While I think that Senator Patrick Leahy has been ridiculously and dangerously wrong on copyright issues for years, he's actually quite good on a number of other issues that are of interest to us here at Techdirt. In particular, he's been a strong supporter of civil liberties on the internet and protecting the 4th Amendment (it's unfortunate that he doesn't see how his desired copyright policies might undermine some of that, but that's another post for another day). Thankfully, his latest move is to push back against a plan by the Senate and House Intelligence Committees to strip the federal government's Privacy and Civil Liberties Board (PCLOB).
The letter calls out the "pattern" that has been put in place by both the House and Senate Intelligence Committees to one by one by one strip powers from the PCLOB. After giving a bunch of examples of this playing out, with the language stripping the powers being agreed upon in secret (of course), Leahy notes:
The PCLOB has served a valuable role in reviewing government surveillance programs and recommending reforms that have largely been implemented by the executive branch. It is particularly inappropriate to debate and report legislation in a closed markup that is designed to diminish the authority of a public, independent oversight board. Congress should b enhancing its role, not undercutting it.
It then asks them to remove these PCLOB-undermining provisions from the intel re-authorization bill. Of course, Feinstein and Burr want to hobble the PCLOB because they've long been cheerleaders for widespread surveillance, and have actively fought against any real or significant oversight. There's a reason why these riders undermining the PCLOB keep showing up, and it's because Senators like Feinstein and Burr are deliberately trying to protect the intelligence community from oversight. So unless some bigger force comes along, it's doubtful this letter will have much of a direct impact. But, even so, kudos to Leahy for sending the letter as a starting point. Hopefully he follows through and continues to keep the pressure up.
Eleven months ago, we wrote about a lawsuit filed by the Freedom of the Press Foundation seeking to get a copy of the DOJ's infamous new rules for spying on journalists. The new rules came about after it had come out that the DOJ had spied on Associated Press reporters as well as lied to a court to claim that Fox News reporter James Rosen was a co-conspirator in a leak investigation. To date, the DOJ has steadfastly refused to reveal the rules.
Thankfully, someone has now leaked the rules, or at least the 2013 version of some of the rules, which show that, contrary to what then Attorney General Eric Holder had suggested, it's still ridiculously easy for the FBI to spy on reporters and their sources in trying to hunt down a leak. In fact, it appears that these rules, around the use of NSLs are actually separate from the rules that Holder was talking about -- meaning that there's an entirely separate path for the DOJ to spy on journalists. The rules show that the FBI can just issue a National Security Letter (NSL), the mechanism that the FBI has been known to regularly abuse without consequence and which it's trying to expand. The "process" by which the media is supposedly protected under these new rules is that if someone in the DOJ is seeking an NSL to get phone records of someone in the media, they need to get some permission from someone else in the DOJ first:
This is the fox watching the henhouse. These are not restrictions, these are just the DOJ getting to ask itself if it really wants to spy on these journalists, and the DOJ telling itself "sure, go ahead." There's a further exception that if someone is a member of the media, but the FBI "suspects" they're an intelligence officer or affiliated with a foreign intelligence service, "no additional approval requirements" are needed. So, as with the Rosen case, the FBI can just declare him a "co-conspirator" and voila, no approval necessary.
As the Freedom of the Press Foundation explains in response to this leak, this completely undermines the claims by the DOJ that there were strict controls on spying on journalists:
First, the rules clearly indicate—in two separate places—that NSLs can specifically be used to conduct surveillance on reporters and sources in leak investigations. This is quite disturbing, since the Justice Department spent two years trying to convince the public that it updated its “Media Guidelines” to create a very high and restrictive bar for when and how they could spy on journalists using regular subpoenas and court orders. These leaked rules prove that the FBI and DOJ can completely circumvent the Media Guidelines and just use an NSL in total secrecy.
