations they built into their repositories, but arguing that complying with the law via other means would have adverse consequences, such as diverting investigative resources. Amici Cedarbaum and Amy Jeffress challenged that interpretation, and Judge James Boasberg agreed.

The FBI’s querying violations

It didn’t help FBI that in the months leading up to this dispute, FBI had reported six major violations to FISC involving US person queries. While the description of those are heavily redacted, they appear to be:

  • March 24-27, 2017: The querying of 70K facilities “associated with” persons who had access to the FBI’s facilities and systems. FBI General Counsel (then run by Jim Baker, who had had these fights in the past) warned against the query, but FBI did it anyway, though did not access the communications. This was likely either a leak or a counterintelligence investigation and appears to have been discovered in a review of existing Insider Threat queries.
  • December 1, 2017: FBI conducted queries on 6,800 social security numbers.
  • December 7-11, 2017, the same entity at FBI also queried 1,600 queries on certain identifiers, though claimed they didn’t mean to access raw data.
  • February 5 and 23, 2018: FBI did approximately 30 queries of potential sources.
  • February 21, 2018: FBI did 45 queries on people being vetted as sources.
  • Before April 13, 2018: an unspecified FBI unit queried FISA acquired metadata using 57,000 identifiers of people who work in some place.

Note, these queries all took place under Trump, and most of them took place under Trump’s hand-picked FBI Director. Contrary to what some Trump apologists have said about this opinion, it is not about Obama abuse (though it reflects practices that likely occurred under him and George Bush, as well).

These violations made it clear that Congress’ mandate for better record-keeping was merited. Boasberg also used them to prove that existing procedures did not prevent minimization procedure violations because they had not in these instances.

As he was reviewing the violations, Boasberg discovered problems in the oversight of 702 that I had noted before, based off my review of heavily redacted Semiannual Reports (which means they should have been readily apparent to everyone who had direct access to the unredacted reports). For example, Judge Boasberg noted how few of FBI’s queries actually get reviewed during oversight reviews (something I’ve pointed out repeatedly, and which 702 boosters have never acknowledged the public proof of).

As noted above, in 2017 the FBI conducted over three million queries of FISA-acquired information on just one system, [redacted]. See Supplemental FBI Declaration at 6. In contrast, during 2017 NSD conducted oversight of approximately 63,000 queries in [redacted] and 274,000 queries in an FBI system [redacted]. See Gov’t Response at 36.

Personnel from the Office of Intelligence (OI) within the Department of Justice’s National Security Division (NSD) visit about half of the FBI’s field offices for oversight purposes in a given year. Id at 35 & n 42. Moreover OI understandably devotes more resources to offices that use FISA authorities more frequently, so those offices [redacted] are visited annually, id at 35 n. 42, which necessitates that some other offices go for periods of two years or more between oversight visits. The intervals of time between oversight visits at a given location may contribute to lengthy delays in detecting querying violations and reporting them to the FISC. See, e.g., Jan. 18, 2019, Notice [redacted] had been conducting improper queries in a training context since 2011, but the practice was not discovered until 2017).

He also noted that the records on such queries don’t require contemporaneous explanation from the Agent making the query, meaning any review of them will not find problems.

The FBI does not even record whether a query is intended to return foreign-intelligence information or evidence of crime. See July 13, 2018, Proposed Tr. at 14 (DOJ personnel “try to figure out” from FBI query records which queries were run for evidence of crime purposes). DOJ personnel ask the relevant FBI personnel to recall and articulate the bases for selected queries. Sometimes the FBI personnel report they cannot remember. See July 9, 2018, Notice.

Again, I noted this in the past.

In short, as Boasberg was considering Wray’s claim that the FBI didn’t need the record-keeping mandated by Congress, he was discovering that, in fact, FBI needs better oversight of 702 (something that should have been clear to everyone involved, but no one ever listens to my warnings).

FISC rules the querying procedures do not comply with the law or Fourth Amendment

In response to Boasberg’s demand, FBI made several efforts to provide solutions that were not really solutions.

The FBI’s first response to FISC’s objections was to require General Counsel approval before accessing the result of any “bulk” queries like the query that affected 70K people — what it calls “categorical batch queries.”

Queries that are in fact reasonably likely to return foreign-intelligence information are responsive the government’s need to obtain and produce foreign-intelligence information, and ultimately to disseminate such information when warranted. For that reason, queries that comply with the querying standard comport with § 1801 (h), even insofar as they result in the examination of the contents of private communications to or from U.S. persons. On the other hand, queries that lack a sufficient basis are not reasonably related to foreign intelligence needs and any resulting intrusion on U.S. persons’ privacy lacks any justification recognized by§ 1801 (h)(l). Because the FBI procedures, as implemented, have involved a large number of unjustified queries conducted to retrieve information about U.S. persons, they are not reasonably designed, in light of the purpose and technique of Section 702 acquisitions, to minimize the retention and prohibit the dissemination of private U.S. person information.

But Boasberg was unimpressed with that because the people who’d need to consult with counsel would be the most likely not to know they did need to do so.

He also objected to FBI’s attempt to give itself permission to use such queries at the preliminary investigation phase (before then, FBI was doing queries at the assessment stage).

The FBI may open a preliminary investigation with even less of a factual predicate: “on the basis of information or an allegation indicating the existence of a circumstance” described in paragraph a. orb. above. Id. § II.B.4.a.i at 21 (emphasis added). A query using identifiers for persons known to have had contact with any subject of a full or preliminary investigation would not require attorney approval under § IV.A.3, regardless of the factual basis for opening the investigation or how it has progressed since then.

Boasberg’s Fourth Amendment analysis was fairly cautious. Whereas amici pushed for him to treat the queries as separate Fourth Amendment events, on top of the acquisition (which would have had broad ramifications both within FISA practice and outside of it), he instead interpreted the new language in 702 to expand the statutory protection under queries, without finding queries of already collected data a separate Fourth Amendment event.

Similarly, both Boasberg and the amici ultimately didn’t push for a written national security justification in advance of an actual FISA search. Rather, they argued FBI had to formulate such a justification before accessing the query returns (in reality, many of these queries are automated, so it’d be practically impossible to do justifications before the fact).

Boasberg nevertheless required the FBI to at least require foreign intelligence justifications for queries before an FBI employee accessed the results of queries.

