Big Brother Clapper is watching you.
Setting aside the issue of, in my opinion, President Obama's broken promise of rejecting the Bush Era "false choice" of security over liberty, I think there remain serious questions regarding the legality of the Section 215 of the Patriot Act request that led to the
FISA Court order regarding the phone records and metadata of all Verizon customers and the
PRISM program which the Director of National Intelligence James Clapper
described as:
an internal government computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a). This authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008.
A good starting point for the discussion is the article written by
Ben Wittes and Robert Chesney for The New Republic. (Wittes and Chesney run the excellent
LawFare blog.) In the article, Wittes and Chesney acknowledge the dubious legality of the Section 215 information request:
[T[he story, and the leak of the FISA Court order that underlies it, do reflect something significantly new concerning a claimed authority about which the public was not previously informed. Specifically, it reveals that the government was using a particular section of FISA—known as Section 215—as a way of accessing not just specific items about specific persons on a case-by-case basis, but also as a means to create giant datasets of telephony metadata that might later be queried on a case-by-case basis. As we move into the age of Big Data, it may not be surprising that the government would want to have authority to generate such a database; we all recall the Total Information Awareness initiative, after all. But it is surprising to learn both that the government thinks it already has this authority under Section 215, and still more so that the FISA Court agrees and that members of Congress know this as well.
Section 215 allows the government to seek and receive an order from the FISA court requiring third parties (like Verizon) to produce “tangible things” like business records, so long as the government can certify that the information sought is “relevant” to a national security investigation. It is the analog in the context of national security investigations to the grand jury subpoena in a criminal probe—the instrument by which the government can compel people to turn over material germane to the investigation. Most people assumed, prior to the Guardian story, that this provision was being used on discrete occasions to obtain individual collections of records about known counterintelligence or terrorist suspects—for records showing, say, that a certain person made certain purchases from a certain vendor or used a particular telephone to make specific calls. The government has, to some extent, encouraged this understanding, suggesting that Section 215 orders are comparatively rare and focused on specific business records. [Emphasis supplied.]
As you can see below the fold, a plain reading of
relevant provisions of Section 215 would explain why most people assumed that the requests were individualized and not a dragnet:
(a)(1) The Director of the Federal Bureau of Investigation or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.
`(2) An investigation conducted under this section shall--
`(A) be conducted under guidelines approved by the Attorney General under Executive Order 12333 (or a successor order); and
`(B) not be conducted of a United States person solely upon the basis of activities protected by the first amendment to the Constitution of the United States.
`(b) Each application under this section--
`(1) shall be made to--
`(A) a judge of the court established by section 103(a); or
`(B) a United States Magistrate Judge under chapter 43 of title 28, United States Code, who is publicly designated by the Chief Justice of the United States to have the power to hear applications and grant orders for the production of tangible things under this section on behalf of a judge of that court; and
`(2) shall specify that the records concerned are sought for an authorized investigation conducted in accordance with subsection (a)(2) to protect against international terrorism or clandestine intelligence activities.
`(c)(1) Upon an application made pursuant to this section, the judge shall enter an ex parte order as requested, or as modified, approving the release of records if the judge finds that the application meets the requirements of this section. [Emphasis supplied.]
In the Verizon order, the FBI sought, on behalf of the NSA, and the FISC ordered, Verizon to turn over:
on an ongoing daily basis [...] all call detail records or "telephony metadata" [...]
How ALL of Verizon telephone records for say, TOMORROW, are relevant to a terrorism investigation is not explained. Indeed, it seems inexplicable to me. As
Wittes wrote at LawFare:
I have a hard time imagining the application that could have produced it. Section 215, codified in law as 50 U.S.C. § 1861, allows the government to apply to the FISA court for an order for production “of any tangible things . . . for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities. . . .” To acquire such an order, the government does not have to do much—just as it doesn’t have to do much in a criminal investigation: It merely has to offer, in pertinent part, “a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation . . . to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.”
So I’m trying to imagine what conceivable of facts would render all telephony metadata generated in the United States “relevant” to an investigation[.] [Emphasis supplied.]
Wittes and Chesney state "it is simply different and grander in scope and scale from anything we had thought the law meant." This is because the plain meaning of the words of Section 215 do not support this interpretation. Wittes and Chesney say this reading is not "implausible." I beg to differ. It is a ridiculous interpretation. It is an indefensible interpretation. Yes DiFi says different. Yes, the FISA court says different. Yes, Obama says different. But you do not have to be a lawyer, judge, senator or president to see how ridiculous the claim is. Common sense is in order here.
