Posts

Adam Schiff Makes Clear FBI Is Using Section 215 Like the 2014 Exception

For months, Congress has been debating the reauthorization of Section 215 of the PATRIOT Act. The House passed a compromise bill before COVID shut-downs really halted everything in Congress, though did so in such a way as to prevent Zoe Lofgren from offering any amendments. After the Senate failed to act, the provision (and two related ones lapsed). Then, a few weeks ago, the Senate passed a version that added an amendment from Mike Lee and Patrick Leahy that strengthened the amicus to the previously passed House bill. But an amendment offered by Ron Wyden and Steve Daines failed by one vote after Tom Carper said that Pelosi had warned him its passage would gut FISA (and after Bernie Sanders and Patty Murray didn’t make it for the vote). The operative language of their amendment read,

(C) An application under paragraph (1) may not seek an order authorizing or requiring the production of internet website browsing information or internet search history information.

Zoe Lofgren and Warren Davidson tried to pass that amendment in the House. Over a weekend of heated negotiations, they limited the Wyden-Daines language to apply just to US persons.

(C) An application under paragraph (1) may not seek an order authorizing or requiring the production of internet website browsing information or internet search history information of United States persons.

At first, Wyden endorsed the Lofgren-Davidson language. Except then Adam Schiff gave Charlie Savage a statement that suggested the amendment would only prevent the government from seeking to obtain Americans’ internet information, not prevent it altogether.

But in his own statement, Mr. Schiff put forward a narrower emphasis. Stressing the continued need to investigate foreign threats, he described the compromise as banning the use of such orders “to seek to obtain” an American’s internet information.

That led Ron Wyden to withdraw his support. Leadership withdrew that amendment from the Rule.

Schiff’s ploy seems to suggest one way the government is using Section 215.

Wyden had previously asked how each of three applications for Section 215 would appear in counts:

  • An order in which an IP address used by multiple people is the target
  • An order collecting all the people who visit a particular website
  • An order collecting all the web browsing and internet searches of a single user

I’ve argued in the past that the FBI wouldn’t go to the trouble of a Section 215 order for a person who was not otherwise targeted, the last bullet. Schiff’s willingness to limit collection to foreigners is consistent with that (because targeting non-US persons has a lower probable cause level), meaning that’s not the function the government is so intent on preserving.

Which leaves Wyden’s IP address used by multiple people and a website, what I have suggested might be VPNs and WikiLeaks. Those are the applications that Schiff (and Pelosi) are going to the mat to protect.

That makes something that happened in 2014 important. That year, FISC permitted the government to remain tasked on a selector under 702 (which can only target foreigners) even after finding that Americans were using the selector, provided the US person content was purged after the fact. Except ODNI made a list of enumerated crimes — virtually all of which exploit the Dark Web — that Section 702 content could be used to prosecute. Richard Burr codified that principle when the law was reauthorized in 2017.

Schiff has invoked the same principle — allowing the FBI to target a URL or IP, and in the name of obtaining foreign intelligence, obtaining the US person activity as well. Because this is not treated as “content,” the government may not be limited to instances where the US person activity is location obscured (though it’s possible this is just about obtaining VPN traffic, and not something like WikiLeaks).

Wyden called the resulting practice (remember, this is status quo), as “dragnet surveillance.”

“It is now clear that there is no agreement with the House Intelligence Committee to enact true protections for Americans’ rights against dragnet collection of online activity, which is why I must oppose this amendment, along with the underlying bill, and urge the House to vote on the original Wyden-Daines amendment,” Wyden said.

So once again — still — the government is using a foreign targeted law to obtain leads of Americans to investigate. That, apparently, is what Pelosi considers the key part of FISA: honey pots to identify Americans to investigate.

Meanwhile, DOJ doesn’t even like the changes Lee and Leahy implemented, falsely claiming that the law — which requires DOJ to meet the standards laid out voluntarily by FBI’s response to the DOJ IG Report — does nothing to address the problems identified by the IG Report.

The Department worked closely with House leaders on both sides of the aisle to draft legislation to reauthorize three national security authorities in the U.S.A. Freedom Act while also imposing reforms to other aspects of FISA designed to address issues identified by the DOJ Inspector General. Although that legislation was approved with a large, bipartisan House majority, the Senate thereafter made significant changes that the Department opposed because they would unacceptably impair our ability to pursue terrorists and spies. We have proposed specific fixes to the most significant problems created by the changes the Senate made. Instead of addressing those issues, the House is now poised to further amend the legislation in a manner that will weaken national security tools while doing nothing to address the abuses identified by the DOJ Inspector General.

Accordingly, the Department opposes the Senate-passed bill in its current form and also opposes the Lofgren amendment in the House. Given the cumulative negative effect of these legislative changes on the Department’s ability to identify and track terrorists and spies, the Department must oppose the legislation now under consideration in the House. If passed, the Attorney General would recommend that the President veto the legislation.

Trump, meanwhile, is opposing the bill because it doesn’t go far enough.

WARRANTLESS SURVEILLANCE OF AMERICANS IS WRONG!

Republicans are inventing reasons to oppose it after supporting it in March.

Back in March, Billy Barr said he could do what he needed to with EO 12333. It’s unclear how he’d coerce providers.

But Schiff’s efforts to defeat Wyden make it clear this is a function designed to identify Americans.

Update: I had thought a current vote was on FISA, but is on China sanctions, so I’ve deleted.

Ron Wyden Hints at How the Intelligence Community Hides Its Web Tracking Under Section 215

Ron Wyden had an amendment to Section 215 that would have limited the use of that provision to obtain web traffic information that fell one vote short in the Senate, partly because Nancy Pelosi whipped Tom Carper against it and partly because two Senators (Bernie Sanders and Patty Murray) didn’t get back for a vote. In an effort to resuscitate the amendment in the House under Zoe Lofgren and Warren Davidson’s leadership (which would surely pass if Section 215 got bounced back to the Senate), Ron Wyden released a letter to Ric Grenell trying to force some transparency about how the IC hides the scope of the use of Section 215 to get web search and Internet traffic information.