Second, the DOJ told the New York Times in 2013 that, despite NSLs being exempt from the media guidelines, they were still used under a “strict legal regime.” Well, the “strict legal regime” here is basically non-existent. The only extra step the FBI has to go through to spy on journalists with an NSL—besides the normal, lax NSL procedures, which they have flagrantly and repeatedly violated over the past decade—is essentially get the sign off of a superior in the Justice Department. That’s it! They don’t have to even go through the motions for following any of the several rules laid out in the DOJ media guidelines: like get the Attorney General to sign off, exhaust all other means of investigation, alerting and negotiating with the affected media organization, making sure what is being sought is essential to the investigation, etc.
There's a separate important question here too: why were these rules kept secret? There is no national security reason to keep this secret. It does not reveal anything that helps anyone avoid surveillance. As Freedom of the Press Foundation notes, it appears the only reason to keep this secret is to avoid the embarrassment.
The information that has been redacted here by the Justice Department – and which they are fighting to keep secret in court – is incredibly mundane. The fact that the FBI has to get another person in the bureaucracy to sign off on a particular investigation should not be a state secret, nor would it remotely harm any ongoing investigation, nor would “tip off” any alleged criminals to how to evade surveillance.
The only reason to keep these rules secret, it seems, is that it’s incredibly embarrassing for the FBI to admit that they can use NSLs in leak cases to go after journalists. The fact that the FBI and DOJ are keeping these rules is outrageous, and they should use this opportunity to officially release the rules—and any updates to them—immediately.
The Foundation is also planning to continue its lawsuit for two reasons. First, as mentioned in the quote above, it wants the DOJ to officially release the rules, and, more importantly, it believes that the rules may have been updated since these 2013 rules were published.
The whole thing, once again, shows just how ridiculous this administration has been concerning protecting the rights of journalists to talk to confidential sources. "The most transparent administration in history" once again seems to be the exact opposite. Undermining the freedom of the press and spying on reporters and their sources is shameful. It's the activity of tyrants and insecure dictators, not democratically elected governments.
from the so...-what-do-you-spies-think-we-should-do-about-all-this-spying? dept
New documents obtained by Privacy International as a result of its ongoing litigation over GCHQ bulk surveillance shows (yet again) there's really no such thing as "oversight" when it comes to spying. Owen Bowcott of The Guardian highlights conversations between GCHQ and its supposed oversight, in which the former talks the latter out of applying more restrictive guidelines from updated laws to its massive data intake. (Unfortunately, Bowcott discusses the documents but does not link to them, and I have been unable to locate these at Privacy International's website.Found 'em.)
The letters were sent by Home Office legal advisers, GCHQ and Sir Swinton Thomas, who was the interception of communications commissioner. The organisation is now called the Interception of Communications Commissioner’s Office (IOCCO).
In May 2004, a Home Office legal adviser wrote to Thomas backing an MI5 proposal that collecting bulk data from communication service providers for its “database project” be authorised under section 94 of the 1984 Telecommunications Act because, at that stage, there were no human rights implications or breach of privacy concerns. Using that act would not require a notice to be put before parliament because it could be used secretively on the grounds that “disclosure of the direction would be against the interests of national security”.
Thomas briefly tried to act as an overseer, suggesting the GCHQ would be on firmer legal footing if it applied a more-updated law to its collection practices: the Regulatory of Investigatory Powers Act of 2000. Because this newer law contained more procedural safeguards and additional transparency requirements, GCHQ was obviously uninterested in applying this to its bulk collections.
The UK Home Office got involved at this point, claiming the newer law was not really a law at all, but collated stack of suggestions.
The Home Office responded, saying that, although Ripa might be engaged, it did not think that meant it must be used. The letter continued: “The only practical difference between the two sets of provisions is if [Ripa] were used, a new notice would need to be issued every month … involving a fresh consideration of the necessity and proportionality issues. This would not be the case under section 94 [of the Telecommunications Act].”
