Late on Friday, the FISA Court unclassified a few documents, including a ruling on an until now secret attempt by a telco to challenge the latest FISC order demanding that the telco hand over metadata on all phone records under Section 215 of the Patriot Act. The telco's name is redacted, but it relied entirely on Judge Richard Leon's ruling from December, which found the bulk collection of phone records unconstitutional. Basically, the telco appears to have received the renewed Section 215 bulk collection order from FISC in January, and then challenged it on the basis of Judge Leon's ruling. The FISC shoots down that challenge, rejecting Judge Leon's reasoning, and insisting that bulk collection of phone records is perfectly legal and constitutional.
Turning now to the merits of the Fourth Amendment issue, this Court finds Judge Leon's analysis in Klayman to be unpersuasive and concludes that it provides no basis for vacating or modifying the Secondary Order issued [REDACTED] January 3, 2014....
FISC, of course, immediately highlights the infamous Smith v. Maryland case that all defenders of bulk collection point to (and which Judge Leon said did not apply here, given the very different circumstances). But, FISC still argues it applies claiming that the differences are "indistinguishable."
The information [REDACTED] produces to NSA as part of the telephony metadata program is indistinguishable in nature from the information at issue in Smith and its progeny. It includes dialed and incoming telephone numbers and other numbers pertaining to the placing or routing of calls, as well as the date, time and duration of the calls.
That seems disingenuous at best. You need to be willfully distorting the facts to argue that Smith and the bulk data collection programs are "indistinguishable" from one another. Smith involved information on a single person. The bulk collection covers everyone. In fact, Judge Leon himself went through a rather detailed explanation of what "distinguishes" the Smith case from the bulk collection, including the fact that while people may expect phone companies to occasionally provide information to law enforcement on suspects, they do not reasonably expect the telcos to do that on everything from every person.
FISC Judge Rosemary Collyer admits that Judge Leon explained why the two situations are wholly different, but simply disagrees on every distinguishing factor.
This Court respectfully disagrees with Judge Leon's reasons for deviating from Smith. To begin with, Judge Leon focused largely on what happens (and what could happen) to the telephony metadata after it has been acquired by NSA -- e.g., how long the metadata could be retained and how the Government could analyze it using sophisticated technology. Smith and the Supreme Court's other decisions applying the third-party disclosure principle make clear that this focus is misplaced in assessing whether the production of telephony metadata constitutes a search under the Fourth Amendment.
Smith reaffirmed that the third-party disclosure principle -- i.e., the rule that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" ... applies regardless of the disclosing person's assumptions or expectations with respect to what will be done with the information following its disclosure.
From there, Judge Collyer goes on to restate the rather expansive view that, under the third party doctrine, basically you have absolutely no 4th Amendment rights whatsoever to anything held by a third party. There's also this fun tidbit, in which the ruling dismisses the "everyone's content" vs. "just one target's content"
The aggregated scope of the collection and the overall size of NSA's database are immaterial in assessing whether any person's reasonable expectation of privacy has been violated such that a search under the Fourth Amendment has occurred. To the extent that the quantity of the metadata collected by NSA is relevant, it is relevant only on a user-by-user basis. The pertinent question is whether a particular user has a reasonable expectation of privacy in the telephony metadata associated with her or her own calls. For purposes of determining whether a search under the Fourth Amendment has occurred, it is irrelevant that other users' information is also being collected and that the aggregate amount acquired is very large.
Basically, even though there is a very big distinguishing factor between collecting one targeted person's info and everyone's info, the FISA Court insists that this factor can be ignored, because you have to look at it in terms of each person's individual situation. That seems like a highly questionable analysis, and a very dangerous "cheat" to hide from the biggest factor that makes the 215 bulk collection orders so different from the situation in Smith.
Even more troubling, is that the FISC seems to argue that phone metadata probably isn't that revealing anyway -- which is clearly bogus. It points to the case that Smith mainly relied upon, the Miller case involving bank records, and argues that phone metadata and bank records are basically the same:
It is far from clear to this Court that even years' worth of non-content call detail records would reveal more of the details about a telephone user's personal life than several months' worth of the same person's bank records. Indeed, bank records are likely to provide the Government directly with detailed information about a customer's personal life -- e.g., the names of the persons with whom the customer has had financial dealings, the sources of his income, the amounts of money he has spent and on what forms of goods and services, the charities and political organizations that he supports -- that the call detail records simply do not, by themselves, provide.
I find it equally questionable that bank record information isn't considered private, but even if we grant that premise, the rest of the argument makes little sense. In fact, much of the above information may not actually be supplied by bank records, and a person can often use cash to leave no such record. While both records may be quite revealing (beyond what I think the 4th Amendment should allow), given the choice, I'd argue that my phone records are a hell of a lot more revealing and private than my bank records.
FISC also rejects the idea that the Supreme Court's decision in the Jones case (arguing that GPS tracking may go too far) changes the analysis here. Judge Collyer points out that the rulings that Judge Leon relies on were concurring opinions, but not, technically part of the majority ruling (he basically lumped together Justice Alito and Justice Sotomayor's rulings, despite each taking slightly different approaches).