The letter asks Grenell to explain how Section 215 orders served on IP addresses, rather than email addresses, might get counted in transparency provisions.

How would the government apply the public reporting requirements for Section 215 to web browsing and internet searches? In this context, would the target or “unique identifier” be an IP address?

If the target or “unique identifier” is an IP address, would the government differentiate among multiple individuals using the same IP address, such as family members and roommates using the same Wi-Fi network, or could numerous users appear as a single target or “unique identifier”?

If the government were to collect web browsing information about everyone who visited a particular website, would those visitors be considered targets or “unique identifiers” for purposes of the public reporting? Would the public reporting data capture every internet user whose access to that website was collected by the government?

If the government were to collect web browsing and internet searches associated with a single user, would the public reporting requirement capture the scope of the collection? In other words, how would the public reporting requirement distinguish between the government collecting information about a single visit to a website or a single search by one person and a month or a year of a person’s internet use?

Wyden here lays out three use cases for how the IC might (one should assume does) use Section 215 to get web traffic.

  • An order in which an IP address used by multiple people is the target
  • An order collecting all the people who visit a particular website
  • An order collecting all the web browsing and internet searches of a single user

The government is required to report:

(5)the total number of orders issued pursuant to applications made under section 1861(b)(2)(B) of this title and a good faith estimate of—

(A)the number of targets of such orders; and

(B)the number of unique identifiers used to communicate information collected pursuant to such orders;

Taking each of his three scenarios, here’s what I believe the government would report.

An order in which an IP address used by multiple people is the target

In the first scenario, the government is trying to obtain everyone who “uses” a particular IP address. The scenario laid out by Wyden is a WiFi router used by family or friends, but both because the House Report prohibited such things in 2015 and because DOJ IG has raised questions about targeting everyone who uses a Friends and Family plan, I doubt that’s what the IC really does.

Rather, I suspect this is about VPNs and other servers that facilitate operational security. The government could hypothetically obtain four orders a year getting “VPNs,” requiring providers of each of the 10 major VPNs in the country to provide the IP addresses of all the incoming traffic, which would show the IP addresses of everyone who was using their location obscuring traffic.

In such a case, the targeted VPN IP addresses wouldn’t be communicating information at all. The users would get no information back. Therefore, the IC would only report the number of targets of such orders. If the “target” were defined as VPN, the number would be reported as 4 (for each of the 4 orders); if the “target” were defined as the specific VPN providers, the number of targets would be reported as 10.

The IC would entirely hide the number of individual Americans affected.

An order collecting all the people who visit a particular website

This application would seek to learn who visited a particular website. The classic case would be Inspire magazine, the AQAP propaganda. But I could also see how the IC might want to collect people who visit WikiLeaks’ submission page, or any number of sites that would offer information of interest to foreign spies (even DNI’s report on surveillance collection!). In such a use case, the government might ask not for the information provided to the user, but instead the incoming IP addresses of every request to the website. Again, this would not reflect a communication of information (and certainly not to the end user), so would not be reported under 5B.

If the targets were defined as “AQAP propaganda sites,” Inspire and all its affiliates might be reported as just one target (or might even be counted on a more generalized 215 order targeting AQAP or WikiLeaks, and so not as a unique 215 order at all).

The end users here would, again, not be counted if the collection request deliberately asked for something that did not “communicate information,” though I’m not sure precisely what technical language the government would use to accomplish this.

An order collecting all the web browsing and internet searches of a single user

This use case would ask how a 215 order targeting an individualized target (like Carter Page) shows up in transparency reports. If this were an order served on Google targeting a single account identifier for Google (say, Page’s Gmail account), the government might treat that Gmail identifier as the unique identifier, even though the government was getting information on every time this unique identifier obtained information.

Even in the criminal context, prosecutors don’t always target Google histories (for example, they did not with Joshua Schulte, and so got Google searches going back to before he joined the CIA). In the intelligence context, the FBI is given even more leeway to obtain everything, based off the logic that it’s harder to find clandestine activity.

In other words, Wyden has pointed to three use cases, all of which the IC is surely using, which existing transparency reporting requirements would entirely obscure the impact of.

Why Justin Amash Should Be an Impeachment Manager

I’m sitting about six blocks from one of Gerald Ford’s childhood homes. That means I live in a city with an outsized role in America’s history with impeachment. Since the time I’ve lived in this city, our Federal Building added a sign reading (over-optimistically), “Our Constitution works; our great Republic is a government of laws and not of men.”

It also means I’m a constituent of Justin Amash, who has an office in that Federal Building named after Gerald Ford.

And I’m solidly in support of the idea — floated by thirty freshman Democrats — for Amash to be among the Impeachment Managers presenting the case in the Senate.

I think Amash brings several things this impeachment effort could badly use.

First, Democrats missed an opportunity in the House Judiciary hearing on Constitutional issues behind impeachment to call someone like Paul Rosenzweig, a Republican who worked on the Whitewater investigation, who backs impeachment in this case. While a bunch of Democratic lawyers were testifying, Amash was and has continued tweeting to his colleagues about how important impeachment is to the Constitution. It is critical to have a voice making the conservative case for upholding the Constitution. Just this morning, a long time local Democratic activist I was speaking to was hailing how Amash has used his University of Michigan law degree to make the case for impeachment.