Yeah, why bother periodically reassessing "necessity and proportionality" of orders when you can issue one order and have it apply indefinitely? GCHQ also expressed its concern about using the new law, saying it wanted to keep all of its collections in one big pile, even if that meant intermingling minimized and unminimized data.
Its oversight reluctantly agreed.
Thomas backed down, replying that, “on reconsideration”, use of Ripa was not mandatory. He added: “I am also impressed by the considerable and, if possible to be avoided, inconvenience in following the [Ripa] procedure in the database procedures.”
And, just like that, any protections UK citizens might have gained from the 2000 version of RIPA were waved away in the interest of bulk collection convenience. This conversation every appearance of someone raising an issue in hopes of being talked out of it and expressing relief when this was accomplished. For UK citizens, this meant that GCHQ could collect both minimized data (anonymized by stripping of identifying info) and unminimized data and mix it all together in its storage, thereby nullifying the protective minimization methods.
It is, as Privacy International states, a "total failure" of oversight. There's no evidence that the Home Office or the IOCCO ever acted in an adversarial fashion. Both appear to have cut GCHQ as much slack as it needed to avoid having to adhere to an updated law written explicitly to regulate investigatory powers. Instead, they both allowed GCHQ to avail itself of lower legal requirements by applying a 20-year-old law -- one that could not have possibly anticipated the exponential surveillance growth in the intervening years -- to its post-2001 bulk surveillance.
The Privacy and Civil Liberties Oversight Board (PCLOB) is supposed to be an independent body that makes sure that the intelligence community is not abusing its surveillance powers. It was created to go along with the PATRIOT Act, as a sort of counterbalance, except that it initially had basically no power. In 2007, Congress gave it more power and independence and... both the Bush and Obama administrations responded by... not appointing anyone to the PCLOB. Seriously. The Board sat entirely dormant for five whole years before President Obama finally appointed people in late 2012. Thankfully, that was just in time for the Snowden revelations less than a year later.
The PCLOB then proceeded to write a truly scathing report about the NSA's metadata collection under Section 215 of the PATRIOT Act, calling it both illegal and unconstitutional. While the PCLOB was less concerned about the NSA's Section 702 program (which includes both PRISM and "upstream" collection from backbone providers) the group has been working for nearly two years on an investigation into Executive Order 12333 -- which is the main program under which the NSA spies on people.
As I reported, during the passage of Intelligence Authorization last year (which ultimately got put through on the Omnibus bill, making it impossible for people to vote against), Congress implemented Intelligence Community wishes by undercutting PCLOB authority in two ways: prohibiting PCLOB from reviewing covert activities, and stripping an oversight role for PCLOB that had been passed in all versions of CISA.
The new changes are subtle, but problematic. The first is that the PCLOB is limited to spending money only on issues for which Congress has directly approved the spending. In other words, if Congress doesn't want the PCLOB investigating a certain area, no problem, it can just make it clear that funding does not cover that area. That kind of voids the PCLOB's supposedly "independent" nature. The second issue is that it requires that the PCLOB warn intelligence community bosses if they're going to investigate a new program. While these changes may not seem like a big deal, they do suggest a clear attempt to undermine the power and authority of the PCLOB. Perhaps that's why the head of the PCLOB, David Medine, resigned early, before his appointment was up, just a few months ago.
At a time when we need a lot more independent oversight of government surveillance powers, it's unfortunate to see Congress apparently pushing for less oversight.
from the shame-this-whole-system-of-checks-and-balances-can't-just-be-eradicated dept
Late last week, the Office of the Director of National Intelligence released a stack of documents from Yahoo's challenge of the NSA's internet dragnet. The new declassified and unsealed documents have been dumped into one, 309-page PDF along with everything the ODNI has already released -- one of the small things the office routinely does to slow the dissemination of previously-unseen information.
