Posts

What is the appropriate sanction for a “pawn” who participated in a coup attempt?

One thing I informally track in January 6 guilty pleas is education level. At the beginning of most change of plea hearings, as part of an effort to substantiate competence to plead guilty, most judges ask, “How far did you go in school?” I first started to take note when Oath Keeper Graydon Young replied that he has a graduate degree. He’s a dramatic outlier. Since then, my very informal tracking of this detail has shown that very very few of the January 6 defendants who’ve pled guilty so far have a four year degree (others who do include but are not limited to Cleveland Meredith Jr, Jenna Ryan, and Andrew Ericson, the latter of whom finished a CompSci degree since the riot).

I track this demographic not out of intellectual snobbery. I know of some absolutely brilliant people who didn’t finish school (a close family member has been very successful without finishing college, and a good number of the smartest students in the 600 student high school class of which I was valedictorian dropped out short of graduation).

Rather, it’s that based on this unscientific observation, the January 6 defendants who’ve pled guilty are, demographically, dramatically less likely to have a four-year degree than the US population, closer to 10% (perhaps 8 of the 96 people who’ve pled guilty) than the 36% that one might expect of the population more broadly. To be sure, this is not scientific. At least two DC judges don’t ask this question, and my count reflects only those hearings where I was personally listening or another journalist who has become aware of my focus on it has noted it. Plus, there may be reasons why people with less education plead guilty earlier, such as that more of them make up those charged with misdemeanor trespassing. But even Brandon Straka, one of the leaders of the larger Trump movement, described that he went through 12th grade and then got a vocational degree at his change of plea.

January 6 defendants seem disproportionately white and rural, but they also appear to be less educated than the country as a whole, even those who’ve had a good deal of financial success.

I raise all that as background to the sentencing memo for Jack Griffith submitted overnight by Heather Shaner, the same defense attorney who convinced Anna Morgan-Lloyd to do some book reports before sentencing (after which Morgan-Lloyd went straight to Fox News to disclaim her stated remorse).

Shaner doesn’t really address the government’s request for a three month jail term.

Griffith pled guilty to one count of 40 U.S.C. § 5104(e)(2)(G): Parading, Demonstrating, or Picketing in the Capitol Building. As explained below, a custodial sentence is appropriate in this case because Griffith committed his January 6th crime in a manner that trivialized the severity  of the chaotic and dangerous attack, and his later self-promotion and commentary about his participation in the riot demonstrates continued pride in his actions. Griffith had many opportunities to remove himself from the disorder of January 6th but was all too happy to continue his participation. Following his arrest, his casual attitude toward these criminal proceedings demonstrated a lack of respect for this Court—worrying only that he did not want to appear too “cocky” that it was all going to go well for him. By minimizing the seriousness of his conduct, Griffith fails to recognize the harm he caused to his country, the law enforcement officers who were trying to defend it, and others who were working at the Capitol to carry out a Constitutionally mandated process for the peaceful transfer of power

Instead, Shaner focused on what the January 6 riot was, describing it as a coup attempt fomented by people who deliberately manipulated people online.

What occurred on January 6, 2021 was not a naturally developed political protest. It was, I believe, a coup attempt–fomented intentionally by right wing actors who used data mining and psychological manipulation. Vulnerable individuals were identified and persuaded through the internet that it was their patriotic duty to come to Washington to support Trump. In Washington, they were emboldened and ushered down the avenue to “Stop the Steal” and to storm the Capitol.

It is fitting and appropriate to arrest those who participated in the attempted coup. The difficult question is what is the appropriate sanction for a pawn who personally did no physical damage nor assaulted law enforcement– but nonetheless participated in the riot. As Fiona Hill recently stated the “main threats” to democracy come from right-wing actors who are deliberately undermining faith in the “integrity of the election system” and “calling for violence against fellow Americans.” Among the thousands who came to Washington in January and have since been arrested– few among the arrested are the people described by Ambassador Hill. Of the several individuals I have been appointed to represent—none are informed, intentional political actors. Four of the individuals I represent are very young—were heavily reliant on the internet—were uniformed and misinformed. Two individuals suffer from diagnosed mental diseases. The balance of individuals I have come to know and to respect are vulnerable, politically unsophisticated individuals, who are truly confounded by what is happening in our country. Good people with no criminal history—our neighbors– who were fed cynical and dangerous misinformation which destroyed their faith in the integrity of the election system. People who wrongly believed they could save America.

I think Shaner’s description of the event is sound. But I’m not sure she, or anyone, knows the answer to her question: What we do about pawns mobilized for a coup attempt, particularly in the absence of any accountability (yet) for the more powerful coup plotters.

Shaner argues that probation is appropriate for Griffith for two reasons. First, to avoid making a martyr of him.

We should not make pariahs or martyrs of these men and women.

But also to provide a period in which more education can occur.

To save our Union we must be wise. We must be compassionate. We must listen. We must provide the opportunity for the approximately 550 charged misdemeanants to receive more education, and to encourage each of them to study history and to gain civic literacy. Only knowledge—truth based on facts– can foster change. At this critical moment of civil discord and domestic contention –if it is still possible to create a more perfect Union –it must be through education. We cannot force people to learn. But during Probation, we can provide the impetus and the opportunity of continuing education.

This is an argument not about Jack Griffith (and because she’s pitching this to Chief Judge Beryl Howell, who asked with this defendant why DOJ hadn’t charged him more aggressively, it’s unlikely to work). It’s an argument about what the path forward needs to be.

Few people besides Shaner think probation can accomplish what she envisions here (though a three year term of probation will keep defendants supervised and prohibited from owning guns through the next Presidential election). Indeed, the two judges imposing most disparate sentences for trespassers so far, Tanya Chutkan (who has sentenced two trespassers, including Anna Morgan-Lloyd’s buddy, Dona Bissey, to jail terms in the last week), and Trevor McFadden (who has sentenced defendants to far shorter terms of probation than the government asked for, though with extra on top) have come out against probation for these defendants. Chutkan believes Probation is simply too overtaxed to deal with the influx of all these trespassers. McFadden seems to believe what he sees as a debt to society can better be paid through a fine (he imposed the only fine thus far on Danielle Doyle) or community service (which he imposed on Eliel Rosa); McFadden also believes that January 6 defendants are being treated more harshly than other rioters.

Meanwhile, in the case of Robert Reeder, who was first charged with trespassing then, at the last minute, discovered to have assaulted a cop and downplayed that to the FBI, got sentenced to just three months in jail by Thomas Hogan, rather than the six months prosecutors requested rather than charging him with that assault.

I don’t know the answer to Shaner’s question. And I badly wish that Prettyman Courthouse were fully open so I could assume that judges were hashing this out over lunch in their judge’s lunchroom. I know that there are a significant portion of defendants who really were just engaged in the kind of civil disobedience I don’t want criminalized. Though I also know that as DOJ has pushed to move through the misdemeanors and accepted downward pleas from those charged more seriously for a variety of reasons, it has fostered seeming inequities among the growing group of trespassers being sentenced.

Whether or not Shaner is right about Griffith, she’s right about what happened: Coup plotters used conspiracy theories to mobilize thousands, as if in a cult, to storm the Capitol. We need deprogramming as much as we need jail time. And our criminal justice system is probably ill-suited to provide either.

The Rebellion Rorschach: The Many Faces of the January 6 Investigation

Four different things happened yesterday to demonstrate how differently judges presiding over the January 6 trial view it, and how little they seem to understand the intersecting nature of this investigation.

DC Circuit ignores its own language about co-conspirators and abettors

The final event was the reversal, by a per curiam panel including Karen Henderson, Judith Rogers, and Justin Walker, of Thomas Hogan’s decision to hold George Tanios pretrial.

As a reminder, Tanios is accused of both conspiring and abetting in Julian Khater’s attack on three cops, including Brian Sicknick, with some toxic substance.

I’m not going to complain about Tanios’ release. By way of comparison, Josiah Colt has never been detained, and he pled out of a conspiracy with Ronnie Sandlin and Nate DeGrave in which they, like Tanios and Khater, planned to arm themselves before traveling to DC together, and in which Sandlin and DeGrave, like Khater, are accused of assaulting cops that played a key role in successfully breaching the Capitol. The main difference is that Khater’s attack injured the three officers he targeted using a toxic spray purchased by Tanios.

It’s how the DC Circuit got there that’s of interest. Tanios had argued that Hogan had used the same language from the Munchel decision everyone else does, distinguishing those who assault or abet in assaulting police which the DC Circuit has returned to in upholding detention decisions since, and in so doing had applied a presumption of detention for those accused of assault and abetting assault.

In assessing Tanios’s risk of danger, the District Court placed too much emphasis on this sentence from Munchel: “In our view, those who actually assaulted police officers and broke through windows, doors, and barricades, and those who aided, conspired with, planned, or coordinated such actions, are in a different category of dangerousness than those who cheered on the violence or entered the Capitol after others cleared the way.” Id. at 1284.

This is only one line in a ten-page opinion written by Judge Wilkins. It is dicta. It was not quoted or adopted by Judge Katsas’s separate opinion. This line does not create a new approach for evaluating detention issues in this Circuit. It does not mandate that defendants be placed in two separate categories. It does not require a separate, harsher treatment for defendants accused of specific violent offenses. Critically, it does not create a presumption of future dangerousness and should not create a presumption of detention. Rather, it seems that the line is merely intended to remind district court judges that violence is one factor to consider in making a determination about dangerousness. [my emphasis]

The DC Circuit specifically ruled against Tanios on his claim that Hogan had misapplied Munchel.

[A]ppellant has not shown that the district court applied a presumption of detention in contravention of the Bail Reform Act and precedent, see United States v. Khater, No. 21-3033, Judgment at *2 (D.C. Cir. July 27, 2021)

They had to! As their citation makes clear, just two weeks ago, a per curiam panel of Patricia Millet, Robert Wilkins, and Ketanji Brown Jackson upheld the very same detention order (which covered both defendants), holding that the same line of the Hogan statement that Tanios pointed to did not do what both Tanios and Khater claimed it had, presume that assault defendants must be detained.

Appellant contends that the district court misapplied our decision in United States v. Munchel, 991 F.3d 1273 (D.C. Cir. 2021), by making a categorical finding, based solely on the nature of the offense charged (assaultive conduct on January 6), that no conditions of release could ever mitigate the per se prospective threat that such a defendant poses. If the district court had proceeded in that fashion and applied some sort of non-rebuttable presumption of future dangerousness in favor of detention, it would have been legal error. See id. at 1283 (“Detention determinations must be made individually and, in the final analysis, must be based on the evidence which is before the court regarding the particular defendant. The inquiry is factbound.”) (quoting United States v. Tortora, 922 F.2d 880, 888 (1st Cir. 1990)). However, while the district court stated, “Munchel delineates an elevated category of dangerousness applied [to] those that fall into the category that necessarily impose a concrete prospective threat,” the district court also explained, “I think Munchel does not set a hard-line rule. I don’t think that the categories are solely determinative, but it creates something like a guideline for the Court to follow . . . .” Detention Hr’g Tr. at 42:21-24; 43:11-13, ECF No. 26 (emphasis added). In making its ruling, the district court discussed at length the facts of this case, and expressly noted that “we have to decide whether the defendant is too dangerous based upon that conduct to be released or is not,” “every circumstance is different in every case, and you have to look at individual cases,” and that “the government may well not overcome the concrete and clear and convincing evidence requirement.” Id. at 43:8-10, 43:16-18, 43:20-21. Based on our careful review of the record, we find that the district court made an individualized assessment of future dangerousness as required by the Bail Reform Act and that appellant has not shown that the district court applied an irrefutable presumption of mandatory detention in contravention of the statute and our precedent.

Yesterday’s panel cited the earlier affirmation of the very same opinion that detained Tanios.

It’s in distinguishing Tanios where the panel got crazy. The panel could have argued that the evidence that Tanios conspired with or abetted Khater’s assault was too weak to hold him — Tanios made a non-frivolous argument that in refusing to give Khater one of the two canisters of bear spray he carried, he specifically refused to join in Khater’s attack on the cops. But they don’t mention conspiracy or abetting charges.

Instead, the DC Circuit argued that Hogan clearly erred in finding Khater’s accused co-conspirator to be dangerous.

[T]he district court clearly erred in its individualized assessment of appellant’s dangerousness. The record reflects that Tanios has no past felony convictions, no ties to any extremist organizations, and no post-January 6 criminal behavior that would otherwise show him to pose a danger to the community within the meaning of the Bail Reform Act. Cf. Munchel, 991 F.3d at 1282-84 (remanding pretrial detention orders where the district court did not demonstrate it adequately considered whether the defendants present an articulable threat to the community in light of the absence of record evidence that defendants committed violence or were involved in planning or coordinating the events of January 6).

Munchel isn’t actually a precedent here, because that decision remanded for further consideration. The DC Circuit ordered Hogan to release Tanios. Crazier still, in citing the same passage from Munchel everyone else does, the DC Circuit edited out the language referring to those who abetted or conspired with those who assaulted cops, the language used to hold Tanios. It simply ignores the basis Hogan used to hold Tanios entirely, his liability in a premeditated attack he allegedly helped to make possible, and in so doing argues the very same attack presents a danger to the community for one but not the other of the guys charged in it.

If this were a published opinion, it would do all kinds of havoc to precedent on conspiracy and abetting liability. But with two short paragraphs that don’t, at all, address the basis for Tanios’ detention, the DC Circuit dodges those issues.

Beryl Howell has no reasonable doubt about January 6

Earlier in the day, DC Chief Judge Beryl Howell grew exasperated with another plea hearing.

This time, it was Glenn Wes Lee Croy, another guy pleading guilty to a misdemeanor “parading” charge. The plea colloquy stumbled on whether Croy should have known he wasn’t permitted on the Capitol steps — he claimed, in part, that because this was his first trip to DC, he didn’t know he shouldn’t have been on the steps, even in spite of the barricades. Croy was fine admitting he shouldn’t have been in the building, though.

Things really heated up when Howell started asking Croy why he was parading (Josh Gerstein has a more detailed description of this colloquy here).

Under oath, pleading to a misdemeanor as part of a deal that prohibits DOJ from charging Croy with anything further for his actions on January 6, he made some kind of admission that Howell took to mean he was there to support Trump’s challenge to the election, an admission that his intent was the same as the intent required to charge obstruction of the vote count.

When she quizzed AUSA Clayton O’Connor why Croy hadn’t been charged with felony obstruction for his efforts to obstruct the vote certification, the prosecutor explained that while the government agreed that contextually that’s what Croy had been doing, the government didn’t find direct evidence that would allow him to prove obstruction beyond a reasonable doubt, a sound prosecutorial decision.

O’Connor is what (with no disrespect intended) might be deemed a journeyman prosecutor on the January 6 cases. He has seven cases, five of which charge two buddies or family members. Of those, just Kevin Cordon was charged with the obstruction charge Howell seems to think most defendants should face, in Cordon’s case for explicitly laying out his intent in an interview the day of the riot.

We’re here to take back our democratic republic. It’s clear that this election is stolen, there’s just so much overwhelming evidence and the establishment, the media, big tech are just completely ignoring all of it. And we’re here to show them we’re not having it. We’re not- we’re not just gonna take this laying down. We’re standing up and we’re taking our country back. This is just the beginning.

O’Connor is prosecuting Clifford Mackrell and Jamie Buteau for assault and civil disorder. But otherwise, all his cases are trespass cases like Croy’s (including that of Croy’s codefendant Terry Lindsey).

This was the guy who, with no warning, had the task of explaining to the Chief Judge DOJ’s logic in distinguishing misdemeanor cases from felonies. Unsurprisingly, it’s all about what the government thinks they can prove beyond a reasonable doubt, based on evidence like that which Cordon shared with a journalist or, just as often, what people write in their social media accounts. This process has made sense to the few of us who have covered all these cases, but like O’Connor, Howell is dealing primarily with the misdemeanor cases and my not see how DOJ appears to be making the distinction.

Howell also demanded an explanation from O’Connor in Croy’s sentencing memo why DOJ is not including the cost of the National Guard deployment in the restitution payments required of January 6 defendants.

Both according to its own prosecutorial guidelines and the practical limitations of prosecuting 560 defendants, DOJ can’t use a novel application of the obstruction statute to charge everyone arrested in conjunction with January 6 with a felony. It’s a reality that deserves a better, more formal explanation than the one O’Connor offered the Chief Judge extemporaneously.

Trevor McFadden believes a conspiracy to overthrow democracy is not a complex case

Meanwhile, the Discovery Coordinator for the entire investigation, Emily Miller, missed an opportunity to explain to Trevor McFadden the logic behind ongoing January 6 arrests.

