At the end of September, I Con the Record released a bunch of documents relating to 2014’s Section 702 certification process including the August 26, 2014 Thomas Hogan opinion that, among other things, authorized an expansion of FBI’s minimization procedures.
The memo reflects a 2013 change to FBI minimization procedures (it was first approved on September 20, 2012) that permits it to disseminate information that,
is evidence of a crime and that it reasonably believes may assist in the mitigation or prevention of computer intrusions or attacks to private entities or individuals that have been or are at risk of being victimized by such intrusions or attacks, or to private entities or individuals … capable of providing assistance in mitigating or preventing such intrusions or attacks. Wherever reasonably practicable, such disseminations should not include United States person identifying information unless the FBI reasonably believes it is necessary to enable the recipient to assist in the mitigation or prevention of computer intrusion or attacks. (18)
This order expands that dissemination permission to include “dissemination of Section 702 information to someone in the private sector in order to mitigate other forms of serious harm, such as ‘a plot to destroy a building or monument.” The change “enables the FBI to disseminate information to private parties in less extreme cases.” Update: Since this language appears to exist only in the FBI minimization procedures, it should refer only to PRISM data, not upstream data, since FBI doesn’t get the latter in unminimized form, unless that has changed in some way that is not obvious in the minimization procedures.
Finally, Hogan approved a change to the FBI minimization procedures that permitted dissemination of 702-collected information to the National Center for Missing and Exploited Children if it is “evidence of a crime related to child exploitation material, including child pornography,” or for the purpose of obtaining technical assistance (the NCMEC keeps databases of images of child porn to track when new images are released).
While these are all generally included in the serious bodily harm provision of Section 702 — to say nothing of NSA’s broad inclusion of “property” in “bodily harm” — they show three clear expansions of the use of Section 702 for criminal investigations in recent years (and the computer intrusion language impacts my questions about how CISA interacts with Section 702).
Not only are those expansions worth noting in their own right, but they’re also worth considering in light of Bob Litt’s disclosure on February 4, 2015 (that is, chronologically after this change, but before this change got publicly released) of the crimes that FBI may use Section 702 information to prosecute.
And so today I want to say that in fact the list of crimes other than national security crimes for which we can use Section 702 information about U.S. persons is crimes involving death, kidnapping, substantial bodily harm, conduct that is a specified offense against a minor as defined in a particular statute, incapacitation or destruction of critical infrastructure, cyber security, transnational crimes, or human trafficking.
Litt’s list seems broader than, though clearly related to, the items approved in the unredacted parts of the FBI minimization procedures, though the language from the minimization procedures seems to explain what “incapacitation” of critical infrastructure is. As always, remember that “transnational crime” is a politicized subsection of mob crimes that never includes the crimes implicating our nations mob-banksters.
And keep in mind. This language would have been operative in the weeks leading up to the Sony hack. And yet the ability to share such intelligence with Sony did not prevent the hack.
In any case, I’m going to do a series of posts on the Snooper’s Charter released yesterday in the UK, and I wanted to clarify precisely what the available uses of Section 702 to investigate crimes are.
In the series of letters purporting to speak for “the judiciary,” Director of the Administrative Office of US Courts John Bates and (after Duff replaced him) James Duff expressed concern about how a FISC amicus would affect the timeliness of proceedings before the court. Bates worried that any involvement of an amicus would require even more lead time than the current one week requirement in FISC applications. He also worried that the presumption an amicus (and potentially tech experts) would have access to information might set off disputes with the Executive over whether they could really have it. Duff apparently worried that the perception that an amicus would oppose the government would lead the government to delay in handing over materials to the FISC.
Which is why I’m interesting in the briefing order Chief FISC Judge Thomas Hogan, signing for Michael Mosman, issued on Wednesday (see below for a timeline).
Back on September 17, Mosman appointed spook lawyer Preston Burton amicus. As part of that order, he gave the government 4 days to refuse to share information with Burton, but otherwise required Burton receive the application and primary order in this docket.