The FBI was not happy. Having been told they have to comply with the clear letter of the law, they appealed to the FISA Court of Review, adding apparently new arguments that fulfilling the requirement would not help oversight and that the criminal search requirements were proof that Congress didn’t intend them to comply with the other requirements of the law. Like Boasberg before them, FISCR (in a per curium opinion from the three FISCR judges, José Cabranes, Richard Tallman, and David Sentelle) found that FBI really did need to comply with the clear letter of the law.

The FBI chose not to appeal from there (for reasons that go beyond this dispute, I suspect, as I’ll show in a follow-up). So by sometime in December, they will start tracking their backdoor searches.

FBI tried, but failed, to avoid implementing a tool that will help us learn what we’ve been asking

Here’s the remarkable thing about this. Something like this has been coming for two years, and FBI is only now beginning to comply with the requirement. That’s probably not surprising. Neither the Director of National Intelligence (which treated its intelligence oversight of FBI differently than it did CIA or NSA) nor Congress had demanded that FBI, which can have the most direct impact on someone’s life, adhere to the same standards of oversight that CIA and NSA (and an increasing number of other agencies) do.

Nevertheless, 12 years after this system was first moved under FISA (notably, two key Trump players, White House Associate Counsel John Eisenberg and National Security Division AAG John Demers were involved in the original passage), we’re only now going to start getting real information about the impact on Americans, both in qualitative and quantitative terms. For the first time,

  • We will learn how many queries are done (the FISC opinion revealed that just one FBI system handles 3.1 million queries a year, though that covers both US and non US person queries)
  • We will learn that there are more hits on US persons than previously portrayed, which leads to those US persons to being investigated for national security or — worse — coerced to become national security informants
  • We will learn (even more than we already learned from the two reported queries that this pertained to vetting informants) the degree to which back door searches serve not to find people who are implicated in national security crimes, but instead, people who might be coerced to help the FBI find people who are involved in national security crimes
  • We will learn that the oversight has been inadequate
  • We will finally be able to measure disproportionate impact on Chinese-American, Arab, Iranian, South Asian, and Muslim communities
  • DOJ will be forced to give far more defendants 702 notice

Irrespective of whether back door searches are themselves a Fourth Amendment violation (which we will only now obtain the data to discuss), the other thing this opinion shows is that for twelve years, FISA boosters have been dismissing the concerns those of us who follow closely have raised (and there are multiple other topics not addressed here). And now, after more than a decade, after a big fight from FBI, we’re finally beginning to put the measures in place to show that those concerns were merited all along.

Admitted Former Foreign Agent Mike Flynn Demands More Classified Information

According to Mike Flynn’s Fox News lawyer, Sidney Powell, to “defend” himself in a guilty plea he has already sworn to twice under oath, he needs to obtain unredacted versions of a Comey memo showing he was not targeted with a FISA warrant and a FISA order showing that people who were targeted with FISA warrants might have been improperly scrutinized while they were overseas.

That’s just part of the batshittery included in a request for Brady material submitted to Emmet Sullivan last Friday.

The motion is 19 pages, most of which speaks in gross generalities about Brady obligations or repeats Ted Stevens Ted Stevens Ted Stevens over and over again, apparently a bid to convince Judge Emmet Sullivan that this case has been subject to the same kind of abuse that the late Senator’s was.

After several readings, I’ve discovered that Powell does make an argument in the motion: that if the government had provided Flynn with every damning detail it has on Peter Strzok, Flynn might not have pled guilty to lying to Strzok about his conversations with Russian Ambassador Sergey Kislyak or admitted that he used a kickback system to hide that he was a paid agent of Turkey while getting Top Secret briefings with candidate Trump.

They affirmatively suppressed evidence (hiding Brady material) that destroyed the credibility of their primary witness, impugned their entire case against Mr. Flynn, while at the same time putting excruciating pressure on him to enter his guilty plea and manipulating or controlling the press to their advantage to extort that plea. They continued to hide that exculpatory information for months—in direct contravention of this Court’s Order—and they continue to suppress exculpatory information to this day.

One of the things Powell argues Flynn should have received is unredacted copies of every text Strzok sent Lisa Page.

The government’s most stunning suppression of evidence is perhaps the text messages of Peter Srzok and Lisa Page. In July of 2017, (now over two years ago), the Inspector General of the Department of Justice advised Special Counsel of the extreme bias in the now infamous text messages of these two FBI employees. Mr. Van Grack did not produce a single text messages to the defense until March 13, 2018, when he gave them a link to then-publicly available messages. 14

Mr. Van Grack and Ms. Ahmad, among other things, did not disclose that FBI Agent Strzok had been fired from the Special Counsel team as its lead agent almost six months earlier because of his relationship with Deputy Director McCabe’s Counsel—who had also been on the Special Counsel team—and because of their text messages and conduct. One would think that more than a significant subset of those messages had to have been shared by the Inspector General of the Department of Justice with Special Counsel to warrant such a high-level and immediate personnel change. Indeed, Ms. Page left the Department of Justice because of her conduct, and Agent Strzok was terminated from the FBI because of it.

14 There have been additional belated productions. Each time more text messages are found, produced, or unredacted, there is more evidence of the corruption of those two agents. John Bowden, FBI Agent in Texts: ‘We’ll Stop’ Trump From Becoming President, THE HILL (June 14, 2018), https://thehill.com/policy/national-security/392284-fbi-agent-in-texts-well-stop-trumpfrom-becoming-president; see also U.S. Dept. of Justice, Office of the Inspector General, A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election. Redacted Ed. Washington, D.C. (2018) (https://www.justice.gov/file/1071991/download). But the situation is even worse. After being notified by the Inspector General of the Department of Justice of the extraordinary text communications between Strzok and Page (more than 50,000 texts) and of their personal relationship, which further compromised them, Special Counsel and DOJ destroyed their cell phones. U.S. Dept. of Justice, Office of the Inspector General, Report of Investigation: Recovery of Text Messages From Certain FBI Mobile Devices, Redacted Ed. Washington, D.C. (2018), https://www.justice.gov/file/1071991/download. This is why our Motion also requests a preservation order like the one this Court entered in the Stevens case.

As is true of most of this filing, Powell gets some facts wrong here. The public record says that as soon as Mueller got the warning from Michael Horowitz about the texts, he started moving Strzok off the team. He didn’t need to see the texts, that they were there was issue enough. And Lisa Page remained at FBI until May 2018, even after the texts were released to the public.