What she's uncovered is more evidence the agency considers itself accountable to no one. Not only was Yahoo expected to be litigating blindly -- what with the government's multiple ex parte submissions and its general refusal to discuss any specifics of its PRISM program -- but apparently the FISA court was expected to adjudicate blindly. The NSA's refusal to provide Reggie Walton with the information he needed to render decisions resulted in this irritated order.
The Court is issuing this ex parte order to the Government requiring it to provide clarification concerning the impact on this case of various government filings that have been made to the FISC under separate docket.
lt is HEREBY ORDERED that the government shall file a brief no later than February 20. 2008, addressing the following questions:
1. Whether the classified appendix that was provided to the Court in December 2007 constitutes the complete and up-to-date set of certifications and supporting documents (to include affidavits, procedures concerning the location of targets, and minimization procedures) that are applicable to the directives at issue in this proceeding. If the answer to this question is .. yes,'” the government's brief may be filed ex parte. If the government chooses to serve Yahoo with a copy of the brief, it shall serve a copy of this Order upon Yahoo as well.
2. If the answer to question number one is “no,” the Government shall state what additional documents it believes are currently in effect and applicable to the directives to Yahoo that are at issue in this proceeding. The government shall file copies of any such documents with the Court concurrent with filing its brief. The government shall serve copies of this Order, its brief, and any additional documents upon Yahoo, unless the government moves this Court for leave to file its submission ex parte, either in whole or in part. If the government files such a motion with the Court, it shall serve a copy of its motion upon Yahoo. The government shall also serve a copy of this Order upon Yahoo, unless the government establishes good cause for not doing so within the submission it seeks to file ex parte.
The government's testy response was to point out it has never been obligated to provide anyone but the court with documents pertaining to its surveillance efforts..
Under the Protect America Act, then, the government has an unqualified right to have the Court review a classified submission ex parte and in camera which, of course, includes the unqualified right to keep that submission from being disclosed to any party in an adversarial proceeding before this Court.
As Wheeler points out, the documents Judge Walton ordered the government to turn over to the court did not arrive in full until after Walton had made it clear he wouldn't force the government to hand these over to Yahoo as well.
The holdout document -- the one that didn't appear until the government was sure it wouldn't have to provide Yahoo with this info -- is key. It shows the government's procedures for handling metadata had been misleadingly portrayed, not just to Yahoo, but possibly to the court as well.
Now, to be fair, in the original release, it was not clear that the government offered this much explanation for SPCMA [Special Procedures Concerning Metadata Analysis], making it clear that the procedural change involved making American metadata visible. But the government very clearly suggested — falsely — that SPCMA had no Fourth Amendment implications because they didn’t make Americans overseas more likely to be targeted (which the government already knew was the key thrust of Yahoo’s challenge).
The opposite is true: by making US person metadata visible, it ensured the government would be more likely to focus on communications of those with whom Americans were communicating. These procedures — which were approved more than two months, one document dump, and one court order agreeing to keep everything secret from Yahoo earlier — were and remain the key to the Fourth Amendment exposure for Americans, as was argued just last year. And they weren’t given to even the judge in this case until he asked nicely a few times.
The NSA has very little in the way of effective oversight. It has even less opposition in terms of checks and balances even when facing a judge clearly exhausted by the agency's obfuscation and abuse. An effective challenge of NSA surveillance in court -- even a regular one -- is an uphill battle. In the FISA court, where it's allowed an "unqualified right" to present all its assertions and evidence without facing anything more adversarial than a FISC judge, it's completely impossible. Yahoo fought with pretty much every appendage tied behind its back. An unsuccessful challenge was a foregone conclusion. But, if nothing else, its long tangle with the NSA dragged some of its so-called secrets out of the shadows. That's not a win but it's far better than the alternative -- where the government's foremost intelligence agency is allowed to rewrite the rules as it goes along with the administration's implicit support -- and keep the public from ever finding out just how much domestic surveillance slack it's managed to cut for itself.