In advance of a hearing for Cowboys for Trump founder Couy Griffin, prosecutor Janani Iyengar submitted a motion for a 60-day continuance to allow for the government to work through discovery. She brought Miller along to a status hearing to explain those discovery challenges to McFadden, who had complained about them in the past and refused to toll the Speedy Trial Act in this case. Because Iyengar recently offered Griffin a plea deal, his attorney Nick Smith was fairly amenable to whatever McFadden decided.

Not so the judge. He expressed a sentiment he has in this and other cases, that the government made a decision to start arresting immediately after the attack and continues to do so. “There seems to be no end in sight,” McFadden complained, suggesting that if DOJ arrested someone in three months who offered up exculpatory evidence that affected hundreds of cases, those would have to be delayed again. In spite of the fact that several prosecutors have explained that the bulk of the evidence was created on January 6, McFadden persists in the belief that the trouble with discovery is the ingestion of new evidence with each new arrest.

Miller noted that the government could start trials based on the Brady obligation of turning over all exculpatory evidence in their possession, so future arrests wouldn’t prohibit trials. The problem is in making the universe of video evidence available to all defense attorneys so they have the opportunity of finding evidence to support theories of defense (such as that the cops actually welcomed the rioters) that would require such broad review of the video.

McFadden then suggested that because Griffin is one of the rare January 6 defendants who never entered the Capitol, Miller’s team ought to be able to segregate out an imagined smaller body of evidence collected outside. “Were that it were so, your honor,” Miller responded, pointing out that there were thousands of hours of surveillance cameras collected from outside, the police moved in and outside as they took breaks or cleaned the bear spray from their eyes so their Body Worn Cameras couldn’t be segregated, and the Geofence warrant includes the perimeter of the Capitol where Griffin stood.

McFadden then said two things that suggested he doesn’t understand this investigation, and certainly doesn’t regard the attack as a threat to democracy (he has, in other hearings, noted that the government hasn’t charged insurrection so it must not have been one). First, he complained that, “In other cases,” the government had dealt with a large number of defendants by giving many deferred prosecutions or focusing just on the worst of the worst, a clear comparison to Portland that right wingers like to make. But that’s an inapt comparison. After noting the data somersaults one has to do to even make this comparison, a filing submitted to Judge Carl Nichols in response to a selective prosecution claim from Garret Miller explained the real differences between Portland and January 6: There was far less evidence in the Portland cases, meaning prosecutions often came down to the word of a cop against that of a defendant and so resulted in a deferred prosecution.

This comparison fails, first and foremost, because the government actually charged nearly all defendants in the listed Oregon cases with civil-disorder or assault offenses. See Doc. 32-1 (Attachments 2-31). Miller has accordingly shown no disparate treatment in the government’s charging approaches. He instead focuses on the manner in which the government ultimately resolved the Oregon cases, and contrasts it with, in his opinion, the “one-sided and draconian plea agreement offer” that the government recently transmitted to him. Doc. 32, at 6. This presentation—which compares the government’s initial plea offer to him with the government’s final resolution in 45 hand-picked Oregon cases—“falls woefully short of demonstrating a consistent pattern of unequal administration of the law.”3 United States v. Bernal-Rojas, 933 F.2d 97, 99 (1st Cir. 1991). In fact, the government’s initial plea offer here rebuts any inference that that it has “refused to plea bargain with [Miller], yet regularly reached agreements with otherwise similarly situated defendants.” Ibid.

More fundamentally, the 45 Oregon cases serve as improper “comparator[s]” because those defendants and Miller are not similarly situated. Stone, 394 F. Supp. 3d at 31. Miller unlawfully entered the U.S. Capitol and resisted the law enforcement officers who tried to move him. Doc. 16, at 4. He did so while elected lawmakers and the Vice President of the United States were present in the building and attempting to certify the results of the 2020 Presidential Election in accordance with Article II of the Constitution. Id. at 2-3. And he committed a host of federal offenses attendant to this riot, including threatening to kill a Congresswoman and a USCP officer. Id. at 5-6. All this was captured on video and Miller’s social-media posts. See 4/1/21 Hr’g Tr. 19:14-15 (“[T]he evidence against Mr. Miller is strong.”). Contrast that with the 45 Oregon defendants, who—despite committing serious offenses—never entered the federal courthouse structure, impeded a congressional proceeding, or targeted a specific federal official or officer for assassination. Additionally, the government’s evidence in those cases often relied on officer recollections (e.g., identifying the particular offender on a darkened plaza with throngs of people) that could be challenged at trial—rather than video and well-documented incriminating statements available in this case. These situational and evidentiary differences represent “distinguishable legitimate prosecutorial factors that might justify making different prosecutorial decisions” in Miller’s case. Branch Ministries, 211 F.3d at 145 (quoting United States v. Hastings, 126 F.3d 310, 315 (4th Cir. 1997)); see also Price v. U.S. Dep’t of Justice, 865 F.3d 676, 681 (D.C. Cir. 2017) (observing that a prosecutor may legitimately consider “concerns such as rehabilitation, allocation of criminal justice resources, the strength of the evidence against the defendant, and the extent of a defendant’s cooperation” in plea negotiations) (brackets and citation omitted).

3 Miller’s motion notably omits reference to the remaining 29 Oregon cases in his survey, presumably because the government’s litigation decisions in those cases do not conform to his inference of selective treatment. [my emphasis]

McFadden ended with one of his most alarming comments. He said something to the effect of, he doesn’t feel that the January 6 investigation was a complex type of case akin to those (often white collar cases) where a year delay before trial was not that unusual.

This was a fairly breathtaking comment, because it suggests that McFadden sees this event as the magical convergence of thousands of criminals at the Capitol rather than the result of a sustained conspiracy to get a mass of bodies to the building, a conspiracy that started at least as early as the days after the election. While McFadden’s highest profile January 6 case is a sprawling assault case against Patrick McCaughey and others (the one that trapped Officer Daniel Hodges in the Capitol door), this view seems not to appreciate some larger investigative questions pertinent to some of his other defendants. For example, what happened to the laptops stolen from various offices, including the theft that Brandon Fellows may have witnessed in Jeff Merkley’s office. Did America First engaged in a conspiracy to gets its members, including Christian Secor, to the Capitol (and did a huge foreign windfall that Nick Fuentes got days before the insurrection have anything to do with that). What kind of coordination, if any, led a bunch of Marines to successfully open a second front to the attack by opening the East Doors also implicates Secor’s case. One of the delays in Griffin’s own case probably pertained to whether he was among the Trump speakers, as members of the 3-Percenter conspiracy allegedly were, who tied their public speaking role to the recruitment of violent, armed rioters (given that he has been given a plea offer, I assume the government has answered that in the negative).

It has become increasingly clear that one of the visible ways that DOJ is attempting to answer these and other, even bigger questions, is to collect selected pieces of evidence from identifiable trespassers with their arrest. For example, Anthony Puma likely got arrested when he did because he captured images of the Golf Cart Conspiracy with his GoPro. He has since been charged with obstruction — unsurprisingly, since he spoke in detailed terms about preventing the vote certification in advance. But his prosecution will be an important step in validating and prosecuting the larger conspiracy, one that may implicate the former President’s closest associates.

This is white collar and complex conspiracy investigation floating on top of a riot prosecution, one on which the fate of our democracy rests.

Melody Steele-Smith evaded the surveillance cameras

A report filed yesterday helps to explain the import of all this. Melody Steele-Smith was arrested within weeks of the riot on trespass charges, then indicted on trespass and obstruction charges. She’s of particular interest in the larger investigation because — per photos she posted on Facebook — she was in Nancy Pelosi’s office and might be a witness to things that happened there, including the theft of Pelosi’s laptop.

At a hearing last week, the second attorney who has represented her in this case, Elizabeth Mullin, said she had received no discovery, particularly as compared to other January 6 defendants. So the judge in that case, Randolph Moss, ordered a status report and disclosure of discovery by this Friday.

That status report admits that there hasn’t been much discovery, in particular because, aside from the surveillance photos used in her arrest warrant, the government hasn’t found many images of Steele-Smith in surveillance footage.

The United States files this memorandum for the purpose of describing the status of discovery. As an initial matter, the government has provided preliminary discovery in this case. On or about June 4, 2021, the government provided counsel for defendant preliminary discovery in this matter. This production had been made previously to the defendant’s initial counsel of record. Counsel for defendant received the preliminary production that had been provided to previous counsel. This preliminary production included the FBI 302 of defendant’s sole interview, the recorded interview of defendant which formed the basis of the aforementioned FBI 302, over one thousand pages of content extracted from defendant’s Facebook account, and thirty-nine photographs confiscated from defendant’s telephone.

The government is prepared to produce an additional discovery production no later than August 13, 2021. The production will include additional items that have been obtained by the government from the FBI. These items include, additional FBI investigative reports and the Facebook search warrant dated January 21, 2021. The FBI has provided the government with the full extent of the materials in its possession. While these items are few in number, the government is continuing to review body worn camera footage in an attempt to locate the defendant. Camera footage will be provided if it is located. The government has been diligent in its efforts to obtain all discoverable items in possession of the FBI.

That still leaves a thousand Facebook pages and 39 photos, some of them taken at a key scene in the Capitol a scene that — given the evidence against Steele-Smith and in other cases — is a relative blind spot in the surveillance of the Capitol. The interview described here is not reflected in her arrest warrant, and so may include non-public information used to support the obstruction case.

Beryl Howell might argue this is sufficient evidence to prove the government’s obstruction case. Trevor McFadden might argue that this case can’t wait for more video evidence obtained from future arrestees of what Steele-Smith did while “storm[ing] the castle” (in her own words), including the office of the Speaker of the House. But the theft of the Pelosi laptop — including whether Groypers like Riley Williams were involved — remains unsolved.

If a single terrorist with suspect ties to foreign entities broke into the office of the Speaker of the House and stole one of her laptops, no one would even think twice if DOJ were still investigating seven months later. But here, because the specific means of investigation include prosecuting the 1,000 people who made that break-in possible, there’s a push to curtail the investigation.

I don’t know what the answer is because the Speedy Trial issues are very real, particularly for people who are detained. But I do know it’s very hard for anyone to get their mind around this investigation.

The Model MAGA Tourist, Anna Morgan-Lloyd, and Evidence Collection

Today, Anna Morgan-Lloyd, a 49-year old grandmother from Indiana was supposed to be sentenced to probation on her misdemeanor trespass charges relating to January 6. That has been postponed on account of the Juneteenth holiday. But I suspect the courts and the government hope that other sentencing hearings — including that of Jessica and Joshua Bustle, who pled guilty on Monday — will take place after Morgan-Lloyd, so as to make hers the model of how to earn a (three-year) probation sentence for participating in the riot.

Five Factors

In their own sentencing memo, the government laid out five factors that presumably are the ones prosecutors are using to identify those who might be offered probation deals.

The first four may be the checklist the government has used to weigh whether to charge those originally arrested on trespass charges with a felony, each of which loosely correlates with one of the felony charges used against insurrectionists (which I’ve added in brackets).

First, the Government is not aware of any evidence that Defendant’s entry into the Capitol was preplanned or coordinated with anyone else, including any extremist or organized groups. [18 USC 1512, obstruction]

Second, the Government is not aware of any evidence that the Defendant incited others to commit acts of violence or destruction. [18 USC 231, civil disorder]

Third, the Government is not aware of any evidence that the Defendant engaged in any violence towards law enforcement. [18 USC 111, assault or resisting federal officers]

Fourth, the Government is not aware of any evidence that the Defendant destroyed or stole any property from the Capitol. [18 USC 1361, depredation of government property]

The fifth factor is more discretionary — but will be important in distinguishing MAGA tourists for those who got swept up into the effort to terrorize Congress. Morgan-Lloyd spent about 10 minutes in the Capitol, but she also didn’t go to any of the places — like the Senate floor or into a Member of Congress’ office — that suggests someone got caught up in the effort to delay the vote count or to hunt down members of Congress.

Fifth, based on the Government’s investigation, it appears that the Defendant remained in a limited part of the Capitol building for a limited period of time – i.e., in one hallway for a little over ten minutes. The Government is not aware of any evidence that the Defendant entered any rooms or offices in the Capitol, the Capitol Rotunda, or the Senate or House Chamber.

I suspect this will be used to distinguish those who committed misdemeanor offenses that merit some jail time (and it’s likely to be weeks, not months), from those who will get probation.

Respect for rule of law

There’s a section of the government memo that addresses respect for rule of law, including laying out the 3-year probation expected of Morgan-Lloyd that includes five factors:

  • The two days Morgan-Lloyd spent in jail after her arrest that gave her a taste of the criminal justice system
  • Three years of probation that, among other things, includes a discretionary condition that will prohibit her from possessing firearms
  • Cooperation with law enforcement, which I’ll return to
  • An expression of contrition, which I’ll return to
  • Both community service and the restitution of her share of the $1.5 million damage to the Capitol

While I doubt the probation sentence will be that onerous for Morgan-Lloyd (though the government notes it is twice as long as the supervised release as she’d get if she did do jail time), for others, the prohibition on owning guns will be. To the extent this is a model for others, it will serve to either disarm former insurrectionists or criminalize owning weapons for some years.

Contrition

One reason I suspect the government would prefer that Morgan Lloyd be sentenced before the Bustles is that even in Monday’s plea hearing, Jessica Bustle made a statement to insist that in addition to some horrible things she said online, she said we should pray for the country. That isn’t actually all that exculpatory, given that it may still reflect a belief that the country is in trouble because the democratic victor will become President. In any case, on Monday at least, the Bustles seemed more anxious to get this done than to express any remorse.

By contrast, Morgan-Lloyd did several things to express contrition. She watched several movies about diversity and wrote two movie reviews (for Schindler’s List and Just Mercy) showing an attempt to get out of her bubble; in the former she criticized her son-in-law’s Holocaust denialism. She also acknowledged that there are less privileged people who still suffer in the US.

I’ve learned that even though we live in a wonderful country things still need to improve. People of all colors should feel as safe as I do to walk down the street.

These may be just busy work a smart defense attorney will impose, but you never know when the process will lead someone to rethink their own bubble.

More importantly Morgan-Lloyd’s statement includes a very accurate description of how her participation in the riot helped those with violent intent.

I felt ashamed that something meant to show support for the President had turned violent. This is not the way to prove any point. At first it didn’t dawn on me, but later I realized that if every person like me, who wasn’t violent, was removed from that crowd, the ones who were violent may have lost the nerve to do what they did. For that I am sorry and take responsibility. It was never my intent to help empower people to act violently.

Again, this may reflect the work of a good defense attorney, but stating it is an important step in moving beyond the insurrection.

Cooperation with law enforcement

Finally, the government motion and Morgan-Lloyd’s statement describe the import of cooperation with law enforcement. In the government’s description, they noted she allowed her phone to be imaged and analyzed.

Third, one important aspect of promoting respect for the law is encouraging cooperation and truthfulness with law enforcement. Here, following her arrest, the Defendant fully cooperated with law enforcement and admitted to the full scope of her actions. In addition to waiving her rights and agreeing to be interviewed by law enforcement, she also allowed her mobile phone to be downloaded for substantive analysis.

Morgan-Lloyds statement described how she freely let the FBI get the contents of her phone.

I openly and honestly told them everything I could recall from that day. I gave them my phone freely to download what they needed. My phone was not locked so they didn’t need a password to get in. If it had a password I would have willingly provided it.

I have described how, especially more recently, the government seems to have been prioritizing the misdemeanor arrests of those who might have important evidentiary videos on their phone. Morgan-Lloyd describes seeing what may be the East Doors get opened from inside.

I saw the side doors being opened from the inside and assumed the door closest to me were also open because people who worked in the Capital Building walked past us. They didn’t look nervous or scared.

If she did see those East Doors open, and especially if she has some kind of video evidence, it may prove important to figure out who precisely initiated that and whether it was premeditated and coordinated with those outside the building (as seems likely).

When I first noted that the government seemed to be arresting those from whom they expected to get key evidence, I imagined that those people, especially, would get favorable terms for sentencing. The emphasis here on sharing her phone contents seems to accord with that.

Former Presiding FISA Judge John Bates’ Curious Treatment of White Person Terrorism

By chance of logistics, the men and women who have presided over a two decade war on Islamic terrorism are now presiding over the trials of those charged in January 6.

To deal with the flood of defendants, the Senior Judges in the DC District have agreed to pick up some cases. And because FISA mandates that at least three of the eleven FISA judges presiding at any given time come from the DC area, and because the presiding judge has traditionally been from among those three, it means a disproportionate number of DC’s Senior Judges have served on the FISA Court, often on terms as presiding judge or at the very least ruling over programmatic decisions that have subjected millions of Americans to collection in the name of the war on terror. Between those and several other still-active DC judges, over 60 January 6 cases will be adjudicated by a current or former FISA judge.