Meanwhile, even as the national press has spent countless hours interviewing demographically unrepresentative panels of voters from my county to understand how swing state voters feel about impeachment, Amash has risked his career in that swing state district. Well before queasy Democrats in swing districts came around to the necessity of impeaching President Trump, Amash left his party and took a stand to defend the Constitution. I think his courage may serve as inspiration for Republicans in the Senate who secretly recognize the necessity of impeaching Trump, even while they may worry they’ll ruin their political career. Amash also has close ties with (especially) Rand Paul and other libertarian leaning Senators (like Mike Lee and Ted Cruz), so might be persuasive with them, even if all of them have already basically opposed impeachment.

Finally, a point that some of the more hawkish people involved in impeachment (like Adam Schiff) may not understand, Amash works really well in bipartisan coalitions. He has long been a key member of the privacy coalition and currently serves as the “Republican” co-chair, with Zoe Lofgren as the Democratic co-chair, of the Fourth Amendment coalition. The cornerstone of that coalition, over more than a decade, has been honesty about where progressives and libertarians (and even traditional conservatives) share goals and where we disagree, sometimes dramatically. But with that cornerstone of shared understanding, and with a sense of responsibility for what each side can and should do to support the Constitution, he has been an invaluable member of a team. Some of the people who might also be considered as Impeachment Managers — like Jamie Raskin — would have experience with Amash in such a context. At the very least, Lofgren should be able to give Pelosi reassurances that Amash is utterly reliable when working as part of a bipartisan coalition. This is a topic, the President’s abuse of his authority, on which Amash took a Constitutional stand, which is precisely the kind of common foundation his past work with Democrats was built on.

I don’t get a vote. Speaker Pelosi gets to decide. But as an Amash constituent who has long found common ground with Amash on issues rooted in the Constitution, I think his involvement would be a tremendous value.

A Diverse America Votes to Uphold the Constitution; A Largely Male White America Votes to Abrogate It

The House Judiciary Committee just voted to send two articles of impeachment against Donald Trump to the full House.

The entire vote took just minutes. But it said so much about the state of America today.

It will forever be portrayed as a party line vote, with 23 Democrats in favor, and 17 Republicans against. But it was also a tribute to the degree to which polarization in America today pivots on issues of diversity.

The Democrats who voted in favor included 11 women, and 13 Latinx and people of color (Ted Lieu missed the vote recovering from a heart procedure). Three (plus Lieu) are immigrants. One is gay. These Democrats voted to uphold the Constitution a bunch of white men, several of them owners of African-American slaves, wrote hundreds of years ago.

The Republicans who voted against were all white. Just two were women.  These Republicans voted to permit a racist white male President to cheat to get reelected in violation of the rule of law.

This is about a clash between the rising America and the past. And it’s unclear who will win this battle for America. But the stakes are clear.

 

In Op-Ed Calling for Counter-Disinformation Strategy, Will Hurd Engages in His Own Disinformation

I like Will Hurd. I think he’s smart, thoughtful, and (when I met him at an event I did last year in DC) personally very nice. So I was a bit disappointed by this op-ed, arguing that to save democracy, “Americans must begin working together,” just weeks after he voted with all the rest of the House Intelligence Committee Republicans to release the Nunes memo.

After revealing that his CIA clandestine service was in places in Russia’s sphere, Hurd argues that we need a counter-disinformation strategy.

I served in places where Russia has geopolitical interests, and learned that Russia has one simple goal: to erode trust in democratic institutions.

[snip]

To address continued Russian disinformation campaigns, we need to develop a national counter-disinformation strategy. The strategy needs to span the entirety of government and civil society, to enable a coordinated effort to counter the threat that influence operations pose to our democracy. It should implement similar principles to those in the Department of Homeland Security’s Strategy for Countering Violent Extremism, with a focus on truly understanding the threat and developing ways to shut it down.

That much I can agree with him on.

But it has no business appearing in an op-ed that suggests bipartisan criticism of the Nunes Memo stunt amounts to Russia winning — which flips reality on its head.

Unfortunately, over the last year, the United States has demonstrated a lack of resilience to this infection. The current highly charged political environment is making it easier for the Russians to achieve their goal. The hyperbolic debate over the release of the FISA memos by the House Intelligence Committee further helps the Russians achieve their aim. Most recently, Russian social-media efforts used computational propaganda to influence public perceptions of this issue, and we found ourselves once again divided among party lines.

When the public loses trust in the press, the Russians are winning. When the press is hyper-critical of Congress for executing oversight and providing transparency on the actions taken by the leaders of our law-enforcement agencies, the Russians are winning. When Congress and the general public disagree simply along party lines, the Russians are winning. When there is friction between Congress and the executive branch resulting in the further erosion of trust in our democratic institutions, the Russians are winning.

Let’s unpack this passage closely.

First, note how Hurd refers to “the last year” during which the US demonstrated a lack of resilience to Russian disinformation? Hurd is pretending that that lack of resilience doesn’t extend to 2016, when in fact at least the social media companies started to respond to Russian election year events last year.

He then calls the debate over the release of the memo — not propaganda seeded by Republicans claiming the Nunes memo revealed something “worse than Watergate” — hyperbolic.

Hurd then makes the same mistake everyone always makes with the Fucking Gizmo™, the Hamilton Dashboard that tracks right wing propaganda and — because it moves in tandem with official Russian propaganda outlets — deems it Russian, not American.

Then Hurd rebrands Nunes’ stunt as the press being “hyper-critical of Congress for executing oversight and providing transparency on the actions taken by the leaders of our law-enforcement agencies.” As I’ve noted before, it’s particularly rich for people who voted against the Amash-Lofgren amendment to the FISA 702 reauthorization to claim they support transparency, as that amendment would have provided just that. But it’s also pathetic that Hurd would claim either the Nunes or Schiff memos are about transparency or oversight. It’d be awesome if HPSCI decided to hold a hearing on the use of consultants and informants in FISA applications and elsewhere in law enforcement. The Nunes stunt only brought a concern about that to a white politically connect white guy, not the people who really would benefit from actual oversight.

