A secretive federal court last year approved all of the 1,856 requests to search or electronically surveil people within the United States “for foreign intelligence purposes,” the Justice Department reported this week.

The 2012 figures represent a 5 percent bump from the prior year, when no requests were denied either.

The legislation does not require the government to identify the target or facility to be monitored. It can begin surveillance a week before making the request to the secret court, and the surveillance can continue during the appeals process if, in a rare case, the spy court rejects the surveillance application.

The same Justice Department report this week said the government issued 15,229 National Security Letters last year, down from 16,511 in 2011.

As an instrument of public oversight, the annual reports on FISA are only minimally informative. They register gross levels of activity, but they provide no measures of quality, performance or significance. Neither counterintelligence successes nor failures can be discerned from the reports. Nor can one conclude from the data presented that the FISA process is functioning as intended, or that it needs to be curbed or refined.

You don't want to live in a town where the police and the mob work together.

In a completely unrelated note, the Second Circuit recently heard arguments from the SEC — the federal agency statutorily charged to enforce the nation’s securities laws — and Citigroup — a company targeted for securities laws violations that it refuses to admit or deny committing — on the SAME SIDE.

This should be a red flag.

They wanted the Second Circuit to spank Judge Jed Rakoff for having the audacity to ask the SEC to kindly do its job. The nerve of some people.

Well, securities law may not be as sexy as drone strikes, but I watched the SEC try to pull off just as naked an executive power grab.

So it was my first return in my new capacity as a journalist to the federal courthouse that I’ve visited time and time before as a lawyer. It’s a different experience walking in without a suit and without drilling yourself to make sure you remembered everything you needed for the hearing. Almost relaxing in a way.

The courtroom was an absolute zoo, built far too small for a hearing that had the attention of the media and every financial institution worried about the future of their relationship with their regulator. Add in the army of clerks dropping in to watch, and the courthouse had to set up an overflow room with folding chairs and a TV simulcasting the event (and even that room was eventually standing room only).

When I first got there, the TV only showed the floating face and torso of Judge Rosemary Pooler, joining the proceedings from the Northern District of New York, in a courtroom that looked eerily like the backdrop to a hostage video with sparse, utilitarian walls, a light switch and a flag. I felt bad watching her sit like an interviewee in a green room with a hundred lawyers and journos watching her every move. It felt like Legal Big Brother.

The background of the case is simple enough. In 2011, the SEC and Citigroup brought a consent decree to Judge Rakoff. The judge felt obliged to ask for some factual backup before rubberstamping a decree that basically let Citigroup off the hook for activity that, at the time, public opinion thought pretty severe. When the SEC and Citigroup failed to meet this basic standard to Judge Rakoff’s liking, he declined to approve their consent decree. Basically, if the SEC really has gathered enough evidence to reach a reasonable settlement with someone, they should be able to provide the judge with some evidence to back up its reasonableness. In math class you have to show your work.

This isn’t the first time Judge Rakoff has issued a controversial ruling challenging accepted government policies. Remember, this is the guy who made the death penalty unconstitutional for a hot minute. Now he’s questioning the SEC’s chummy totally professional and arms-length relationship with Wall Street.

Interestingly, because the subsequent acquittal in the Stoker case brought to light facts that the SEC and Citigroup originally failed to provide Judge Rakoff, he no longer believes that he must deny the consent decree and would almost assuredly approve the agreement on remand. No harm, no foul, right?

But Michael Conley for the SEC and Brad Karp for Citigroup weren’t thrilled with this possible result, asking the Second Circuit instead to reverse the lower court decision.

Why? Well, the money exchange came when Judge Raymond Lohier (the final judge on the panel was Judge Susan Carney) asked about deference and why an Article III judge would question the judgment of an executive agency that presumably reached its decision based on a sound review of the evidence.