(Pursuant to 50 U.S.C. § 1803(i)(6)(A)(i), the Court has determined that the government’s application (including exhibits and attachments) and the full, unredacted Primary Order in this docket are relevant to the duties of the amicus. By September 22, 2015, or after receiving confirmation from SEPS that the amicus has received the appropriate clearances and access approvals for such materials, whichever is later, the Clerk of the Court shall make these materials available to the amicus.
Yet even after the almost month long delay in deciding to appoint someone and deciding that someone would be Burton, it still took Mosman two weeks after the date when Burton was supposed to have received the relevant information on this issue before setting deadlines. And in setting his deadlines, Mosman has basically left himself only 2 weeks during which time he will have to to decide the issue and the government will have to prepare to keep or destroy the data in question (in past data destruction efforts it has taken a fairly long time). That could be particularly problematic if Mosman ends up requiring the government to pull the data from EFF’s clients from the data retained under their protection order.
On November 28, the order authorizing the retention of this data expires.
To be fair, Mosman is definitely making a more concerted effort to comply with the appearance if not the intent of USA F-ReDux’s amicus provision than, say, Dennis Saylor (who blew if off entirely). And there may be aspects of this process — and FISC’s presumed effort to start coming up with a panel of amici by November 29 — that will take more time than future instances down the road.
Still, it’s hard to understand the almost 3 week delay in setting a briefing schedule.
Unless the government slow-walked giving even a spook lawyer not explicitly ordered to represent the interests of privacy approval to receive and then a packet of documents to review.
I suspect this represents a stall by the government, not FISC (though again, the month long delay in deciding to appoint an amicus didn’t help things, and FISC’s thus far 4 month delay in picking amici likely doesn’t help either). But whatever the cause of the delay, it may indicate a reluctance on someone’s part to use the amicus as intended.
July 27: ODNI declares that “NSA has determined” that “NSA will allow technical personnel to continue to have access to the historical metadata for an additional three months”
By August 20: Government asks for permission to retain data past November 28 (the government must submit major FISA orders at least a week in advance)
August 27: Mosman approves dragnet order, defers decision on data retention
September 17: Mosman appoints Burton and orders the government to cough up its application and the full order
September 21: Last date by which government can complain about sharing information with Burton
September 22: Date by which Burton must receive application and order
October 7: Mosman sets deadlines
October 29: Deadline for Burton’s first brief
November 6: Deadline for Government response
November 10: Deadline for Burton reply, if any
November 28: Expiration of authorization to retain data
On December 12, 2013, almost one year ago, President Obama’s handpicked NSA Review Group made the following two recommendations.
Recommendation 1: We recommend that section 215 should be amended to authorize the Foreign Intelligence Surveillance Court to issue a section 215 order compelling a third party to disclose otherwise private information about particular individuals only if:
(1) it finds that the government has reasonable grounds to believe that the particular information sought is relevant to an authorized investigation intended to protect “against international terrorism or clandestine intelligence activities” and
(2) like a subpoena, the order is reasonable in focus, scope, and breadth.
Recommendation 5: We recommend that legislation should be enacted that terminates the storage of bulk telephony meta-data by the government under section 215, and transitions as soon as reasonably possible to a system in which such meta-data is held instead either by private providers or by a private third party. Access to such data should be permitted only with a section 215 order from the Foreign Intelligence Surveillance Court that meets the requirements set forth in Recommendation 1.
Since that time, Obama has applied for and will, today, receive authorization for 5 extensions of the phone dragnet:
BR 14-01, signed by Thomas Hogan on January 3, 2014
BR 14-67, signed by Rosemary Collyer on March 28, 2014
BR 14-96, signed by James Zagel on June 19, 2014
BR 14-125, signed by Raymond Dearie on September 11, 2014
Along the way, Obama has instituted prior FISC review, added an emergency provision, given up on an automated query NSA had never been able to implement technically, even while standardizing “connection chaining.” The FISC also had to remind the government it must still abide by the legal requirement for prior First Amendment review, even when obtaining emergency orders.
By my count, the government has made 5 changes (or institutionalized prior changes) since the time Obama’s hand-picked review group recommended he give up the dragnet. As I noted yesterday, over the last year, 5 different Democrats have called on Obama to end the dragnet without waiting for legislation.