In the end, the FISC rejects the attempt by the unnamed telco, and basically says that Judge Leon's ruling is wrong. Kudos to the nameless telco for actually challenging the Section 215 order. Hopefully we'll find out soon which telco actually made a move to protect its users' privacy.
The DOJ, via its Deputy Assistant Attorney General, has sent a memo to FISC Judge Reggie Walton, informing him of just how compliant the agency has been during the last couple of months as conflicting orders over the retention of bulk record data went flying as a result of multiple BR-related lawsuits.
The DOJ, speaking for the NSA and FBI (who actually collect the collections), went from one court to the other (the Northern District Court of California and the FISA Court), trying to figure out whether it would be destroying aged-off data or holding onto it. It was hard to discern which route the DOJ preferred to take, but FISA Judge Walton managed to sniff out the agency's true intentions, calling them out for not only failing to inform the FISA court of standing retention orders but also attempting to talk the involved plaintiffs from passing this information along to the involved courts.
Given these actions, it would appear the DOJ preferred to dump the data rather than have it actually appear in court as evidence. But Judge Walton, along with the district court, prevented that. The DOJ's letter to Judge Walton conveniently glosses over its misconduct, instead portraying the agency as a conscientious party doing the best it could under the circumstances.
The DOJ's letter notes that it managed to restrain itself from destroying any aged-off data while waiting for the conflicting orders to be settled (March 5 - March 12), which means the BR data still has a chance to be used in court. According to the letter, this retained data is being held separately from the rest of the bulk collections, which means it can't be accessed by analysts searching the metadata. Supposedly, the NSA will only be allowed to peek in on the retained data to verify it's all still present and accounted for.
While this sort of hi-gloss portrayal is to be expected from an agency that probably still believes it did nothing wrong, it's rather audacious of the DOJ to attempt to pass this narrative off to the same judge that called it out for misleading the FISA court and attempting to bury plaintiffs' concerns.
A few weeks ago, we noted that FISC Judge Reggie Walton was quite reasonably pissed off at the DOJ for directly withholding key information about evidence in a series of lawsuits concerning NSA surveillance programs. The full details are a bit down in the weeds, but the short summary is that there's been some debate over whether or not the government needs to retain surveillance data because it's evidence in these cases, or if it needs to destroy the surveillance data, as required by the rules over its holding of the data. There's been a bit of back and forth over all of this, but the DOJ apparently directly withheld from the FISC a request by EFF lawyers to inform the court that a data preservation order should cover two of the key NSA surveillance cases that it has been involved in for years (since well before the Snowden disclosures). The DOJ not only did not inform the court, but it also appears to have tried to dissuade the lawyers from raising the issue. Judge Walton ordered the DOJ to explain itself, and it gives a long apology, repeatedly insisting that it didn't believe those cases were related, since they were focused on surveillance data ordered by the President, rather than the FISA Court -- a weak excuse at best:
Based upon the nature of the claims made in Jewel and Shubert, which the Government has always understood to be limited to certain presidentially authorized intelligence collection activities outside FISA, the Government did not identify those lawsuits, nor the preservation
orders issued therein, in its Motion for Second Amendment to Primary Order filed in the above-
captioned Docket number on February 25, 2014. For the same reasons, the Government did not
notify this Court of its receipt of plaintiffs' counsel's February 26, 2014, e-mail. With the
benefit of hindsight, the Government recognizes that upon receipt of plaintiffs' counsel's e-mail,
it should have made this Court aware of those preservation orders and of the plaintiffs'
disagreement as to their scope as relevant to the Court's consideration of the Government's
motion and regrets its omission. The Government respectfully submits that in light of this
submission, and this Court's Opinion and Order dated March 12, 2014, granting the
Government's motion for temporary relief from the destruction requirement in subsection of
the Court's Primary Order, no additional corrective action on the part of the Government or this
Court is necessary.
It goes on for much longer trying to suggest that this was all just an honest mistake, and how could it have possibly realized that the lawyers for the plaintiffs in those cases might think the issue of preserving their evidence was related to similar questions over preserving evidence of other NSA cases. It insists that it really was just focused on the more recent cases that were filed post-Snowden ("filed after last year's unauthorized public disclosure concerning the collection of telephony metadata pursuant to FISA authority") and hadn't even considered how it related to older cases concerning NSA surveillance.
The Government did not notify the Court of Jewel and Shubert in the Motion because the
Government has always understood those matters to challenge certain presidentially authorized
intelligence collection activities and not metadata subsequently obtained pursuant to orders
issued by this Court under FISA, and because the preservation issues in those cases had been
previously addressed before the district court in which those matters are pending. Jewel and
Shubert, filed in 2008 and 2007, respectively, challenge particular NSA intelligence activities
authorized by President Bush after the September 11, 2001 terrorist attacks without statutory or
As the DOJ goes on to explain, it assumed the preservation issues in the Jewel and Shubert cases were settled, and therefore irrelevant to the FISA issue (especially since, in its mind, the two sets of cases covered different programs). Thus, the DOJ claims, its emails dissuading the lawyers from raising the issue weren't so much about silencing those lawyers and hiding information from FISC, but were a true misunderstanding, in that it was just letting those lawyers know the issues were unrelated, as well as a desire (no joke) to not bother the FISC with unnecessary distractions.