And more importantly, the Nunes memo (which GOPers admitted made a false claim about whether FISC got notice about the political nature of the Steele dossier), especially, was about obfuscation, not transparency.

Will Hurd was on the wrong side of adult behavior when he voted in favor of the Nunes memo. He seems to be trying to spin his vote as something it wasn’t.

He’d do well if, instead, he tried to make up for it.

Asha Rangappa Demands Progressive Left Drop Bad Faith Beliefs in Op-Ed Riddled with Errors Demonstrating [FBI’s] Bad Faith

It’s my fault, apparently, that surveillance booster Devin Nunes attacked the FBI this week as part of a ploy to help Donald Trump quash the investigation into Russian involvement in his election victory. That, at least, is the claim offered by the normally rigorous Asha Rangappa in a NYT op-ed.

It’s progressive left privacy defenders like me who are to blame for Nunes’ hoax, according to Rangappa, because — she claims — “the progressive narrative” assumes the people who participate in the FISA process, people like her and her former colleagues at the FBI and the FISA judges, operate in bad faith.

But those on the left denouncing its release should realize that it was progressive and privacy advocates over the past several decades who laid the groundwork for the Nunes memo — not Republicans. That’s because the progressive narrative has focused on an assumption of bad faith on the part of the people who participate in the FISA process, not the process itself.

And then, Ragappa proceeds to roll out a bad faith “narrative” chock full of egregious errors that might lead informed readers to suspect FBI Agents operate in bad faith, drawing conclusions without doing even the most basic investigation to test her pre-conceived narrative.

Rangappa betrays from the very start that she doesn’t know the least bit about what she’s talking about. Throughout, for example, she assumes there’s a partisan split on surveillance skepticism: the progressive left fighting excessive surveillance, and a monolithic Republican party that, up until Devin Nunes’ stunt, “has never meaningfully objected” to FISA until now. As others noted to Rangappa on Twitter, the authoritarian right has objected to FISA from the start, even in the period Rangappa used what she claims was a well-ordered FISA process. That’s when Republican lawyer David Addington was boasting about using terrorist attacks as an excuse to end or bypass the regime. “We’re one bomb away from getting rid of that obnoxious [FISA] court.”

I’m more peeved, however, that Rangappa is utterly unaware that for over a decade, the libertarian right and the progressive left she demonizes have worked together to try to rein in the most dangerous kinds of surveillance. There’s even a Congressional caucus, the Fourth Amendment Caucus, where Republicans like Ted Poe, Justin Amash, and Tom Massie work with Rangappa’s loathed progressive left on reform. Amash, Mike Lee, and Rand Paul, among others, even have their name on legislative attempts to reform surveillance, partnering up with progressives like Zoe Lofgren, John Conyers, Patrick Leahy, and Ron Wyden. This has become an institutionalized coalition that someone with the most basic investigative skills ought to be able to discover.

Since Rangappa has not discovered that coalition, however, it is perhaps unsurprising she has absolutely no clue what the coalition has been doing.

In criticizing the FISA process, the left has not focused so much on fixing procedural loopholes that officials in the executive branch might exploit to maximize their legal authority. Progressives are not asking courts to raise the probable cause standard, or petitioning Congress to add more reporting requirements for the F.B.I.

Again, there are easily discoverable bills and even some laws that show the fruits of progressive left and libertarian right efforts to do just these things. In 2008, the Democrats mandated a multi-agency Inspector General on Addington’s attempt to blow up FISA, the Stellar Wind program. Progressive Pat Leahy has repeatedly mandated other Inspector General reports, which forced the disclosure of FBI’s abusive exigent letter program and that FBI flouted legal mandates regarding Section 215 for seven years (among other things). In 2011, Ron Wyden started his thus far unsuccessful attempt to require the government to disclose how many Americans are affected by Section 702. In 2013, progressive left and libertarian right Senators on the Senate Judiciary Committee tried to get the Intelligence Community Inspector General to review how the multiple parts of the government’s surveillance fit together, to no avail.

Rangappa’s apparent ignorance of this legislative history is all the more remarkable regarding the last several surveillance fights in Congress, USA Freedom Act and this year’s FISA Amendments Act reauthorization (the latter of which she has written repeatedly on). In both fights, the bipartisan privacy coalition fought for — but failed — to force the FBI to comply with the same kind of reporting requirements that the bill imposed on the NSA and CIA, the kind of reporting requirements Rangappa wishes the progressive left would demand. When a left-right coalition in the House Judiciary Committee tried again this year, the FBI stopped negotiating with HJC’s staffers, and instead negotiated exclusively with Devin Nunes and staffers from HPSCI.

With USAF, however, the privacy coalition did succeed in a few reforms (including those reporting requirements for NSA and CIA). Significantly, USAF included language requiring the FISA Court to either include an amicus for issues that present “a novel or significant interpretation of the law,” or explain why it did not. That’s a provision that attempts to fix the “procedural loophole” of having no adversary in the secret court, though it’s a provision of law the current presiding FISC judge, Rosemary Collyer, blew off in last year’s 702 reauthorization. (Note, as I’ve said repeatedly, I don’t think Collyer’s scofflaw behavior is representative of what FISC judges normally do, and so would not argue her disdain for the law feeds a “progressive narrative” that all people involved in the FISA process operated in bad faith.)

Another thing the progressive left and libertarian right won in USAF is new reporting requirements on FISA-related approvals for FISC, to parallel those DOJ must provide. Which brings me to Rangappa’s most hilarious error in an error-ridden piece (it’s an error made by multiple civil libertarians earlier in the week, which I corrected on Twitter, but Rangappa appears to mute me so wouldn’t have seen it).