And while, if Sullivan had taken Flynn’s initial guilty plea rather than Rudy Contreras, one might argue that Van Grack should have alerted Flynn’s lawyer Rob Kelner of the existence of the Strzok-Page texts, DOJ was not required to turn them over before Flynn’s guilty plea. Moreover, the problem with claiming that withholding the Strzok-Page texts prevented Flynn from taking them into account, is that they were made public the say day Emmet Sullivan issued his Brady order and Flynn effectively pled guilty again a year after they were released, in sworn statements where he also reiterated his satisfaction with his attorney, Kelner. Any texts suggesting bias had long been released; what remains redacted surely pertains either to their genuine privacy or to other counterintelligence investigations.

Finally, at least as far as public evidence goes, Strzok was, if anything, favorable to Flynn for the period he was part of the investigation. He found Flynn credible in the interview, and four months later didn’t think anything would come of the Mueller investigation. So the available evidence, at least, shows that Flynn was treated well by Strzok.

The filing also complains about information just turned over on August 16.

For example, just two weeks ago, Mr. Van Grack, Ms. Curtis, and Ms. Ballantine produced 330 pages of documents with an abject denial the production included any Brady material.6 Yet that production reveals significant Brady evidence that we include and discuss in our accompanying Motion (filed under seal because the prosecutors produced it under the Protective Order).

6 “[T]he government makes this production to you as a courtesy and not because production of this information is required by either Brady v. Maryland, 373 U.S. 83 (1963), or the Court’s Standing Order dated February 16, 2018.” Letter from Mr. Brandon Van Grack to Sidney K. Powell, Aug. 16, 2019.

Given the timing, it may well consist of the unclassified materials showing that Turkey (and possibly Russia) believed Flynn to be an easy mark and expected to be able to manipulate Trump through him. I await either the unsealing of Powell’s sealed filing or the government response to see if her complaints are any more worthy than this filing.

That’s unlikely. Because the rest of her memo makes a slew of claims that suggest she’s either so badly stuck inside the Fox bubble she doesn’t understand what the documents in question actually say, or doesn’t care. In her demand for other documents that won’t help Flynn she,

  • Misstates the seniority of Bruce Ohr
  • Falsely claims Bruce Ohr continued to serve as a back channel for Steele intelligence when in fact he was providing evidence to Bill Priestap about its shortcomings (whom the filing also impugns)
  • Suggests the Ohr memos pertain to Flynn; none of the ones released so far have the slightest bit to do with Flynn
  • Falsely suggests that Andrew Weissmann was in charge of the Flynn prosecution
  • Claims that Weissman and Zainab Ahmad had multiple meetings with Ohr when the only known meeting with him took place in fall 2016, before Flynn committed the crimes he pled guilty to; the meeting likely pertained to Paul Manafort, not Flynn
  • Includes a complaint from a Flynn associate that pertains to alleged DOD misconduct (under Trump) to suggest DOJ prosecutors are corrupt

In short, Powell takes all the random conspiracy theories about the investigation and throws them in a legal filing without even fact-checking them against the official documents, or even, at times, the frothy right propaganda outlets that first made the allegations.

Things get far weirder when it comes to her demands relating to FISA information. In a bid to claim this is all very pressing, Powell demands she get an unredacted version of the Comey IG Report.

Since our initial request to the Department by confidential letter dated June 6, 2019, we have identified additional documents that we specify in our Motion. Now, with the impending and just-released reports of the Inspector General, there may be more. The Report of the Inspector General regarding James Comey’s memos and leaks is replete with references to Mr. Flynn, and some information is redacted. There may also be a separate classified section relevant to Mr. Flynn. U.S. Dept. of Justice, Office of the Inspector General, Report of Investigation of Former Federal Bureau of Investigation Director James Comey’s Disclosure of Sensitive Investigative Information and Handling of Certain Memoranda, Oversight and Review Division Report 19-02 (Aug. 29, 2019), https://oig.justice.gov/reports/2019/o1902.pdf

The only redacted bits in the report are in Comey’s memos themselves — the stuff that the frothy right is currently claiming was so classified that Comey should have been prosecuted for leaving them in a SCIF at work. Along with unclassified sections quoting Trump saying he has “serious reservations about Mike Flynn’s judgment” (the redacted bit explains that the President was pissed that Flynn didn’t tell him about Putin’s congratulatory call right away) and “he had other concerns about Flynn,” there’s this section that redacts the answer to Reince Priebus’ question about whether the FBI has a FISA order on Flynn (PDF 74).

The answer, though, is almost certainly no. Even if the FBI obtained one later, there was no way that Comey would have told Priebus that Flynn was targeted; the FBI became more concerned about Flynn after this February 8 conversation, in part because of his continued lies about his work with Turkey.

Flynn’s team also demands an unredacted copy of this 2017 FISA 702 Rosemary Collyer opinion, though Powell’s understanding of it seems to based off Sara Carter’s egregiously erroneous reporting on it (here’s my analysis of the opinion).

Judge Rosemary Collyer, Chief Judge of the FISA court, has already found serious Fourth Amendment violations by the FBI in areas that likely also involve their actions against Mr. Flynn. Much of the NSA’s activity is in direct violation of the Fourth Amendment. Not only did the last administration—especially from late 2015 to 2016—dramatically increase its use and abuse of “about queries” in the NSA database, which Judge Collyer has noted was “a very serious Fourth Amendment issue,” it also expanded the distribution of the illegally obtained information among federal agencies.10 Judge Collyer determined that former FBI Director Comey gave illegal unsupervised access to raw NSA data to multiple private contractors. The court also noted that “the improper access granted the [redacted] contractors was apparently in place [redacted] and seems to have been the result of deliberate decision making” including by lawyers.11, 12

10 See also Charlie Savage, NSA Gets More Latitude to Share Intercepted Communications, THE N.Y. TIMES (Jan. 12, 2017) (reporting that Attorney General Loretta Lynch signed new rules for the NSA that permitted the agency to share raw intelligence with sixteen other agencies, thereby increasing the likelihood that personal information would be improperly disclosed), https://www.nytimes.com/2017/01/12/us/politics/nsa-gets-more-latitude-to-share-interceptedcommunications.html; See also Exec. Order No. 12,333, 3 C.F.R. 200 (1982), as amended by Exec. Order No. 13,284, 68 Fed. Reg. 4075 (Jan. 23, 2003).

11 FISC Mem. and Order, p. 19, 87 (Apr. 26, 2017) www.dni.gov/files/documents/icotr/51117/2016_Cert_FISC_Memo_Opin_Order_Apr_2017.pdf (noting that 85% of the queries targeting American citizens were unauthorized and illegal).

12 This classified and heavily redacted opinion is one of the documents for which defense counsel requests a security clearance and access.