In particular, the request in its February 28 email that counsel for the Jewel plaintiffs "forebear from filing anything with the FISC, or [the district court], until we have further opportunity to confer" was a good faith attempt to avoid unnecessary motions
practice in the event that the issue could be worked out among the parties through the
Government's provision of an unclassified explanation concerning its preservation in Jewel and
Shubert. Accordingly, the Government did not bring the Jewel plaintiffs' February 25 email to
this Court's attention.
Of course, there's still the big question of, between the two FISA court orders, whether or not the DOJ did, in fact, destroy some of the evidence. And, a follow-up correction from the government very strongly suggests that it absolutely did use the opportunity to destroy evidence. The follow-up is a correction to a footnote, in which the DOJ makes it clear that "consistent with the Government's understanding" (which appears to be mistaken) and "prior to" the more recent filing, "the Government complied with this Court's requirements that metadata obtained by the NSA under Section 215 authority be destroyed no later than five years after their collection."
What that almost certainly means is that the NSA destroyed the metadata collected up until 2009, which likely is relevant to the Jewel and Schubert cases, even though the lawyers in those cases had alerted the DOJ of these concerns. For all of the DOJ's "apologies" in the first document, this certainly seems very convenient for the US government. And, as Marcy Wheeler notes, the destroyed evidence may have included "cover almost all of the phone dragnet violations discovered over the course of 2009." Convenient. But the DOJ is really, really sorry about it. Really.
After President Obama announced his willingness to really end the bulk collection of phone records under Section 215 of the Patriot Act, Senator Patrick Leahy pointed out that the easiest way to do that was to simply not ask the FISA Court to renew that authority this Friday when it expired. The NY Times editorial board picked up that ball and ran with it, publishing an editorial saying that if the President wants us to believe he's serious about ending bulk phone surveillance he should end the program on Friday.
No such luck.
While plenty of people are still waiting for the actual "legislative package" the administration claims it's putting together to accomplish its plan to end bulk phone record collection (but not other bulk collections), the White House has now released a "fact sheet" about its plans that concludes at the bottom by saying that the President has still asked the DOJ to renew the authority:
Legislation will be needed to implement the President’s proposal. The Administration has been in consultation with congressional leadership and members of the Intelligence and Judiciary Committees on this important issue throughout the last year, and we look forward to continuing to work with Congress to pass a bill that achieves the goals the President has put forward. Given that this legislation will not be in place by March 28 and given the importance of maintaining the capabilities in question, the President has directed DOJ to seek from the FISC a 90-day reauthorization of the existing program, which includes the substantial modifications in effect since February.
There are still numerous questions raised by the President's proposal, and it really seems entirely focused on just one problematic aspect of the NSA's surveillance capabilities. Yes, it's the part that has received the most attention, and yes it's the part that also has been shown to have never actually been useful. But this proposal seems a lot more focused on pre-empting much more comprehensive legislation like the USA Freedom Act. Furthermore, the fact that the President still refuses to just kill off the program while waiting for Congress to act suggests this is all for show. Tossing this on Congress is a great way for the President to pretend to do something while knowing nothing will actually happen.
With two of his own review panels saying that the bulk collection of phone records under Section 215 of the PATRIOT Act had failed to produce anything of value, and one of them clearly stating that it was also illegal and unconstitutional, the NY Times is reporting that President Obama is finally ready to call for the true end of the NSA's bulk collection of phone records. Surprisingly, according to that report, President Obama is willing to do this without adding data retention requirements for the telcos to hold onto that data themselves. If true, that really is a pretty big deal -- though it only covers the issue of the bulk phone records collection. That leaves other forms of bulk collection under Section 215 in place. So, in effect, it seems like an agreement to kill off the one high profile problematic program that hasn't been remotely useful, rather than a full policy shift. It's a start, however.
Unfortunately, at the same time that's happening, it appears that the House Intelligence Committee, run by Rep. Mike Rogers is pushing a new bill that would take a step towards limiting some aspects of the NSA's data collection powers, but also lowering the standard by which the government could collect specific information:
The bill, titled the End Bulk Collection Act of 2014 and currently circulating on Capitol Hill, would prevent the government from acquiring "records of any electronic communication without the use of specific identifiers or selection terms," some 10 months after the Guardian first exposed the bulk collection based on leaks by the whistleblower Edward Snowden.
But the bill would allow the government to collect electronic communications records based on "reasonable articulable suspicion", rather than probable cause or relevance to a terrorism investigation, from someone deemed to be an agent of a foreign power, associated with an agent of a foreign power, or "in contact with, or known to, a suspected agent of a foreign power."