Current and former FISA judges have taken a range of cases with a range of complexity and notoriety:

  • Royce Lamberth served as FISC’s presiding judge from 1995 until 2002 and failed in his effort to limit the effect of the elimination of the wall between intelligence and criminal collection passed in the PATRIOT Act. And during a stint as DC’s Chief Judge he dealt with the aftermath of the Boumediene decision and fought to make the hard won detention reviews won by Gitmo detainees more than a rubber stamp. Lamberth is presiding over 10 cases with 14 defendants. A number of those are high profile cases, like that of Jacob Chansley (the Q Shaman), Zip Tie Guy Eric Munchel and his mother, bullhorn lady and mask refusenik Rachel Powell, and Proud Boy assault defendant Christopher Worrell.
  • Colleen Kollar-Kotelly is still an active DC District judge, but she served as FISC presiding judge starting way back in 2002, inheriting the difficulties created by Stellar Wind from Lamberth. She’s the one who redefined “relevant to” in an effort to bring the Internet dragnet back under court review. She is presiding over ten January 6 cases with 12 defendants. That includes Lonnie Coffman, who showed up to the insurrection with a truck full of Molotov cocktails, as well as some other assault cases.
  • John Bates took over as presiding judge of FISC on May 19, 2009. In 2010, he redefined “metadata” so as to permit the government to continue to use the Internet dragnet; the government ultimately failed to make that program work but FISC has retained that twisted definition of “metadata” nevertheless. In 2011, he authorized the use of “back door searches” on content collected under FISA’s Section 702. In 2013, Bates appears to have ruled that for Islamic terrorists, the FBI can get around restrictions prohibiting surveillance solely for First Amendment reasons by pointing to the conduct of an American citizen suspect’s associates, rather than his or her own. And while not a FISA case, Bates also dismissed Anwar al-Awlaki’s effort to require the government to give him some due process before executing him by drone strike; at the time, the government had presented no public evidence that Awlaki had done more than incite violence. Bates has eight January 6 cases with nine defendants (as well as some unrelated cases), but he is presiding over several high profile ones, including the other Zip Tie Guy, Larry Brock, the scion of a right wing activist family, Leo Bozell IV, and former State Department official Freddie Klein.
  • Reggie Walton, who took over as presiding judge in 2013 but who, even before that, oversaw key programmatic decisions starting in 2008, showed a willingness both on FISC and overseeing the Scooter Libby trial to stand up to the Executive. That includes his extended effort to clean up the phone and Internet dragnet after Bush left in 2009, during which he even shut down part or all of the two dragnets temporarily. Walton is presiding over six cases with eight defendants, most for MAGA tourism.
  • Thomas Hogan was DC District’s head judge in the 2000s. In that role, he presided over the initial Gitmo detainees’ challenges to their detention (though many of the key precedential decisions on those cases were made by other judges who have since retired). Hogan then joined FISC and ultimately took over the presiding role in 2014 and in that role, affirmatively authorized the use of Section 702 back door searches for FBI assessments. Hogan is presiding over 13 cases with 18 defendants, a number of cases involving multiple defendants (including another set of mother-son defendants, the Sandovals). The most important is the case against alleged Brian Sicknick assailants, Julian Khater and George Tanios.
  • James Boasberg, who took over the presiding position on FISC on January 1, 2020 but had started making initial efforts to rein in back door searches even before that, is presiding over about eight cases with ten defendants, the most interesting of which is the case of Aaron Mostofsky, who is himself the son of a judge.
  • Rudolph Contreras, who like Kollar-Kotelly and Boasberg is not a senior judge, is currently a FISC judge. He has six January 6 cases with seven defendants, most MAGA tourists accused of trespassing. There’s a decent chance he’ll take over as presiding judge when Boasberg’s term on FISC expires next month.

Of the most important FISA judges since 9/11, then, just Rosemary Collyer is not presiding over any January 6 cases.

Mind you, it’s not a bad thing that FISA judges will preside over January 6 cases. These are highly experienced judges with a long established history of presiding over other cases, ranging the gamut and including other politically charged high profile cases, as DC District judges do.

That said, in their role as FISA judges — particularly when reviewing programmatic applications — most of these judges have been placed in a fairly unique role on two fronts. First, most of these judges have been forced to weigh fairly dramatic legal questions, in secret, in a context in which the Executive Branch routinely threatens to move entire programs under EO 12333, thereby shielding those programs from any oversight by a judge. These judges responded to such situations with a range of deference, with Royce Lamberth and Reggie Walton raising real stinks and — the latter case — hand-holding on oversight over the course of most of a year, to John Bates and to a lesser degree Thomas Hogan, who often complained at length about abuses before expanding the same programs being abused. Several — perhaps most notably Kollar-Kotelly when she was asked to bring parts of Stellar Wind under FISA — have likewise had to fight to affirm the authority of the entire Article III branch, all in secret.

Ruling on these programmatic FISA applications also involved hearing expansive government claims about the threat of terrorism, the difficulty and necessity of identifying potential terrorists before they attack, and the efficacy of the secret programs devised to do that (the judges who also presided over Gitmo challenges, which includes several on this list, also fielded similar secret claims about the risk of terrorism). Some of those claims — most notably, about the efficacy of the Section 215 phone dragnet — were wildly overblown. In other words, to a degree unmatched by most other judges, these men and women were asked to balance the rights of Americans against secret government claims about the risks of terrorism.

Now these same judges are part of a group being asked to weigh similar questions, but about a huge number of predominantly white, sometimes extremist Christian, defendants, but to do so in public, with defense attorneys challenging their every decision. Here, the balance between extremist affiliation and First Amendment rights will play out in public, but against the background of a two decade war on terror where similar affiliation was criminalized, often in secret.

Generally, the District judges in these cases have not done much on the cases yet, as either Magistrates (on initial pre-indictment appearances) or Chief Judge Beryl Howell (on initial detention disputes) have handled some of the more controversial issues, and in a few cases, Ketanji Brown Jackson presided over arraignments before she started handing off cases in anticipation of her Circuit confirmation process.

But several of the judges have written key opinions on detention, opinions that embody how differently the conduct of January 6 defendants looks to different people.

Lamberth, for example, authored the original detention order for “Zip Tie Guy” Eric Munchel and his mom, Lisa Eisenhart. Even while admitting that Munchel made efforts to limit any vandalization during the riot, Lamberth nevertheless deemed Munchel’s actions a threat to our constitutional government.

The grand jury charged Munchel with grave offenses. In charging Munchel with “forcibly enter[ing] and remain[ing] in the Capitol to stop, delay, and hinder Congress’s certification of the Electoral College vote,” Indictment 1, ECF No. 21, the grand jury alleged that Munchel used force to subvert a democratic election and arrest the peaceful transfer of power. Such conduct threatens the republic itself. See George Washington, Farewell Address (Sept. 19, 1796) (“The very idea of the power and the right of the people to establish government presupposes the duty of every individual to obey the established government. All obstructions to the execution of the laws, all combinations and associations, under whatever plausible character, with the real design to direct, control, counteract, or awe the regular deliberation and action of the constituted authorities, are destructive of this fundamental principle, and of fatal tendency.”). Indeed, few offenses are more threatening to our way of life.

Munchel ‘s alleged conduct demonstrates a flagrant disregard for the rule of law. Munchel is alleged to have taken part in a mob, which displaced the elected legislature in an effort to subvert our constitutional government and the will of more than 81 million voters. Munchel’ s alleged conduct indicates that he is willing to use force to promote his political ends. Such conduct poses a clear risk to the community.

Defense counsel’s portrayal of the alleged offenses as mere trespassing or civil disobedience is both unpersuasive and detached from reality. First, Munchel’s alleged conduct carried great potential for violence. Munchel went into the Capitol armed with a taser. He carried plastic handcuffs. He threatened to “break” anyone who vandalized the Capitol.3 These were not peaceful acts. Second, Munchel ‘s alleged conduct occurred while Congress was finalizing the results of a Presidential election. Storming the Capitol to disrupt the counting of electoral votes is not the akin to a peaceful sit-in.

For those reasons, the nature and circumstances of the charged offenses strongly support a finding that no conditions of release would protect the community.

[snip]

Munchel gleefully entered the Capitol in the midst of a riot. He did so, the grand jury alleges, to stop or delay the peaceful transfer of power. And he did so carrying a dangerous weapon. Munchel took these actions in front of hundreds of police officers, indicating that he cannot be deterred easily.

Moreover, after the riots, Munchel indicated that he was willing to undertake such actions again. He compared himself-and the other insurrectionists-to the revolutionaries of 1776, indicating that he believes that violent revolt is appropriate. See Pullman, supra. And he said “[t]he point of getting inside the building is to show them that we can, and we will.” Id. That statement, particularly its final clause, connotes a willingness to engage in such behavior again.

By word and deed, Munchel has supported the violent overthrow of the United States government. He poses a clear danger to our republic.

This is the opinion that the DC Circuit remanded, finding that Lamberth had not sufficiently considered whether Munchel and his mother would pose a grave future threat absent the specific circumstances present on January 6. They contrasted the mother and son with those who engaged in violence or planned in advance.

[W]e conclude that the District Court did not demonstrate that it adequately considered, in light of all the record evidence, whether Munchel and Eisenhart present an identified and articulable threat to the community. Accordingly, we remand for further factfinding. Cf. Nwokoro, 651 F.3d at 111–12.

[snip]

Here, the District Court did not adequately demonstrate that it considered whether Munchel and Eisenhart posed an articulable threat to the community in view of their conduct on January 6, and the particular circumstances of January 6. The District Court based its dangerousness determination on a finding that “Munchel’s alleged conduct indicates that he is willing to use force to promote his political ends,” and that “[s]uch conduct poses a clear risk to the community.” Munchel, 2021 WL 620236, at *6. In making this determination, however, the Court did not explain how it reached that conclusion notwithstanding the countervailing finding that “the record contains no evidence indicating that, while inside the Capitol, Munchel or Eisenhart vandalized any property or physically harmed any person,” id. at *3, and the absence of any record evidence that either Munchel or Eisenhart committed any violence on January 6. That Munchel and Eisenhart assaulted no one on January 6; that they did not enter the Capitol by force; and that they vandalized no property are all factors that weigh against a finding that either pose a threat of “using force to promote [their] political ends,” and that the District Court should consider on remand. If, in light of the lack of evidence that Munchel or Eisenhart committed violence on January 6, the District Court finds that they do not in fact pose a threat of committing violence in the future, the District Court should consider this finding in making its dangerousness determination. In our view, those who actually assaulted police officers and broke through windows, doors, and barricades, and those who aided, conspired with, planned, or coordinated such actions, are in a different category of dangerousness than those who cheered on the violence or entered the Capitol after others cleared the way. See Simpkins, 826 F.2d at 96 (“[W]here the future misconduct that is anticipated concerns violent criminal activity, no issue arises concerning the outer limits of the meaning of ‘danger to the community,’ an issue that would otherwise require a legal interpretation of the applicable standard.” (internal quotation and alteration omitted)). And while the District Court stated that it was not satisfied that either appellant would comply with release conditions, that finding, as noted above, does not obviate a proper dangerousness determination to justify detention.

The District Court also failed to demonstrate that it considered the specific circumstances that made it possible, on January 6, for Munchel and Eisenhart to threaten the peaceful transfer of power. The appellants had a unique opportunity to obstruct democracy on January 6 because of the electoral college vote tally taking place that day, and the concurrently scheduled rallies and protests. Thus, Munchel and Eisenhart were able to attempt to obstruct the electoral college vote by entering the Capitol together with a large group of people who had gathered at the Capitol in protest that day. Because Munchel and Eisenhart did not vandalize any property or commit violence, the presence of the group was critical to their ability to obstruct the vote and to cause danger to the community. Without it, Munchel and Eisenhart—two individuals who did not engage in any violence and who were not involved in planning or coordinating the activities— seemingly would have posed little threat. The District Court found that appellants were a danger to “act against Congress” in the future, but there was no explanation of how the appellants would be capable of doing so now that the specific circumstances of January 6 have passed. This, too, is a factor that the District Court should consider on remand. [my emphasis]

The DC Circuit opinion (joined by Judith Rogers, who ruled for Gitmo detainees in Bahlul and a Boumediene dissent) was absolutely a fair decision. But it is also arguably inconsistent with the way that the federal government treated Islamic terrorism, in which every time the government identified someone who might engage in terrorism (often using one of the secret programs approved by this handful of FISA judges, and often based off far less than waltzing into the Senate hoping to prevent the certification of an election while wielding zip ties and a taser), the FBI would continue to pursue those people as intolerably dangerous threats. Again, that’s not the way it’s supposed to work, but that is how it did work, in significant part with the approval of FISA judges.

That is, with Islamic terrorism, the government treated potential threats as threats, whereas here CADC required Lamberth to look more closely at what could make an individual predisposed to an assault on our government — a potential threat — as dangerous going forward. Again, particularly given the numbers involved, that’s a better application of due process than what has been used for the last twenty years, but it’s not what happened during the War on Terror (and in weeks ahead, this will be relitigated with consideration of whether Trump’s continued incitement makes these defendants an ongoing threat).

Now compare Lamberth’s order to an order John Bates issued in the wake of and specifically citing the CADC ruling, releasing former State Department official Freddie Klein from pretrial detention. Klein is accused of fighting with cops in the Lower West Terrace over the course of half an hour.

Bates found that Klein, in using a stolen riot shield to push against cops in an attempt to breach the Capitol, was eligible for pre-trial detention, though he expressed skepticism of the government’s argument that Klein had wielded the shield as a dangerous weapon).

The Court finds that Klein is eligible for pretrial detention based on Count 3. Under the BRA, a “crime of violence” includes “an offense that has as an element of the offense the use, attempted use, or threatened use of physical force against the person or property of another.” 18 U.S.C. § 3156(a)(4)(A). The Supreme Court in Johnson v. United States defined “physical force” as “force capable of causing physical pain or injury to another person.” 559 U.S. 133, 140 (2010); see also Def.’s Br. at 9.

[snip]

6 The Court has some doubts about whether Klein “used” the stolen riot shield as a dangerous weapon. The BRA does not define the term, but at least for purposes of § 111(b), courts have held that a dangerous weapon is any “object that is either inherently dangerous or is used in a way that is likely to endanger life or inflict great bodily harm.” See United States v. Chansley, 2021 WL 861079, at *7 (D.D.C. Mar. 8, 2021) (Lamberth, J.) (collecting cases). A plastic riot shield is not an “inherently dangerous” weapon, and therefore the question is whether Klein used it in a way “that is likely to endanger life or inflict great bodily harm.” The standard riot shield “is approximately forty-eight inches tall and twenty-four inches wide,” see Gov’t’s Br. at 13, and the Court disagrees with defense counsel’s suggestion that a riot shield might never qualify as a dangerous weapon, even if swung at an officer’s head, Hr’g Tr. 18:18–25, 19:1–11. See, e.g., United States v. Johnson, 324 F.2d 264, 266 (4th Cir. 1963) (finding that metal and plastic chair qualified as a dangerous weapon when “wielded from an upright (overhead) position and brought down upon the victim’s head”). But it is a close call whether Klein’s efforts to press the shield against officers’ bodies and shields were “likely to endanger life or inflict great bodily harm.” See Chansley, 2021 WL 861079, at *7.

But Bates ruled that there were certain things about the case against Klein — that he didn’t come prepared for combat, that he didn’t bring a weapon with him and instead just made use of what he found there, that any coordination he did involved ad hoc cooperation with other rioters rather than leadership throughout the event — that distinguished him from other defendants who (he suggested) should be detained, thereby limiting the guidelines laid out by CDC.

Bates’ decision on those points is absolutely fair. He has distinguished Klein from other January 6 defendants who, he judges, contributed more to the violence.

But there are two aspects of Bates’ decision I find shocking, especially from the guy who consistently deferred to Executive Authority on matters of national security and who sacrificed all of our communicative privacy in the service of finding hidden terrorist threats to the country. First, Bates dismissed the import of Klein’s sustained fight against cops because — he judged — Klein was only using force to advance the position of the mob, not trying to injure anyone.

The government’s contention that Klein engaged in “what can only be described as hand-to-hand combat” for “approximately thirty minutes” also overstates what occurred. See Gov’t’s Br. at 6. Klein consistently positioned himself face-to-face with multiple officers and also repeatedly pressed a stolen riot shield against their bodies and shields. His objective, as far as the Court can tell, however, appeared to be to advance, or at times maintain, the mob’s position in the tunnel, and not to inflict injury. He is not charged with injuring anyone and, unlike with other defendants, the government does not submit that Klein intended to injure officers. Compare Hr’g Tr. 57:12–18 (government conceding that the evidence does not establish Klein intended to injure anyone, only that “there was a disregard of care whether he would injure anyone or not” in his attempt to enter the Capitol), with Gov’t’s Opp’n to Def.’s Mot. to Reopen Detention Hearing & For Release on Conditions, ECF No. 30 (“Gov’t’s Opp’n to McCaughey’s Release”), United States v. McCaughey, III, 21-CR-040-1, at 11 (D.D.C. Apr. 7, 2021) (government emphasizing defendant’s “intent to injure” an officer who he had pinned against a door using a stolen riot shield as grounds for pretrial detention). And during the time period before Klein obtained the riot shield, he made no attempts to “battle” or “fight” the officers with his bare hands or other objects, such as the flagpole he retrieved. That does not mean that Klein could not have caused serious injury— particularly given the chaotic and cramped atmosphere inside the tunnel. But his actions are distinguishable from other detained defendants charged under § 111(b) who clearly sought to incapacitate and injure members of law enforcement by striking them with fists, batons, baseball bats, poles, or other dangerous weapons.