If you're a CIA Director, one would assume that you know how to be cool under fire, right? Apparently that's not the case for current CIA Director John Brennan who seemed to completely freak out when Senator Ron Wyden started asking questions about the CIA's infamous decision to spy on the network and computers of Senate Intelligence Committee staffers who were compiling a report on the CIA's torture program. The details are a bit complex, but the short version is that the Intelligence Committee, which has oversight powers over the CIA, had been set up in a CIA building, with special access to CIA documents, and a special search tool. Apparently, at some point, that search tool returned a document which the CIA had never intended to share with the intelligence committee staffers. That document, called "the Panetta Review" was a draft document that then-CIA chief Leon Panetta had tasked people internal at the CIA to prepare on what the Senate Intelligence Committee staffers were likely to find as they went through the documents.
Yes, this is fairly meta. You had Senate staffers reviewing CIA documents, and at the same time, the CIA reviewing those same documents to try to get out ahead of any controversy -- and to make matters confusing, the Senate staffers then got access to that CIA review document as part of their regular searches. When the CIA was questioned about this Panetta review, they freaked out, wondering how the Senate staffers got their hands on the document, and did what the CIA does: they spied on the Senate staffers' computers and network to try to determine how they got the document in the first place. This was despite a promise from the CIA that the Senate staffers' computers and network were considered off-limits (due to an even earlier incident). That resulted in Senator Dianne Feinstein accusing the CIA of illegally spying on the Senate (its overseers). In response, Brennan first denied the spying altogether, and then insisted that it was the Senate staffers who broke the law, saying they illegally mishandled classified CIA documents in how they handled the Panetta Review.
Eventually, the DOJ decided that there wasn't enough evidence that either side broke the law, and refused to make any criminal charges either way. While both the CIA's Inspector General and a special review board Brennan himself set up found that the CIA did, in fact, spy on the Senate staffers' network and computers, and that this was inappropriate, neither seemed to say that it rose to a truly controversial level. Not surprisingly, the review board Brennan set up himself cleared him of wrongdoing.
Mixed in with all of this are remaining questions about how involved Brennan himself actually was in all of this (he refuses to say) and an ongoing request for an apology. While the CIA's Inspector General claimed that Brennan apologized for the breach, later reporting by Jason Leopold at Vice showed that Brennan had drafted an apology, but never sent it. Instead, he apparently provided a very narrow apology solely to Feinstein and then vice chair Saxby Chambliss, basically of the "I'm sorry if what did upset you" manner.
Given this, during a rare open Senate Intelligence Committee hearing, Wyden decided to quiz Brennan about all of this, leading to a rather sarcastic and testy exchange that needs to be watched to be believed:
Immediately, Brennan gets snarky, noting that "This is the annual threat assessment, is it not? Yes?" implying that he doesn't think it's appropriate for Wyden to be bringing up this "other" topic in such a hearing. And it only gets worse from there. He immediately jumps to the argument, again, that it was the Senate staffers' fault for getting access to a document he didn't want them to see. He then says the CIA therefore had an "obligation" to find out how that happened. And then he, somewhat insultingly, suggests that Senator Wyden had not actually read the IG's account, or the report of the review panel that Brennan himself set up.
Wyden cuts him off, quoting directly from the report and notes that other agencies have all said it would be inappropriate to review Senate oversight computer systems, and asks Brennan if he disagrees. Brennan is clearly pissed off:
Brennan: Yes, I think you mischaracterize both their comments as well as what's in those reports. And I apologized to the Chairman and the Vice Chairman about the de minimis access and inappropriate access that CIA officers made to five emails or so of Senate staffers during that investigation. And I apologized to them for that very specific inappropriate action that was taken as part of a very reasonable investigative action. But do not say that we spied on Senate computers or files. We did not do that. We were fulfilling our responsibilities.