To defend her claim that the FISC judge who approved the surveillance of Carter Page was operating, if anything, with more rigor than in past years, Rangappa points to EPIC’s tracker of FISA approvals and declares that the 2016 court rejected the highest number of applications in history.

We don’t know whether the memo’s allegations of abuse can be verified. It’s worth noting, however, that Barack Obama’s final year in office saw the highest number of rejected and modified FISA applications in history. This suggests that FISA applications in 2016 received more scrutiny than ever before.

Here’s why this is a belly-laughing error. As noted, USAF required the FISA Court, for the first time, to release its own record of approving applications. It released a partial report (for the period following passage of USAF) covering 2015, and its first full report for 2016. The FISC uses a dramatically different (and more useful) counting method than DOJ, because it counts what happens to any application submitted in preliminary form, whereas DOJ only counts applications submitted in final form. Here’s how the numbers for 2016 compare.

Rangappa relies on EPIC’s count, which for 2016 not only includes an error in the granted number, but adopts the AOUSC counting method just for 2016, making the methodology of its report invalid (it does have a footnote that explains the new AOUSC numbers, but not why it chose to use that number rather than the DOJ one or at least show both).

Using the only valid methodology for comparison with past years, DOJ’s intentionally misleading number, FISC rejected zero applications, which is consistent or worse than other years.

It’s not the error that’s the most amusing part, though. It’s that, to make the FISC look good, she relies on data made available, in significant part, via the efforts of a bipartisan coalition that she claims consists exclusively of lefties doing nothing but demonizing the FISA process.

If anyone has permitted a pre-existing narrative to get in the way of understanding the reality of how FISA currently functions, it’s Rangappa, not her invented progressive left.

Let me be clear. In spite of Rangappa’s invocation (both in the body of her piece and in her biography) of her membership in the FBI tribe, I don’t take her adherence to her chosen narrative in defiance of facts that she made little effort to actually learn to be representative of all FBI Agents (which is why I bracketed FBI in my title). That would be unfair to a lot of really hard-working Agents. But I can think of a goodly number of cases, some quite important, where that has happened, where Agents chased a certain set of leads more vigorously because they fit their preconceptions about who might be a culprit.

That is precisely what has happened here. A culprit, Devin Nunes — the same guy who helped the FBI dodge reporting requirements Rangappa thinks the progressive left should but is not demanding — demonized the FISA process by obscuring what really happens. And rather than holding that culprit responsible, Rangappa has invented some other bad guy to blame. All while complaining that people ever criticize her FBI tribe.

Steve King Just Voted to Subject Americans to “Worse than Watergate”

Devin Nunes has launched the next installment of his effort to undercut the Mueller investigation, a “Top Secret” four page report based on his staffers’ review of all the investigative files they got to see back on January 5. He then showed it to a bunch of hack Republicans, who ran to the right wing press to give alarmist quotes about the report (few, if any, have seen the underlying FBI materials).

Mark Meadows (who recently called for Jeff Sessions’ firing as part of this obstruction effort) said, “Part of me wishes that I didn’t read it because I don’t want to believe that those kinds of things could be happening in this country that I call home and love so much.”

Matt Gaetz (who strategized with Trump on how to undercut the Mueller investigation on a recent flight on Air Force One) said, “The facts contained in this memo are jaw-dropping and demand full transparency. There is no higher priority than the release of this information to preserve our democracy.”

Ron DeSantis (who joined Gaetz in that Air Force One strategy session with Trump and also benefitted directly from documents stolen by the Russians) said it was “deeply troubling and raises serious questions about the [the people in the] upper echelon of the Obama DOJ and Comey FBI,” who of course largely remain in place in the Sessions DOJ and Wray FBI.

Steve King claimed what he saw was, “worse than Watergate.” “Is this happening in America or is this the KGB?” Scott Perry said. Jim Jordan (who joined in Meadows’ effort to fire Sessions) said, “It is so alarming.” Lee Zeldin said the FBI, in using FISA orders against Russians and facilities used by suspected agents of Russia was relying “on bad sources & methods.”

It all makes for very good theater. But not a single one of these alarmists voted the way you’d expect on last week’s 702 reauthorization votes if they were really gravely concerned about the power of the FBI to spy on Americans.

Indeed, Gaetz, DeSantis, and King — three of those squawking the loudest — voted to give the same FBI they’re claiming is rife with abuse more power to spy on Americans, including political dissidents. Nunes, who wrote this alarming report, also wrote the bill to expand the power of the FBI he’s now pretending is badly abusive.

Even those who voted in favor of the Amash-Lofgren amendment and against final reauthorization — Meadows, Jordan, and Perry, among some of those engaging in this political stunt — voted against the Democratic motion to recommit, which would have at least bought more time and minimally improved the underlying bill (Justin Amash and Tom Massie, both real libertarians, voted with Democrats on the motion to recommit). Zeldin was among those who flipped his vote, backing the bill that will give the FBI more power after making a show of supporting Amash’s far better bill.

In short, not a single one of these men screaming about abuse at the FBI did everything they could do to prevent the FBI from getting more power.

Which — if you didn’t already need proof — shows what a hack stunt this is.

Incidental Collection Under Section 702 Has Probably Contributed to Trump’s Downfall, Too

As you’ve no doubt heard, the House passed the bad reauthorization to Section 702 yesterday. The Senate will vote on cloture on Tuesday — though both Rand Paul and Ron Wyden have threatened to filibuster it — and will almost certainly be voted into law after that.

I’ll have comment later on the rising costs, for politicians, for mindlessly reauthorizing these bills in a follow-up post.