As a threshold matter, Powell gets virtually everything about the Collyer memo wrong. Collyer didn’t track any increase in “about” searches (it was one of the problems with her memo, that she didn’t demand new numbers on what NSA was doing). It tracked a greater number of certain kinds of violations than previously known. The violation resulting in the 85% number she cited was on US persons targeted between November 2015 and May 2016, but the violation problem existed going back to 2012, when Flynn was still part of the Deep State. What Collyer called a Fourth Amendment violation involved problems with 704/705b targeting under FISA, which are individualized warrants usually tied to individualized warrants under Title I (that is, the kind of order we know targeted Carter Page), and probably a limited set of terrorism targets. Given that the Comey memo almost certainly hides evidence that Flynn was not targeted under FISA as of February 8, 2017, it means Flynn would have had to be a suspected terrorist to otherwise be affected. Moreover, the NSA claimed to have already fixed the behavioral problem by October 4, 2016, even before Carter Page was targeted. I had raised concerns that the problems might have led to problems with Page’s targeting, but since I’ve raised those concerns with Republicans and we haven’t heard about them, I’m now fairly convinced that didn’t happen.

At least some of the FBI violation — letting contractors access raw FISA information — was discontinued in April 2016, before the opening of the investigation into Trump’s flunkies, and probably all was discontinued by October 4, 2016, when it was reported. One specific violation that Powell references, however, pertains to 702 data, which could not have targeted Flynn.

Crazier still, some of the problems described in the opinion (such as that NSA at first only mitigated the problem on the tool most frequently used to conduct back door searches) cover things that happened on days in late January 2017 when a guy named Mike Flynn was National Security Advisor (see PDF 21).

Powell should take up her complaints with the guy running National Security at the time.

Craziest still, Powell describes data collected under EO 12333 as “illegally obtained information” (Powell correctly notes that the Obama Administration permitted sharing from NSA to other agencies, but that EO would not affect the sharing of FISA information at all). If EO 12333 data, which lifetime intelligence officer Mike Flynn used through his entire career, is illegally obtained, then it means lifetime intelligence officer Mike Flynn broke the law through his entire government career.

Sidney Powell is effectively accusing her client (incorrectly) of violating the law in a motion that attempts to argue he shouldn’t be punished for the laws he has already admitted breaking.

In short, most of the stuff we can check in this motion doesn’t help Flynn, at all.

And at least before Powell submitted this, Emmet Sullivan seemed unimpressed with her claims of abuse.

The government and Flynn also submitted a status report earlier on Friday. In the status report, the government was pretty circumspect. Flynn’s cooperation is done (which is what they said almost a year ago), they’d like to schedule sentencing for October or November, and they’ve complied with everything covered by Brady. Anything classified, like Powell is demanding, would be governed by CIPA and only then discoverable if it is helpful to the defense.

Powell made more demands in the status report, renewing her demand for a security clearance and insisting there are other versions of the Flynn 302.

To sort this out, the government suggested a hearing in early September, but Powell said such a hearing shouldn’t take place for another month (during which time some of the IG reports she’s sure will be helpful will come out).

The parties are unable to reach a joint response on the above topics. Accordingly, our respective responses are set forth separately below. Considering these disagreements, the government respectfully requests that the Court schedule a status conference. Defense counsel suggests that a status conference before 30 days would be too soon, but leaves the scheduling of such, if any, to the discretion of the Court. The government is available on September 4th, 5th, 9th or 10th of 2019, or thereafter as the Court may order. Defense counsel are not available on those specific dates.

Judge Sullivan apparently sided with the government (and scheduled the hearing for a date when Flynn’s attorneys claim to be unable to attend).

Every time Flynn has tried to get cute thus far, it has blown up in his face. And while Sullivan likely doesn’t know this, the timing of this status hearing could be particularly beneficial for the government, as they’ll know whether Judge Anthony Trenga will have thrown out Bijan Kian’s conviction because of the way it was charged before the hearing, something that would make it far more likely for the government to say Flynn’s flip-flop on flipping doesn’t amount to full cooperation.

And this filing isn’t even all that cute, as far as transparent bullshit goes.

In 2017, the Government Withdrew Three FISA Collection Requests Rather than Face an Amicus Review

Last year’s Section 702 Reauthorization law included a bunch of technical fix language describing how appeals of FISA Court of Review decisions should work.

In this post on that technical language, I speculated that Congress may have added the language in response to a denial of a request by the FISCR, about the only thing that would have identified the need for such language.

As one piece of evidence to support that hypothesis, I noted that one of the times the FISC consulted with an amicus (probably Amy Jeffress), it did not make the topic or the result public.

There’s one other reason to think there must have been a significant denial: The report, in the 2015 FISC report, that an amicus curiae had been appointed four times.

During the reporting period, on four occasions individuals were appointed to serve as amicus curiae under 50 U.S.C. § 1803(i). The names of the three individuals appointed to serve as amicus curiae are as follows:  Preston Burton, Kenneth T. Cuccinelli II  (with Freedom Works), and Amy Jeffress. All four appointments in 2015 were made pursuant to § 1803(i)(2)(B). Five findings were made that an amicus curiae appointment was not appropriate under 50 U.S.C. § 1803(i)(2)(A) (however, in three of those five instances, the court appointed an amicus curiae under 50 U.S.C. § 1803(i)(2)(B) in the same matter).

We know of three of those in 2015: Ken Cuccinelli serving as amicus for FreedomWorks’ challenge to the restarted dragnet in June 2015, Preston Burton serving as amicus for the determination of what to do with existing Section 215 data, and Amy Jeffress for the review of the Section 702 certifications in 2015. (We also know of the consultation with Mark Zwillinger in 2016 and Rosemary Collyer’s refusal to abide by USA Freedom Act’s intent on amici on this year’s reauthorization.) I’m not aware of another, fourth consultation that has been made public, but according to this there was one more. I say Jeffress was almost certainly the amicus used in that case because she was one of the people chosen to be a formal amicus in November 2015, meaning she would have been called on twice. If it was Jeffress, then it likely happened in the last months of the year.

I raise that background because of a detail in the FISC report released yesterday, showing its approvals for 2017. It revealed that FISC told the government on three occasions it might appoint an amicus. On all three occasions, the government withdrew the request rather than undergo a FISC review with even a limited adversary.