[snip]

Klein’s conduct was forceful, relentless, and defiant, but his confrontations with law enforcement were considerably less violent than many others that day, and the record does not establish that he intended to injure others. [my emphasis]

Bates describes that Klein wanted to use force in the service of occupying the building, not harming individual cops.

Of course, using force to occupy a building in service of halting the vote count is terrorism, but Bates doesn’t treat it as such.

Even more alarmingly, Bates flips how Magistrate Zia Faruqui viewed a government employee like Klein turning on his own government. The government had argued — and Faruqui agreed — that when a federal employee with Top Secret clearance attacks his own government, it is not just a crime but a violation of the Constitutional oath he swore to protect the country against enemies foreign and domestic.

Bates — after simply dismissing the import of Klein’s admittedly limited criminal history that under any other Administration might have disqualified him from retaining clearance — describes what Klein did as a “deeply concerning breach of trust.”

The government also argues that “Klein abdicated his responsibilities to the country and the Constitution” on January 6 by violating his oath of office as a federal employee to “support and defend the Constitution of the United States against all enemies, foreign and domestic.” Id. at 24–25 (quoting 5 U.S.C. § 3331). The fact that, as a federal employee, Klein actively participated in an assault on our democracy to thwart the peaceful transfer of power constitutes a substantial and deeply concerning breach of trust. More so, too, because he had been entrusted by this country to handle “top secret” classified information to protect the United States’ most sensitive interests. In light of his background, Klein had, as Magistrate Judge Faruqui put it, every “reason to know the acts he committed” on January 6 “were wrong,” and yet he took them anyway. Order of Detention Pending Trial at 4. Klein’s position as a federal employee thus may render him highly culpable for his conduct on January 6. But it is less clear that his now-former employment at the State Department heightens his “prospective” threat to the community. See Munchel, 2021 WL 1149196, at *4. Klein no longer works for or is affiliated with the federal government, and there is no suggestion that he might misuse previously obtained classified information to the detriment of the United States. Nor, importantly, is he alleged to have any contacts—past or present—with individuals who might wish to take action against this country. [my emphasis]

Bates then argues that Klein’s ability to obtain clearance proves not that he violates oaths he takes (the government argument adopted by Faruqui), but that he has the potential to live a law-abiding life.

Ultimately, Klein’s history—including his ability to obtain a top-level security clearance—shows his potential to live a law-abiding life. His actions on January 6, of course, stand in direct conflict with that narrative. Klein has not—unlike some other defendants who have been released pending trial for conduct in connection with the events of January 6—exhibited remorse for his actions. See, e.g., United States v. Cua, 2021 WL 918255, at *7–8 (D.D.C. Mar. 10, 2021) (Moss, J.) (weighing defendant’s deep remorse and regret in favor of pretrial release). But nor has he made any public statements celebrating his misconduct or suggesting that he would participate in similar actions again. And it is Klein’s constitutional right to challenge the allegations against him and hold the government to its burden of proof without incriminating himself at this stage of the proceedings. See United States v. Lawrence, 662 F.3d 551, 562 (D.C. Cir. 2011) (“[A] district court may not pressure a defendant into expressing remorse such that the failure to express remorse is met with punishment.”). Hence, despite his very troubling conduct on January 6, the Court finds on balance that Klein’s history and characteristics point slightly toward release.

In short, Bates takes the fact that Klein turned on the government he had sworn to protect and finds that that act weighs in favor of release.

Bates judges that this man, whom he described as having committed violence to advance the goal of undermining an election, nevertheless finds that — having already done that — Klein does not pose an unmanageable prospective threat.

Therefore, although it is a close call, the Court ultimately does not find that Klein poses a substantial prospective threat to the community or any other person. He does not pose no continuing danger, as he contends, given his demonstrated willingness to use force to advance his personal beliefs over legitimate government objectives. But what future risk he does present can be mitigated with supervision and other strict conditions on his release.

Again, it’s not the decision itself that is troubling. It’s the thought process Bates used, both for the way Bates flips Klein’s betrayal of his oath on its head, and for the way that Bates views the threat posed by a man who already used force in an attempt to coerce a political end. And it’s all the more troubling knowing how Bates has deferred to the Executive’s claims about the nascent threat posed even by people who have not, yet, engaged in violence to coerce a political end.

Bates similarly showed no deference to the government’s argument that Larry Brock, a retired Lieutenant Colonel who also brought zip ties into the Senate chamber, should have no access to the Internet given really inflammatory statements on social media, including a call for “fire and blood” as early as November. Bates decided on his own that Probation could sufficiently monitor Brock’s Internet use, comparing Brock to (in my opinion) two unlike defendants to justify the decision. Again, the decision itself is absolutely reasonable, but for the guy who decided the government could monitor significant swaths of transnational Internet traffic out of a necessity to identify potential terrorists, for a guy who okayed the access of US person’s content with no warrant, it’s fairly remarkable that he hasn’t deferred to the government about the danger Brock poses on the Internet (to say nothing of Brock’s likely sophistication at evading surveillance).

Again, I’m not complaining about any of these opinions. The outcomes are all reasonable. It is genuinely difficult to fit the events of January 6 into our existing framework (and perhaps that’s a good thing). Plus, there is such a range of fact patterns that even in the Munchel opinion give force to the mob even while trying to adjudicate individuals’ actions.

But either because these discussions are public, or because we simply think about white person terrorism differently, less foreign, perhaps, than we do Islamic terrorism, the very same judges who’ve grappled with these questions for the past two decades don’t necessarily have the ready answers they had in the past.

FISA Judges January 6 cases

Lamberth:

Kollar-Kotelly:

Bates:

Walton:

Hogan:

Boasberg:

Contreras:

How Keith Gartenlaub Turned Child Porn into Foreign Intelligence

As I mentioned in this post on FISA and the space-time continuum, I’m going to be focusing closely on the FISA implications of Keith Gartenlaub’s child porn prosecution.

Gartenlaub was a Boeing engineer in 2013 when the FBI started investigating him for sharing information with China (see this and this story for background). He was suspected, in significant part, because of relationships and communications tied to his wife, who is a naturalized Chinese-American and whose family appears well-connected in China. The case is interesting for the way the government used both FISA and criminal searches to prosecute him for a non-national security related crime.

The case is currently being appealed to the 9th Circuit; it will be heard on December 4. His defense is challenging several things about his conviction, including that there was insufficient evidence to deem him an Agent of a Foreign Power (and therefore to obtain the ability to conduct a broader search than might be permitted under a criminal warrant), as well as that there was insufficient evidence offered at trial that he knowingly possessed the 9-year old child porn on which his conviction rests. I think there’s some merit to the latter claim, but I’m going to bracket it for my discussion, both because I think the FISA issues would remain important even if the government’s case on the child porn charge were far stronger than it is, and because I think the government may be sitting on potentially inculpatory evidence.

In this post, I’m going to show that it is almost certain that the government changed FISA minimization procedures to facilitate using FISA to prosecute him for child porn.

Timeline

The public timeline around the case looks like this (and as I said, I believe the government is hiding some bits):

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

Unknown date: Harris obtains a FISA order

January 29, 2014: Using FISA physical search order, FBI searches Gartenlaub’s home, images three hard drives

June 3, 2014: Harris sends files to National Center for Missing and Exploited Children, which confirms some files display known victims

August 22, 2014: Criminal search warrant obtained for Gartenlaub’s premises

August 27, 2014: FBI searches Gartenlaub’s properties, seizing computers used as evidence in trial, arrests him

August 29, 2014: Government reportedly says it will dismiss charges if Gartenlaub will cooperate on spying

October 23, 2014: Grand jury indicts

December 10, 2015: Guilty verdict

FBI used a criminal search warrant to obtain evidence, then obtained a FISA order

As you can see from the timeline, the government first obtained a criminal search warrant for access to Gartenlaub and his wife’s email accounts (Gartenlaub also got an 1806 notice, meaning they used a FISA wiretap on him at some point). Only after that did they execute a FISA physical search order to search his house and image his computers. Which means — unless they had a FISA order and a criminal warrant simultaneously — they had already convinced a judge it was likely Gartenlaub’s emails would provide evidence he was “remov[ing ] information, including export controlled technical data, from Boeing’s computer networks to China.” In his affidavit, Agent Harris cited violations of the Arms Export Control Act and Computer Fraud and Abuse Act.

Then, after probably months of reviewing emails later, having already shown probable cause that could have enabled them to get a search warrant to search Gartenlaub’s computer for those specific crimes — that is, proof that he had exploited his network access at Boeing in order to obtain data he could share with his wife’s Chinese associates — the government then went to FISA and convinced a judge they had probable cause Gartenlaub (or perhaps his wife) was acting as an agent of a foreign power for what are assumed to be the same underlying activities.

The government insists it still had adequate evidence Gartenlaub or his wife was an agent of a foreign power under FISA

The government’s response to Gartenlaub’s appeal predictably redacts much of the discussion to support its claim that it had sufficient probable cause, after months of reading his emails, to claim he or his wife was an agent of China. But the structure of it — with an unredacted paragraph addressing weaknesses with the criminal affidavit, followed by a redacted passage of unknown length, as well as a redacted footnote modifying the idea that the criminal affidavit “merely ‘recycled’ details that were found in the Harris affidavit” (see page 38-39) — suggests they raised evidence beyond what got included in the criminal affidavit. That’s surely true; it presumably explains what was so interesting about Yi’s family and associates in China as to sustain suspicion that they would be soliciting Boeing technology.

In any case, in a filing in which the government admits that “the [District] court expressed ‘some personal questions regarding the propriety of the FISA court proceeding even though that certainly seems to be legally authorized’,” the government pushed the Ninth Circuit to adopt a deferential standard on probable cause for FISA orders, in which only clear error can overturn the probable cause standard.

The Court has not previously articulated the standard of review applicable to an underlying finding of probable cause in a FISA case. In the analogous context of search warrants, this Court gives “great deference” to an issuing magistrate judge’s findings of probable cause, reviewing such findings only for “clear error.” Krupa, 658 F.3d at 1177; United States v. Hill, 459 F.3d 966, 970 (9th Cir. 2006) (same); United States v. Clark, 31 F.3d 831, 834 (9th Cir. 1994) (same). “In borderline cases, preference will be accorded to warrants and to the decision of the magistrate issuing it.” United States v. Terry, 911 F.2d 272, 275 (9th Cir. 1990). The same standard applies to this Court’s review of the findings in Title III wiretap applications. United States v. Brown, 761 F.2d 1272, 1275 (9th Cir. 2002).

Consistent with these standards and with FISA itself, the Second and Fifth Circuits have held that the “established standard of judicial review applicable to FISA warrants is deferential,” particularly given that “FISA warrant applications are subject to ‘minimal scrutiny by the courts,’ both upon initial presentation and subsequent challenge.” United States v. Abu-Jihaad, 630 F.3d 102, 130 (2d Cir. 2010); accord United States v. El-Mezain, 664 F.3d 467, 567 (5th Cir. 2011) (noting that representations and certifications in FISA application should be “presumed valid”). Other courts, reviewing district court orders de novo, have not discussed what deference applies to the FISC. See, e.g., Demeisi, 424 F.3d at 578; Squillacote, 221 F.3d at 553-54.

The government submits that the appropriate standard should be deferential. Consistent with findings of probable cause in other cases, the Court should review only for “clear error,” giving “great deference” to the initial conclusion that a FISA application established probable cause.

And, of course, the government argues that even if it didn’t meet the standards required under FISA, it still operated in good faith.

By using a FISA rather than a criminal search warrant, the FBI had more leeway to search for unrelated items

Nevertheless, having read Gartenlaub’s email for months and presumably having had the opportunity to obtain a warrant to search his computers for those specific crimes, the government instead obtained a FISA order that allowed the FBI to search his devices far more broadly, opening up decades old files named with sexually explicit names in the guise of finding intelligence on stealing Boeing’s secrets. Here’s how Gartenlaub’s lawyers describe the search in his appeal, a description the government largely endorses in their response:

The FISC can only authorize the government to search for and seize “foreign intelligence information.” 50 U.S.C. §§ 1822(b), 1823(a)(6)(A), 1824(a)(4). The order authorizing the January 2014 search of Gartenlaub’s home and computers presumably complied with this restriction. “Foreign intelligence information” (defined at 50 U.S.C. §§ 1801(e) and 1821(1)) does not include child pornography. Nonetheless, as detailed in the government’s application for the August 2014 search warrant, the agents imaged Gartenlaub’s computers in their entirety, reviewed every file, and–upon discovering that some of the files contained possible child pornography–subjected those and related files to detailed scrutiny, including sending them to the National Center for Exploited Children for analysis. ER248-56, 262-68. In an effort to establish that Gartenlaub had downloaded the child pornography, the agents also examined and analyzed a number of other files on the computers, none of which had anything to do with “foreign intelligence information.” ER255-62, 268-70.

As far as the record shows, the agents conducted this detailed, far-ranging analysis without obtaining any court authorization beyond the initial FISC order. In other words, after encountering suspected child pornography files, the agents did not stop their search and seek a warrant authorizing them to open and review those files and other potentially related files. Instead, they opened, examined, and analyzed the suspected child pornography files and a number of other files having nothing to do with foreign intelligence information. They then incorporated the results of that analysis into the August 2014 search warrant application. ER248- 49. That application, in turn, produced the warrant that gave the agents authority to search for and seize the very materials that they had already seized and searched under the purported authority of the January 2014 FISC order.

How did agents authorized to search for “foreign intelligence information” end up opening, examining, and analyzing suspected child pornography files and a number of other files that had nothing to do with the only authorized object of the search? The agents apparently relied on the following argument: To determine whether Gartenlaub’s computers contained foreign intelligence information, it was necessary to open and review every file; after all, a foreign spy might cleverly conceal such information in .jpg files with sex-themed names or in other non-obvious locations. And after opening the files, the child pornography and other information was in “plain view” and thus could be lawfully seized under the Fourth Amendment.

As a result of these broad standards, and of Gartenlaub’s habit of retaining disk drives from computers he no longer owned, the FBI found files dating back to 2005, from a computer Gartenlaub no longer owned.

Upon finding that those files included apparent child porn, the FBI sent them off to the National Center for Missing and Exploited Children, which confirmed some of the images included known victims. Almost two months later, FBI conducted further (criminal) searches, and arrested Gartenlaub for child porn.

In December 2015, Gartenlaub was found guilty on two counts of child porn, though one count was vacated by the judge after the verdict.

FBI changed standard minimization procedures to permit sharing with NCMEC

The timeline above is what would have been available to Gartenlaub’s defense team.

But in 2015 and 2017, two new details were added to the timeline.

First, on April 11, 2017, two months after Gartenlaub submitted his opening brief in the appeal on February 8, the government released an August 11, 2014 opinion approving the sharing of FISA-obtained data with NCMEC.

Congress established NCMEC in 1984 as a non-governmental organization and it is funded through grants administered by the Department of Justice. One of its purposes is to assist law enforcement in identifying victims of child pornography and other sexual crimes. Indeed, Congress has mandated Department of Justice coordination with NCMEC on these and related issues. See Mot. at 5-8. Furthermore, this Court has approved modifications to these SMPs in individual cases to permit the Government to disseminate information to NCMEC. See Docket Nos. [redacted]. Because of its unique role as a non-governmental organization with a law enforcement function, and because it will be receiving what reasonably appears to be evidence of specific types of crimes for law enforcement purposes, the Government’s amendment to the SMPs comply with FISA under Section 180l(h)(3).1

As noted, in the past the FISC had approved sharing FISA-collected data with NCMEC on a case-by-case basis. But in 2014, in the weeks while  it prepared to arrest Gartenlaub on child porn charges tied to a search that only found the child porn because it used the broader FISA search standard, the government finally made NCMEC sharing part of the standard minimization procedures.

Even on top of this coincidental timing, there are reasons to suspect DOJ codified the NCMEC sharing because of Gartenlaub’s case. For example, in the government’s response there’s a passage that clearly addresses how NCMEC got involved in the case that bridges the discussion of use of child porn evidence discovered in plain view in the criminal context and the discussion of its use here.