Wittes and Chesney are less troubled, if at all, about the Section 702 of FISA PRISM program. I'm less sanguine than they.
Section 702 of FISA (which was part of the 2008 Amendment to FISA) provides, in part:
SEC. 702. PROCEDURES FOR TARGETING CERTAIN PERSONS OUTSIDE THE UNITED STATES OTHER THAN UNITED STATES PERSONS.
‘(a) Authorization- Notwithstanding any other provision of law, upon the issuance of an order in accordance with subsection (i)(3) or a determination under subsection (c)(2), the Attorney General and the Director of National Intelligence may authorize jointly, for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.
‘(b) Limitations- An acquisition authorized under subsection (a)--
[. . . ] ‘(5) shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.
‘(c) Conduct of Acquisition-
‘(1) IN GENERAL- An acquisition authorized under subsection (a) shall be conducted only in accordance with--
‘(A) the targeting and minimization procedures adopted in accordance with subsections (d) and (e); and
‘(B) upon submission of a certification in accordance with subsection (g), such certification.
‘(2) DETERMINATION- A determination under this paragraph and for purposes of subsection (a) is a determination by the Attorney General and the Director of National Intelligence that exigent circumstances exist because, without immediate implementation of an authorization under subsection (a), intelligence important to the national security of the United States may be lost or not timely acquired and time does not permit the issuance of an order pursuant to subsection (i)(3) prior to the implementation of such authorization.
‘(3) TIMING OF DETERMINATION- The Attorney General and the Director of National Intelligence may make the determination under paragraph (2)--
‘(A) before the submission of a certification in accordance with subsection (g); or ‘(B) by amending a certification pursuant to subsection (i)(1)(C) at any time during which judicial review under subsection (i) of such certification is pending.
[...] (2) JUDICIAL REVIEW- The procedures adopted in accordance with paragraph (1) shall be subject to judicial review pursuant to subsection (i).
‘(e) Minimization Procedures-
[...]
‘(2) JUDICIAL REVIEW- The minimization procedures adopted in accordance with paragraph (1) shall be subject to judicial review pursuant to subsection (i).
[...] A certification made under this subsection shall--
‘(A) attest that--
‘(i) there are procedures in place that have been approved, have been submitted for approval, or will be submitted with the certification for approval by the Foreign Intelligence Surveillance Court that are reasonably designed to--
‘(I) ensure that an acquisition authorized under subsection (a) is limited to targeting persons reasonably believed to be located outside the United States; and
‘(II) prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States;
‘(ii) the minimization procedures to be used with respect to such acquisition--
‘(I) meet the definition of minimization procedures under section 101(h) or 301(4), as appropriate; and
‘(II) have been approved, have been submitted for approval, or will be submitted with the certification for approval by the Foreign Intelligence Surveillance Court;
‘(iii) guidelines have been adopted in accordance with subsection (f) to ensure compliance with the limitations in subsection (b) and to ensure that an application for a court order is filed as required by this Act;
‘(iv) the procedures and guidelines referred to in clauses (i), (ii), and (iii) are consistent with the requirements of the fourth amendment to the Constitution of the United States;
‘(v) a significant purpose of the acquisition is to obtain foreign intelligence information;
‘(vi) the acquisition involves obtaining foreign intelligence information from or with the assistance of an electronic communication service provider;
[...] ‘(i) an effective date for the authorization that is at least 30 days after the submission of the written certification to the court; or
‘(ii) if the acquisition has begun or the effective date is less than 30 days after the submission of the written certification to the court, the date the acquisition began or the effective date for the acquisition; and
‘(E) if the Attorney General and the Director of National Intelligence make a determination under subsection (c)(2), include a statement that such determination has been made.[Emphasis supplied.]
A lot to unpack there. But I think there are three headlines—(1) the surveillance can commence PRIOR to the issuance of a FISA court order and can continue for 30 days after submission for court approval of minimization procedures, (2) the surveillance must have foreign intelligence gathering only as a "significant purpose," not a primary or exclusive purpose, and (3) the surveillance should be targeted at foreign persons, not as a metadata dragnet.
Yet Wittes and Chesney write:
Such overseas intelligence collection is a vacuum cleaner-like affair, with the government free to scoop up everything it can get, and then figure out what to make of it. It’s really more like journalism than it is like law enforcement—journalism, that is, with high-tech collection capabilities. This is foreign policy, and while snooping on one’s citizens has big civil liberties implications, spying on other countries is just a recognized fact of life in the international community. That said, real civil liberties issues still arise if and when the vacuum cleaner incidentally gobbles up the communications of those whose targeting would normally require a warrant.