During the reporting period, no individual was appointed to serve as amicus curiae by the FISA courts. No findings were made in 2017, pursuant to 50 U.S.C. § 1803(i)(2)(A), that an amicus curiae appointment was not appropriate. There were three matters in which the Court advised the government that it was considering appointment of an amicus curiae to address a novel or significant question of law raised in proposed applications, but the government ultimately did not proceed with the proposed applications at issue, or modified the final applications such that they did not present a novel or significant question of law, thereby obviating a requirement for consideration as to the appropriateness of appointment of amicus. These matters are reflected in the table above as, respectively, a modification to a proposed order, an application denied in full, and an application denied in part. This is the first report including information about such occurrences. A similarly small number of such events occurred during prior reporting periods but were not discussed in the reports for those years.

In one case, the government withdrew an entire application after learning the FISC might appoint an amicus to review the proposed technique. In two others, the final order in one or another way did not include the requested practice.

These three instances are not the first time the government has withdrawn a request after learning FISC would invite adversarial review. While the court doesn’t reveal how many or in what years, it does say that a “similarly small number of such events occurred during prior reporting periods.” Given that there have been just two other reporting periods (the report for part of 2015 and the report covering all of 2016), the language seems to suggest it happened in both years.

That the government has been withdrawing requests rather than submitting them to the scrutiny of an amicus suggests several things.

First, it may be withdrawing such applications out of reluctance to share details of such techniques even with a cleared amicus, not even one of the three who served as very senior DOJ officials in the past. If that’s right, that would reflect some pretty exotic requests, because some of the available amici (most notably former Assistant Attorney General David Kris) have seen all that DOJ was approving with NatSec collection.

Second, remember that for at least one practice (the collection of location information), the government has admitted to opting to using criminal process rather than FISA where more lenient precedents exist in particular jurisdictions. That might happen, for example, if a target could be targeted in a state that didn’t require a warrant for some kinds of location data whereas FISC does.

Starting in 2017, the government would have the ability to share raw EO 12333 with the FBI, which might provide another alternative means to collect the desired data.

All of which is to say these withdrawals don’t necessarily mean the government gave up. Rather, past history has shown that the government often finds another way to get information denied by the FISC, and that may have happened with these three requests.

Finally, remember that as part of 702 reauthorization last year, Ron Wyden warned that reauthorization should include language preventing the government from demanding that companies provide technical assistance (which obviously includes, but is probably not limited to, bypassing or weakening encryption) as part of 702 directives. The threat the government might do so under 702 is particularly acute, because unlike with individual orders (which is what the withdrawn requests here are), the FISC doesn’t review the directives submitted under 702. Some of these withdrawn requests — which may number as many as nine — may reflect such onerous technical requests.

Importantly, one reason the government might withdraw such requests is to avoid any denials that would serve as FISC precedent for individualized  and 702 requests. That is, if the government believed the court might deny an individual request, it might withdraw it and preserve its ability to make the very same demand in a 702 context, where the FISC doesn’t get to review the techniques use.

Whatever the case, the government has clearly been bumping up against the limits of what it believes FISC will approve in individualized requests. But that doesn’t mean it hasn’t been surpassing those limits via one or another technical or legal means.

Rosemary Collyer Moves to Lock Down the FISA Court

These two filings at the FISA Court — letters from Rosemary Collyer to Republican members of Congress trying to liberate documents related to Carter Page’s FISA application — have generated a good deal of attention. But they’re not all that exciting. All they consist of is Collyer (the worst presiding judge ever, if not the worst FISC judge outright) telling Bob Goodlatte and Devin Nunes that DOJ and FBI have most of the documents they want and she’s not going to budge until she learns what they’ll do.

Thank you for the courtesy of copying me on your February 1, 2018, letter to the Department of Justice and the FBI in which you made requests for information similar to those in your letter to us. Those agencies possess most, if not all, of the responsive materials the Court might possess, and we have previously made clear to the Department, both formally and informally, that we do not object to any decision by the Executive Branch to release any such FISA materials to Congress. I expect that their handling of your requests will inform the Court as to how the Executive Branch perceives its interests and will assist us in our consideration of the full range of issues; therefore we have asked the Department of Justice to keep us informed regarding its response to your February 1 letter.

It’s a punt. And not a very bold one.

The context, though, is interesting. The move comes after three related events:

  • After Collyer blew off a previous FISC precedent in ruling against an ACLU effort to liberate some FISA documents, the FISC apparently revolted, leading the entire court to consider the issue which was narrowly decided for ACLU. FISC then punted that decision up to the FISCR. FISCR named Laura Donahue as amicus on that challenge (both giving the proceeding a patina of process but also ensuring she doesn’t give up on the amicus process like John Cline did in December). I hope I’m wrong, but I expect FISCR to rule against ACLU, thereby tamping down any First Amendment right to access decisions of the court.
  • NYT’s Adam Goldman and Charlie Savage asked for the Carter Page application. This is a serious legal effort, with attentive follow-up. If ACLU loses at FISCR, however, it’ll make it very easy for FISC to deny their request.
  • Lawfare’s Susan Hennessey and Ben Wittes asked for the FISC to release a statement about whether DOJ conducted any misconduct in the Page application. This is less serious than the NYT effort, both for the utter lack of self-awareness of two people who just four months ago were applauding FISC law-breaking, deeming themselves “true friends” of the court, claiming that FISC telling us it is cool with DOJ’s application will restore faith in the process. As if that would be sufficient. Plus, the motion isn’t necessary: Reggie Walton has made public statements on his own. If Collyer did so in this case, it would be more credible if she did so on her own than if she did so because a former NSA lawyer and a surveillance booster invited her too.

I don’t support the full Page application coming out in this case. But a sharply redacted version would do more to silence the skeptics than anything else.

But by all appearances, Collyer wants the Executive to tell her what to do here, ceding the “inherent authority” Hennessey and Wittes proclaim in their motion.

Collyer’s continued subservience to the Executive is, in my opinion, a far graver challenge to FISA Court legitimacy than the Carter Page approvals are. Particularly at this moment, I wish Judge Collyer would act like the independent court most other FISC judges treat it as.

Asha Rangappa Demands Progressive Left Drop Bad Faith Beliefs in Op-Ed Riddled with Errors Demonstrating [FBI’s] Bad Faith

It’s my fault, apparently, that surveillance booster Devin Nunes attacked the FBI this week as part of a ploy to help Donald Trump quash the investigation into Russian involvement in his election victory. That, at least, is the claim offered by the normally rigorous Asha Rangappa in a NYT op-ed.

It’s progressive left privacy defenders like me who are to blame for Nunes’ hoax, according to Rangappa, because — she claims — “the progressive narrative” assumes the people who participate in the FISA process, people like her and her former colleagues at the FBI and the FISA judges, operate in bad faith.