And yet, sometime today, the dragnet will be extended for another 3 months.
A new chapter by Professors Amos Guiora and Jeffrey Brand–“Establishment of a Drone Court: A Necessary Restraint on Executive Power“–has been receiving a fair amount ofmedia and blog attention. The chapter differs from some prior calls for a “drone court” in seeing the Foreign Intelligence Surveillance Court (FISC) not as a model, but rather as a lesson in what not to do–a “non-starter,” in the authors’ words. Nevertheless, the chapter argues, we need a special “Operational Security Court” (OSC) comprised of already sitting Article III district and circuit judges (selected through a far different process from FISC judges) to strike the right balance between the government’s need to protect operational (and national) security and the rights of those targeted for drone operations to contest their targeting (through security cleared lawyers) ex ante.
My take on the proposal is slightly different from Vladeck’s. I take it as a proposal for a Sparkle Pony. The proper response to such a proposal is to point out all the reasons why we can’t have Sparkle Ponies. But I would end up largely where Valdeck is, looking at all the reasons FISC is failing its task, especially now that it has been blown up beyond proportion in the wake of President Bush’s illegal spy program. And Vladeck’s solution — to ensure people can sue after the fact — is a reasonable start.
That said, Vladeck asks an important question.
Finally, there’s the question of why an entire new court(the “OSC”) is needed at all. What’s wrong with giving the U.S. District Court for the District of Columbia exclusive original jurisdiction over these proceedings–as the Supreme Court has effectively provided in the secrecy-laden Guantánamo habeas cases? Even if one believes that ex ante judicial review of drone strikes is constitutionally and pragmatically feasible, why reinvent the wheel when there are perfectly good judges sitting in a perfectly good courthouse replete with experience in highly classified proceedings?
In my insistence it’s time to get rid of FISC, I’ve been thinking the same thing: why can’t we just have all the DC District judges rule on these cases?
The biggest drawback I see in this is that it would mean the judges presiding over national security criminal cases — not even Espionage cases, which are more likely to be charged in EDVA — are not the same who preside over the National Security Court decisions. Just as an example, I think it important that a bunch of judges in Portland, OR are presiding over some of the more interesting national security cases. And for that reason I’m fascinated that Michael Mosman, who is presiding over the case of Reaz Qadir Khan, is also a FISC judge. While I don’t think Mosman brings a neutral approach to the Khan case, I do think he may be learning things about how the FISC programs work in practice.
But both sides of this debate, both the government and reformers, could point to Vladeck’s proposal as a vast improvement. That’s because it gets us out of what has become a series of one person courts.
Partly for logistical reasons (and potentially even for security reasons), rather than a court of 11 judges presiding over these expanding counterterrorism programs, we’ve actually had a series of single judges: Colleen Kollar-Kotelly, who presided over at least the Internet dragnet, some other important Pen Register rulings, and several initial Protect America Act reviews, then mostly Reggie Walton presiding over the Yahoo challenge and then the phone and Internet dragnet fixes, then John Bates presiding over the upstream fix (as well as reauthorizing and expanding the Internet dragnet). Presumably, presiding judge Thomas Hogan has assumed the role of one person court (though I suspect Rosemary Collyer, who is next in line to be presiding in any case, takes on some of this work).
And while I’d find great fault with some of Kollar-Kotelly and Bates’ rulings (and even some of Walton’s), I suspect the NatSec establishment was thrilled to see the end of Walton on the court, because he dared to consider questions thoughtfully and occasionally impose limits on the intelligence programs.
No one benefits from having what works out to be primarily one judge review such massive programs. But that’s what we’ve effectively got now, and because it operates in secret, there’s no apparent check on really boneheaded decisions by these individual judges.
There are a lot of reasons to replace the FISC with review by normal judges, and one of them is that the current system tends to concentrate the review of massive spying programs in the hands of one or two judges alone.
