The NSA Didn't Actually Address All Of The FISA Court's Concerns, Contrary To What It Claims
from the that's-just-not-true dept
Many of you quite enjoyed former Ron Wyden deputy chief of staff, Jennifer Hoelzer's post a few weeks ago, and we're bringing you another post by her, this one crossposted from her own blog where she's going to be covering these kinds of issues. We encourage you to head over there now and to visit it often.
The Director of National Intelligence, James Clapper, would very much like you to view the previously classified documents his office released last month as proof that the National Security Agency’s secret surveillance activities have not only been subjected to vigorous oversight, they have taken it seriously.
I mean, the Office of the Director of National Intelligence (ODNI) didn’t just declassify the long sought Foreign Intelligence Surveillance Court (FISC) opinion that indicated the NSA’s foreign intelligence collection activities haven’t been as problem free as the administration’s suggested.
No, the ODNI – not exactly known for its fondness for declassification - also declassified the government’s response to the FISC opinion, and the FISC opinion on the government’s response to the original FISC opinion, and the minimization procedures the NSA uses “in connection with acquisitions of foreign intelligence information pursuant to Section 702” and the “Semi-Annual Assessment of Compliance with the Procedures and Guidelines issued pursuant to Section 702” plus all of the previously classified testimony the Administration gave to Congress discussing 702, including a memo that the administration had previously made available to members of Congress in which they described FISC’s having raised concerns about the Administration’s collection activities as an example of “how well the existing oversight regime works.” (An ironic choice of words given that they were being used to describe a legal opinion in which a federal judge used a footnote to smack the Administration for substantially misrepresenting the “scope of a major collection program”)
And, if all of that information wasn’t enough to convince you that FISC’s concerns about the Administration’s compliance with Section 702 of the FAA were nothing when compared to the extraordinary efforts the government employs to ensure that these programs are conducted with respect to the rule of law, the Director of National Intelligence himself wrote a three page cover letter to accompany the release of these documents. The letter acknowledged that the court had determined that:
For highly technical reasons…the minimization procedures proposed by the government as applied to a discrete subset of NSA’s upstream collection of electronic communications did not satisfy certain statutory requirements in FISA and that the targeting and minimization procedures as applied to the same subset of communications did not satisfy Fourth Amendment requirements.
But – if you followed that -- fear not! Because, “In the end,” the DNI wrote:
the Government satisfied the concerns raised by the Court and the Court found that the revised procedures satisfied the law and the Constitution. These documents reflect the Government’s serious commitment to getting it right and the Court’s careful and searching review of matters within its jurisdiction.
For the record, I don’t blame the DNI for being defensive. While his actions have left plenty of room for criticism, James Clapper is not a bad guy. He’s not slaughtering puppies or making millions gambling with people’s home mortgages. In fact, in any other context, I’m pretty sure we’d be calling him a hero. Not only is he a decorated veteran, who spent thirty-two years in uniform, including two combat tours in Southeast Asia, at 73-years-old, he continues to work seven days a week for a government salary in an effort to keep Americans safe.
That’s not to say I agree with his approach to keeping Americans safe. I don’t. But I don’t doubt that his heart is in the right place and I can only imagine how much it must suck to have the public he’s dedicated his life to protect turn on him with such anger.
Problem is, though, he’s wrong.
The plethora of documents General Clapper declassified are not proof that Intelligence Community oversight is working, because despite what General Clapper says, the government did not satisfy all of the concerns that the Court raised about the Administration’s Section 702 collections activities.
For those following along at home, Section 702 of the FISA Amendments Act gives the Administration the authority to collect an American citizen’s communications (without a warrant) if – and only if – their communications are collected incidental to the Intelligence Community’s efforts to collect the communications of a foreigner.
In other words, if the NSA wants to collect a foreigner’s emails, it can basically download everything in that foreigner’s gmail account directly into the U.S. government database without worrying that some of the emails in that account might be from an American citizen. Obviously, if the government was targeting that American citizen directly, it would need a warrant to collect and read those emails, but thanks to Section 702 of the FAA, if the government unintentionally collects an American citizen's calls or emails, it can review them without a warrant.
In October 2011, the Foreign Intelligence Surveillance Court found that the NSA had been violating both FAA and the Fourth Amendment by scooping up tens of thousands of “wholly domestic” communications that had nothing to do with a targeted foreigner. This was attributed to the technical challenges of collecting multiple communications at once and the administration found a way to resolve the problem and address the Court’s concerns.
But, if you turn to page 33 and 34 of the FISA Court’s October 3, 2011 opinion. You’ll see that that wasn’t the Court’s only concern about the NSA’s Section 702 collection activities:
…in addition to these MCT’s, NSA likely acquires tens of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic ‘about’ SCT if it is routed internationally.
(For the record, the FISA Court underlined “more,” not me.)
What this means is the NSA isn’t just collecting emails sent to and from a targeted foreigner’s email address, they are collecting emails that include the targeted foreigner’s email address in the body of the message. So, if a friend asks you to forward them an email address, if that email address belongs to a targeted foreigner, your email could end up in the government database even if both you and your friend are American citizens located in the United States.
If you flip to page 48 of FISC’s opinion, you’ll see that the Court has definite concerns about this:
Given that NSA’s upstream collection devices lack the capacity to detect wholly domestic communications at the time an Internet transaction is acquired, the Court is inexorably led to the conclusion that the targeting procedures are “reasonably designed” to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States. This is true despite the fact that the NSA knows with certainty that upstream collection, viewed as a whole, results in the acquisition of wholly domestic communications.