But those on the left denouncing its release should realize that it was progressive and privacy advocates over the past several decades who laid the groundwork for the Nunes memo — not Republicans. That’s because the progressive narrative has focused on an assumption of bad faith on the part of the people who participate in the FISA process, not the process itself.

And then, Ragappa proceeds to roll out a bad faith “narrative” chock full of egregious errors that might lead informed readers to suspect FBI Agents operate in bad faith, drawing conclusions without doing even the most basic investigation to test her pre-conceived narrative.

Rangappa betrays from the very start that she doesn’t know the least bit about what she’s talking about. Throughout, for example, she assumes there’s a partisan split on surveillance skepticism: the progressive left fighting excessive surveillance, and a monolithic Republican party that, up until Devin Nunes’ stunt, “has never meaningfully objected” to FISA until now. As others noted to Rangappa on Twitter, the authoritarian right has objected to FISA from the start, even in the period Rangappa used what she claims was a well-ordered FISA process. That’s when Republican lawyer David Addington was boasting about using terrorist attacks as an excuse to end or bypass the regime. “We’re one bomb away from getting rid of that obnoxious [FISA] court.”

I’m more peeved, however, that Rangappa is utterly unaware that for over a decade, the libertarian right and the progressive left she demonizes have worked together to try to rein in the most dangerous kinds of surveillance. There’s even a Congressional caucus, the Fourth Amendment Caucus, where Republicans like Ted Poe, Justin Amash, and Tom Massie work with Rangappa’s loathed progressive left on reform. Amash, Mike Lee, and Rand Paul, among others, even have their name on legislative attempts to reform surveillance, partnering up with progressives like Zoe Lofgren, John Conyers, Patrick Leahy, and Ron Wyden. This has become an institutionalized coalition that someone with the most basic investigative skills ought to be able to discover.

Since Rangappa has not discovered that coalition, however, it is perhaps unsurprising she has absolutely no clue what the coalition has been doing.

In criticizing the FISA process, the left has not focused so much on fixing procedural loopholes that officials in the executive branch might exploit to maximize their legal authority. Progressives are not asking courts to raise the probable cause standard, or petitioning Congress to add more reporting requirements for the F.B.I.

Again, there are easily discoverable bills and even some laws that show the fruits of progressive left and libertarian right efforts to do just these things. In 2008, the Democrats mandated a multi-agency Inspector General on Addington’s attempt to blow up FISA, the Stellar Wind program. Progressive Pat Leahy has repeatedly mandated other Inspector General reports, which forced the disclosure of FBI’s abusive exigent letter program and that FBI flouted legal mandates regarding Section 215 for seven years (among other things). In 2011, Ron Wyden started his thus far unsuccessful attempt to require the government to disclose how many Americans are affected by Section 702. In 2013, progressive left and libertarian right Senators on the Senate Judiciary Committee tried to get the Intelligence Community Inspector General to review how the multiple parts of the government’s surveillance fit together, to no avail.

Rangappa’s apparent ignorance of this legislative history is all the more remarkable regarding the last several surveillance fights in Congress, USA Freedom Act and this year’s FISA Amendments Act reauthorization (the latter of which she has written repeatedly on). In both fights, the bipartisan privacy coalition fought for — but failed — to force the FBI to comply with the same kind of reporting requirements that the bill imposed on the NSA and CIA, the kind of reporting requirements Rangappa wishes the progressive left would demand. When a left-right coalition in the House Judiciary Committee tried again this year, the FBI stopped negotiating with HJC’s staffers, and instead negotiated exclusively with Devin Nunes and staffers from HPSCI.

With USAF, however, the privacy coalition did succeed in a few reforms (including those reporting requirements for NSA and CIA). Significantly, USAF included language requiring the FISA Court to either include an amicus for issues that present “a novel or significant interpretation of the law,” or explain why it did not. That’s a provision that attempts to fix the “procedural loophole” of having no adversary in the secret court, though it’s a provision of law the current presiding FISC judge, Rosemary Collyer, blew off in last year’s 702 reauthorization. (Note, as I’ve said repeatedly, I don’t think Collyer’s scofflaw behavior is representative of what FISC judges normally do, and so would not argue her disdain for the law feeds a “progressive narrative” that all people involved in the FISA process operated in bad faith.)

Another thing the progressive left and libertarian right won in USAF is new reporting requirements on FISA-related approvals for FISC, to parallel those DOJ must provide. Which brings me to Rangappa’s most hilarious error in an error-ridden piece (it’s an error made by multiple civil libertarians earlier in the week, which I corrected on Twitter, but Rangappa appears to mute me so wouldn’t have seen it).

To defend her claim that the FISC judge who approved the surveillance of Carter Page was operating, if anything, with more rigor than in past years, Rangappa points to EPIC’s tracker of FISA approvals and declares that the 2016 court rejected the highest number of applications in history.

We don’t know whether the memo’s allegations of abuse can be verified. It’s worth noting, however, that Barack Obama’s final year in office saw the highest number of rejected and modified FISA applications in history. This suggests that FISA applications in 2016 received more scrutiny than ever before.

Here’s why this is a belly-laughing error. As noted, USAF required the FISA Court, for the first time, to release its own record of approving applications. It released a partial report (for the period following passage of USAF) covering 2015, and its first full report for 2016. The FISC uses a dramatically different (and more useful) counting method than DOJ, because it counts what happens to any application submitted in preliminary form, whereas DOJ only counts applications submitted in final form. Here’s how the numbers for 2016 compare.

Rangappa relies on EPIC’s count, which for 2016 not only includes an error in the granted number, but adopts the AOUSC counting method just for 2016, making the methodology of its report invalid (it does have a footnote that explains the new AOUSC numbers, but not why it chose to use that number rather than the DOJ one or at least show both).

Using the only valid methodology for comparison with past years, DOJ’s intentionally misleading number, FISC rejected zero applications, which is consistent or worse than other years.

It’s not the error that’s the most amusing part, though. It’s that, to make the FISC look good, she relies on data made available, in significant part, via the efforts of a bipartisan coalition that she claims consists exclusively of lefties doing nothing but demonizing the FISA process.

If anyone has permitted a pre-existing narrative to get in the way of understanding the reality of how FISA currently functions, it’s Rangappa, not her invented progressive left.