Non-FISA precedents also foreclose defendant’s claims. Analyzing a Rule 41 search warrant, this Court has held that using child pornography inadvertently discovered during a lawful search is consistent with the Fourth Amendment. Giberson, 527 F.3d at 889-90 (ruling that “the pornographic material [the agent] inadvertently discovered while searching for the documents enumerated in the warrant [related to document identification fraud] was properly used as a basis for the third warrant authorizing the search for child pornography”);

[additional precedents excluded]

[CLASSIFIED INFORMATION REMOVED] With the benefit of NCMEC’s assistance, the government then sought and obtained the August 2014 search warrants, authorizing the search of defendant’s residence and storage units for child pornography. (CR 73; GER 901-53). The fruits of this warrant were then used in defendant’s prosecution. The use of information discovered during the prior lawful January 2014 search in the subsequent search warrant application was proper. Giberson, 527 F.3d at 890.

The redacted discussion must include not only a description of how NCMEC was permitted to get involved, but in the approval approving this as part of the minimization procedures, which (after all) are designed to protect Americans under the Fourth Amendment.

Of particular interest, the government argued that one of the precedents Gartenlaub cited was not binding generally, and especially not binding on the FISC.

The concurring opinion in CDT, upon which defendant relies, does not aid him. That concurrence is not “binding circuit precedent” or a “constitutional requirement,” much less one binding on the FISC. Schesso, 730 F.3d at 1049 (the “search protocol” set forth in the CDT concurrence is not “binding circuit precedent,” not a[] constitutional requirement[],” and provides “no clear-cut rule”); see CDT, 621 F.3d at 1178 (observing that “[d]istrict and magistrate judges must exercise their independent judgment in every case”); Nessland, 601 Fed. Appx. at 576 (holding that “no special protocol was required” for a computer search). Defendant thus cannot demonstrate any error relating to any FISC-authorized search.

The FISC had, by the time of the search relying on the FISA-obtained child porn as evidence, already approved the use of child porn obtained in a FISA search. So the government could say the CDT case was not binding precedent, because it already had a precedent in hand from the FISC. Of course, it didn’t tell Gartenlaub that.

Of course, that’s not proof that the government codified the NCMEC sharing just for the Gartenlaub case. But there’s a lot of circumstantial evidence that that’s what happened.

The government still has not formally noticed this change to Gartenlaub

As I noted above, the government released the FISC order approving the change in the standard minimization procedures too late to be of use for Gartenlaub’s opening brief. That’s a point EFF and ACLU made in their worthwhile amicus submitted in the appeal.

For example, in this case, the government apparently refused to disclose the relevant FBI minimization procedures to Gartenlaub’s counsel even though other versions of those minimization procedures are publicly available. See Standard Minimization Procedures for FBI Electronic Surveillance and Physical Search Conducted Under FISA (2008). 8

We can debate whether the standard approval for NCMEC sharing is a good thing or whether it invites abuse, offering the FBI an opportunity to use more expansive searches to “find” evidence of child porn that it can then use as leverage in a foreign intelligence context (which I’ll return to). I suspect it is wiser to approve such sharing on a case-by-case basis, as had been the case before Gartenlaub.

But from this point forward, I would assume the FBI will routinely use this provision as an excuse to conduct particularly thorough searches for child porn, on the logic that obtaining any would provide great leverage against an intelligence target.

The timing of the approval of NCMEC sharing under Section 702

I have said repeatedly, I think the government is withholding some details.

One reason I think that is because of another remarkable coincidence of timing.

As I first reported here, the first notice that the government had approved the sharing with NCMEC in standard minimization procedures came in September 2015, when the government released the 2014 Thomas Hogan Section 702 opinion that approved such sharing under Section 702. The opinion relied on the earlier approval (by Rosemary Collyer), but redacted all reference to the timing and context of it, as well as a footnote relating to it.

I find the timing of both the release and the opinion itself to be of immense interest.

First, the government had no problem releasing this opinion back in 2015, while Gartenlaub was still awaiting trial (though it waited until almost two months after the District judge in his case, Christina Snyder, rejected his FISA challenge on August 6, 2015). So it was fine revealing to potential intelligence targets that it had standardized the approval of using FISA information to pursue child porn cases, just not revealing the dates that might have made it useful for Gartenlaub.

I’m even more interested in the timing of the order: August 26. The day before the FBI got its complaint approved and arrested Gartenlaub.

The FBI had long ago submitted FISA information to NCMEC. But it waited until both the standard minimization procedures for traditional FISA and for Section 702 had approved the sharing of data with NCMEC before they arrested Gartenlaub.

That’s one of several pieces of data that suggests they may have used Section 702 against Gartenlaub, on top of the other mix of criminal and FISA authorizations.

To be continued.

Updated timeline

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

Unknown date: Harris obtains a FISA order

January 29, 2014: FBI searches Gartenlaub’s home, images three hard drives

June 3, 2014: Harris sends files to National Center for Missing and Exploited Children, which confirms some files display known victims

August 11, 2014: Rosemary Collyer approves NCMEC sharing for traditional FISA standard minimization procedures

August 22, 2014: Search warrant obtained for Gartenlaub’s premises

August 26, 2014: Thomas Hogan approves NCMEC sharing for FISA 702

August 27, 2014: FBI searches Gartenlaub’s properties, seizing computers used as evidence in trial, arrests him

August 29, 2014: Government reportedly says it will dismiss charges if Gartenlaub will cooperate on spying

October 23, 2014: Grand jury indicts

August 6, 2015: Christina Snyder rejects Gartenlaub FISA challenge

September 29, 2015: ODNI releases 702 NCMEC sharing opinion

December 10, 2015: Guilty verdict

February 8, 2017: Gartenlaub submits opening brief

April 11, 2017: Government releases traditional FISA NCMEC sharing opinion

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Domestic Communications NSA Won’t Reveal Are Almost Certainly Obscured Location Communications

The other day, I laid out the continuing fight between Director of National Intelligence Dan Coats and Senator Ron Wyden over the former’s unwillingness to explain why he can’t answer the question, “Can the government use FISA Act Section 702 to collect communications it knows are entirely domestic?” in unclassified form. As I noted, Coats is parsing the difference between “intentionally acquir[ing] any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States,” which Section 702 prohibits, and “collect[ing] communications [the government] knows are entirely domestic,” which this exchange and Wyden’s long history of calling out such things clearly indicates the government does.

As I noted, the earlier iteration of this debate took place in early June. Since then, we’ve gotten two sets of documents that all but prove that the entirely domestic communication the NSA refuses to tell us about involves communications that obscure their location, probably via Tor or VPNs.

Most Entirely Domestic Communications Collected Via Upstream Surveillance in 2011 Obscured Their Location

The first set of documents are those on the 2011 discussion about upstream collection liberated just recently by Charlie Savage. They show that in the September 7, 2011 hearing, John Bates told the government that he believed the collection of discrete communications the government had not examined in their sampling might also contain “about” communications that were entirely domestic. (PDF 113)

We also have this other category, in your random sampling, again, that is 9/10ths of the random sampling that was set aside as being discrete communications — 45,000 out of the 50,0000 — as to which our questioning has indicataed we have a concern that some of the about communications may actually have wholly domestic communications.

And I don’t think that you’ve really assessed that, either theoretically or by any actual examination of those particular transactions or communications. And I’m not indicating to you what I expect you to do, but I do have this concern that there are a fair number of wholly domestic communications in that category, and there’s nothing–you really haven’t had an opportunity to address that, but there’s nothing that has been said to date that would dissuade me from that conclusion. So I’m looking there for some convincing, if you will, assessment of why there are not wholly domestic communications with that body which is 9/10s of the random sample.

In a filing submitted two days later, the government tried to explain away the possibility this would include (many) domestic communications. (The discussion responding to this question starts at PDF 120.) First, the NSA used technical means to determine that 41,272 of the 45,359 communications in the sample were not entirely domestic. That left 4,087 communications, which the NSA was able to analyze in just 48 hours. Of those, the NSA found just 25 that were not to or from a tasked selector (meaning they were “abouts” or correlated identities, described as “potentially alternate accounts/addresses/identifiers for current NSA targets” in footnote 7, which may be the first public confirmation that NSA collects on correlated identifiers). NSA then did the same kind of analysis it does on the communications that it does as part of its pre-tasking determination that a target is located outside the US. This focused entirely on location data.

Notably, none of the reviewed transactions featured an account/address/identifier that resolved to the United States. Further, each of the 25 communications contained location information for at least one account/address/identifier such that NSA’s analysts were able assess [sic] that at least one communicant for each of these 25 communications was located outside of the United States. (PDF 121)

Note that the government here (finally) drops the charade that these are simply emails, discussing three kinds of collection: accounts (which could be both email and messenger accounts), addresses (which having excluded accounts would significantly include IP addresses), and identifiers. And they say that having identified an overseas location for the communication, NSA treats it as an overseas communication.

The next paragraph is even more remarkable. Rather than doing more analysis on those just 25 communications it effectively argues that because latency is bad, it’s safe to assume that any service that is available entirely within the US will be delivered to an American entirely within the US, and so those 25 communications must not be American.

Given the United States’ status as the “world’s premier electronic communications hub,” and further based on NSA’s knowledge of Internet routing patterns, the Government has already asserted that “the vast majority of communications between persons located in the United States are not routed through servers outside the United Staes.” See the Government’s June 1, 2011 Submission at 11. As a practical matter, it is a common business practice for Internet and web service providers alike to attempt to deliver their customers the best user experience possible by reducing latency and increasing capacity. Latency is determined in part by the geographical distance between the user and the server, thus, providers frequently host their services on servers close to their users, and users are frequently directed to the servers closest to them. While such practices are not absolute in any respect and are wholly contingent on potentially dynamic practices of particular service providers and users,9 if all parties to a communication are located in the United States and the required services are available in the United States, in most instances those communications will be routed by service providers through infrastructure wholly within the United States.

Amid a bunch of redactions (including footnote 9, which is around 16 lines long and entirely redacted), the government then claims that its IP filters would ensure that it wouldn’t pick up any of the entirely domestic exceptions to what I’ll call its “avoidance of latency” assumption and so these 25 communications are no biggie, from a Fourth Amendment perspective.

Of course, the entirety of this unredacted discussion presumes that all consumers will be working with providers whose goal is to avoid latency. None of the unredacted discussion admits that some consumers choose to accept some latency in order to obscure their location by routing it through one (VPN) or multiple (Tor) servers distant from their location, including servers located overseas.

For what it’s worth, I think the estimate Bates did on his own to come up with a number of these SCTs was high, in 2011. He guessed there would be 46,000 entirely domestic communications collected each year; by my admittedly rusty math, it appears it would be closer to 12,000 (25 / 50,000 comms in the sample = .05% of the total; .05% of the 11,925,000 upstream transactions in that 6 month period = 5,962, times 2 = roughly 12,000 a year). Still, it was a bigger part of the entirely domestic upstream collection than those collected as MCTs, and all those entirely domestic communications have been improperly back door searched in the interim.

Collyer claims to have ended “about” collection but admits upstream will still collect entirely domestic communications

Now, if that analysis done in 2011 were applicable to today’s collection, there shouldn’t be a way for the NSA to collect entirely domestic communications today. That’s because all of those 25 potentially domestic comms were described as “about” collection. Rosemary Collyer has, according to her IMO apparently imperfect understanding of upstream collection, shut down “about” collection. So that should have eliminated the possibility for entirely domestic collection via upstream, right?

Nope.

As she admits in her opinion, it will still be possible for the NSA to “acquire an MCT” (that is, bundled collection) “that contains a domestic communication.”

So there must be something that has changed since 2011 that would lead NSA to collect entirely domestic communications even if that communication didn’t include an “about” selector.

In 2014 Collyer enforced a practice that would expose Americans to 702 collection

Which brings me back to the practice approved in 2014 in which, according to providers newly targeted under the practice, “the communications of U.S. person will be collected as part of such surveillance.”

As I laid out in this post, in 2014 Thomas Hogan approved a change in the targeting procedures. Previously, all users of a targeted facility had to be foreign for it to qualify as a foreign target. But for some “limited” exception, Hogan for the first time permitted the NSA to collect on a facility even if Americans used that facility as well, along with the foreign targets.

The first revision to the NSA Targeting Procedures concerns who will be regarded as a “target” of acquisition or a “user” of a tasked facility for purposes of those procedures. As a general rule, and without exception under the NSA targeting procedures now in effect, any user of a tasked facility is regarded as a person targeted for acquisition. This approach has sometimes resulted in NSA’ s becoming obligated to detask a selector when it learns that [redacted]

The relevant revision would permit continued acquisition for such a facility.

It appears that Hogan agreed it would be adequate to weed out American communications after collection in post-task analysis.

Some months after this change, some providers got some directives (apparently spanning all three known certificates), and challenged them, though of course Collyer didn’t permit them to read the Hogan opinion approving the change.

Here’s some of what Collyer’s opinion enforcing the directives revealed about the practice.

Collyer’s opinion includes more of the provider’s arguments than the Reply did. It describes the Directives as involving “surveillance conducted on the servers of a U.S.-based provider” in which “the communications of U.S. person will be collected as part of such surveillance.” (29) It says [in Collyer’s words] that the provider “believes that the government will unreasonably intrude on the privacy interests of United States persons and persons in the United States [redacted] because the government will regularly acquire, store, and use their private communications and related information without a foreign intelligence or law enforcement justification.” (32-3) It notes that the provider argued there would be “a heightened risk of error” in tasking its customers. (12) The provider argued something about the targeting and minimization procedures “render[ed] the directives invalid as applied to its service.” (16) The provider also raised concerns that because the NSA “minimization procedures [] do not require the government to immediately delete such information[, they] do not adequately protect United States person.” (26)

[snip]

Collyer, too, says a few interesting things about the proposed surveillance. For example, she refers to a selector as an “electronic communications account” as distinct from an email — a rare public admission from the FISC that 702 targets things beyond just emails. And she treats these Directives as an “expansion of 702 acquisitions” to some new provider or technology.

Now, there’s no reason to believe this provider was involved in upstream collection. Clearly, they’re being asked to provide data from their own servers, not from the telecom backbone (in fact, I wonder whether this new practice is why NSA has renamed “PRISM” “downstream” collection).

But we know two things. First: the discrete domestic communications that got sucked up in upstream collection in 2011 appear to have obscured their location. And, there is now a means of collecting bundles of communications via upstream collection (assuming Collyer’s use of MCT here is correct, which it might not be) such that even communications involving no “about” collection would be swept up.

Again, the evidence is still circumstantial, but there is increasing evidence that in 2014 the NSA got approval to collect on servers that obscure location, and that that is the remaining kind of collection (which might exist under both upstream and downstream collection) that will knowingly be swept up under Section 702. That’s the collection, it seems likely, that Coats doesn’t want to admit.

The problems with permitting collection on location-obscured Americans

If I’m right about this, then there are three really big problems with this practice.

First, in 2011, location-obscuring servers would not themselves be targeted. Communications using such servers would only be collected (if the NSA’s response to Bates is to be believed) if they included an “about’ selector.

But it appears there is now some collection that specifically targets those location-obscuring servers, and knowingly collects US person communications along with whatever else the government is after. If that’s right, then it will affect far more than just 12,000 people a year.

That’s especially true given that a lot more people are using location-obscuring servers now than on October 3, 2011, when Bates issued his opinion. Tor usage in the US has gone from around 150,000 mean users a day to around 430,000 users.

And that’s just Tor. While fewer VPN users will consistently use overseas servers, sometimes it will happen for efficacy reasons and sometimes it will happen to access content that is unavailable in the US (like decent Olympics coverage).

In neither of Collyer’s opinions did she ask for the kind of numerical counts of people affected that Bates asked for in 2011. If 430,000 Americans a day are being exposed to this collection under the 2014 change, it represents a far bigger problem than the one Bates called a Fourth Amendment violation in 2011.

Finally, and perhaps most importantly, Collyer newly permitted back door searches on upstream collection, even though she knew that (for some reason) it would still collect US person communications. So not only could the NSA collect and hold location obscured US person communications, but those communications might be accessed (if they’re not encrypted) via back door searches that (with Attorney General approval) don’t require a FISA order (though Americans back door searched by NSA are often covered by FISA orders).

In other words, if I’m right about this, the NSA can use 702 to collect on Americans. And the NSA will be permitted to keep what they find (on a communication by communication basis) if they fall under four exceptions to the destruction requirement.

The government is, once again, fighting Congressional efforts to provide a count of how many Americans are getting sucked up in 702 (even though the documents liberated by Savage reveal that such a count wouldn’t take as long as the government keeps claiming). If any of this speculation is correct, it would explain the reluctance. Because once the NSA admits how much US person data it is collecting, it becomes illegal under John Bates’ 2010 PRTT order.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Did NSA Start Using Section 702 to Collect from VPNs in 2014?