As I noted on Friday, the Administration got a new phone dragnet order on the same day that Senators Wyden, Udall, and Heinrich pointed out that — so long as the Administration only wants to do what it claims to want to do — it could stop holding phone records right away, just as it implemented Obama’s 2-hop mandate and court review in February right away.
From ODNI’s announcement they got a new dragnet order Friday (which they congratulate themselves as a great show of transparency), it’s clear they have no intention of doing so. On the contrary, they’re going to hold out HR 3361 — and their unconvincing claim it ends bulk collection as normal people understand the term — with each new dragnet order.
After carefully considering the available options, the President announced in March that the best path forward is that the government should not collect or hold this data in bulk, and that it remain at the telephone companies with a legal mechanism in place which would allow the government to obtain data pursuant to individual orders from the FISC approving the use of specific numbers for such queries. The President also noted that legislation would be required to implement this option and called on Congress to enact this important change to the Foreign Intelligence Surveillance Act (FISA).
Consistent with the President’s March proposal, in May, the House of Representatives passed H.R. 3361, the USA FREEDOM Act, which would, if enacted, create a new mechanism for the government to obtain this telephony metadata pursuant to individual orders from the FISC, rather than in bulk. The bill also prohibits bulk collection through the use of Section 215, FISA pen registers and trap and trace devices, and National Security Letters.
Overall, the bill’s significant reforms would provide the public greater confidence in our programs and the checks and balances in the system, while ensuring our intelligence and law enforcement professionals have the authorities they need to protect the Nation. The Administration strongly supports the USA FREEDOM Act. We urge the Senate to swiftly consider it, and remain ready to work with Congress to clarify that the bill prohibits bulk collection as noted above, as necessary.
Given that legislation has not yet been enacted, and given the importance of maintaining the capabilities of the Section 215 telephony metadata program, the government has sought a 90-day reauthorization of the existing program, as modified by the changes the President announced earlier this year.
But here’s the bit I’m most struck by, particularly given that the government has not yet released the March 28, 2014 dragnet order which should be a slam dunk declassification process, given that its content has presumably all been released in the past.
In addition to a new primary order last Friday, FISC also wrote a memorandum opinion.
The Administration is undertaking a declassification review of this most recent court order and an accompanying memorandum opinion for publication.
I can think of two things that would explain a memorandum opinion: the program has changed in some way (perhaps they’ve changed how they interpret “selection term” or implement the automated process which they had previously never gotten running?), or the FISC considered some new legal issue before approving the dragnet.
As I noted last week, both US v. Quartavious Davis, in which the 11th Circuit ruled stored cell location data required a warrant), and US v Stavros Ganias, in which the 2nd Circuit ruled the government can’t use data it seized under an old warrant years later, might affect both the current and future dragnets, as well as other programs the NSA engages in.
Thing is, whatever the subject of the opinion, then it’d sure be nice to know what it says before we pass this legislation, as the legislation may have to correct the wacky secret decisions of the FISC (most members of Congress are still not getting unredacted dragnet orders). But if the last order is any indication, we won’t get this new order until months from now, long after the bill is expected to be rushed through the Senate.
Which is probably all by design.
As I laid out last week, I’m not convinced the term “specific selection term” is sufficiently narrowly defined to impose adequate limits to the “reformed” Section 215 (and NSL and PRTT) programs. Here’s how the House defined it:
SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.
That said, as I also noted, the motion to amend January’s primary order used the term to refer to the query term, which may suggest my concerns are unfounded.
I’ve looked further, and the amendment’s use of the term was not new in the phone dragnet.
In fact, the phrase used to refer to the query subject changed over the course of the dragnet. The first Primary Order authorized the search on “particular known phone numbers.” That usage continued until 2008, when Primary Order BR 08-08 introduced the term “particular known identifier.” A completely redacted footnote seems to have defined the term (and always has). Significantly, that was the first Primary Order after an August 20, 2008 opinion authorized some “specific intelligence method in the conduct of queries (term “searches”) of telephony metadata or call detail records obtained pursuant to the FISC’s orders under the BR FISA program.” I think it highly likely that opinion authorized the use of correlations between different identifiers believed to be associated with the same person.