Let me be clear. In spite of Rangappa’s invocation (both in the body of her piece and in her biography) of her membership in the FBI tribe, I don’t take her adherence to her chosen narrative in defiance of facts that she made little effort to actually learn to be representative of all FBI Agents (which is why I bracketed FBI in my title). That would be unfair to a lot of really hard-working Agents. But I can think of a goodly number of cases, some quite important, where that has happened, where Agents chased a certain set of leads more vigorously because they fit their preconceptions about who might be a culprit.

That is precisely what has happened here. A culprit, Devin Nunes — the same guy who helped the FBI dodge reporting requirements Rangappa thinks the progressive left should but is not demanding — demonized the FISA process by obscuring what really happens. And rather than holding that culprit responsible, Rangappa has invented some other bad guy to blame. All while complaining that people ever criticize her FBI tribe.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Jack Goldsmith and Susan Hennessey Run Cover for Those Giving Jeff Sessions Unreviewable Authority to Criminalize Dissent

I’m used to Susan Hennessey partnering with Ben Wittes to write apologies for NSA and FBI that ignore known facts. I’m a bit surprised that Jack Goldsmith did so in this defense of Democrats — like Adam Schiff and Nancy Pelosi and nineteen Democratic Senators — who have voted to give Jeff Sessions unreviewable authority to criminalize dissent using certain privacy tools.

NSA did not fix “abouts” problems before the issues became public

There are numerous problems with this post. The one that irks me the most, however, is the claim that the “system itself” identified and addressed problems with “abouts” collection before they became public.

We acknowledge that the program has raised hard legal questions as well as difficult compliance issues, primarily involving “abouts” collection. But these problems were identified by the system itself, long before the issues became public, and the practices were fixed or terminated.

This claim, one I’ve corrected Hennessey for on numerous occasions on Twitter, is false, and should be retracted.

I say that with great confidence, because I wrote about the problems on August 11, 2016, well before NSA failed to disclose the full extent of the problems in an October 4, 2016 hearing, which led the worst FISC judge ever, Rosemary Collyer, to complain about NSA’s institutional “lack of candor.”

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

As a reminder, the problem (the FISC has) with “abouts” collection is not so much that it collected entirely domestic communications — that’s the complaint of the rest of us. It’s that NSA never ever complied with John Bates’ 2011 requirement that NSA not conduct back door searches on upstream collection, because it might result in searches of those entirely domestic communications. In my August 2016 post, I noted that reviewers kept discovering that NSA continued to do back door searches on upstream data in violation of that prohibition, and kept refusing to implement technical fixes to avoid them.

I also raised concerns about the oversight of 704/705(b), which is how the NSA first realized how badly non-compliant their upstream searches were, on May 13, 2016, That’s about when NSA first reported to DOJ “in May and June 2016” that “approximately eighty-five percent of” queries using a tool the NSA employs with 704/705b queries “were not compliant with the applicable minimization procedures.”

I’ll grant that I’m remarkably attentive to documents that get declassified years after the fact. But I’m nevertheless “the public.” If I’m identifying these problems — and NSA’s refusal to make the technical fixes to avoid them — before they get fully briefed to DOJ or FISC, then it is absolutely false to claim that “the system” fixed or terminated the problem long before they became public.

Again, Lawfare should issue a retraction for that claim.

Update, January 19: On Twitter yesterday, Hennessey claimed I misread this quote, and that her proof that the system works was that the NSA had gotten away with ignoring Bates’ orders for five years, but finally shut it down before the public learned that NSA had been ignoring FISC’s orders.

This is still factually false — as I responded to her, the NSA was still identifying problems for eight months after I wrote about the problems, even assuming it had found all of them by April 2017, which was the last declassified reporting on it. But her explanation actually makes the comment downright damning for the NSA. It suggests a lawyer who was at NSA during the period it was not in compliance believes that getting away with violating the Fourth Amendment for five years, but fixing it before documents released on a three year delay (and only because of Snowden) is a sign of a law-abiding agency.

A portrait of a guy who doesn’t know key details as a rigorous overseer

The fact that I was harping on the “abouts” problems before any overseers of the program managed to fully investigate and fix them by itself disproves the claims that Hennessey and Goldsmith make in their hagiography of Adam Schiff.

He is the ranking Democrat on the House intelligence committee and one of the most knowledgeable and informed members of Congress on intelligence matters. Schiff has not hesitated to be  when he sees fit. He has watched the 702 program up close over many years in classified settings in his oversight role. He knows well its virtues and its warts. We suppose it is possible that Schiff would vote to give the president, whose integrity he so obviously worries about, vast powers to spy on Americans in an abusive way. Given everything Schiff has publicly said and done over the last year, however, a much more plausible inference is that he knows not only how valuable the 702 program is but also how law-constrained and carefully controlled and monitored it is.

Plus, I’m not sure why they think that Schiff’s attempt to fix the Section 215 phone dragnet only after Edward Snowden made it public proves that Schiff “never hesitated to be critical of intelligence community practices.” On the contrary, it proves that he did hesitate to do so before excessive programs became public.

The distinction is utterly critical given something I’ve pointed out about this bill. The bill itself is an admission that the intelligence community is out of control, and that congressional overseers can’t get information they need to adequately oversee the program without demanding it in legislation. That’s because it requires the IC to provide information on two practices that Congress cannot be deemed competent to legislate on without having answers about first.

For example, the bill requires an IG Report on how FBI queries raw data.

(b) MATTERS INCLUDED.—The report under subsection (a) shall include, at a minimum, an assessment of the following:

(1) The interpretations by the Federal Bureau of Investigation and the National Security Division of the Department of Justice, respectively, relating to the querying procedures adopted under subsection (f) of section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as added by section 101.

[snip]

(6) The scope of access by the criminal division of the Federal Bureau of Investigation to information obtained pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), including with respect to information acquired under subsection (a) of such section 702 based on queries conducted by the criminal division.

(7) The frequency and nature of the reviews conducted by the National Security Division of the Department of Justice and the Office of the Director of National Intelligence relating to the compliance by the Federal Bureau of Investigation with such querying procedures.

I have explained (and I know Hennessey regards this as a problem too) that since 2012, FBI has devolved its access to raw 702 data to field offices. The FBI already conducted far, far less oversight of the back door searches it conducts than NSA does. But because the DOJ/DNI 702 review teams visit only a fraction of the FBI field offices with each review, and because FBI’s querying system doesn’t collect enough information to do oversight remotely, it is possible that the offices that are least familiar with 702 requirements are — for the smaller number of 702 queries they conduct — getting the least oversight.