I’ve finally finished reading the set of 702 documents I Con the Record dumped a few weeks back. I did two posts on the dump and a related document Charlie Savage liberated. Both pertain, generally, to whether a 702 “selector” gets defined in a way that permits US person data to be sucked up as well. The first post reveals that, in 2010, the government tried to define a specific target under 702 (both AQAP and WikiLeaks might make sense given the timing) as including US persons. John Bates asked for legal justification for that, and the government withdrew its request.

The second reveals that, in 2011, as Bates was working through the mess of upstream surveillance, he asked whether the definition of “active user,” as it applies for a multiple communication transaction, referred to the individual user. The question is important because if a facility is defined to be used by a group — say, Al Qaeda or Wikileaks — it’s possible a user of that facility might be an unknown US person user, the communications of which would only be segregated under the new minimization procedures if the individual user’s communication were reviewed (not that it mattered in the end; NSA doesn’t appear to have implemented the segregation regime in meaningful fashion). Bates never got a public answer to that question, which is one of a number of reasons why Rosemary Collyer’s April 26 702 opinion may not solve the problem of upstream collection, especially not with back door searches permitted.

As it happens, some of the most important documents released in the dump may pertain to a closely related issue: whether the government can collect on selectors it knows may be used by US persons, only to weed out the US persons after the fact.

In 2014, a provider challenged orders (individual “Directives” listing account identifiers NSA wanted to collect) that it said would amount to conducting surveillance “on the servers of a U.S.-based provider” in which “the communications of U.S. persons will be collected as part of such surveillance.” The provider was prohibited from reading the opinions that set the precedent permitting this kind of collection. Unsurprisingly, the provider lost its challenge, so we should assume that some 702 collection collects US person communications, using the post-tasking process rather than pre-targeting intelligence to protect American privacy.

The documents

The documents that lay out the failed challenge are:

2014, redacted date: ACLU Document 420: The government response to the provider’s filing supporting its demand that FISC mandate compliance.

2014, redacted date: EFF Document 13: The provider(s) challenging the Directives asked for access to two opinions the government relied on in their argument. Rosemary Collyer refused to provide them, though they have since been released.

2014, redacted date: EFF Document 6 (ACLU 510): Unsurprisingly, Collyer also rejected the challenge to the individual Directives, finding that post-tasking analysis could adequately protect Americans.

The two opinions the providers requested, but were refused, are:

September 4, 2008 opinion: This opinion, by Mary McLaughlin, was the first approval of FAA certifications after passage of the law. It lays out many of the initial standards that would be used with FAA (which changed slightly from PAA). As part of that, McLaughin adopted standards regarding what kinds of US person collection would be subject to the minimization procedures.

August 26, 2014 opinion: This opinion, by Thomas Hogan, approved the certificates under which the providers had received Directives (which means the challenge took place between August and the end of 2014). But the government also probably relied on this opinion for a change Hogan had just approved, permitting NSA to remain tasked on a selector even if US persons also used the selector.

The argument also relies on the October 3, 2011 John Bates FAA opinion and the August 22, 2008 FISCR opinion denying Yahoo’s challenge to Protect America Act. The latter was released in a second, less redacted form on September 11, 2014, which means the challenge likely post-dated that release.

The government’s response

The government’s response consists of a filing by Stuart Evans (who has become DOJ’s go-to 702 hawk) as well as a declaration submitted by someone in NSA that had already reviewed some of the taskings done under the 2014 certificates (which again suggests this challenge must date to September at the earliest). There appear to be four sections to Evans’ response. Of those sections, the only one left substantially unredacted — as well as the bulk of the SIGINT declaration — pertains to the Targeting Procedures. So while targeting isn’t the only thing the provider challenged (another appears to be certification of foreign intelligence value), it appears to be the primary thing.

Much of what is unredacted reviews the public details of NSA’s targeting procedure. Analysts have to use the totality of circumstances to figure out whether someone is a non US person located overseas likely to have foreign intelligence value, relying on things like other SIGINT, HUMINT, and (though the opinion redacts this) geolocation information and/or filters to weed out known US IPs. After a facility has been targeted, the analyst is required to do post-task analysis, both to make sure that the selector is the one intended, but also to make sure that no new information identifies the selector as being used by a US person, as well as making sure that the target hasn’t “roamed” into the US. Post-task analysis also ensures that the selector really is providing foreign intelligence information (though in practice, per PCLOB and other sources, this is not closely reviewed).

Of particular importance, Evans dismisses concerns about what happens when a selector gets incorrectly tasked as a foreigner. “That such a determination may later prove to be incorrect because of changes in circumstances or information of which the government was unaware does not render unreasonable either the initial targeting determination or the procedures used to reach it.”

Evans also dismisses the concern that minimization procedures don’t protect the providers’ customers (presumably because they provide four ways US person content may be retained with DIRNSA approval). Relying on the 2008 opinion that states in part…

The government argues that, by its terms, Section 1806(i) applies only to a communication that is unintentionally acquired,” not to a communication that is intentionally acquired under a mistaken belief about the location or non-U.S. person status of the target or the location of the parties to the communication. See Government’s filing of August 28, 2008. The Court finds this analysis of Section 1806(i) persuasive, and on this basis concludes that Section 1806(i) does not require the destruction of the types of communications that are addressed by the special retention provisions.”

Evans then quotes McClaughlin judging that minimization procedures “constitute a safeguard against improper use of information about U.S. persons that is inadvertently or incidentally acquired.” In other words, he cites an opinion that permits the government to treat stuff that is initially targeted, even if it is later discovered to be an American’s communication, differently than it does other US person information as proof the minimization procedures are adequate.

The missing 2014 opinion references

As noted above, the provider challenging these Directives asked for both the 2008 opinion (cited liberally throughout the unredacted discussion in the government’s reply) and the 2014 one, which barely appears at all beyond the initial citation.  Given that Collyer reviewed substantial language from both opinions in denying the provider’s request to obtain them, the discussion must go beyond simply noting that the 2014 opinion governs the Directives in question. There must be something in the 2014 opinion, probably the targeting procedures, that gets cited in the vast swaths of redactions.

That’s especially true given that on the first page of Evans’ response claims the Directives address “a critical, ongoing foreign intelligence gap.” So it makes sense that the government would get some new practice approved in that year’s certification process, then serve Directives ostensibly authorized by the new certificate, only to have a provider challenge a new type of request and/or a new kind of provider challenge their first Directives.

One thing stands out in the 2014 opinion that might indicate the closing of a foreign intelligence gap.

Prior to 2014, the NSA could say an entity — say, Al Qaeda — used a facility, meaning they’d suck up any people that used that facility (think how useful it would be to declare a chat room a facility, for example). But (again, prior to 2014) as soon as a US person started “using” that facility — the word use here is squishy as someone talking to the target would not count as “using” it, but as incidental collection — then NSA would have to detask.

The 2014 certifications for the first time changed that.

The first revision to the NSA Targeting Procedures concerns who will be regarded as a “target” of acquisition or a “user” of a tasked facility for purposes of those procedures. As a general rule, and without exception under the NSA targeting procedures now in effect, any user of a tasked facility is regarded as a person targeted for acquisition. This approach has sometimes resulted in NSA’ s becoming obligated to detask a selector when it learns that [redacted]

The relevant revision would permit continued acquisition for such a facility.

[snip]

For purposes of electronic surveillance conducted under 50 U.S.C. §§ 1804-1805, the “target” of the surveillance ‘”is the individual or entity … about whom or from whom information is sought.”‘ In re Sealed Case, 310 F.3d 717, 740 (FISA Ct. Rev. 2002) (quoting H.R. Rep. 95-1283, at 73 (1978)). As the FISC has previously observed, “[t]here is no reason to think that a different meaning should apply” under Section 702. September 4, 2008 Memorandum Opinion at 18 n.16. It is evident that the Section 702 collection on a particular facility does not seek information from or about [redacted].

In other words, for the first time in 2014, the FISC bought off on letting the NSA target “facilities” that were used by a target as well as possibly innocent Americans, based on the assumption that the NSA would weed out the Americans in the post-tasking process, and anyway, Hogan figured, the NSA was unlikely to read that US person data because that’s not what they were interested in anyway.

Mind you, in his opinion approving the practice, Hogan included a bunch of mostly redacted language pretending to narrow the application of this language.

This amended provision might be read literally to apply where [redacted]

But those circumstances fall outside the accepted rationale for this amendment. The provision should be understood to apply only where [redacted]

But Hogan appears to be policing this limiting language by relying on the “rationale” of the approval, not any legal distinction.

The description of this change to tasking also appears in a 3.5 page discussion as the first item in the tasking discussion in the government’s 2014 application, which Collyer would attach to her opinion.

Collyer’s opinion

Collyer’s opinion includes more of the provider’s arguments than the Reply did. It describes the Directives as involving “surveillance conducted on the servers of a U.S.-based provider” in which “the communications of U.S. person will be collected as part of such surveillance.” (29) It says [in Collyer’s words] that the provider “believes that the government will unreasonably intrude on the privacy interests of United States persons and persons in the United States [redacted] because the government will regularly acquire, store, and use their private communications and related information without a foreign intelligence or law enforcement justification.” (32-3) It notes that the provider argued there would be “a heightened risk of error” in tasking its customers. (12) The provider argued something about the targeting and minimization procedures “render[ed] the directives invalid as applied to its service.” (16) The provider also raised concerns that because the NSA “minimization procedures [] do not require the government to immediately delete such information[, they] do not adequately protect United States person.” (26)

All of which suggests the provider believed that significant US person data would be collected off their servers without any requirement the US person data get deleted right away. And something about this provider’s customers put them at heightened risk of such collection, beyond (for example) regular upstream surveillance, which was already public by the time of this challenge.

Collyer, too, says a few interesting things about the proposed surveillance. For example, she refers to a selector as an “electronic communications account” as distinct from an email — a rare public admission from the FISC that 702 targets things beyond just emails. And she treats these Directives as an “expansion of 702 acquisitions” to some new provider or technology. Finally, Collyer explains that “the 2014 Directives are identical, except for each directive referencing the particular certification under which the directive is issued.” This means that the provider received more than one Directive, and they fall under more than one certificate, which means that the collection is being used for more than one kind of use (counterterrorism, counterproliferation, and foreign government plus cyber). So the provider is used by some combination of terrorists, proliferators, spies, or hackers.

Ultimately, though, Collyer rejected the challenge, finding the targeting and minimization procedures to be adequate protection of the US person data collected via this new approach.

Now, it is not certain that all this relied on the new targeting procedure. Little in Collyer’s language reflects passing familiarity with that new provision. Indeed, at one point she described the risk to US persons to involve “the government may mistakenly task the wrong account,” which suggests a more individualized impact.

Except that after her almost five pages entirely redacted of discussion of the provider’s claim that the targeting procedures are insufficient, Collyer argues that such issues don’t arise that frequently, and even if they do, they’d be dealt with in post-targeting analysis.

The Court is not convinced that [redacted] under any of the above-described circumstances occurs frequently, or even on a regular basis. Assuming arguendo that such scenarios will nonetheless occur with regard to selectors tasked under the 2014 Directives, the targeting procedures address each of the scenarios by requiring NSA to conduct post-targeting analysis [redacted]

Similarly, Collyer dismissed the likelihood that Americans’ data would be tasked that often.

[O]ne would not expect a large number of communications acquired under such circumstances to involve United States person [citation to a redacted footnote omitted]. Moreover, a substantial proportion of the United States person communications acquired under such circumstances are likely to be of foreign intelligence value.

As she did in her recent shitty opinion, Collyer appears to have made these determinations without requiring NSA to provide real numbers on past frequency or likely future frequency.

However often such collection had happened in the past (which she didn’t ask the NSA to explain) or would happen as this new provider started responding to Directives, this language does sound like it might implicate the new case of a selector that might be used both by legitimate foreign intelligence targets and by innocent Americans.

Does the government use 702 collection to obtain VPN traffic?

As I noted, it seems likely, though not certain, that the new collection exploited the new permission to keep tasking a selector even if US persons were using it, in addition to the actual foreigners targeted. I’m still trying to puzzle this through, but I’m wondering if the provider was a VPN provider, being asked to hand over data as it passed through the VPN server. (I think the application approved in 2014 would implicate Tor traffic as well, but I can’t see how a Tor provider would challenge the Directives, unless it was Nick Merrill again; in any case, there’d be no discussion of an “account” with Tor in the way Collyer uses it).

What does this mean for upstream surveillance

In any case, whether my guesstimates about what this is are correct, the description of the 2014 change and the discussion about the challenge would seem to raise very important questions given Collyer’s recent decision to expand the searching of upstream collection. While the description of collection from a provider’s server is not upstream, it would seem to raise the same problems, the collection of a great deal of associated US person collection that could later be brought up in a search. There’s no hint in any of the public opinions that such problems were considered.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

This post took a great deal of time, both in this go-around, and over the years to read all of these opinions carefully. Please consider donating to support this work. 

It often surprises people when I tell them this, but in general, I’ve got a much better opinion of the FISA Court than most other civil libertarians. I do so because I’ve actually read the opinions. And while there are some real stinkers in the bunch, I recognize that the court has long been a source of some control over the executive branch, at times even applying more stringent standards than criminal courts.

But Rosemary Collyer’s April 26, 2017 opinion approving new Section 702 certificates undermines all the trust and regard I have for the FISA Court. It embodies everything that can go wrong with the court — which is all the more inexcusable given efforts to improve the court’s transparency and process since the Snowden leaks. I don’t think she understood what she was ruling on. And when faced with evidence of years of abuse (and the government’s attempt to hide it), she did little to rein in or even ensure accountability for those abuses.

This post is divided into three sections:

  • My analysis of the aspects of the opinion that deal with the upstream surveillance
    • Describing upstream searches
    • Refusing to count the impact
    • Treating the problem as exclusively about MCTs, not SCTs
    • Defining key terms
    • Failing to appoint (much less consider) appointing an amicus
    • Approving back door upstream searches
    • Imposing no consequences
  • A description of all the documents I Con the Record released — and more importantly, the more important ones it did not release (if you’re in the mood for weeds, start there)
  • A timeline showing how NSA tried to hide these violations from FISC

Opinion

The Collyer opinion deals with a range of issues: an expansion of data sharing with the National Counterterrorism Center, the resolution of past abuses, and the rote approval of 702 certificates for form and content.

But the big news from the opinion is that the NSA discovered it had been violating the terms of upstream FISA collection set in 2011 (after violating the terms of upstream FISA set in 2007-2008, terms which were set after Stellar Wind violated FISA since 2002). After five months of trying and failing to find an adequate solution to fix the problem, NSA proposed and Collyer approved new rules for upstream collection. The collection conducted under FISA Section 702 is narrower than it had been because NSA can no longer do “about” searches (which are basically searching for some signature in the “content” of a communication). But it is broader — and still potentially problematic — because NSA now has permission to do the back door searches of upstream collected data that they had, in reality, been doing all along.

My analysis here will focus on the issue of upstream collection, because that is what matters going forward, though I will note problems with the opinion addressing other topics to the extent they support my larger point.

Describing upstream searches

Upstream collection under Section 702 is the collection of communications identified by packet sniffing for a selector at telecommunication switches. As an example, if the NSA wants to collect the communications of someone who doesn’t use Google or Yahoo, they will search for the email address as it passes across circuits the government has access to (overseas, under EO 12333) or that a US telecommunications company runs (domestically, under 702; note many of the data centers at which this occurs have recently changed hands). Stellar Wind — the illegal warrantless wiretap program done under Bush — was upstream surveillance. The period in 2007 when the government tried to replace Stellar Wind under traditional FISA was upstream surveillance. And the Protect America Act and FISA Amendments Act have always included upstream surveillance as part of the mix, even as they moved more (roughly 90% according to a 2011 estimate) of the collection to US-based providers.

The thing is, there’s no reason to believe NSA has ever fully explained how upstream surveillance works to the FISC, not even in this most recent go-around (and it’s now clear that they always lied about how they were using and processing a form of upstream collection to get Internet metadata from 2004 to 2011). Perhaps ironically, the most detailed discussions of the technology behind it likely occurred in 2004 and 2010 in advance of opinions authorizing collection of metadata, not content, but NSA was definitely not fully forthcoming in those discussions about how it processed upstream data.

In 2011, the NSA explained (for the first time), that it was not just collecting communications by searching for a selector in metadata, but it was also collecting communications that included a selector as content. One reason they might do this is to obtain forwarded emails involving a target, but there are clearly other reasons. As a result of looking for selectors as content, NSA got a lot of entirely domestic communications, both in what NSA called multiple communication transactions (“MCTs,” basically emails and other things sent in bundles) and in single communication transactions (SCTs) that NSA didn’t identify as domestic, perhaps because they used Tor or a VPN or were routed overseas for some other reason. The presiding judge in 2011, John Bates, ruled that the bundled stuff violated the Fourth Amendment and imposed new protections — including the requirement NSA segregate that data — for some of the MCTs. Bizarrely, he did not rule the domestic SCTs problematic, on the logic that those entirely domestic communications might have foreign intelligence value.