While a separate report says that this House bill would actually ban the mass collection of other types of data (including internet activity) as well as phone records (i.e., going further than the Obama proposal), it would leave out the requirement that a court approve specific requests for information before it's submitted to a company.
But unlike other pending legislation, it does not call for judicial approval of a specific phone number before a request for data is submitted to a company.
The Rogers-Ruppersberger legislation would have the court make that determination “promptly” after the FBI submits a number to a phone company. If the court did not approve the number as being linked to an agent of a foreign power, including terrorist groups, the data collected would be expunged.
The details of these proposals are going to matter a lot. The full House bill is expected to be introduced in a few hours, and it will take some time to go through the details to see if there are any dangerous easter eggs hidden in there. Still, for all the arguments from Rep. Rogers and the Obama administration about how "necessary" these programs have been and how horrible it's been that Ed Snowden revealed the details to the press, these moves show just how much of an impact the Snowden leaks have had on the public debate concerning surveillance. It will take some time to sort through the details of these proposals, but it's safe to say without Snowden's actions, none of this would be happening.
It would appear that Senator Dianne Feinstein's newly discovered anger about the CIA spying on the metadata of her staffers hasn't yet lead to the recognition of why the American public is upset about the NSA collecting all of our metadata.
Despite two different executive branch review boards and a federal judge declaring the program to likely be both unconstitutional and illegal (though, yes, other courts have disagreed) and (importantly) President Obama asking Congress to figure out a way to end the program, Feinstein still insists the program is great. Even more bizarre, she claims that it has helped stop terrorist attacks -- an argument that even the NSA is no longer making after its original claims about that were totally debunked. However, a new statement from Feinstein on the program insists that it's legal and Constitutional, and has helped stop terrorists. Because she says so.
“I continue to believe the phone records program authorized by Section 215 of the USA PATRIOT Act plays an important role in detecting and preventing terrorist attacks against the United States. Again, this program collects only phone numbers and the duration and times that calls are made—it does not collect the content, names or locational information of calls.
“I also believe the call records program has been carried out consistent with the Constitution and the law and under strong oversight by all three branches of government. Like the president, I therefore support its continuation.
Except, actually, President Obama actually has said that the program should not continue and that it should be "transitioned" into something else. And we won't even bother rehashing what a joke the claim of "oversight" from all three branches of government has been.
And, again, her focus on how it's not content, but just metadata, is fairly ridiculous given that she herself is freaking out about the CIA looking at access logs (no content, just metadata) of her staffers. Double standards, of course. Either way, if anyone thought that Feinstein's fight with the CIA would soften her position on screwing over the privacy of the American public... the answer appears to be that it will have no impact whatsoever.
from the I-may-actually-miss-this-guy-once-he's-gone dept
Another FISC opinion and order has just been released dealing with the NSA's retention of metadata that may be used as evidence in some ongoing lawsuits against the government. The DOJ had originally asked to hold onto the pertinent data past the five-year expiration date because of these pending lawsuits. This request was shot down by FISC judge Reggie Walton, who stated that holding Americans' data past the disposal date put the surveillance programs on shaky Constitutional grounds, while also pointing out that the government's arguments relied on caselaw dealing with the retention of corporate documents, something which clearly wasn't in the same league as data collected on Americans.
Shortly thereafter, a federal court handling two lawsuits (Jewel v. NSA [this is an EFF lawsuit originally filed in 2008], First Unitarian Church v. NSA) centered on NSA domestic surveillance issued a temporary restraining order on the destruction of relevant metadata. This was brought about by the DOJ's announcement that it would begin destroying the relevant data for these two cases based on Walton's February order.
This is where the DOJ starts looking very shady, according to Judge Walton's recounting of the events.
The March 10 Motion further indicated that one of the MDL cases, Virginia Shubert, et al., v. Barack Obama, et al. No. 07-cv-0603 (N .D. Cal.) remains in litigation, and the MDL preservation order remains in effect for that case. Additionally, the March 10 Motion stated that the Jewel case, which was filed in 2008, was designated by the District Court as a related action to the Hepting matter, and that Court entered an evidence preservation order in Jewel, based on the MDL evidence preservation order, which remains in effect. LCL The March 10 Motion noted that the plaintiffs in Jewel and First Unitarian contacted the government on February 26, 2014, regarding the relevance of these preservation orders to the February 25 Motion, and made a "specific request" that the government inform the FISC of their existence.
The plaintiffs asked the government to inform the FISC about their existence so that their data could be retained as well. That never happened. Instead, they were forced to file a Temporary Restraining Order in order to prevent this data destruction. This was granted by the circuit court judge and brought to the FISA Court, where Judge Walton ordered the extended retention of data specifically related to these cases. In its response filing, the DOJ had this to say about the plaintiffs who asked them to speak to the FISA court.
A footnote in the March 13 Response indicated that, "[c]ontrary to their representation . . . [the m]ovants did not make a 'specific request' that the government inform this Court about the preservation orders in Jewel and Shubert."