The September 3, 2009 Primary Order — the first one resuming some normality after the problems identified in 2009 — references a description of identifier in a declaration. And the redaction provides hints that the footnote describing the term lists several things that are included (though the footnote appears to be roughly the same size as others describing identifier).
The Primary Orders revert back to the same footnote in all the orders that have been released (the government is still withholding 3 known Primary Orders from 2009). And that continued until at least June 22, 2011, the last Primary Order covered by the ACLU and EFF FOIAs.
But then in the first Primary Order after the 2011-2012 break (and all Primary Orders since), the language changes to “selection term,” which like its predecessor has a footnote apparently explaining the term — though the footnote is twice as long. Here’s what it looks like in the April 25, 2013 Primary Order:
The change in language is made not just to the subject of queries. There’s a paragraph in Primary Orders approving the use of individual FISA warrant targets for querying (see this post for an explanation) that reads,
[Identifiers/selection terms] that are currently the subject of electronic surveillance authorized by the Foreign Intelligence Surveillance Court (FISC) based on the FISC’s finding of probable cause to believe that they are used by agents of [redacted] including those used by U.S. persons, may be deemed approved for querying for the period of FISC-authorized electronic surveillance without review and approval by a designated approving official.
The change appears there too. That’s significant because it suggests a use that would be tied to targets about whom much more would be known, and in usages that would be primarily email addresses or other Internet identifiers, rather than just phone-based ones. I think that reflects a broader notion of correlation (and undermines the claim that a selection term is “unique,” as it would tie the use of an identity authorized for Internet surveillance to a telephone metadata identifier used to query the dragnet).
Finally, the timing. While the big gap in released Primary Orders prevents us from figuring out when the NSA changed from “identifier” to “selection term,” it happened during the same time period when the automated query process was approved.
This may all seem like a really minor nit to pick.
But even after the language was changed to “selection term” on Primary Orders, top intelligence officials continued to use the term “identifier” to describe the process (see the PCLOB hearing on Section 215, for example). The common usage, it seems, remains “identifier,” though there must be some legal reason the NSA and DOJ use “selection term” with the FISC.
It also means there’s some meaning for selection term the FISA Court has already bought off on. It’s a description that takes 15 lines to explain, one the government maintains is still classified.
And we’re building an entire bill off a vague 17-word definition without first learning what that 15-line description entails.
On Friday, I Con the Record revealed that a telecom — Ellen Nakashima confirms it was Verizon — asked the FISA Court to make sure its January 3 order authorizing the phone dragnet had considered Judge Richard Leon’s December 16 decision that it was unconstitutional. On March 20, Judge Rosemary Collyer issued an opinion upholding the program.
Rosemary Collyer’s plea for help
Ultimately, in an opinion that is less shitty than FISC’s previous attempts to make this argument, Collyer examines the US v. Jones decision at length and holds that Smith v. Maryland remains controlling, mostly because no majority has overturned it and SCOTUS has provided no real guidance as to how one might do so. (Her analysis raises some of the nuances I laid out here.)
The section of her opinion rejecting the “mosaic theory” that argues the cumulative effect of otherwise legal surveillance may constitute a search almost reads like a cry for help, for guidance in the face of the obvious fact that the dragnet is excessive and the precedent that says it remains legal.
A threshold question is which standard should govern; as discussed above, the court of appeals’ decision in Maynard and two concurrences in Jones suggest three different standards. See Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Mich. L. Rev. at 329. Another question is how to group Government actions in assessing whether the aggregate conduct constitutes a search.See id. For example, “[w]hich surveillance methods prompt a mosaic approach? Should courts group across surveillance methods? If so, how? Id. Still another question is how to analyze the reasonableness of mosaic searches, which “do not fit an obvious doctrinal box for determining reasonableness.” Id. Courts adopting a mosaic theory would also have to determine whether, and to what extent, the exclusionary rule applies: Does it “extend over all the mosaic or only the surveillance that crossed the line to trigger a search?”