The lawyer for Judge Rakoff, Rusty Wing [disclosure: I used to work with Rusty at LSW, though I had no involvement whatsoever with this matter], pointed out that the SEC is entitled to deference — but that doesn’t mean they aren’t wrong, eliciting laughter from the audience and a snarky “No! Really?” from Judge Lohier himself.

It sounded a lot like the SEC was going to the mat on this one because they didn’t want “deference” as much as they wanted “tyranny” — a ruling affirming that any decision they reach is subject to zero judicial review based on their status as part of the executive branch because we should all just trust the executive branch without any transparency. Sounds a lot like drone strikes to me.

Depending on the outcome of the hearing, when Mary Jo White gets there and starts kicking tail, as Elie suggests, she will have a couple drones at her disposal.

Judge Rakoff Rejects SEC’s “Contrivances” In Citigroup Settlement [Forbes]

More stories from Above The Law:

• California Law School Claims Free Speech Right To Offer Piss-Poor Education And Be Accredited For It
• Mom Hires Lawyer to Force Son to Go To The U. Amateurs!
• A Law School Scarier Than The Job Market?

To Julian Sanchez, a research fellow at the Cato Institute, the real scandal over the Petraeus affair is not the extramarital sex, but the invasion of privacy.

"Law enforcement and certainly intelligence agencies have an incredible amount of ability to gather huge volumes of detailed information about people's most intimate online communications, a lot of it without requiring a full-blown warrant, a lot of it without requiring even any kind of judicial approval," Sanchez said.

The guest lists from hotels, IP login records, as well as the creative request to email providers for “information about other accounts that have logged in from this IP address” are all forms of data that the government can obtain with a subpoena. There is no independent review, no check against abuse, and further, the target of the subpoena will often never learn that the government obtained data (unless charges are filed, or, as in this particular case, government officials eagerly leak details of the investigation to the press). Unfortunately, our existing surveillance laws really only protect the “what” being communicated; the government’s powers to determine “who” communicated remain largely unchecked.

For more than a decade, a persistent myth in Washington DC, fueled by several counterterrorism experts, has been that it is possible to hide a communications trail by sharing an email inbox, and instead saving emails in a “draft” folder. This technique has been used by Khaled Sheikh Mohammed, Richard Reid (the shoe bomber), the 2004 Madrid train bombers, terrorists in Germany, as well as some domestic “eco-terrorists.” This technique has appeared in federal court documents as early as 2003, and was described in a law journal article written by a DOJ official in 2004. It is hardly a state secret.

Apparently, this method was also used by General Petraeus. According to the Associated Press, “[r]ather than transmitting emails to the other's inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic ‘dropbox,’ the official said. Then the other person could log onto the same account and read the draft emails there. This avoids creating an email trail that is easier to trace.”

The problem is, like so many other digital security methods employed by terrorists, it doesn’t work. Emails saved in a draft folder are stored just like emails in any other folder in a cloud service, and further, the providers can be compelled, prospectively, to save copies of everything (so that deleting the messages after reading them won’t actually stop investigators from getting a copy).

Ironically enough, by storing emails in a draft folder, rather than an inbox, individuals may be making it even easier for the government to intercept their communications. This is because the Department of Justice has argued that emails in the “draft” or “sent mail” folder are not in “electronic storage” (as defined by the Stored Communications Act), and thus not deserving of warrant protection. Instead, the government has argued it should be able to get such messages with a mere subpoena.

The spark that set events in motion was a handful of allegedly harassing emails sent anonymously to Kelley, a friend of Petraeus's, which she brought to a friend at the FBI. Yet it's unclear why an investigation was ever opened, given that everything publicly known about the emails suggests they weren't illegal.

As the Daily Beast reported, they said things like "Who do you think you are? ... You parade around the base ... You need to take it down a notch." The story noted, "when the FBI friend showed the emails to the cyber squad in the Tampa field office, her fellow agents noted that the absence of any overt threats."

It seems the deciding factor in opening the investigation was not the emails' content, but the fact that the FBI agent was friendly with Kelley. (Even more disturbing, the same FBI agent has now been accused of becoming "obsessed" with the Tampa socialite, sent shirtless pictures to her, and has been removed from the case.)