The DOJ included (as an exhibit) email correspondence between it and the plaintiffs of the lawsuit as support for its claim that no request was made. Upon review by Judge Walton, that assertion was false. Walton gives the government an out by claiming it may have just misperceived which surveillance program was being discussed (Section 215 vs. an "executive authority" program -- Section 501), but even then, he points out that the plaintiffs disagreed with the DOJ's reading of the situation.
From this point on, Walton takes the DOJ to task for deceiving the court (whether deliberately or otherwise).
As the govemment is well aware, it has a heightened duty of candor to the Court in ex parte proceedings. Regardless of the government's perception of the materiality of the preservation orders in Jewel and Shubert to its February 25 Motion, the government was on notice, as of February 26, 2014, that the plaintiffs in Jewel and First Unitarian believed that orders issued by the District Court for the Northem District of California required the preservation of the FISA telephony metadata at issue in the government's February 25 Motion. [E-mail Correspondence at 6-7.] The fact that the plaintiffs had this understanding of those preservation orders -- even if the government had a contrary understanding - was material to the FISC's consideration of the February 25 Motion. The materiality of that fact is evidenced by the Court's statement, based on the information provided by the government in the February 25 Motion, that "there is no indication that any of the plaintiffs have sought discovery of this information or made any effort to have it preserved.
The above might be written off as a failure to communicate, but Walton's next paragraph details even more DOJ malfeasance.
The government, upon learning this information, should have made the FISC aware of the preservation orders and of the plaintiffs' understanding of their scope, regardless of whether the plaintiffs had made a "specific request" that the FISC be so advised. Not only did the government fail to do so, but the E-mail Correspondence suggests that on February 28, 2014, the government sought to dissuade plaintiffs' counsel from immediately raising this issue with the FISC or the Northern District of Califomia.
The next filing entered should be rather informative, based on Walton's demands.
It is FURTHER ORDERED that the government shall make a filing with this Court pursuant to Rule 13(a) of the United States Foreign Intelligence Surveillance Court Rules of Procedure Rules of Procedure") no later than April 2, 2014. As part of this filing, the government shall explain why it failed to notify this Court of the preservation orders in Jewel and Shubert and of the plaintiffs' understanding of the scope of those orders, upon learning that plaintiffs' counsel viewed those orders as applying to the Section 501 telephony metadata at issue in the February 25 Motion.
This latest order from Judge Walton shows that the government wants to destroy data that might be used as evidence. There was some back-and-forth previous to this, but the DOJ probably had a good idea what Judge Walton would say back in February when it showed up to ask to hold on to domestic surveillance records indefinitely, deploying civil litigation guidelines and common law requirements as its only rhetorical weapons. Walton refused and the DOJ went happily off to tell plaintiffs that the FISA court had overridden their existing preservation orders. If the plaintiffs hadn't asked for a temporary restraining order, it might have gotten away with it.
from the where's-dianne-feinstein's-metadata? dept
With the NSA and its defenders still defending the bulk phone (and other) records collection programs as being about "just metadata," we've already highlighted how metadata is incredibly revealing. Now there's yet another study demonstrating this quite clearly. Jonathan Mayer and Patrick Mutchler, over at Stanford, did a study in which they convinced a bunch of people to run an app called MetaPhone, in which users agree to give up the metadata on their phone, voluntarily, for the sake of research. What these researchers found, of course, is that the metadata reveals an awful lot of details about one's lives, often much more clearly than if the actual content had been collected. The researchers give a few examples where what someone is up to becomes quite obvious very, very quickly.
Participant A communicated with multiple local neurology groups, a specialty pharmacy, a rare condition management service, and a hotline for a pharmaceutical used solely to treat relapsing multiple sclerosis.
Participant B spoke at length with cardiologists at a major medical center, talked briefly with a medical laboratory, received calls from a pharmacy, and placed short calls to a home reporting hotline for a medical device used to monitor cardiac arrhythmia.
Participant C made a number of calls to a firearm store that specializes in the AR semiautomatic rifle platform. They also spoke at length with customer service for a firearm manufacturer that produces an AR line.
In a span of three weeks, Participant D contacted a home improvement store, locksmiths, a hydroponics dealer, and a head shop.
Participant E had a long, early morning call with her sister. Two days later, she placed a series of calls to the local Planned Parenthood location. She placed brief additional calls two weeks later, and made a final call a month after.
We were able to corroborate Participant B’s medical condition and Participant C’s firearm ownership using public information sources. Owing to the sensitivity of these matters, we elected to not contact Participants A, D, or E for confirmation.
There's a lot more in the research, showing how it's relatively easy to pick out fairly sensitive information from a bunch of participants. And, remember, these participants opted-in, knowing that the information would be shared.
Of course, as we've said from the beginning, there's a pretty easy way to prove that everyone inherently knows that metadata reveals all sorts of sensitive information. Just ask any of the biggest defenders of these programs to share the metadata from their phone. They insist there's nothing sensitive in metadata, and yet, oddly they're unwilling to reveal their own.
from the we-have-all-the-data,-now-we-have-all-the-time dept
A house set against itself cannot stand gets a win no matter who's dealing the cards. As was noted earlier, the NSA's metadata is currently integral to a series of lawsuits against the government. This fact prompted the DOJ to ask the FISA court to bend the minimization rules and extend the holding period from five years to "whenever."