Any such overhaul of Fourth Amendment law is for the Supreme Court, rather than this Court, to initiate. While the concurring opinions in Jones may signal that some or even most of the Justices are ready to revisit certain settled Fourth Amendment principles, the decision in Jones itself breaks no new ground concerning the third-party disclosure doctrine generally or Smith specifically. The concurring opinions notwithstanding, Jones simply cannot be read as inviting the lower courts to rewrite Fourth Amendment law in this area.
As I read these passages, I imagined that Collyer was trying to do more than 1) point to how many problems overruling the dragnet would cause and 2) uphold the dignity of the rubber stamp FISC and its 36+ previous decisions the phone dragnet is legal.
There is reason to believe she knows what we don’t, at least not officially: that even within the scope of the phone dragnet, the dragnet is part of more comprehensive mosaic surveillance, because it correlates across platforms and identities. And all that’s before you consider how, once dumped into the corporate store and exposed to NSA’s “full range of analytic tradecraft,” innocent Americans might be fingerprinted to include our lifestyles.
That is, not only doesn’t Collyer see a way (because of legal boundary concerns about the dragnet generally, and possibly because of institutional concerns about FISC) to rule the dragnet illegal, but I suspect she sees the reverberations that such a ruling would have on the NSA’s larger project, which very much is about building mosaics of intelligence.
No wonder the government is keeping that August 20, 2008 opinion secret, if it indeed discusses the correlations function in the dragnet, because it may well affect whether the dragnet gets assessed as part of the mosaic NSA uses it as.
Verizon’s flaccid but public legal complaint
Now, you might think such language in Collyer’s opinion would invite Verizon to appeal this decision. But given this lukewarm effort, it seems unlikely to do so. Consider the following details:
Leon issued his decision December 16. Verizon did not ask the FISC for guidance (which makes sense because they are only permitted to challenge orders).
Verizon got a new Secondary Order after the January 3 reauthorization. It did not immediately challenge the order.
It only got around to doing so on January 22 (interestingly, a few days after ODNI exposed Verizon’s role in the phone dragnet a second time), and didn’t do several things — like asking for a hearing or challenging the legality of the dragnet under 50 USC 1861 as applied — that might reflect real concern about anything but the public appearance of legality. (Note, that timing is of particular interest, given that the very next day, on January 23, PCLOB would issue its report finding the dragnet did not adhere to Section 215 generally.)
Indeed, this challenge might not have generated a separate opinion if the government weren’t so boneheaded about secrecy.
Verizon’s petition is less a challenge of the program than an inquiry whether the FISC has considered Leon’s opinion.
It may well be the case that this Court, in issuing the January 3,2014 production order, has already considered and rejected the analysis contained in the Memorandum Order. [redacted] has not been provided with the Court’s underlying legal analysis, however, nor [redacted] been allowed access to such analysis previously, and the order [redacted] does not refer to any consideration given to Judge Leon’s Memorandum Opinion. In light of Judge Leon’s Opinion, it is appropriate [redacted] inquire directly of the Court into the legal basis for the January 3, 2014 production order,
As it turns out, Judge Thomas Hogan (who will take over the thankless presiding judge position from Reggie Walton next month) did consider Leon’s opinion in his January 3 order, as he noted in a footnote.
And that’s about all the government said in its response to the petition (see paragraph 3): that Hogan considered it so the FISC should just affirm it.
Verizon didn’t know that Hogan had considered the opinion, of course, because it never gets Primary Orders (as it makes clear in its petition) and so is not permitted to know the legal logic behind the dragnet unless it asks nicely, which is all this amounted to at first.
Note that the government issued its response (as set by Collyer’s scheduling order) on February 12, the same day it released Hogan’s order and its own successful motion to amend it. So ultimately this headache arose, in part, because of the secrecy with which it treats even its most important corporate spying partners, which only learn about these legal arguments on the same schedule as the rest of us peons.
Yet in spite of the government’s effort to dismiss the issue by referencing Hogan’s footnote, Collyer said because Verizon submitted a petition, “the undersigned Judge must consider the issue anew.” Whether or not she was really required to or could have just pointed to the footnote that had been made public, I don’t know. But that is how we got this new opinion.