Wyden: I read the exact words of the Inspector General and the Review Board. You appointed the Review Board! They said nobody ought to be punished, but they said there was improper access. And my point is, in our system of government, we have responsibilities to do vigorous oversight. And we can't do vigorous oversight if there are improper procedures used to access our files.
Wyden then admits his time is up... but Brennan's so angry that he won't give up. He breaks all proper Senate hearing protocol and jumps back in, asking Wyden to say, again, that it was the Senate staffers' fault for accessing the Panetta Review:
Do you not agree there was improper access that senate staffers had to CIA internal deliberative documents? Was that not inappropriate or unauthorized?
Wyden angrily points out that everything the Senate staffers did was appropriate, and anyway, he's now asking about the CIA's activities, and points to the Inspector General review and the other review board... all the while with Brennan angrily shaking his head at Wyden. When Wyden finishes, Brennan goes back to being snarky, saying:
And I'm still awaiting the review that was done by the Senate to take a look at what the staffers actions were.
And then there's this:
Separation of powers between the executive, legislative branches, Senator, goes both ways.
In short: even if you have oversight over us, don't mess with the CIA, Senator. That's quite a statement.
He then goes on to again claim that Wyden is mischaracterizing everything, and that what the CIA did was entirely appropriate. Wyden concludes:
It's pretty hard to mischaracterize word for word quotes that use the words "improper access."
from the we'll-get-to-the-bottom-of-this-thing-that-was-only-supposed-to-happen-to-ot dept
Once again, it appears the only way to make our nation's intelligence oversight committees care about surveillance is to include them in the "fun."
Fervent surveillance apologist Dianne Feinstein had zero fucks to give about the steady stream of leaks until it became apparent that the CIA was spying on her staffers while they put together the Torture Report. Likewise, many members of the House Intelligence Committee couldn't be bothered to care much about domestic surveillance until they, too, were "inadvertently" included in the NSA's dragnet.
The U.S. House Intelligence Committee will consider whether new safeguards are needed for handling communications intercepted by the National Security Agency that involve U.S. lawmakers or other Americans, the top Democrat on the panel said on Wednesday.
Yes, these legislators are unhappy their phone calls with foreign officials might have been collected on the regular by the nation's foremost interceptor of communications. And, in what is certainly viewed as largesse by this committee, the proposed rules (whatever they are) will be extended to non-elected Americans.
The Office of the Director of the National Intelligence further clarified the proposed changes discussed during the closed-door briefing by declining to comment on the "classified" proceedings.
One thing is clear, though. Changes will be happening, presumably to further protect the content of legislators' phone calls from the NSA, or at the very least, toughen up minimization procedures. The official statement from the Committee appends "all Americans" after an ellipsis ("explore whether any additional safeguards are necessary when it comes to incidental collection—not only for members of Congress... but for all Americans") so the smart money is on trickle-down surveillance protection. Presumably, we'll all be apprised of any additional protections on a need-to-know basis.
Heading up this new-found enthusiasm for small-batch surveillance reform is Devin Nunes, the Chairman of the Intelligence Committee. His previous efforts on behalf of Americans and their civil liberties include:
Attempting to prevent the Privacy and Civil Liberties Oversight Board from doing its job; and
The DOJ's Inspector General Michael Horowitz has a thankless job. His office must look into improper actions by a variety of government agencies that have no interest in being independently overseen, much less inspected generally. The DEA and FBI have both played an instrumental part in undermining his investigations -- so much so that Horowitz has taken his complaints to Congress and suggested legislators punch the unhelpful agencies right in the pocketbook.
The OIG has just released its semi-annual report for 2015, which sums up the highlights and lowlights of six months of investigations. There's more bad news than good, but that's to be expected considering a) the Inspector General is supposed to look into the DOJ's problems, not its heroics and b) the DEA, FBI et al haven't improved their attitude toward being inspected/implementing OIG recommendations.