You can’t pass a bill that effectively blesses FBI’s use of back door searches on Americans about whom it has no evidence of any wrongdoing, while admitting you don’t know how FBI conducts those back door searches, and make any claim to conduct adequate oversight. Rather, the bill permits FBI to continue practices it has stubbornly refused to brief Congress on, rather than demanding that FBI brief Congress first, so Congress can impose any restrictions that might be necessary to adequately protect Americans.

The bill also requires a briefing within six months to explain how DOJ complies with FISA’s legally mandated notice requirements (because notice under 702 is treated as notice under 106(c), this covers 702 surveillance as well).

Not later than 180 days after the date of the enactment of this Act, the Attorney General, in consultation with the Director of National Intelligence, shall provide to the Committee on the Judiciary and the Permanent Select Committee on Intelligence of the House of Representatives and the Committee on the Judiciary and the Select 10 Committee on Intelligence of the Senate a briefing with respect to how the Department of Justice interprets the requirements under sections 106(c), 305(d), and 405(c) of the Foreign Intelligence Surveillance Act of 1978 (50 14 U.S.C. 1806(c), 1825(d), and 1845(c)) to notify an aggrieved person under such sections of the use of information obtained or derived from electronic surveillance, physical search, or the use of a pen register or trap and trace device. The briefing shall focus on how the Department interprets the phrase ‘‘obtained or derived from’’ in such sections.

The public treatment of DOJ’s serial, obvious failures to give notice to defendants is a nifty trick. When DOJ fails to give notice, it clearly violates the law, but notice is not included in minimization procedure review, so therefore is not reviewed by the FISC. When surveillance boosters like Hennessey and Goldsmith say there have never been any willful violations of the law, they manage to ignore the notice violations that have allowed some pretty problematic practices to avoid judicial oversight only because by breaking the law DOJ ensures no court will find them to be breaking the law.

Catch 22: Heads legal violations never get reviewed by a court, tails surveillance boosters can claim the surveillance has a clean bill of health.

Again, this is a known, egregious problem with the implementation of 702.

But rather than do the obvious thing as part of what this post dubs “robust democratic deliberation,” which is to demand answers about how notice is (not) given and require DOJ to fix it as part of the bill, the bill instead simply requires DOJ to provide the information that Congress needs to do basic oversight six months after reauthorization, which effectively punts fixing the problem six years down the road.

How many Chinese-American scientists will be improperly prosecuted because FBI is technically inane in those 6 years, because a bunch of California legislators like Nancy Pelosi, Adam Schiff, and Dianne Feinstein chose to punt on basic oversight?

The most egregious example of this, however, involves the government’s obstinate refusal to explain how many US persons are affected by 702. This bill also did not incorporate an HJC proposal requiring a count of how many Americans got referred for criminal prosecution off of 702 collection.

Letting Jeff Sessions criminalize dissent

That refusal — the refusal to even legislatively require the government to report on the impact of 702 surveillance on Americans, via incidental collection and/or criminal referral — brings us to the problem with this bill that opponents are all raising, but about which Hennessey and Goldsmith are inexcusably silent: the codification of giving Jeff Sessions unreviewable authority to determine what counts as a “criminal proceeding [that] affects, involves, or is related to the national security of the United States.”

Here’s how Hennessey and Goldsmith describe the impact of this program on Americans.

As Lawfare readers know, Section 702 authorizes the intelligence community to target the communications of non-U.S. persons located outside the United States for foreign intelligence purposes. It does not permit the intelligence community to target a U.S. person anywhere in the world. But it does permit incidental collection on U.S. persons, subject to strict rules about minimization and use.

Their silence about how the bill doesn’t deal with back door searches is problematic enough.

But they predictably, but problematically, make no mention of the way the bill codifies the use of 702 in domestic law enforcement under the Tor/VPN exception.

As I have laid out, in 2014 FISC created an exception to the rule that NSA must detask from a facility as soon as they learn that Americans are also using that facility. That exception applies to Tor and (though I understand this part even less) VPN servers — basically the kinds of privacy tools that criminals, spies, journalists, and dissidents might use to hide their online activities. NSA has to sort through what they collect on the back end, but along the way, they get to decide to keep any entirely domestic traffic they find has significant foreign intelligence purpose or is evidence of a crime, among other reasons. The bill even codifies 8 enumerated crimes under which they can keep such data. Some of those crimes — child porn and murder — make sense, but others — like transnational crime (including local drug dealers selling imported drugs) and CFAA (with its well-known propensity for abuse) pose more potential for abuse.

But it’s the unreviewable authority for Jeff Sessions bit that is the real problem.

We know, for example, that painting Black Lives Matter as a national security threat is key to the Trump-Sessions effort to criminalize race. We also know that Trump has accused his opponents of treason, all for making critical comments about Trump.

This bill gives Sessions unreviewable authority to decide that a BLM protest organized using or whistleblowing relying on Tor, discovered by collection done in the name of hunting Russian spies, can be referred for prosecution. The fact that the underlying data predicating any prosecution was obtained without a warrant under 702 would — in part because this bill doesn’t add teeth to FISA notice — ensure that courts would never learn the genesis of the prosecution. Even if a court somehow managed to do so, however, it could never deem the domestic surveillance unlawful because the bill gives Jeff Sessions the unreviewable authority to treat dissent as a national security threat.

This is such an obviously bad idea, and it is being supported by people who talk incessantly about the threat that Trump and Sessions present. Yet, rather than addressing the issue head on (which I doubt Hennessey could legally do in any case), they simply remain silent about what is the biggest complaint from privacy activists, that this gives a racist, vindictive Attorney General far more authority than he should have, and does so without fixing the inadequate protections for criminal defendants along the way.

I mean, I get that surveillance boosters who recognize the threat Trump and Sessions pose want to absolve themselves for giving Trump tools that can so obviously be abused.

But this attempt does so precisely by dodging the most obvious reasons for which boosters should be held to account.

Update: Changed post to note that just Trump has accused FBI Agents of treason, not Sessions, and not (yet) journalists.

Update: Here’s the roll call of the 65-34 vote passage of the bill. Democrats who voted in favor are:

  1. Carper
  2. Casey
  3. Cortez Masto
  4. Donnelly
  5. Duckworth
  6. Feinstein
  7. Hassan
  8. Heitkamp
  9. Jones
  10. Klobuchar
  11. Manchin
  12. McCaskill
  13. Nelson
  14. Peters
  15. Reed
  16. Schumer
  17. Shaheen
  18. Stabenow
  19. Warner
  20. Whitehouse