When the FBI friend showed the emails to the cyber squad in the Tampa field office, her fellow agents noted that the absence of any overt threats.

“No, ‘I’ll kill you’ or ‘I'll burn your house down,’” the source says. “It doesn’t seem really that bad.”

The squad was not even sure the case was worth pursuing, the source says.

“What does this mean? There’s no threat there. This is against the law?” the agents asked themselves by the source’s account.

At most the messages were harassing. The cyber squad had to consult the statute books in its effort to determine whether there was adequate legal cause to open a case.

“It was a close call,” the source says.

the Government is directed to conduct a further review of the materials previously withheld as non-responsive. In conducting such review, the presumption should be that information located on the same page, or in close proximity to undisputedly responsive material is likely to qualify as information that in “any sense sheds light on, amplifies, or enlarges upon” the plainly responsive material, and that it should therefore be produced, absent an applicable exemption.

As plaintiff points out, however, the large number of different types of documents included in each summary entry in the index, and the fact that multiple exemptions are claimed, makes analysis difficult, despite the veneer of detail. The supporting declaration covers 171 pages (with a great deal of repetition) purportedly explaining the justification for all of the exemptions claims, but does not identify documents by bates numbers or otherwise, further exacerbating the problem.

the existing index is insufficient to provide an adequate foundation for review of the soundness of the exemption claims. Accordingly, the FBI is directed to provide a revised index as promptly as practical, making a good faith effort to address the issues raised by EFF.

Meet the administrative subpoena (.pdf): With a federal official’s signature, banks, hospitals, bookstores, telecommunications companies and even utilities and internet service providers — virtually all businesses — are required to hand over sensitive data on individuals or corporations, as long as a government agent declares the information is relevant to an investigation. Via a wide range of laws, Congress has authorized the government to bypass the Fourth Amendment — the constitutional guard against unreasonable searches and seizures that requires a probable-cause warrant signed by a judge.

In fact, there are roughly 335 federal statutes on the books (.pdf) passed by Congress giving dozens upon dozens of federal agencies the power of the administrative subpoena, according to interviews and government reports. (.pdf)

If we care about the spirit as well as the letter of that constraint being respected, it ought to be a little disturbing that the NSA has admitted it doesn’t have any systematic mechanism for identifying communications with U.S. endpoints. Similar considerations apply to the “minimization procedures” which are supposed to limit the retention and dissemination of information about U.S. persons: How meaningfully can these be applied if there’s no systematic effort to detect when a U.S. person is party to a communication?

More generally, these reports contain a good deal of redacted statistical information that there is simply no plausible excuse for keeping secret. A table of “statistical data relating to compliance incidents,” for example, is included—but entirely blacked out. Are we to believe that the national security of the United States would be imperiled if the public knew the number of times the NSA had difficulty following the law? The reviewers conclude that the “number of compliance incidents remains small, particularly when compared with the total amount of activity”—but is there any legitimate reason for barring the public from knowing what counts as a “small” number, or just how massive the “total amount of activity” truly is?

One of the more distressing allegations made at trial, involved allegations of Agent Phillips’ sexual, extra-marital affair (and its subsequent “cover up”) with Agent Barnhill. The evidence strongly indicated Agent Phillips deliberately used his investigation and prosecution of Hubert Vidrine to foster, further, facilitate and cloak his extra-marital affair with Agent Barnhill, and perhaps, to exert improper influence over the manner in which she investigated and reported upon this case. Agent Barnhill candidly testified that she and Agent Phillips began a physical, sexual relationship while assigned to this matter, which lasted from approximately 1996 until January or February 2001. Agent Barnhill testified she and Agent Phillips were only physically intimate when working together on the Vidrine case — in other words, they did not meet to pursue their sexual relations on occasions when they were not working the case together. Thus, the case granted the opportunity for those rendez-vous, as well as providing justification for Agent Phillips wife.