Case in point on the last one:
The FBI has always received data "tipped" by the NSA from the Section 215 collection. During the same period (2007-2009) the NSA was getting chewed out by FISC Judge Reggie Walton for its abuse of the program, the FBI was having its own issues. IG Horowitz wasn't able to look into this as quickly as he wanted to because the FBI stonewalled him, refusing to grant access to pertinent documents. Horowitz hoped to get to the bottom of this before the Patriot Act reauthorization came up in May, but was unable to.
However, he was able to put the following together. The FBI had put inadequate minimization procedures in place back in 2006, shortly after another Patriot Act reauthorization. The OIG told the FBI to update its procedures in 2008, in order to comply with the reauthorization. The FBI got right on it.
Nevertheless, the OIG found that by mid- 2009, DOJ had not replaced the interim procedures, and FISA Court judges began to issue Supplemental Orders in Section 215 matters requiring DOJ to report to the FISA Court on the implementation of the interim procedures. The Attorney General ultimately adopted final minimization procedures in March 2013.
Which lead the IG to this obvious conclusion:
Given the significance of minimization procedures in the Reauthorization Act, the OIG does not believe that DOJ should have taken until 2013 to meet this statutory obligation.
That's basically seven years of the FBI using minimization procedures that did not meet statutory requirements. (The Patriot Reauthorization Act of 2005 went into effect in March of 2006.)
The OIG is still looking into other aspects of the FBI's participation in the Section 215 program, but any conclusions it draws will be of historical interest only now that the program is officially dead. These are listed in the "Ongoing Work" section.
The FBI’s use of Section 215 authority under the FISA from 2012 through 2014, including the effectiveness of Section 215 as an investigative tool and the FBI’s compliance with the minimization procedures DOJ approved and implemented in 2013.
The FBI’s use of information derived from the National Security Agency’s (NSA) collection of telephony metadata obtained from certain telecommunications service providers under Section 215 of the Patriot Act.
The FBI isn't the only DOJ agency partaking in broad surveillance efforts. The DEA is also collecting tons of data and information without a warrant.
The DEA’s use of administrative subpoenas to obtain broad collections of data or information, including the existence and effectiveness of any policies and procedural safeguards established with respect to the collection, use, and retention of the data.
Other works-in-progress include an examination of the ATF's confidential informant program, the DEA's handling of drug seizures, nepotism and favoritism at the US Marshals Service, issues with the Bureau of Prisons' private contractors and an investigation of the ATF's controversial "Storefront" program, which has taken heat recently because of agents' decisions to turn intellectually-disabled people into shills for fake drug/weapon sales operations before arresting them for their "complicity."
But all of this won't lead to much unless Congress acts to roll back a DOJ policy backed by an Office of Legal Counsel decision.
In particular, in July, DOJ’s Office of Legal Counsel (OLC) issued its opinion, 14 months after it was requested by the then Deputy Attorney General (DAG), which found that Section 6(a) of the IG Act does not entitle the OIG to obtain independent access to grand jury, wiretap, and credit information in DOJ’s possession that is necessary for the OIG to perform oversight of DOJ. Indeed, the OLC opinion concludes that such records can only be obtained by the OIG in certain—but not all—circumstances through disclosure exceptions in specific laws related to those records.
The OLC opinion also provides that, in all instances, DOJ employees will decide whether access by the OIG is warranted— placing agency staff in the position of deciding whether to grant, or deny, the Inspector General access to information necessary to conduct its oversight. Requiring an Inspector General to obtain permission from agency staff in order to access agency information turns the principle of independent oversight that is contained within the IG Act on its head.
This won't just make it more difficult for the OIG to do its job. It will also discourage DOJ employees from coming forward with information about abuse and misconduct.
Such a shift in mindset could deter whistleblowers from directly providing information to Inspectors General about waste, fraud, abuse, or mismanagement because of concern that the agency may later claim that the disclosure was improper and use that decision to retaliate against the whistleblower.