In the same order, John Bates for the first time let CIA and NSA do something FBI had already been doing: taking US person selectors (like an email address) and searching through already collected content to see what communications they were involved in (this was partly a response to the 2009 Nidal Hasan attack, which FBI didn’t prevent in part because they were never able to pull up all of Hasan’s communications with Anwar al-Awlaki at once). Following Ron Wyden’s lead, these searches on US person content are often called “back door searches” for the way they let the government read Americans’ communications without a warrant. Because of the newly disclosed risk that upstream collection could pick up domestic communications, however, when Bates approved back door searches in 2011, he explicitly prohibited the back door searching of data collected via upstream searches. He prohibited this for all of it — MCTs (many of which were segregated from general repositories) and SCTs (none of which were segregated).

As I’ve noted, as early as 2013, NSA knew it was conducting “many” back door searches of upstream data. The reasons why it was doing so were stupid: in part, because to avoid upstream searches analysts had to exclude upstream repositories from the search query (basically by writing “NOT upstream” in a Boolean query), which also required them realizing they were searching on a US person selector. For whatever reason, though, no one got alarmed by reports this was going on — not NSA’s overseers, not FISC (which reportedly got notices of these searches), and not Congress (which got notices of them in Semiannual reports, which is how I knew they were going on). So the problem continued; I noted that this was a persistent problem back in August, when NSA and DOJ were still hiding the extent of the problems from FISC.

It became clear the problem was far worse than known, however, when NSA started looking into how it dealt with 704 surveillance. Section 704 is the authority the NSA uses to spy on Americans who are overseas. It basically amounts to getting a FISC order to use EO 12333 spying on an American. An IG Report completed in January 2016 generally found 704 surveillance to be a clusterfuck; as part of that, though, the NSA discovered that there were a whole bunch of 704 backdoor searches that weren’t following the rules, in part because they were collecting US person communications for periods outside of the period when the FISC had authorized surveillance (for 705(b) communication, which is the spying on Americans who are simply traveling overseas, this might mean NSA used EO 12333 to collect on an American when they were in the US). Then NSA’s Compliance people (OCO) did some more checking and found still worse problems.

And then the government — the same government that boasted about properly disclosing this to FISC — tried to bury it, basically not even telling FISC about how bad the problem was until days before Collyer was set to approve new certificates in October 2016. Once they did disclose it, Judge Collyer gave NSA first one and then another extension for them to figure out what went wrong. After 5 months of figuring, they were still having problems nailing it down or even finding where the data and searches had occurred. So, finally, facing a choice of ending “about” collection (only under 702 — they can still accomplish the very same thing under EO 12333) or ending searches of upstream data, they chose the former option, which Collyer approved with almost no accountability for all the problems she saw in the process.

Refusing to count the impact

I believe that (at least given what has been made public) Collyer didn’t really understand the issue placed before her. One thing she does is just operate on assumptions about the impact of certain practices. For example, she uses the 2011 number for the volume of total 702 collection accomplished using upstream collection to claim that it is “a small percentage of NSA’s overall collection of Internet communications under Section 702.” That’s likely still true, but she provides no basis for the claim, and it’s possible changes in communication — such as the increased popularity of Twitter — would change the mix significantly.

Similarly, she assumes that MCTs that involve “a non-U.S. person outside the United States” will be “for that reason [] less likely to contain a large volume of information about U.S. person or domestic communications.” She makes a similar assumption (this time in her treatment of the new NCTC raw take) about 702 data being less intrusive than individual orders targeted at someone in the US, “which often involve targets who are United States persons and typically are directed at persons in the United States.” In both of these, she repeats an assumption John Bates made in 2011 when he first approved back door searches using the same logic — that it was okay to provide raw access to this data, collected without a warrant, because it wouldn’t be as impactful as the data collected with an individual order. And the assumption may be true in both cases. But in an age of increasingly global data flows, that remains unproven. Certainly, with ISIS recruiters located in Syria attempting to recruit Americans, that would not be true at all.

Collyer makes the same move when she makes a critical move in the opinion, when she asserts that “NSA’s elimination of ‘abouts’ collection should reduce the number of communications acquired under Section 702 to which a U.S. person or a person in the United States is a party.” Again, that’s probably true, but it is not clear she has investigated all the possible ways Americans will still be sucked up (which she acknowledges will happen).

And she does this even as NSA was providing her unreliable numbers.

The government later reported that it had inadvertently misstated the percentage of NSA’s overall upstream Internet collection during the relevant period that could have been affected by this [misidentification of MCTs] error (the government first reported the percentage as roughly 1.3% when it was roughly 3.7%.

Collyer’s reliance on assumptions rather than real numbers is all the more unforgivable given one of the changes she approved with this order: basically, permitting the the agencies to conduct otherwise impermissible searches to be able to count how many Americans get sucked up under 702.  In other words, she was told, at length, that Congress wants this number (the government’s application even cites the April 22, 2106 letter from members of the House Judiciary Committee asking for such a number). Moreover, she was told that NSA had already started trying to do such counts.

The government has since [that is, sometime between September 26 and April 26] orally notified the Court that, in order to respond to these requests and in reliance on this provision of its minimization procedures, NSA has made some otherwise-noncompliant queries of data acquired under Section 702 by means other than upstream Internet collection.

And yet she doesn’t then demand real numbers herself (again, in 2011, Bates got NSA to do at least a limited count of the impact of the upstream problems).

Treating the problem as exclusively about MCTs, not SCTs

But the bigger problem with Collyer’s discussion is that she treats all of the problem of upstream collection as being about MCTs, not SCTs. This is true in general — the term single communication transaction or SCT doesn’t appear at all in the opinion. But she also, at times, makes claims about MCTs that are more generally true for SCTs. For example, she cites one aspect of NSA’s minimization procedures that applies generally to all upstream collection, but describes it as only applying to MCTs.

A shorter retention period was also put into place, whereby an MCT of any type could not be retained longer than two years after the expiration of the certificate pursuant to which it was acquired, unless applicable criteria were met. And, of greatest relevance to the present discussion, those procedures categorically prohibited NSA analysts from using known U.S.-person identifiers to query the results of upstream Internet collection. (17-18)

Here’s the section of the minimization procedures that imposed the two year retention deadline, which is an entirely different section than that describing the special handling for MCTs.

Similarly, Collyer cites a passage from the 2015 Hogan opinion stating that upstream “is more likely than other forms of section 702 collection to contain information of or concerning United States person with no foreign intelligence value” (see page 17). But that passage cites to a passage of the 2011 Bates opinion that includes SCTs in its discussion, as in this sentence.

In addition to these MCTs, NSA likely acquires tens of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic “about” SCT if it is routed internationally. (33)

Collyer’s failure to address SCTs is problematic because — as I explain here — the bulk of the searches implicating US persons almost certainly searched SCTs, not MCTs. That’s true for two reasons. First, because (at least according to Bates’ 2011 guesstimate) NSA collects (or collected) far more entirely domestic communications via SCTs than via MCTs. Here’s how Bates made that calculation in 2011 (see footnote 32).

NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13.25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Assuming some of this happens because people use VPNs or Tor, then the amount of entirely domestic communications collected via upstream would presumably have increased significantly in the interim period. Indeed, the redaction in this passage likely hides a reference to technologies that obscure location.

If so, it would seem to acknowledge NSA collects entirely domestic communications using upstream that obscure their location.

The other reason the problem is likely worse with SCTs is because — as I noted above — no SCTs were segregated from NSA’s general repositories, whereas some MCTs were supposed to be (and in any case, in 2011 the SCTs constituted by far the bulk of upstream collection).

Now, Collyer’s failure to deal with SCTs may or may not matter for her ultimate analysis that upstream collection without “about” collection solves the problem. Collyer limits the collection of abouts by limiting upstream collection to communications where “the active user is the target of acquisition.” She describes “active user” as “the user of a communication service to or from whom the MCT is in transit when it is acquired (e.g., the user of an e-mail account [half line redacted].” If upstream signatures are limited to emails and texts, that would seem to fix the problem. But upstream wouldn’t necessarily be limited to emails and texts — upstream collection would be particularly valuable for searching on other kinds of selectors, such as an encryption key, and there may be more than one person who would use those other kinds of selectors. And when Collyer says, “NSA may target for acquisition a particular ‘selector,’ which is typically a facility such as a telephone number or e-mail address,” I worry she’s unaware or simply not ensuring that NSA won’t use upstream to search for non-typical signatures that might function as abouts even if they’re not “content.” The problem is treating this as a content/metadata distinction, when “metadata” (however far down in the packet you go) could include stuff that functions like an about selector.

Defining key terms terms

Collyer did define “active user,” however inadequately. But there are a number of other terms that go undefined in this opinion. By far the funniest is when Collyer notes that the government’s March 30 submission promises to sequester upstream data that is stored in “institutionally managed repositories.” In a footnote, she notes they don’t define the term. Then she pretty much drops the issue. This comes in an opinion that shows FBI data has been wandering around in repositories it didn’t belong and indicating that NSA can’t identify where all its 704 data is. Yet she’s told there is some other kind of repository and she doesn’t make a point to figure out what the hell that means.

Later, in a discussion of other violations, Collyer introduces the term “data object,” which she always uses in quotation marks, without explaining what that is.

Failing to appoint (or even consider) amicus

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Approving back door upstream searches

Collyer’s failure to appoint an amicus is most problematic when it comes to her decision to reverse John Bates’ restriction on doing back door searches on upstream data.

To restate what I suggested above, by all appearances, NSA largely blew off the Bates’ restriction. Indeed, Collyer notes in passing that, “In practice, however, no analysts received the requisite training to work with the segregated MCTs.” Given the persistent problems with back door searches on upstream data, it’s hard to believe NSA took that restriction seriously at all (particularly since it refused to consider a technical fix to the requirement to exclude upstream from searches). So Collyer’s approval of back door searches of upstream data is, for all intents and purposes, the sanctioning of behavior that NSA refused to stop, even when told to.

And the way in which she sanctions it is very problematic.

First, in spite of her judgment that ending about searches would fix the problems in (as she described it) MCT collection, she nevertheless laid out a scenario (see page 27) where an MCT would acquire an entirely domestic communication.

Having laid out that there will still be some entirely domestic comms in the collection, Collyer then goes on to say this:

The Court agrees that the removal of “abouts” communications eliminates the types of communications presenting the Court the greatest level of constitutional and statutory concern. As discussed above, the October 3, 2011 Memorandum Opinion (finding the then-proposed NSA Minimization Procedures deficient in their handling of some types of MCTs) noted that MCTs in which the target was the active user, and therefore a party to all of the discrete communications within the MCT, did not present the same statutory and constitutional concerns as other MCTs. The Court is therefore satisfied that queries using U.S.-person identifiers may now be permitted to run against information obtained by the above-described, more limited form of upstream Internet collection, subject to the same restrictions as apply to querying other forms of Section

This is absurd! She has just laid out that there will be some exclusively domestic comms in the collection. Not as much as there was before NSA stopped collecting abouts, but it’ll still be there. So she’s basically permitting domestic communications to be back door searched, which, if they’re found (as she notes), might be kept based on some claim of foreign intelligence value.

And this is where her misunderstanding of the MCT/SCT distinction is her undoing. Bates prohibited back door searching of all upstream data, both that supposedly segregated because it was most likely to have unrelated domestic communications in it, and that not segregated because even the domestic communications would have intelligence value. Bates’ specific concerns about MCTs are irrelevant to his analysis about back door searches, but that’s precisely what Collyer cites to justify her own decision.

She then applies the 2015 opinion, with its input from amicus Amy Jeffress stating that NSA back door searches that excluded upstream collection were constitutional, to claim that back door searches that include upstream collection would meet Fourth Amendment standards.

The revised procedures subject NSA’s use of U.S. person identifiers to query the results of its newly-limited upstream Internet collection to the same limitations and requirements that apply to its use of such identifiers to query information acquired by other forms of Section 702 collection. See NSA Minimization Procedures § 3(b)(5). For that reason, the analysis in the November 6, 2015 Opinion remains valid regarding why NSA’s procedures comport with Fourth Amendment standards of reasonableness with regard to such U.S. person queries, even as applied to queries of upstream Internet collection. (63)

As with her invocation of Bates’ 2011 opinion, she applies analysis that may not fully apply to the question — because it’s not actually clear that the active user restriction really equates newly limited upstream collection to PRISM collection — before her as if it does.

Imposing no consequences

The other area where Collyer’s opinion fails to meet the standards of prior ones is in resolution of the problem. In 2009, when Reggie Walton was dealing with first phone and then Internet dragnet problems, he required the NSA to do complete end-to-end reviews of the programs. In the case of the Internet dragnet, the report was ridiculous (because it failed to identify that the entire program had always been violating category restrictions). He demanded IG reports, which seems to be what led the NSA to finally admit the Internet dragnet program was broken. He shut down production twice, first of foreign call records, from July to September 2009, then of the entire Internet dragnet sometime in fall 2009. Significantly, he required the NSA to track down and withdraw all the reports based on violative production.

In 2010 and 2011, dealing with the Internet dragnet and upstream problems, John Bates similarly required written details (and, as noted, actual volume of the upstream problem). Then, when the NSA wanted to retain the fruits of its violative collection, Bates threatened to find NSA in violation of 50 USC 1809(a) — basically, threatened to declare them to be conducting illegal wiretapping — to make them actually fix their prior violations. Ultimately, NSA destroyed (or said they destroyed) their violative collection and the fruits of it.

Even Thomas Hogan threatened NSA with 50 USC 1809(a) to make them clean up willful flouting of FISC orders.

Not Collyer. She went from issuing stern complaints (John Bates was admittedly also good at this) back in October…

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

… to basically reauthorizing 702 before using the reauthorization process as leverage over NSA.

Of course, NSA still needs to take all reasonable and necessary steps to investigate and close out the compliance incidents described in the October 26, 2016 Notice and subsequent submissions relating to the improper use of U.S.-person identifiers to query terms in NSA upstream data. The Court is approving on a going-foward basis, subject to the above-mentioned requirements, use of U.S.-person identifiers to query the results of a narrower form of Internet upstream collection. That approval, and the reasoning that supports it, by no means suggest that the Court approves or excuses violations that occurred under the prior procedures.

That is particularly troubling given that there is no indication, even six months after NSA first (belatedly) disclosed the back door search problems to FISC, that it had finally gotten ahold of the problem.

As Collyer noted, weeks before it submitted its new application, NSA still didn’t know where all the upstream data lived. “On March 17, 2017, the government reported that NSA was still attempting to identify all systems that store upstream data and all tools used to query such data.” She revealed that  some of the queries of US persons do not interact with “NSA’s query audit system,” meaning they may have escaped notice forever (I’ve had former NSA people tell me even they don’t believe this claim, as seemingly nothing should be this far beyond auditability). Which is presumably why, “The government still had not ascertained the full range of systems that might have been used to conduct improper U.S.-person queries.” There’s the data that might be in repositories that weren’t run by NSA, alluded to above. There’s the fact that on April 7, even after NSA submitted its new plan, it was discovering that someone had mislabeled upstream data as PRISM, allowing it to be queried.

Here’s the thing. There seems to be no way to have that bad an idea of where the data is and what functions access the data and to be able to claim — as Mike Rogers, Dan Coats, and Jeff Sessions apparently did in the certificates submitted in March that didn’t get publicly released — to be able to fulfill the promises they made FISC. How can the NSA promise to destroy upstream data at an accelerated pace if it admits it doesn’t know where it is? How can NSA promise to implement new limits on upstream collection if that data doesn’t get audited?

And Collyer excuses John Bates’ past decision (and, by association, her continued reliance on his logic to approve back door searches) by saying the decision wasn’t so much the problem, but the implementation of it was.

When the Court approved the prior, broader form of upstream collection in 2011, it did so partly in reliance on the government’s assertion that, due to some communications of foreign intelligence interest could only be acquired by such means. $ee October 3, 2011 Memorandum Opinion at 31 & n. 27, 43, 57-58. This Opinion and Order does not question the propriety of acquiring “abouts” communications and MCTs as approved by the Court since 2011, subject to the rigorous safeguards imposed on such acquisitions. The concerns raised in the current matters stem from NSA’s failure to adhere fully to those safeguards.

If problems arise because NSA has failed, over 6 years, to adhere to safeguards imposed because NSA hadn’t adhered to the rules for the 3 years before that, which came after NSA had just blown off the law itself for the 6 years before that, what basis is there to believe they’ll adhere to the safeguards she herself imposed, particularly given that unlike her predecessors in similar moments, she gave up any leverage she had over the agency?

The other thing Collyer does differently from her predecessors is that she lets NSA keep data that arose from violations.

Certain records derived from upstream Internet communications (many of which have been evaluated and found to meet retention standards) will be retained by NSA, even though the underlying raw Internet transactions from which they are derived might be subject to destruction. These records include serialized intelligence reports and evaluated and minimized traffic disseminations, completed transcripts and transcriptions of Internet transactions, [redacted] information used to support Section 702 taskings and FISA applications to this Court, and [redacted].