During the investigation and prosecution, Agent Barnhill, who was single, lived in South Louisiana; Agent Phillips, who was married, lived in Dallas, Texas with his wife. Prior to and at trial, plaintiffs’ counsel consistently argued Agent Phillips used the Vidrine investigation as a cover, excuse and opportunity to facilitate his illicit affair with Agent Barnhill and to hide the affair from his wife. Plaintiffs consistently argued Keith Phillips manufactured a case, both in law and fact, against Hubert Vidrine, and carefully fed the AUSA and his supervisors only the information which would further that end and perpetuate the case, all to promote access to Agent Barnhill and perpetuate and conceal their illicit affair. Regrettably, the Court agrees with plaintiffs: this inappropriate and unprofessional behavior likely was, at least in part (if not in whole) a motivation for Agent Phillips’ continued pursuit of Hubert Vidrine, without probable cause, and certainly with a complete and total reckless disregard of Hubert Vidrine’s rights.

“We diminish our legitimacy when we do things under a blanket of secrecy,” Judge Smith said in an interview. “The only way people can get confidence in what we’re doing is if they can get access to what we are doing and know why we are doing it.”

Judge Smith analyzed the 4,234 electronic surveillance orders issued in his Houston courthouse between 1995 and 2007 and found that 91.8% of them remain sealed today.

Judge Smith says he now sets time limits for the seals on orders that he signs. If prosecutors want to renew the seal, they must request an extension. “It’s more work,” Judge Smith says, “but I think it’s necessary work.”

He said he is worried that “people who aren’t indicted – regular law abiding citizens like you or me,” will never know if their records were obtained in an investigation, he says, “because these sealing orders live on indefinitely.”

Under current rules, agents must open such an inquiry before they can search for information about a person in a commercial or law enforcement database. Under the new rules, agents will be allowed to search such databases without making a record about their decision.

“We’re getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says."

As members of the Senate Intelligence Committee we have been provided with the executive branch's classified interpretation of those provisions and can tell you that we believe there is a significant discrepancy between what most people - including many Members of Congress - think the Patriot Act allows the government to do and what government officials secretly believe the Patriot Act allows them to do.

Legal scholars, law professors, advocacy groups, and the Congressional Research Service have all written interpretations of the Patriot Act and Americans can read any of these interpretations and decide whether they support or agree with them. But by far the most important interpretation of what the law means is the official interpretation used by the U.S. government and this interpretation is - stunningly -classified.

What does this mean? It means that Congress and the public are prevented from having an informed, open debate on the Patriot Act because the official meaning of the law itself is secret. Most members of Congress have not even seen the secret legal interpretations that the executive branch is currently relying on and do not have any staff who are cleared to read them. Even if these members come down to the Intelligence Committee and read these interpretations themselves, they cannot openly debate them on the floor without violating classification rules.

The deal between Senate Majority Leader Harry Reid and House Speaker John Boehner calls for a vote before May 27, when parts of the current act expire, according to officials in both parties who spoke on condition of anonymity. The idea is to pass the extension with as little debate as possible to avoid a protracted and familiar argument over the expanded power the law gives to the government.

"Rights holders have been authorized in June to collect IP addresses on P2P networks, by recruiting the services of the French company TMG. It will monitor P2P networks, store the IP addresses it believes illegally shares copyrighted works, and their rights holder customers will forward the ones they want to the French HADOPI.

Early this week, an internal report by the CNIL was leaked. The CNIL is the Privacy Commissioner in France. It is the Commission which has allowed rights holders to use the TMG services and collect IP addresses.

The report says that "due to the high number of expected cases (25 000 a day at first, then 150 000 a day), it is impossible for the [right holders' agents] to check the [infringement] reports one by one. Nonetheless, the system does not have particular control procedures, for instance by sampling, which would allow an agent to detect anomalies in a collection session".