I'm sure the DOJ feels there's no problem on its end as it pertains to this new policy. But independent oversight is one of the few things standing between DOJ components and incredible amounts of misconduct and abuse. There's far too much power vested in these agencies and the OLC has made it even easier for them to abuse this power and get away with it.
After Edward Snowden's revelations about the extent of spying being carried out around the world by the NSA and its Five Eyes friends, there have been a number of attempts in other countries to find out what has been going on. One of the most thoroughgoing of these is in Germany, where there is a major parliamentary inquiry into NSA activities in that country. As Techdirt reported back in May, a surprising piece of information to emerge from this is that Germany's secret service has been carrying out spying on behalf of the NSA, which sent across various "selectors" -- search terms -- that it wanted investigated in the German spies' surveillance databases.
The German Foreign Intelligence Services, supported by the government, tapped the German Internet Exchange Point Decix, the largest internet exchange point globally. While the G10 Commission had approved the blanket tapping, they were unaware that some of the tapped data were forwarded to the NSA, the US National Security Agency, based on a list of so-called "selectors" -- names or numbers the NSA sent to their German colleagues.
Understandably annoyed, the G10 Commission demanded to see a complete list of those selectors so that it could check what information had been passed to the NSA, and whether any laws had been broken. The German government said that it would not disclose them. After misleading the oversight body about who would have access to information obtained from the Decix tapping, the German government's refusal to provide the selectors adds insult to injury. So much so, that it has apparently driven the G10 Commission to take unprecedented action: hauling the German government before the country's constitutional court, which decides weighty matters of this kind.
Since this is uncharted territory -- the G10 Commission had to find out whether taking legal action against the government in this way was even possible -- nobody really knows what might come of the move. But at the very least, it's yet another indication of the seismic shifts that are still occurring throughout the world of surveillance as a result of Snowden's unprecedented leaks.
The Commissioner of the Intelligence Services was slow to respond to hacking. Many of the concerns the Commissioner raised in his 2014 report [published July 2015] are the subject of PI's legal complaint, including whether it is lawful to use broad "thematic warrants" to justify the hacking of people in the UK. The Commissioner questioned this practice in depth. He was concerned that current law "does not expressly allow for a class of authorisation", and therefore the warrants were too broad. As a result, the Commissioner was worried that the Secretary of State was unable to properly assess whether the warrant authorised activity was necessary and proportionate. [ibid, p18] This means that GCHQ could get a warrant in the UK to hack the computer of everyone in Birmingham with little meaningful oversight.
Broad warrants at home -- signed by someone who may not have had any idea exactly what they were authorizing. No warrants, for the most part, for extraterritorial hacking. Testimony on behalf of the GCHQ by its director of cyber-security points out that the Secretary of State (who handles surveillance warrants) is rarely consulted when the target is foreign. The only exceptions are if the GCHQ feels the target may be "sensitive" or "politically risky." Otherwise, the GCHQ grants itself permission to carry out these attacks.
Two other agencies that write their own hacking orders (MI5 and the Secret Intelligence Service) also do what they can to eliminate whatever minimal paper trail these actions might generate.
The Intelligence and Security Committee Report in March 2015 called MI5's and SIS's failure to keep accurate records of their overseas hacking activities "unacceptable", [ISC report, p.66] as it makes effective oversight impossible [Witness Statement of Ciaran Martin, 71L].
Arguably, the oversight was never "effective" to begin with. Privacy International's Caroline Wilson Palow points out that Parliament was never notified in the first place by these agencies about their hacking activities. The oversight of three intelligence agencies is pretty much limited to one guy (Sir Mark Waller) who engages in spot checks of warrants periodically. With none of the agencies feeling any particular urge to seek warrants for overseas surveillance, it does cut down on Waller's workload, but it doesn't do much to ensure they aren't abusing their (often) self-awarded privileges.