This was shot down by FISC judge Reggie Walton, who pointed out that the government's argument was faulty on multiple levels. First of all, changing the stipulations of the minimization procedures put the entire metadata collection on shaky constitutional ground, seeing as it's almost entirely composed of data on American citizens not currently the subject of NSA investigations. Secondly, the DOJ cited evidence preservation statutes that applied solely to private corporations, something that clearly doesn't transfer directly to a government database composed of US citizens' "business records."
On March 10th, a contradictory decision was handed down by US District Court judge Jeffrey Wright, who declared the NSA was required to hold onto metadata relevant to ongoing lawsuits. This set up an interesting situation for the NSA, which would now have to decide whether it would rather have data with no expiration date or destroyed data that would never possibly appear in court.
The NSA has now shown its hand. In a motion filed Wednesday, the agency asked the FISA court to reverse its decision on destroying the held metadata. The filing refers to the temporary restraining order entered by Judge Jeffrey Wright which stipulates that the agency must hold onto the data until the cases are resolved. The NSA notes that it now is subject to two contradictory notices and is asking the FISA court to honor the other court's decision.
I'm not exactly sure how the FISA court will respond to this. Walton made it pretty clear that he felt the government's arguments were weak and jeopardized the minimal privacy protections surrounding the bulk records collections. Not only that, but presumably the FISA court's authority supersedes a district court, considering it is the entity charged with directly supervising the collection and handling of the NSA's bulk collections.
Well, no sooner had the ink dried on this post than FISC judge Reggie Walton delivered an opinion agreeing with the District Court's order and will allow the NSA to retain the metadata associated with the two cases listed in Judge Jeffrey Wright's order. Walton's decision to reverse the FISC's opinion hinges on these two specific cases, Jewel v. NSA and First Unitarian Church v. NSA. As he notes, the DOJ's request to hold the data was based on common law rules normally applied to retention of corporate data in civil cases, something entirely unrelated to bulk surveillance metadata. Addiitonally, he points out that none of the plaintiffs in the cases the DOJ listed had requested the data be retained.
The Court concluded that any interests the civil plaintiffs might assert in preserving all of the BR metadata was "unsubstantiated" on that record. The Court further observed that no District Court or Circuit Court of Appeals has entered a preservation order applicable to the BR metadata in question in any of the civil matters cited in the motion. Further, there is no indication that any of the plaintiffs have sought discovery of this information or made any effort to have it preserved, despite it being a matter of public record that BR metadata is routinely destroyed after five years.
Beyond the legal issues is the NSA itself, which probably wouldn't doesn't mind being able to hold onto metadata indefinitely. (Of course, the FISC court limits this metadata to these two specific cases where the plaintiffs have requested the data be held. There's a lot of plaintiffs in one of those cases [First Unitarian Church v. NSA], meaning a whole lot of records will be maintained.) There's always the concern that this evidence will need to be presented in court, but if the past is any indicator, the admission of these records will be fought vigorously by the agency. As for the data the DOJ requested to be held? It will simply vanish into the ether upon expiration, keeping it out of the public eye forever.
from the not-so-fun-when-it's-your-metadata,-huh? dept
Earlier today, we wrote about Senator Dianne Feinstein's justified anger over the CIA "spying" on the Senate Intelligence Committee staffers as they went about putting together a massive (and apparently incredibly damning) report condemning the CIA's torture program. Having now watched the whole video of her speech, as well as read the transcript, there's a lot more here to discuss. You can watch the speech yourself if you'd like, or read the full transcript, which we've embedded below:
Apparently, some of the concerns actually stem from an earlier incident, from back in 2010, during which the CIA deleted access to a bunch of documents that it had previously given to the committee staffers. This came after an initial fight over whether or not the CIA would interfere with the staffers' efforts. The Intelligence Committee eventually agreed with the CIA's request that the research work be carried out on the CIA's premises, but only after the CIA promised not to interfere and to leave the staffers alone. The staffers requested lots of documents, and the CIA did a full pure data dump on them, just handing over piles and piles of documents with no context at all. Basically, it appears the CIA sought to bury the staffers in bullshit, hoping to hide many of the important bits. In response, the staffers asked the CIA to provide an electronic search engine, in order to go through the electronic documents. Also, to keep things organized, the staffers would regularly make local copies and/or print out key documents so they could more easily organize them and keep track of them. Based on this, they noticed that some documents that had initially been available "went missing" in 2010:
In May of 2010, the committee staff noticed that [certain] documents that had been provided for the committee’s review were no longer accessible. Staff approached the CIA personnel at the offsite location, who initially denied that documents had been removed. CIA personnel then blamed information technology personnel, who were almost all contractors, for removing the documents themselves without direction or authority. And then the CIA stated that the removal of the documents was ordered by the White House. When the committee approached the White House, the White House denied giving the CIA any such order.