So three big rules operate to protect Americans from the vacuum cleaner. First, Executive Order 12333 restricts the knowing collection against U.S. persons to specified categories of material—most importantly, to “information constituting foreign intelligence or counterintelligence, including such information concerning corporations or other commercial organizations.” Second, to target an American for foreign intelligence purposes anywhere in the world either by electronic surveillance or by physical search the intelligence community needs probable cause that the target is an agent of a foreign power; this assessment used to be made internally within the executive branch, but since 2008, the agencies also need a FISA order for this type of surveillance. Finally, both public law and internal rules—most notably, the Foreign Intelligence Surveillance Act (FISA)—require the government to adopt what are called “minimization procedures.” These are rules designed to ensure that the government does not retain materials the vacuum cleaner may scoop up incidentally that are not within the categories of material the intelligence community is allowed to collect. They also prevent the government from disseminating such materials inappropriately. In short, the law has long presumed that the government will, when operating overseas, gobble up a huge quantity of information and then retain, use, and disseminate only that portion of that information that is legitimate for it to possess.[Emphasis supplied.]
But PRISM is not wholly directed at foreign persons. This is precisely the point of why Section 702 came into play. If it was purely foreign persons being targetted, there would be no need for invoking FISA or Section 702 at all. Section 702 is necessary precisely because the targetted foreign person is reasonably believed to be engaging with communications that reach the United States. It is because of that reach that Section 702 is invoked.
Wittes and Chesny argue:
The radical bifurcation of the rules between foreign and domestic intelligence collection was relatively easy to maintain as long as domestic and international communications traffic remained separate—with phone lines running within the United States and large trunk cables and satellite feeds running communications beyond the borders. But technological change has disrupted this model. Domestic and international traffic is now hopelessly intermixed, especially online. One consequence of this is that there is a huge amount of foreign-to-foreign communications online that happens to be routed through servers on U.S. territory, including, of course, communications occurring on sites like Facebook and Google. And thus, thanks to changes in the technology of communications, the warrant requirements of FISA began touching a rapidly-expanding set of circumstances that in the past would have been subject to the vacuum-cleaner model.
This was the problem that led to the Bush administration’s warrantless wiretapping program. And it also led to the FISA Amendments Act (FAA) in 2008. Broadly speaking, the FAA sought to restore something close to the flexible status quo ante. It did this by permitting the government to obtain approval from the FISA Court to order companies to assist the intelligence community with broad programmatic collection so long as (i) the government was targeting only non-U.S. persons reasonably believed to be overseas and (ii) the government adopted court-approved minimization procedures to exclude material it was not entitled to collect.
This is exactly what Snowden’s leak to The Washington Post suggests has been going on using PRISM. [Emphasis supplied.]
I strongly disagree that this is what the leaks regarding PRISM suggest. On the contrary, they appear to suggest a dragnet approach to Section 702 with little regard to what is a reasonable belief of relevance to the surveillance of a targetted foreign person. In this regard, the Section 215 Verizon order and the PRISM leaks have much in common, a virtual elimination of the requirement of an individualized finding of relevance. As the
Washington Post reported:
The Obama administration points to ongoing safeguards in the form of “extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.” And it is true that the PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.
Analysts who use the system from a Web portal at Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that “it’s nothing to worry about.” [Emphasis supplied.]
Many have focused on the absurdity of the 51 percent test, but I think the test itself reveals the inherent contradiction in the claims about PRISM complying with Section 702 of FISA—the targetted person must be foreign. Do the attorney general and the director of National Intelligence NOT know who they are targeting? Is that because they are not targetting any particular person?
Are they just employing a search system that creates parameters that allows the retrieval of ALL communications that fit the 51 percent criteria? If so, that surely can not be compliant with Section 702. Indeed, if such a procedure is deemed compliant, then Section 702 is nothing but an invitation to dragnetting.
I'll note one final irony—Section 702 surveillance is supposed to comply with the Fourth Amendment, the section expressly states this. If the PRISM described in reports does in fact comply with the Fourth Amendment, then there is no Fourth Amendment at all.
DNI Clapper has claimed that the reporting in PRISM is inaccurate. Perhaps so. But the government has lost all credibility on this matter. At this point they have to show us, or show someone we trust. That means not DiFi and Mike Rogers.