Paul Ryan told President Trump Section 702 hasn’t affected his people

But for the moment, I want to comment on the debate that took place in response to Trump’s two tweets. The first tweet, which was clearly a response to a Judge Napolitano piece on Fox News yesterday morning, complaining about FISA.

Then, after a half hour lesson from Paul Ryan on the different FISA regimes (note, for some reason Devin Nunes was conspicuously absent from much of this process yesterday, both the coddling of the President and managing debate on the bill), a follow-up tweet hailing Section 702’s utility for “foreign surveillance of foreign bad guys on foreign land.”

In response to those tweets, many commenters stated, as a matter of fact, that Trump hasn’t been impacted by Section 702, that only traditional FISA intercepts drove key developments in the Russian investigation.

That’s unlikely to be true, and I suspect we already have evidence that that’s not the case.

It is true that incidental collection on a Title I got Mike Flynn in trouble

To defend the case that incidental collection off a traditional FISA order has impacted Trump’s administration, people point to the December 29, 2016 intercepts of communications between Sergey Kislyak and Mike Flynn which were cited in Flynn’s guilty plea. It is true that those intercepts were done under a traditional FISA order. Admiral Mike Rogers as much as confirmed that last March in his efforts to explain basic FISA law to the House Intelligence Committee Republicans who are supposed to oversee it.

Rogers: FISA collection on targets in the United States has nothing to do with 702, I just want to make sure we’re not confusing the two things here. 702 is collection overseas against non US persons.

And Speaker Ryan, fresh off his efforts to teach the President basic surveillance law, yesterday clarified — inaccurately — that,

Title 1 of the FISA law is what you see in the news that applies to U.S. citizens. That’s not what we’re talking about here. This is Title 7, Section 702. This is about foreign terrorists on foreign soil.

Whatever the facts about FISA orders targeting Carter Page and Paul Manafort, the intercepts that have done the most known damage to the Trump Administration so far targeted a foreigner on US soil, Sergey Kislyak, and Flynn just got picked up incidentally.

Papadopoulos’ affidavit and statement of offense make different claims about his false claims and obstruction

But as I said, I suspect it is highly likely the Trump Administration has also been brought down by an American being caught up incidentally in a Section 702 tasking. That’s because of several details pertaining to the George Papadopoulos plea which I nodded to here; they strongly suggest that Papadopoulos’ Facebook communications with Joseph Mifsud were first obtained by the FBI via Section 702, and only subsequently parallel constructed using a warrant. It’s further likely that the FBI obtained a preservation order on Papadopoulos’ Facebook account before he deleted it because of what they saw via Section 702. [Update: KC has alerted me that they may not have gotten a preservation order, but instead were able to access the Facebook account because that content doesn’t all go away when you deactivate an account, which is what the October 5 document describes as happening.]

Compare the two descriptions of how Papadopoulos obstructed justice. The July 28, 2017 affidavit supporting Papadopoulos’ arrest describes Papadopoulos destroying his Facebook account to hide conversations he had with Timofeev.

The next day, on or about February 17, 2017, however, GEORGE PAPADOPOULOS, the defendant, shut down his Facebook account, which he had maintained since approximately August 2005. Shortly after he shut down his account, PAPADOPOULOS created a new Facebook account.

The Facebook account that PAPADOPOULOS shut down the day after his interview with the FBI contained information about communications he had with Russian nationals and other foreign contacts during the Campaign, including communications that contradicted his statements to the FBI. More specifically, the following communications, among others, were contained in that Facebook account, which the FBI obtained through a judicially authorized search warrant.

The affidavit makes it clear that Papadopoulos attempted to hide “his interactions during the Campaign with foreign contacts, including Russian nationals.” The descriptions of the communications that Papadopoulos attempted to hide are described as “a Facebook account identified with Foreign Contact 2,” Timofeev.

The FBI recorded both interviews, suggesting they already by January 27 they had reason to worry that Papadopoulos might not tell the truth.

The October 5 statement of the offense describes one of Papadopoulos’ false statements this way:

PAPADOPOULOS failed to inform investigators that the Professor had introduced him to the Russian MFA Connection [Timofeev], despite being asked if he had met with Russian nationals or “[a]nyone with a Russian accent” during the Campaign. Indeed, while defendant PAPADOPOULOS told the FBI that he was involved in meetings and did “shuttle diplomacy” with officials from several other countries during the Campaign, he omitted the entire course of conduct with the Professor and the Russian MFA Connection regarding his efforts to establish meetings between the Campaign and Russian government officials.

And it describes his obstruction this way:

The next day, on or about February 17, 2017, defendant PAPADOPOULOS deactivated his Facebook account, which he had maintained since approximately August 2005 and which contained information about communications he had with the Professor and the Russian MFA Connection. Shortly after he deactivated his account, PAPADOPOULOS created a new Facebook account that did not contain the communications with the Professor and the Russian MFA Connection.

On or about February 23, 2017, defendant PAPADOPOULOS ceased using his cell phone number and began using a new number.

In neither document does FBI mention having the content of Papadopoulos’ April 2016 Skype calls with Timofeev and neither one cites data — such as texts — that might have been on his cell phone.

What FBI (probably) learned when

While we can’t be sure — after all, the government may simply be withholding more information from other suspects — the differences between the two legal filings and other public information suggest the following evolution in what the government knew of Papadopoulous’ communications with his interlocutors when. Most importantly, the FBI had learned of Papadopoulos’ communications with Joseph Mifsud and Olga Vinogradova before his two interviews, but they had not learned of his communications with Ivan Timofeev.

Late July 2016

In a drunken conversation in May 2016, Papadopoulos told the Australian Ambassador Alexander Downer that he had been told (by Joseph Mifsud, but it’s not clear Papadopoulos would have revealed that) the Russians had dirt on Hillary in the form of emails.