Finally, note that Collyer made the decision to unseal this opinion on her own. Just as interesting, while neither side objected to doing so, Verizon specifically suggested the opinion could be released with no redactions, meaning its name would appear unredacted.
The government contends that certain information in these Court records (most notably, Petitioner’s identity as the recipient of the challenged production order) is classified and should remain redacted in versions of the documents that are released to the public. See Gov’t Mem. at 1. Petitioner, on the other hand, “request[s] no redactions should the Court decide to unseal and publish the specified documents.” Pet. Mem. at 5. Petitioner states that its petition “is based entirely on an assessment of [its] own equities” and not on “the potential national security effects of publication,” which it “is in no position to evaluate.” Id.
I’ll return to this. But understand that Verizon wanted this opinion — as well as its own request for it — public.
As I noted the other day in yet another post showing why investigations into intelligence failures leading up to the Boston Marathon attack must include NSA, the government outright refuses to tell Dzhokhar Tsarnaev whether it will introduce evidence obtained using Section 215 at trial.
Tsarnaev’s further request that this Court order the government to provide notice of its intent to use information regarding the “. . . collection and examination of telephone and computer records pursuant to Section 215 . . .” that he speculates was obtained pursuant to FISA should also be rejected. Section 215 of Pub. L. 107-56, conventionally known as the USA PATRIOT Act of 2001, is codified in 50 U.S.C. § 1861, and controls the acquisition of certain business records by the government for foreign intelligence and international terrorism investigations. It does not contain a provision that requires notice to a defendant of the use of information obtained pursuant to that section or derived therefrom. Nor do the notice provisions of 50 U.S.C. §§ 1806(c), 1825(d), and 1881e apply to 50 U.S.C § 1861. Therefore, even assuming for the sake of argument that the government possesses such evidence and intends to use it at trial, Tsarnaev is not entitled to receive the notice he requests.
This should concern every American whose call records are likely to be in that database, because the government can derive prosecutions — which may not even directly relate to terrorism — using the digital stop-and-frisk standard used in the dragnet, and never tell you they did so.
Note, too, Dzhokhar’s lawyers are not just asking for phone records, but also computer records collected using Section 215, something Zoe Lofgren has made clear can be obtained under the provision.
And in the case in which Dzhokhar’s college buddies are accused of trying to hide his computer and some firecracker explosives, prosecutors profess to be unable to provide any of the text messages Dzhokhar sent after his last text to them. That stance seems to pretend they couldn’t get at least the metadata from those texts from the phone dragnet.
The government, then, claims that defendants can’t have access to data collected using Section 215. They base that claim on the absence of any language in the Section 215 statute, akin to that found in FISA content collection statutes, providing for formal notice to defendants.
But at least in the case of the phone dragnet, that stance appears to put them in violation of the dragnet minimization procedures. That’s because since at least September 3, 2009 and continuing through the last dragnet order released (note, ODNI seems to be taking their time on releasing the March 28 order), the minimization procedures have explicitly provided a way to make the query results available for discovery. Here’s the language from 2009.
Notwithstanding the above requirements, NSA may share information derived from the BR metadata, including U.S. person identifying information, with Executive Branch personnel in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings.
The government routinely points to these very same minimization procedures to explain why it can’t provide information to Congress or other entities. But if the minimization procedures trump other statutes to justify withholding information, surely they must have the weight of law for disclosure to criminal defendants. And all that’s before you consider the Brady and Constitutional reasons that should trump the government’s interpretation as well.
Using the formulation the government always uses when making claims about the dragnet’s legality, on at least 21 occasions, FISC judges have envisioned discovery to be part of the minimization procedures with which the government must comply. At least 7 judges have premised their approval of the dragnet, in part, on the possibility exculpatory information may be shared in discovery.