If “many” of these communications have been found to meet retention standards, it suggests that “some” have not. Meaning they should never have been retained in the first place. Yet Collyer lets an entire stream of reporting — and the Section 702 taskings that arise from that stream of reporting — remain unrecalled. Effectively, even while issuing stern warning after stern warning, by letting NSA keep this stuff, she is letting the agency commit violations for years without any disincentive.

Now, perhaps Collyer is availing herself of the exception offered in Section 301 of the USA Freedom Act, which permits the government to retain illegally obtained material if it is corrected by subsequent minimization procedures.

Exception.–If the Government corrects any deficiency identified by the order of the Court under subparagraph (B), the Court may permit the use or disclosure of information obtained before the date of the correction under such minimization procedures as the Court may approve for purposes of this clause.

Except that she doesn’t cite that provision, nor is there any evidence deficiencies have been corrected.

Which should mean, especially given the way Collyer depends on the prior opinions of Bates and Hogan, she should likewise rely on their practice of treating this as a potential violation of 50 USC 1809(a) to ensure the harm to Americans doesn’t persist. She did no such thing, basically sanctioning the illegal use of back door searches to spy on Americans.

Up until this opinion, I was generally willing to argue for the efficacy of the FISC (even while arguing the job could and should be devolved to district courts for more rigorous testing of the law). But not now. This opinion discredits the entire court.

Last April when Collyer became presiding FISC judge, I pointed to what I considered Rosemary Collyer’s worst FISC decision, which was actually a District Court opinion that permitted the NSA to keep aspects of its upstream problems secret from EFF, which is suing over those same issues. I predicted then that, “I fear she will be a crummy presiding judge, making the FISC worse than it already is.”

In my opinion — as a civil libertarian who has been willing to defend the FISC in the past — with this opinion she has done real damage to any credibility or legitimacy the FISC has.

Update: Latter for former fixed in which choice the Administration picked, h/t CS.

The Documents

Here’s what I Con the Record released.

January 7, 2016 IG Report

This heavily redacted report describes a review of NSA’s compliance with 704/705b of Title VII of FISA, the authority NSA uses to spy on Americans who are located overseas (see my report on the 704 problems here). It was conducted from March through August 2015 and reviewed data from January through March 2015. It basically showed there were no compliance mechanisms in place for 704/705b, and NSA couldn’t even reliably identify the queries that had been conducted under the authority. This report is relevant to the reauthorization, because Americans targeted in individual FISA orders are approved (and almost certainly tasked) by default for 702 back door searches. Though the report was obviously done well before the 702 certifications were submitted on September 26, was not noticed to FISC until days before the court would otherwise have approved the certifications in conjunction with the upstream problems.

September 26, 2016 702 Certification Package 

ICTR released much if not all of the materials submitted for 702 reauthorization on September 2016. The package includes:

Certification cover filing: This is basically the application, which the metadata reveals is actually two parts merged. It describes the changes to the certificates from the past year, most notably a request to share raw 702 data directly from NSA or FBI to NCTC, some tweaks to the FBI targeting and minimization procedures, and permission for NSA, FBI, and CIA to deviate from minimization procedures to develop a count of how many US persons get collected under 702.

The report also describes how the government has fulfilled reporting requirements imposed in 2015. Several of the reports pertain to destroying data it should not have had. The most interesting one is the report on how many criminal queries of 702 data FBI does that result in the retrieval and review of US person data; as I note in this post, the FBI really didn’t (and couldn’t, and can’t, given the oversight regime currently in place) comply with the intent of the reporting requirement.

Very importantly: this application did not include any changes to upstream collection, in large part because NSA did not tell FISC (more specifically, Chief Judge Rosemary Collyer) about the problems they had always had preventing queries of upstream data in its initial application. In NSA’s April statement on ending upstream about collection, it boasts, “Although the incidents were not willful, NSA was required to, and did, report them to both Congress and the FISC.” But that’s a load of horse manure: in fact, NSA and DOJ sat on this information for months. And even with this disclosure, because the government didn’t release the later application that did describe those changes, we don’t actually get to see the government’s description of the problems; we only get to see Collyer’s (I believe mis-) understanding of them.

Procedures and certifications accepted: The September 26 materials also include the targeting and minimization procedures that were accepted in the form in which they were submitted on that date. These include:

Procedures and certificates not accepted: The materials include the documents that the government would have to change before approval on April 26. These include,

Note, I include the latter two items because I believe they would have had to be resubmitted on March 30, 2017 with the updated NSA documents and the opinion makes clear a new DIRNSA affidavit was submitted (see footnote 10), but the release doesn’t give us those. I have mild interest in that, not least because the AG/DNI one would be the first big certification to FISC signed by Jeff Sessions and Dan Coats.

October 26, 2016 Extension

The October 26 extension of 2015’s 702 certificates is interesting primarily for its revelation that the government waited until October 24, 2016 to disclose problems that had been simmering since 2013.

March 30, 2017 Submissions

The release includes two of what I suspect are at least four items submitted on March 30, which are:

April 26, 2017 Opinion

This is the opinion that reauthorized 702, with the now-restricted upstream search component. My comments below largely lay out the problems with it.

April 11, 2017 ACLU Release

I Con the Record also released the FOIAed documents released earlier in April to ACLU, which are on their website in searchable form here. I still have to finish my analysis of that (which includes new details about how the NSA was breaking the law in 2011), but these posts cover some of those files and are relevant to these 702 changes:

Importantly, the ACLU documents as a whole reveal what kinds of US persons are approved for back door searches at NSA (largely, but not exclusively, Americans for whom an individual FISA order has already been approved, importantly including 704 targets, as well as more urgent terrorist targets), and reveal that one reason NSA was able to shut down the PRTT metadata dragnet in 2011 was because John Bates had permitted them to query the metadata from upstream collection.

Not included

Given the point I noted above — that the application submitted on September 26 did not address the problem with upstream surveillance and that we only get to see Collyer’s understanding of it — I wanted to capture the documents that should or do exist that we haven’t seen.

  • October 26, 2016 Preliminary and Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
  • January 3, 2017: Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
  • NSA Compliance Officer (OCO) review covering April through December 2015
  • OCO review covering April though July of 2016
  • IG Review covering first quarter of 2016 (22)
  • January 27, 2017: Letter In re: DNI/AG 702(g) Certifications asking for another extension
  • January 27, 2017: Order extending 2015 certifications (and noting concern with “important safeguards for interests protected by the Fourth Amendment”)
  • March 30, 2017: Amendment to [Certificates]; includes (or is) second explanatory memo, referred to as “March 30, 2017 Memorandum” in Collyer’s opinion; this would include a description of the decision to shut down about searches
  • March 30, 2017 AG/DNI Certification (?)
  • March 30, 2017 DIRNSA Certification
  • April 7, 2017 preliminary notice

Other Relevant Documents

Because they’re important to this analysis and get cited extensively in Collyer’s opinion, I’m including:

Timeline

November 30, 2013: Latest possible date at which upstream search problems identified

October 2014: Semiannual Report shows problems with upstream searches during period from June 1, 2013 – November 30, 2013

October 2014: SIGINT Compliance (SV) begins helping NSD review 704/705b compliance

June 2015: Semiannual Report shows problems with upstream searches during period from December 1, 2013 – May 31, 2014

December 18, 2015: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

January 7, 2016: IG Report on controls over §§704/705b released

January 26, 2016: Discovery of error in upstream collection

March 9, 2016: FBI releases raw data

March 18, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

May and June, 2016: Discovery of querying problem dating back to 2012

May 17, 2016: Opinion relating to improper retention

June 17, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

August 24, 2016: Pre-tasking review update

September 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

September 26, 2016: Submission of certifications

October 4, 2016: Hearing on compliance issues

October 24, 2016: Notice of compliance errors

October 26, 2016: Formal notice, with hearing; FISC extends the 2015 certifications to January 31, 2017

November 5, 2016: Date on which 2015 certificates would have expired without extension

December 15, 2016: James Clapper approves EO 12333 Sharing Procedures

December 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

December 29, 2016: Government plans to deal with indefinite retention of data on FBI systems

January 3, 2017: DOJ provides supplemental report on compliance programs; Loretta Lynch approves new EO 12333 Sharing Procedures

January 27, 2017: DOJ informs FISC they won’t be able to fully clarify before January 31 expiration, ask for extension to May 26; FISC extends to April 28

January 31, 2007: First extension date for 2015 certificates

March 17, 2017:Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA; Probable halt of upstream “about” collection

March 30, 2016: Submission of amended NSA certifications

April 7, 2017: Preliminary notice of more query violations

April 28, 2017: Second extension date for 2015 certificates

May 26, 2017: Requested second extension date for 2015 certificates

June 2, 2017: Deadline for report on outstanding issues

FBI Rewrote the Backdoor Search Query Requirement

In her opinion approving the April 26 certifications (which may be one of the most unimpressive FISC opinions I’ve read), Rosemary Collyer borrowed heavily on the 2015 authorization in finding this year’s constitutional. As such she refers to Thomas Hogan’s imposition of a reporting requirement for any back door searches “in which FBI personnel receive and review Section 702-acquired information that the FBI identifies as concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.”

She then describes the one incident reported this year: basically an Agent seeing an email of someone referring to violence toward children. The Agent searched on the person who allegedly committed the violence and the names of the children, only to find the same email again. The Agent reported the suspected child abuse to the local child protective services.

But, she reveals, no one reported this until DOJ’s National Security Division asked about such reporting during their review.

The Court notes, however, that the FBI did not identify those queries as responsive to the Court’s reporting requirement until NSD asked whether any such queries had been made in the course of gathering information about the Section I.F dissemination. Notice at 2. The Court is carrying forward this reporting requirement and expects the government to take further steps to ensure compliance with it.

There are several reasons this is troublesome.

First, the incident would have gone unreported unless someone felt obliged to be honest when asked specifically about it (ODNI/DOJ don’t do reviews in all field offices, so not everyone will get asked).

Moreover, the incident got reported not because it was “receive[d] and reviewe[d],” but because it was disseminated. So there may be a great deal of back door searches that get received and reviewed but because they don’t constitute evidence of a crime, aren’t disseminated, with the consequent paper trail.

Finally, this means certain kinds of criminal searches won’t be reported: those where FBI gets a criminal tip, then looks on their 702 data, only to find something they might use to coerce informants. Information used to coerce informants would suddenly become foreign intelligence information, so no longer subject to the reporting requirement.

To meet the actual requirement from FISC — rather than the one they’re willing to comply with — FBI needs to dramatically restructure the compliance to this reporting requirement, to measure when a search is done for criminal purposes, and then — as soon as an agent conducts that review — gets noticed to the FISC.

Of course, that would require precisely the kind of tracking the FBI has refused to do. Their arbitrary rewriting of this requirement demonstrates why.

Update: In application for certificates submitted on September 26, 2016, DOJ said this about its back door searches:

In a latter filed on December 4, 2015, the government noted that there is no automated way for the FBI to track whether a query is run solely for a foreign intelligence purpose, to extract evidence of a crime, or both. However, the December 4, 2015 letter detailed the processes the FBI put in place to attempt to identify those queries that are run in FBI systems containing raw 702-acquired information after December 4, 2015, that are designed to extract evidence of a crime. In addition, the December 4, 2015 letter explained that FBI had issued guidance to its personnel about this reporting requirement and the process to enable FBI to centrally track such scenarios and report any such queries to NSD that would fall under the reporting requirement described above. Additionally, NSD conducts minimization reviews in multiple FBI field offices each year. As part of these minimization reviews, NSD and FBI National Security Law Branch have emphasized the above requirements and processes during field office training. Further, during the minimization reviews, NSD audits a sample of queries performed by FBI personnel in the databases storing raw FISA-acquired information, including raw section 702-acquired information. Since December 2015, NSD has reviewed these queries to determine if any such queries were conducted solely for the purpose of retaining evidence of a crime. If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query. Since the above processes were put in place in December 2015, FBI and NSD have not identified any instance in which FBI personnel have received and reviewed section 702-acquired information of or concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.

There are several key details here.

First, DOJ reported no queries on September 26, which means the query must have happened after that (though it’s not clear whether Collyer’s opinion would reflect the most recent reporting).

It’s also clear DOJ will only find these in spot checks. As DOJ makes clear here (and as was misrepresented at a recent hearing), NSD and ODNI don’t actually visit every FBI office (though I’m sure they hit SDNY, EDNY, DC, EDVA, MD, and NDCA routinely, which are the biggest national security offices). That means there’s not going to be a chance to find many possible queries.

There’s also some fuzzy language here. I’m particularly intrigued by this double usage of “FBI personnel,” as if someone from outside of FBI does review this, perhaps on an analytical contract.

If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query.

Or perhaps FBI calls up NSA and asks them to access the same content?

Finally, it’s clear the definition FBI is using, with respect to “foreign intelligence, crime, or both” permits generalized queries (in part to see if there’s intelligence to use to coerce someone to be an informant) that could serve either purpose. Such an approach cannot measure how much more often someone more likely to talk with a 702 target — like Muslims or Chinese-Americans — get pursued for crimes after a longer assessment decides against using the person as an informant.

Which is another way of saying that this metric is not measuring what Judge Hogan wanted it to measure.

I Con the Record Transparency Bingo (1): Only One Positive Hit on a Criminal Search

As we speak, a bunch of privacy experts are on Twitter trying to make sense of I Con the Record’s transparency report, which is a testament to the fact that the Transparency Report obfuscates as much as makes transparent (and the degree to which you need to have read a great deal of other public reports to understand these things).

So I’m going to deal with the obvious errors I’m seeing made as I see them, then will do a more comprehensive working thread.

The first confusion I’m seeing pertains to this factoid showing how many US person queries designed to return criminal information returned a positive hit.

First, it is not the case that this number, 1, means the FBI affirmatively searched a dedicated FISA 702 database for criminal data and only found data once. The FISA 702 data, the traditional FISA data, and other data are all mixed in together. What this means is when the FBI searched databases including that FISA 702 data and other stuff looking for information on a criminal case, on just one occasion did they get a positive hit showing evidence of a non-national security crime that landed in the database via Section 702 and no other authority (some amount of this information will come into the database via multiple authorities), then obtain that information (whether via their own 702 clearance or by asking a buddy cleared into 702), and review it.

So right off the bat, there are some things this number doesn’t include: positive hits on criminal queries that a person receives but doesn’t receive and review. One reason they might get a positive hit they don’t review is if a non-cleared person doesn’t go through the effort to get a FISA-cleared person to access it. But as I pointed out when the opinion ordering this count got released, there are other possibilities.

FBI’s querying system can be set such that, even if someone has access to 702 data, they can run a query that will flag a hit in 702 data but won’t actually show the data underlying that positive return. This provides one way for 702-cleared people to learn that such information is in such a collection and — if they want the data without having to report it — may be able to obtain it another way. It is distinctly possible that once NSA shares EO 12333 data directly with FBI, for example, the same data will be redundantly available from that in such a way that would not need to be reported to FISC. (NSA used this arbitrage method after the 2009 problems with PATRIOT-authorized database collections.)

Furthermore, this will only count a positive hit if the Agent is making an exclusively criminal search. Hogan’s opinion and (we now know from some recently liberated documents) the underlying discussion didn’t deal with the full scope of queries done for assessment reasons in the name of national security, such as profiling various ethnic communities or more generally searching on leads identified via national security mapping. Those queries would count as national security queries, but a big point of doing them would be to find derogatory information, including evidence of criminal behavior, to use to recruit informants.

Finally, consider how the Attorney General Guidelines defines Foreign Intelligence information.

Plus, such reporting depends on the meaning of foreign intelligence information as defined under the Attorney General Guidelines.

FOREIGN INTELLIGENCE: information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations or foreign persons, or international terrorists.

It would be relatively easy for FBI to decide that any conversation with a foreign person constituted foreign intelligence, and in so doing count even queries on US persons to identify criminal evidence as foreign intelligence information and therefore exempt from the reporting guidance. Certainly, the kinds of queries that might lead the FBI to profile St. Paul’s Somali community could be considered a measure of Somali activities in that community. Similarly, FBI might claim the search for informants who know those in a mosque with close ties overseas could be treated as the pursuit of information on foreign activities in US mosques.

As I understand it, the reporting to Congress on this has been a bit more circumspect than members might have liked. That means the other details FISC judge Thomas Hogan required about this one positive hit — what query resulted in a positive hit, what kind of investigative action it led to, and why FBI believes it to fall under minimization procedures — aren’t as sexy as this number, 1.

Prior to this positive hit, the FBI had always assured oversight authorities that the possibility that Section 702 data would result in criminal information was “theoretical.”

Even as a factoid of limited meaning, it does mean the possibility is no longer theoretical.