Before January 27, 2017

  • Papadopoulos might lie and so should be recorded
  • Papadopoulos had interesting communications with Joseph Mifsud and Olga Vinogradova
  • Since Timofeev did not come up in the interview, FBI appears not to have learned of those conversations yet

Before February 16, 2017

  • Papadopoulos’ Facebook was interesting enough to sustain a preservation request but (because FBI still didn’t know about Timofeev) FBI had not yet accessed its content via Papadopoulos [Though see update above]
  • FBI had not yet accessed Skype, which would have shown call records between Timofeev and Papadopoulos
  • FBI did not have a warrant on Papadopoulos’ phone and never obtained one before February 23

By July 28, 2017

  • FBI had obtained a warrant for Papadopoulos’ email
  • FBI had read the Facebook content Papadopoulos tried to delete, discovering the communications (and the relationship) with Timofeev
  • FBI had identified the Skype conversations that had taken place, but not in time to collect them using 702

By October 5, 2017

  • FBI had obtained far more email from the campaign side
  • FBI had discovered that, in addition to destroying his Facebook account, Papadopoulos had also gotten a new phone number (and, I suspect, a new phone), thereby destroying any stored texts on the phone

FBI probably tracked Papadopoulos’ Facebook communications with Mifsud before February 16

Again, this is just a guess, but given the evolution of FBI’s understanding about Papadopoulos laid out above, it seems highly likely that FBI had obtained some (but not all) of Mifsud’s communications before February 16, had submitted preservation requests to Papadopoulos’ providers, but had not yet obtained any legal process for content via Papadopoulos. Given that Papadopoulos’ Facebook content was preserved even in spite of his effort to destroy it, it seems clear the government had reason to know its content was of interest, but it did not yet know about his Facebook communications with Timofeev. This is how FBI routinely launders Section 702 information through criminal process, by getting a warrant for the very same content available at PRISM providers that they already obtained via PRISM. They key detail is that they appear to have known about the content of some but not all of Papadopoulos’ Facebook messages in time to preserve the account before February 16.

This strongly suggests the FBI had obtained Mifsud’s Facebook content, but not Papadopoulos’.

Once FBI opened a full investigation into the Russian ties — which we know they did in late July, in part because of that Papadopoulos conversation about the Mifsud comments — it could task and obtain a raw feed of any known PRISM account for any foreigner overseas associated with that investigation. Once it identified Mifsud as Papadopoulos’ interlocutor — and they would have been able to identify their common relationship from their common front organization, the London Centre of International Law Practice — they would have tasked Mifsud on any identifier they could collect.

And collecting on Facebook would be child’s play — just ask nicely. So it would be shocking if they hadn’t done it as soon as they identified that Mifsud was Papadopoulos’ interlocutor and that he had a Facebook account.

Incidental collection under 702 may have led to the preservation of evidence about the Timofeev relationship Papadopoulos tried to destroy

If all this is right — and it is admittedly just a string of well-educated guesses — then it means FBI’s ability to incidentally collect on Papapdopoulos by targeting Mifsud may have been what led them to take action to preserve Papadopoulos’ Facebook content, and with it evidence of ongoing communications with Timofeev that he had tried to hide.

And the fact that he did try to hide it is what led to Mueller flipping his first cooperating witness.

So if all this is right, then incidental collection on Papadopoulos under Section 702 may be every bit as central to Trump’s legal jeopardy right now as the incidental collection on Flynn under Title I. They’re both critical pieces in proving any hypothetical case that Trump traded policy considerations for the release of Hillary emails.

This is how Section 702 is supposed to work, and could be done under USA Rights

Let me be clear: I’m not saying the discovery of Papadopoulos’ Facebook communications with Mifsud and through them his Facebook communications with Timofeev is an abuse. On the contrary, this is how 702 is supposed to work.

If we’re going to have this program, it should be used to target suspect agents of a foreign power located overseas, as Mifsud clearly was. If he was targeted under 702, he was targeted appropriately.

But there is no reason to believe doing so required any of the more abusive uses of 702 that USA Rights would limit. Unless Mifsud was already tasked at FBI when they opened the investigation in July 2016, there’s no reason to believe this account could have been found off of a back door search at FBI. Mifsud may have been tasked at NSA or even CIA, but if he was, searching on Papadopoulos because the government suspected he was being recruited by a foreign power would fall under known justifications for back door searches at those foreign intelligence agencies (especially at CIA).

USA Rights would permit the use of this 702 information to support the criminal case against Papadopoulos, because it’s clearly a case of foreign government spying.

And no use of the Tor exception would be implicated with this search.

In other words, Section 702 as Ron Wyden and Rand Paul and Justin Amash and Zoe Lofgren would have it would still permit the use of Section 702 as a tool to — ultimately — lead FBI to figure out that Papadopoulos was hiding his contacts with Ivan Timofeev.

As it turns out, the kinds of people Trump’s foreign policy advisor George Papadopoulos was chatting up on Facebook — Joseph Mifsud and Ivan Timofeev — are precisely the kind of people the FBI considers “foreign bad guys on foreign land” for the purposes of Section 702, meaning the Bureau could get their Facebook account quite easily.

And the incidental collection of Americans of such conversations can be — may well have been — as dangerous to Donald Trump as the incidental collection of Americans under Title I.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

What HPSCI Wants to Protect in 702: Back Doors, the Tor Exception, and a Dysfunctional FISC

The House is revving up to vote on 702 reauthorization, offering either the shitty bill drafted by Devin Nunes, Adam Schiff, and Devin Nunes or the Amash amendment (which is the Wyden-Paul USA Rights bill). As I noted in a piece at The New Republic,

Congress is, in an apparently serious attempt at surveillance reform, about to make it easier for the FBI to spy on those whom it has zero evidence of wrongdoing than those whom it has probable cause to suspect of illegal behavior. This bill would protect a very small subset of suspected criminals—perhaps just one a year, based on reporting from 2016. But it would do nothing to prevent the FBI from reading the communications of any innocent American who is named in a tip.