Now, there is a limit to the discovery envisioned by these 21 FISA orders; this discovery language, in the most recently published order, reads:
Notwithstanding the above requirements, NSA may share results from intelligence analysis queries of the BR metadata, including U.S. person identifying information, with Executive Branch personnel (1) in order to enable them to determine whether the information contains exculpatory or impeachment information or is otherwise discoverable in legal proceedings …
That is, this discovery language only includes the “results from intelligence analysis queries.” It doesn’t permit new queries of the entire database, a point the government makes over and over. But in the case of the Marathon bombing, we know the queries have been run, because Executive Branch officials have been bragging about the queries they did after the bombing that gave them “peace of mind.”
Those query results are there, and the FISC judges explicitly envisioned the queries to be discoverable. And yet the government, in defiance of the minimization procedures they claim are sacred, refuse to comply.
Yesterday, I Con the Record released more records in response to the ACLU FOIA for records on the Section 215 program (though once again, they didn’t mention the FOIA).
Three of the documents provide more data points for a notable progression I laid out in this post, in which Reggie Walton appears to have shut down some collection from one telecom on July 9, 2009, reapproved it (including retroactively) on September 3, 2009, just in time for the Intelligence Community to claim Section 215 collection was central to the Najibullah Zazi investigation.
First, a July 2, 2009 notice to Walton provided the End-to-End review “for the Court’s information.” It had been completed on June 25 and provided to the Intelligence and Judiciary Committees on June 30. It was also included in the formal DOJ filing to Walton on August 19, which left the impression that DOJ had held it for two months before sharing it with the court. But this notice makes it clear Walton received a copy with only a slight delay (and the day before they delivered the first weekly report he had demanded). It also makes it clear he had gotten it, and probably read it, before whatever action he took on July 9. What may be the problematic collection (see page 15-16) apparently got reported to FISC before May 29 (no mention of a formal notice is included, though it seems to be addressed in the May 29 order). But there are other violations (such as the sharing described on page 17 that may involve Homeland Security) that appear to have been newly disclosed with this report.
In a second document — a September 10 notice to just the Senate Intelligence Committee (?!) that Judge Walton had reauthorized the bulk collection program on September 3 — reveals that on August 4, FISC Chief Judge John Bates had written Eric Holder a letter raising concerns. The notice portrays a September 1 demonstration for Walton, Bates, and Judge Thomas Hogan (who I believe was the only other FISC judge from the DC Circuit at the time) apparently at NSA as a response to Bates’ concerns. But the description of the demonstration also notes that,
The information was presented in the context of a current operation that concerns a potential threat to the U.S. homeland.
Remember, this was before (by 2 days) the Zazi investigation started. So this must reference something else, though it certainly didn’t sound all that urgent.
In any case, while it is unclear who got Bates involved (after all, it could have been the Administration, complaining that some of its production had been cut off), it is noteworthy he was involved, which provides a little more background to the frustration he expressed in his October 3, 2011 opinion accusing the government of signifiant misrepresentations on 3 occasions.
Finally, on October 21, in what must have been part of the PATRIOT Act reauthorization push, National Counterterrorism Center’s Michael Leiter and the NSA’s Assistant Deputy Director for Counterterrorism addressed the House Intelligence Committee. Along with their case for the program and a heavily glossed description of the problems with it (which they indicate had already been noticed in some form to the Committee), they described how tips from the dragnet “have contributed directly to the following specific cases,” plural. It includes an entirely unredacted description of the dragnet’s role in the Zazi investigation (without, for example, disclosing FBI already knew of Adis Medunjanin through travel documents to Pakistan where he and Zazi trained with terrorists). And it includes a shorter description of what must be at least one other case, which is entirely redacted. It’s possible, after all, that that second “success” (which is so credible we can’t know about it) is the ongoing threat referred to in the September 10 notice, which NSA used to scare FISC into reauthorizing the dragnet.
One more detail about the notice to HPSCI. It fails to mention that, less than 3 weeks after he reauthorized the dragnet, Walton learned — from DOJ, not NSA — of further information sharing violations. In other words, the HPSCI witnesses falsely portrayed the problems as fixed, when there were pending violations still being discussed between NSA and FISC.
There’s nothing enormous in these revelations, but they do add to the understanding of how grave FISC took these violations to be, and how partial was Congressional briefing on them. Continue reading