After a series of meetings, I learned that on two occasions, CIA personnel electronically removed committee access to CIA documents after providing them to the committee. This included roughly 870 documents or pages of documents that were removed in February 2010, and secondly roughly another 50 were removed in mid-May 2010.
This was done without the knowledge or approval of committee members or staff, and in violation of our written agreements. Further, this type of behavior would not have been possible had the CIA allowed the committee to conduct the review of documents here in the Senate. In short, this was the exact sort of CIA interference in our investigation that we sought to avoid at the outset.
Apparently, this snafu was settled quietly between the intelligence committee and the CIA, with the CIA promising not to do it again.
Now, as we've been pointing out, and which was revealed by McClatchy and the NY Times last week, this latest fight is focused mostly on a draft of an internal review by the CIA of the torture program, conducted for then director Leon Panetta. Feinstein reveals some more key details about this document. First, it appears that Panetta more or less ordered the CIA to conduct what appears to be a "shadow review" of the very same documents that were being handed over to the Senate staffers. The report, as noted, appears to come to the same basic conclusions about the CIA's torture program (i.e., that it went to insane lengths and produced absolutely nothing in the way of useful intelligence). This internal review also contradicted the CIA's "official response" to the Intelligence Committee's own report.
Here's where it gets a bit trickier. When current CIA director John Brennan was asked for the full internal report, rather than the draft that the staffers had, there appears to have been a freakout at the CIA, because no one had intended for the intelligence committee to see the report, either as a draft or final report. The CIA appears to have believed that Senate staffers got access to the report illegally (hence the CIA's request that the staffers be investigated for illegal activity). Feinstein denies all of this and notes that the draft report was among the many documents provided in the data dump -- in what now looks like an accident by the CIA folks (and some contractors) in charge of compiling the data dump for the intelligence committee. The staffers "found" this document by using that search tool, which they'd asked the CIA to provide.
Feinstein goes on to reject the claims made by the CIA and CIA supporters that (1) the staffers should have known not to read the documents since they were marked "deliberative" or "privileged" and (2) that they somehow "mishandled" those classified documents by printing them out and bringing them to the Senate. As she notes, both of those claims make little sense. On the classification:
As with many other documents provided to the committee at the CIA facility, some of the Internal Panetta Review documents—some—contained markings indicating that they were “deliberative” and/or “privileged.” This was not especially noteworthy to staff. In fact, CIA has provided thousands of internal documents, to include CIA legal guidance and talking points prepared for the CIA director, some of which were marked as being deliberative or privileged.
Moreover, the CIA has officially provided such documents to the committee here in the Senate. In fact, the CIA’s official June 27, 2013, response to the committee study, which Director Brennan delivered to me personally, is labeled “Deliberative Process Privileged Document.”
We have discussed this with the Senate Legal Counsel who has confirmed that Congress does not recognize these claims of privilege when it comes to documents provided to Congress for our oversight duties.
That takes care of that. On the question of mishandling the documents, the argument is not quite as strong, but still quite reasonable. Yes, it does appear that staffers did not follow the exact process for removing the documents -- in that they were supposed to first review it with CIA staffers, but the reasoning here is not so crazy. The review process was supposedly just so that the CIA could make sure that names of key people or details of operations weren't revealed. The staffers made sure that all such info had been redacted before moving the document -- and, of course, they recognized that this document was a bit of a smoking gun for the CIA in that it appeared to confirm that Director Brennan had been lying to the committee. Taking it to the CIA to review would be an odd move -- especially for staffers tasked with oversight of the CIA itself. Even more important, the staffers noticed that, like back in 2010, that draft review document suddenly "disappeared" from their computer system, despite the previous promises that the CIA wouldn't do that any more (also, she points out that the CIA had previously destroyed early evidence about their torture program). So they made the entirely reasonable decision to make a copy and store it in the Senate:
When the Internal Panetta Review documents disappeared from the committee’s computer system, this suggested once again that the CIA had removed documents already provided to the committee, in violation of CIA agreements and White House assurances that the CIA would cease such activities.
As I have detailed, the CIA has previously withheld and destroyed information about its Detention and Interrogation Program, including its decision in 2005 to destroy interrogation videotapes over the objections of the Bush White House and the Director of National Intelligence. Based on the information described above, there was a need to preserve and protect the Internal Panetta Review in the committee’s own secure spaces.
Now, the Relocation of the Internal Panetta Review was lawful and handled in a manner consistent with its classification. No law prevents the relocation of a document in the committee’s possession from a CIA facility to secure committee offices on Capitol Hill. As I mentioned before, the document was handled and transported in a manner consistent with its classification, redacted appropriately, and it remains secured—with restricted access—in committee spaces.