By expanding its Section 702 acquisitions to include the acquisition of Internet transactions through its upstream collection, NSA, has, as a practical matter, circumvented the spirit of Section 1881 a(b)(4) and (d)(1) with regard to that collection. NSA’s knowing acquisition of tens of thousands of wholly domestic communications through its upstream collection is a cause for concern for the court.
[Note: If you aren’t familiar with the word “inexorably” its legal speak for “not to be persuaded.” As in the court isn’t persuaded that the NSA’s targeting procedures have been “reasonably designed” to prevent the intentional collection of wholly domestic communications.]
So, the court raised concerns that the NSA is actively collecting emails that mention targeted foreigners even though the NSA knows they’ll likely collect tens of thousands of wholly domestic communications each year. This, the court says, violates the spirit of Section 702 of the FAA, which explicitly prohibits the government from “knowingly” collecting wholly domestic communications.
The IC did not address this concern. And, if you refer to page 4 of the memo that the ODNI sent the Intelligence Committees on May 4, 2012 to argue for FAA’s reauthorization, you will see that this collection is ongoing.
“[Upstream collection] lets the NSA collect electronic communications that contain the targeted e-mail address in the body of a communications between third parties.”
[I think it’s worth noting that in mentioning this capability to Congress, the Administration failed to mention that the Foreign Intelligence Surveillance Court had raised concerns that this practice violates the spirit of the FAA.]
Why does this matter? I mean if one American is forwarding a terrorist’s address to another American, that email is clearly “relevant” to a terrorism investigation and should be collected, right?
Not exactly. Just because an email contains the address of a “targeted foreigner” does not mean it has anything to do with terrorism, because Section 702 does not limit surveillance to terrorism suspects.
Rather, Section 702 applies to all foreign intelligence gathering for any foreign intelligence purpose. Which means that the government can use its Section 702 authority to target basically any foreigner that it thinks might have information the U.S. government might find useful. This can include: foreign officials, business people, journalists, human rights advocates, etc. etc.
So, while it may be reasonable to assume that two Americans sharing a terrorist’s email address are probably up to no good, I can think of a whole lot of very innocent reasons that one American might share the email address of a targeted foreigner with another. Heck, just last month, I shared a foreign reporter’s email address with a friend who was looking for a hotel recommendation for his dad. Did that email end up in a government database?
Again, why should you care? That information is only being used for terrorist investigations, right?
No. As recently disclosed documents reveal, the Administration believes that as long as communications are “lawfully” collected, the government doesn’t need a warrant to use them for other purposes. In other words, while the government would need to get a warrant to read your emails, the government does not need a warrant to read emails that it may have “accidentally” collected on you. (The fact that it didn’t need a warrant to collect those emails in the first place is considered irrelevant.)
My former boss, attempted to close this loophole in early 2012, when, during a closed Intelligence Committee mark-up, he introduced an amendment to the FISA Amendments Act that would have required the government to get a warrant before being allowed to search the government database for the name of an American citizen.
I don’t think that’s unreasonable. If the government has a legitimate cause to target an American it can get a warrant to search the database. Meanwhile, warrant requirements could prevent LOVEINT-esque incidents in which NSA personnel might be tempted to search the database for names that they have no legitimate, foreign intelligence reason to target.
But, despite the President’s oft-repeated claims that the government can not read an American’s emails and/or listen to the content of their conversations without a warrant, the administration quietly opposed Wyden’s attempt to require government agents to get warrants to do just that.
To their credit, after quashing Congress’s attempt to limit the executive branch’s authority, the executive branch appears to have issued an alert that analysts should not query the database for the name of a U.S. person “until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI.” That is, of course, better than nothing, but am I the only one who thinks it’s a problem that the only entity conducting oversight over the Intelligence Community is the Intelligence Community?
Again, as you can see from the ODNI’s rollout of FISC’s Section 702 opinions, Director Clapper would very much like you to believe that the Intelligence Community is “commit[ed] to detecting, correcting, and reporting mistakes, and to continually improving its oversight and compliance processes.” But is the IC as committed to detecting, correcting and reporting mistakes that others identify?
We’ve been told that the Intelligence Community has implemented safeguards that it believes to be effective. It is declassifying the documents that it believes are in the public’s best interests to see, and when they tell you they “satisfied the concerns raised by the court,” they mean they satisfied the court’s concerns that they decided were worth satisfying. (Which, again, is not the same as saying the Intelligence Community satisfied all of the Court’s concerns.)
And let’s not forget, the Intelligence Community is engaged in these surveillance activities because they believe they are necessary to national security.
But is any of that the same as saying these programs are being subjected to effective oversight?
Doesn’t oversight imply that your work is being reviewed by someone who has an incentive to raise concerns and/or might catch something you may have missed? Doesn’t the fact that the NSA apparently didn’t think to implement safeguards to its database query process until AFTER Senator Wyden raised concerns about it suggest that maybe the NSA isn’t catching all of its mistakes and outside oversight can be a good thing?
Because, I’m sorry, I have a hard time believing that the administration is committed to oversight, when the only oversight it appears to be committed to is oversight conducted by folks that agree with what they are doing. Also – and maybe this isn’t fair – I have a hard time trusting the Intelligence Community to identify and correct possible problems related to its secret surveillance programs, when no one in the IC apparently noticed that there might be a problem with the name of its new Tumblr account: http://icontherecord.tumblr.com/. But maybe that’s just me.