It says that "the actions of the Hadopi will be limited to accepting or denying the transmitted findings, without the ability to check them. The first steps of the "three strikes" process will therefore lay only upon the collection operated by the TMG system".

Despite these concerns, the CNIL did authorize the right holders to collect the IP addresses, and did not oppose the 3 strikes process by the Hadopi.

The GAO has the capacity Congress lacks: as of last year, the office had 199 staffers cleared at the top-secret level, with 96 holding still more rarefied "sensitive compartmented information" clearances. And those cleared staff have a proven record of working to oversee highly classified Defense Department programs without generating leaks. Gen. Clapper, the prospective DNI, has testified that the GAO "held our feet to the fire" at the Pentagon with thorough analysis and constructive criticism.

Unlike the inspectors general at the various agencies--which also do vital oversight work--the GAO is directly answerable to Congress, not to the executive branch. And while it's in a position to take a broad, pangovernmental view, the GAO also hosts analysts with highly specialized economic and management expertise the IG offices lack. Unleashing GAO would be the first step in discovering what the Post couldn't: whether the billions we're pouring into building a surveillance and national security state are really making us safer.

In all, at least 263 organizations have been created or reorganized as a response to 9/11. Each has required more people, and those people have required more administrative and logistic support: phone operators, secretaries, librarians, architects, carpenters, construction workers, air-conditioning mechanics and, because of where they work, even janitors with top-secret clearances.

With so many more employees, units and organizations, the lines of responsibility began to blur. To remedy this, at the recommendation of the bipartisan 9/11 Commission, the George W. Bush administration and Congress decided to create an agency in 2004 with overarching responsibilities called the Office of the Director of National Intelligence (ODNI) to bring the colossal effort under control.

While that was the idea, Washington has its own ways.

The first problem was that the law passed by Congress did not give the director clear legal or budgetary authority over intelligence matters, which meant he wouldn't have power over the individual agencies he was supposed to control.

The second problem: Even before the first director, Ambassador John D. Negroponte, was on the job, the turf battles began. The Defense Department shifted billions of dollars out of one budget and into another so that the ODNI could not touch it, according to two senior officials who watched the process. The CIA reclassified some of its most sensitive information at a higher level so the National Counterterrorism Center staff, part of the ODNI, would not be allowed to see it, said former intelligence officers involved.

It's not only the number of buildings that suggests the size and cost of this expansion, it's also what is inside: banks of television monitors. "Escort-required" badges. X-ray machines and lockers to store cellphones and pagers. Keypad door locks that open special rooms encased in metal or permanent dry wall, impenetrable to eavesdropping tools and protected by alarms and a security force capable of responding within 15 minutes. Every one of these buildings has at least one of these rooms, known as a SCIF, for sensitive compartmented information facility. Some are as small as a closet; others are four times the size of a football field.

SCIF size has become a measure of status in Top Secret America, or at least in the Washington region of it. "In D.C., everyone talks SCIF, SCIF, SCIF," said Bruce Paquin, who moved to Florida from the Washington region several years ago to start a SCIF construction business. "They've got the penis envy thing going. You can't be a big boy unless you're a three-letter agency and you have a big SCIF."

SCIFs are not the only must-have items people pay attention to. Command centers, internal television networks, video walls, armored SUVs and personal security guards have also become the bling of national security.

"You can't find a four-star general without a security detail," said one three-star general now posted in Washington after years abroad. "Fear has caused everyone to have stuff. Then comes, 'If he has one, then I have to have one.' It's become a status symbol."

In Yemen, the commandos set up a joint operations center packed with hard drives, forensic kits and communications gear. They exchanged thousands of intercepts, agent reports, photographic evidence and real-time video surveillance with dozens of top-secret organizations in the United States.

That was the system as it was intended. But when the information reached the National Counterterrorism Center in Washington for analysis, it arrived buried within the 5,000 pieces of general terrorist-related data that are reviewed each day. Analysts had to switch from database to database, from hard drive to hard drive, from screen to screen, just to locate what might be interesting to study further.