HPSCI has come out with a one pager making shite up about USA Rights. And I’m interested in three things HPSCI prioritizes:

  • Ensuring that NSA can order companies to bypass encryption
  • Sustaining the Tor domestic spying exception
  • Coddling the dysfunction of the FISA Court

Ensuring that NSA can order companies to bypass encryption

The HPSCI flyer complains that USA Rights,

Significantly limit[s] the Government’s ability to obtain Section 702 information on foreign terrorists by unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers;

At issue is language in USA Rights that limits government requests for technical assistance to things that are necessary, narrowly tailored, and would not pose an undue burden.

(B) LIMITATIONS.—The Attorney General or the Director of National Intelligence may not request assistance from an electronic communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the assistance sought—

(i) is necessary;

(ii) is narrowly tailored to the surveillance at issue; and

(iii) would not pose an undue burden on the electronic communication service provider or its customers who are not an intended target of the surveillance.

It is clear this is Wyden’s effort to prohibit the government from using individual directives (which are not reviewed by the FISA Court) to back door or circumvent a company’s encryption. While the government says it has not yet asked the FISC to force companies to do this (which is different from saying they haven’t asked and gotten companies to willingly do so), it has dodged whether it has asked companies to circumvent their own encryption.

So basically, one of the big things HPSCI thinks is wrong with USA Rights is that it won’t let NSA back door your phone.

Sustaining the Tor domestic spying exception

The HPSCI flyer claims that USA Rights,

Mandat[es] a flat prohibition on the use of Section 702 information in prosecuting dangerous criminals, including murderers and child abusers;

That flips reality on its head. What HPSCI is trying to protect, here, is its carve-out permitting the use of 702 information for anything that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

As I have noted, the carve out, taken in conjunction with the 2014 exception letting the NSA collect on location obscuring servers (like VPNs and Tor) used by Americans, effectively makes 702 a domestic spying bill (on top of permitting its use for anything else Jeff Sessions claims is related to national security).

In other words, HPSCI doesn’t so much want 702 to spy on the terrorists, spies, and proliferators included in USA Rights: it wants to spy domestically.

Coddling the dysfunction of the FISA Court

Finally, the HPSCI flyer complains that USA Freedom,

Subvert[s] the authority and expediency of the Foreign Intelligence Surveillance Court by requiring an amicus review during every Section 702 authorization; and

This is a complaint about a number of common sense measures that make the FISA Court more credible, most notably requiring each 702 authorization to include an amicus review. The bill also includes measures to make the amicus review more robust, like enough advance involvement to be useful.

For a body of Congress to guard “the authority and expediency” of the FISC — especially in the wake of last year’s debacle of a ruling from Rosemary Collyer, who stubbornly refused to follow the law and either appoint an amicus or explain why she chose not to do so, is an outright abdication of congressional authority.

The FISC just defied Congressional intent as reflected in USA Freedom Act. USA Rights would make it harder for the FISC to continue to do so. And HPSCI’s response to that is to whimper that Congress is “subverting the authority” of another branch by demanding that it follow the law?

Update: DemandProgress did a fact check of this flyer that’s quite good.

After Lying in a Closed Surveillance Briefing in 2011, Intelligence Community Plans Another Closed Briefing

On May 18, 2011, 48 members of the House (mostly Republicans, but also including MI’s Hansen Clarke) attended a closed briefing given by FBI Director Robert Mueller and General Counsel Valerie Caproni on the USA PATRIOT Act authorities up for reauthorization. The hearing would serve as the sole opportunity for newly elected members to learn about the phone and Internet dragnets conducted under the PATRIOT Act, given Mike Rogers’ decision not to distribute the letter provided by DOJ to inform members on the secret dragnets they were about to reauthorize.

During the hearing, someone asked,

Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

One of the briefers — the summary released under FOIA does not say who — responded,

To the FBI’s knowledge, those authorities have not been abused.

As a reminder, hearing witness Robert Mueller had to write and sign a declaration for the FISC two years earlier to justify resuming full authorization for the phone dragnet because, as Judge Reggie Walton had discovered, the NSA had conducted “daily violations of the minimization procedures” for over two years. “The minimization procedures proposed by the government in each successive application and approved and adopted as binding by the orders of the FISC have been so frequently and systemically violated that it can fairly be said that this critical element of the overall BR regime has never functioned effectively,” Walton wrote in March 2009.

Now, I can imagine that whichever FBI witness claimed the FBI didn’t know about any “abuses” rationalized the answer to him or herself using the same claim the government has repeatedly made — that these were not willful abuses. But Walton stated then — and more evidence released since has made clear he was right since — that the government simply chose to subject the vast amount of US person data collected under the PATRIOT Act to EO 12333 standards, not more stringent PATRIOT Act ones. That is, the NSA, operating under FBI authorizations, made a willful choice to ignore the minimization procedures imposed by the 2006 reauthorization of the Act.

Whoever answered that question in 2011 lied, and lied all the more egregiously given that the questioner had no way of phrasing it to get an honest answer about violations of minimization procedures.

Which is why the House Judiciary Committee should pointedly refuse to permit the Intelligence Committee to conduct another such closed briefing, as they plan to do on Section 702 on February 2. Holding a hearing in secret permits the IC to lie to Congress, not to mention disinform some members in a venue where their colleagues can not correct the record (as Feingold might have done in 2011 had he learned what the FBI witnesses said in that briefing).

I mean, maybe HJC Chair Bob Goodlatte wants to be lied to? Otherwise, there’s no sound explanation for scheduling this entire hearing in closed session.