Now that brings us to the latest "fight." In late 2013, after the intelligence committee had seen that draft report, it had requested the final report from the CIA. That set off alarm bells in the CIA when they realized that the committee knew such a report existed, leading to a freakout and further "searching" the staffers' supposedly private computers and networks:
Shortly thereafter, on January 15, 2014, CIA Director Brennan requested an emergency meeting to inform me and Vice Chairman Chambliss that without prior notification or approval, CIA personnel had conducted a “search”—that was John Brennan’s word—of the committee computers at the offsite facility. This search involved not only a search of documents provided to the committee by the CIA, but also a search of the ”stand alone” and “walled-off” committee network drive containing the committee’s own internal work product and communications.
According to Brennan, the computer search was conducted in response to indications that some members of the committee staff might already have had access to the Internal Panetta Review. The CIA did not ask the committee or its staff if the committee had access to the Internal Review, or how we obtained it.
Instead, the CIA just went and searched the committee’s computers. The CIA has still not asked the committee any questions about how the committee acquired the Panetta Review. In place of asking any questions, the CIA’s unauthorized search of the committee computers was followed by an allegation—which we have now seen repeated anonymously in the press—that the committee staff had somehow obtained the document through unauthorized or criminal means, perhaps to include hacking into the CIA’s computer network.
As I have described, this is not true. The document was made available to the staff at the offsite facility, and it was located using a CIA-provided search tool running a query of the information provided to the committee pursuant to its investigation.
Of course, as Julian Sanchez points out, from this description, it certainly appears that the CIA was collecting "just metadata," and, as you may recall, Feinstein has been at the forefront of arguing that no one should care about the NSA's activities, because it's just metadata. Kinda funny how perspective shifts when it's your metadata being discussed. Suddenly, it becomes a constitutional issue:
Based on what Director Brennan has informed us, I have grave concerns that the CIA’s search may well have violated the separation of powers principles embodied in the United States Constitution, including the Speech and Debate clause. It may have undermined the constitutional framework essential to effective congressional oversight of intelligence activities or any other government function.
Besides the constitutional implications, the CIA’s search may also have violated the Fourth Amendment, the Computer Fraud and Abuse Act, as well as Executive Order 12333, which prohibits the CIA from conducting domestic searches or surveillance.
And yet that doesn't apply when the NSA spies on all Americans? Yes, Feinstein is absolutely right to be angry about this. It is an astounding breach of protocol, and given that it's the Senate Intelligence Committee's job to oversee the CIA, it appears to be quite a brazen move by the CIA to effectively undermine the Senate's oversight. It's just too bad she doesn't see how the very same things she's angry about concerning her own staff apply equally to everyone else.
There's one other issue in the speech that should be highlighted as well. She notes both of the referrals (that we've previously discussed) to the DOJ: the request to investigate the CIA's activities, and the CIA's tit-for-tat response asking for an investigation into the staffers' access and removal of the draft Panetta review. Feinstein also points out that the person at the CIA who filed the crimes report against her staffers at the DOJ was heavily involved in the torture program the report condemns, and certainly suggests that the move is much more about intimidating Senate overseers:
Weeks later, I was also told that after the inspector general referred the CIA’s activities to the Department of Justice, the acting general counsel of the CIA filed a crimes report with the Department of Justice concerning the committee staff’s actions. I have not been provided the specifics of these allegations or been told whether the department has initiated a criminal investigation based on the allegations of the CIA’s acting general counsel.
As I mentioned before, our staff involved in this matter have the appropriate clearances, handled this sensitive material according to established procedures and practice to protect classified information, and were provided access to the Panetta Review by the CIA itself. As a result, there is no legitimate reason to allege to the Justice Department that Senate staff may have committed a crime. I view the acting general counsel’s referral as a potential effort to intimidate this staff—and I am not taking it lightly.
I should note that for most, if not all, of the CIA’s Detention and Interrogation Program, the now acting general counsel was a lawyer in the CIA’s Counterterrorism Center—the unit within which the CIA managed and carried out this program. From mid-2004 until the official termination of the detention and interrogation program in January 2009, he was the unit’s chief lawyer. He is mentioned by name more than 1,600 times in our study.
And now this individual is sending a crimes report to the Department of Justice on the actions of congressional staff—the same congressional staff who researched and drafted a report that details how CIA officers—including the acting general counsel himself—provided inaccurate information to the Department of Justice about the program.
Once again, it's worth noting that these are the very same folks that, just weeks ago, Feinstein was insisting would never abuse their positions because they're professionals. She said that on January 19th. That was just four days after CIA Director Brennan had told her about how the CIA had conducted the almost certainly illegal search on her own staffers.\
And, of course, this is the point that many of us have been making all along to Feinstein and other kneejerk defenders of the intelligence community. No matter how "professional" they are, they're still human. And given situations where their own jobs may be threatened, they're going to do what they do, and that often leads to serious abuses, like the ones that now have Feinstein so angry. That's why we're so concerned by her lack of real oversight of the intelligence community for years, as well as the rather permissive attitude that both Congress and the courts have taken for years to the intelligence community, by insisting that they only do what they do for the purposes of "national security." I'm curious what kind of "national security" reason the CIA has for spying on the very staffers who were investigating the CIA's torture program?