As military operations in Yemen intensified and the chatter about a possible terrorist strike increased, the intelligence agencies ramped up their effort. The flood of information into the NCTC became a torrent.

Among the most important people inside the SCIFs are the low-paid employees carrying their lunches to work to save money. They are the analysts, the 20- and 30-year-olds making $41,000 to $65,000 a year, whose job is at the core of everything Top Secret America tries to do....

When hired, a typical analyst knows very little about the priority countries - Iraq, Iran, Afghanistan and Pakistan - and is not fluent in their languages. Still, the number of intelligence reports they produce on these key countries is overwhelming, say current and former intelligence officials who try to cull them every day. The ODNI doesn't know exactly how many reports are issued each year, but in the process of trying to find out, the chief of analysis discovered 60 classified analytic Web sites still in operation that were supposed to have been closed down for lack of usefulness. "Like a zombie, it keeps on living" is how one official describes the sites.

Ms. Sage's connections invited her to speak at a private-sector security conference in Miami, and to review an important technical paper by a NASA researcher. Several invited her to dinner. And there were many invitations to apply for jobs.

"If I can ever be of assistance with job opportunities here at Lockheed Martin, don't hesitate to contact me, as I'm at your service," one executive at the company told her.

One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location. A contractor with the NRO who connected with her had misconfigured his profile so that it revealed the answers to the security questions on his personal e-mail account.

"This person had a critical role in the intelligence community," Mr. Ryan said. "He was connected to key people in other agencies."

Still, the potential impact of Google's algorithm on the Internet economy is such that it is worth exploring ways to ensure that the editorial policy guiding Google's tweaks is solely intended to improve the quality of the results and not to help Google's other businesses.

Some early suggestions for how to accomplish this include having Google explain with some specified level of detail the editorial policy that guides its tweaks. Another would be to give some government commission the power to look at those tweaks.

The potential impact of the NY Times' coverage on the world/economy/war/etc. is such that it is worth exploring ways to ensure that the editorial policy guiding the NY Times' coverage choices is solely intended to improve the quality of the world, and not to help the NY Times' or other businesses.

Some early suggestions for how to accomplish this include having the NY Times explain with some specified level of detail the editorial policy that guides its front page choices. Another would be to give some government commission the power to look at those guidelines.

Search engines are very similar to newspapers. They have unpaid "organic" listings, where usually (though not always), a computer algorithm decides which pages should rank tops. The exact method isn't important. What's important is that those unpaid listed are the search engines' editorial content, content it has solely decided should appear based on its editorial judgment.

Search engine also have paid listings, advertisements, which aren't supposed to influence what happens on the editorial side of the house. We even have FTC guidelines ensuring proper labeling of ads and intended to protect against "advertorials" in search results.

It's a church-and-state divide with good search engines, just as it is with good newspapers.

What the New York Times has suggested is that the government should oversee the editorial judgment of a search engine. Suffice to say, the editorial staff of the New York Times would scream bloody murder if anyone suggested government oversight of its own editorial process. First it would yell that it has no bias, so oversight is unnecessary. Next it would yell even more loudly that the First Amendment of the US Constitution protects it from such US government interference.

Still, shouldn't Google share more about how it creates its algorithm? Compared to the New York Times, Google's a model of transparency. Consider:

• Google will list EVERY site that applies for "coverage" unlike the New York Times, which regularly ignores potential stories
• If Google blocks a site for violating its guidelines, it alerts many of them. The New York Times alerts no one
• Google provides an entire Google Webmaster Central area with tools and tips to encourage people to show up better in Google; the New York Times offers nothing even remotely similar
• Google constantly speaks at search marketing and other events to answer questions about how they list sites and how to improve coverage; I'm pretty sure the New York Times devotes far less effort in this area
• Google is constantly giving interviews about its algorithm, such as this one in February, along with providing regular videos about its process (here's one from April) or blogging about important changes, such as when site speed was introduced as a factor earlier this year.