The White House last night sent its semi-annual War Powers Resolution letter to Congress disclosing deployments of U.S. troops “equipped for combat” (a sometimes ambiguous category – guards at Guantanamo count, but not troops along the DMZ in the Korean Peninsula). I compared it to the June 2017 letter and identified the following deltas:
The new letter keeps secret US troop levels in Afghanistan, Iraq, Syria and Cameroon. By contrast the previous letter had disclosed that they were then around 8,448; 5,262; 503; and 285, respectively.
The new letter deletes any reference to the United Nations Security Council having authorized the continuing Afghanistan mission.
The new letter acknowledges that the US has struck several times at Syrian government and pro-Syrian government forces, asserting that they were “lawful” to counter threats to “U.S. and partner forces” engaged in the counter-ISIS campaign.
The new letter acknowledges that US forces, in addition to striking at AQAP (and, for the first time, ISIS) in Yemen, have also been providing logistics and other support to “regional forces” (e.g. the Saudis) combating the Houthis in Yemen’s civil war.
The new letter reveals that the number of US troops stationed in Jordan has dropped from about 2,850 to about 2,300
The new letter acknowledges for the first time that the US has stationed about 100 troops in Lebanon to help the Lebanese government as it fights ISIS
The new letter says about 800 US troops are in now Niger, up from about 575 six months ago
The new letter acknowledges that four service-members were killed in the ambush in Niger in October. It says the perpetrators were “an element assessed to be part of ISIS.”
The new letter says US troops in Egypt have dropped to about 400, from 700 as of June
The new letter says US troops in Kosovo have dropped to 640, from 774
The Office of the Director of National Intelligence has provided some written answers to questions submitted by senators like Dianne Feinstein, Ron Wyden, and Angus King during Senate Intel hearings over the summer about the FISA Amendments Act Section 702 warrantless surveillance program. Some of this is well covered territory, like Wyden’s fighting with the intelligence community about why they can’t/won’t estimate the volume of incidentally intercepted American information in the repository or the FBI’s inability/refusal to count its US person queries, but some weedy nuggets of interest jump out. Posting here for specialists.
DEFINITION OF “DERIVED FROM” AND PARALLEL CONSTRUCTION: They say they’re basically following the Title III wiretap “fruit of the poisonous tree” approach to defining when evidence is derived from 702 (such that notice to defendant is required), but essentially concede they’re not considering evidence to be “derived from” 702 if they decided they could fit it into the doctrines of independent source, inevitable discovery, and attenuation. (Since there’s not been a 702 notice to a defendant for a long time after the 2013-14 flurry that followed Don Verrilli’s intervention, obviously this exception has now swallowed the rule in how agents gather evidence in new cases. Still, the one-time flurry of notices did give several regular courts the opportunity to scrutinize the constitutionality of 702.) (PG 18/PDF 11)
USE OF 702 FOR TRANSNATIONAL CRIMES: The government (since Bob Litt era) has said it will restrict the use of 702 obtained/derived information in criminal cases to six of categories of serious crime, among them “transnational” crimes. But it’s still not defined the scope and limits of what counts as a transnational crime. In any case it says there haven’t been any transnational crime cases that used 702 information so far, only terrorism cases. (But see the big caveat above about the government’s use of parallel construction to launder 702 information.) (PG 20, PDF 13)
CIA SEARCHES OF US PERSON METADATA: While the CIA doesn’t keep track of its queries of the 702 metadata repository for U.S. person information (which we knew), it’s re-engineering its systems and expects to be able to start providing counts by the end of calendar year 2018. (PG 21, PDF 14)
USING 702 TO COMPEL PROVIDERS TO BUILD BACK DOORS IN ENCRYPTION: 702 says the government may direct providers to provide technical assistance in carrying out authorized surveillance and may get a court order to compel compliance. Wyden has been raising alarms about the possibility it could use this to force providers to build backdoors into their encrypted services or products, although it’s not clear whether he knows that something is actually happening or is instead just issue-spotting a hypothetical worry. Here we see that to date (as of the summer) the government has not sought a court order to force a provider to build an encryption backdoor. Ambiguity remains: the answer doesn’t say whether or not any providers have been directed to do this by US officials without resorting to a court order. (PG 27/PDF 18)
WHY THE IC SAYS IT CAN’T ESTIMATE THE VOLUME OF INCIDENTALLY COLLECTED US PERSON INFO IT HAS COLLECTED: We knew this rationale (which a US official explained to me in September) but now we can see a letter Dan Coats sent to the House Judiciary Committee last July explaining it to Congress, which was kept secret at the time. It says the problem basically boils down to an inability to systematically and reliably identify the location/nationality of non-targets on e-mails. (Wyden disagrees with this.) (PDF 28)
The law that supports the NSA/FBI warrantless surveillance program, the FISA Amendments Act Section 702, is set to expire on December 31, 2017, if Congress does not act to extend it. There are a proliferating array of rival bills to do so, some with modest reforms, some with sweeping reforms, and some with scant or no reforms. As things stand, without a month to go, it’s highly uncertain what is going to happen. There’s clearly a desire among some Senate leaders (e.g. Senator Richard Burr, the North Carolina Republican who leads the Senate Select Committee on Intelligence) to jam through a “clean” extension or to make it permanent without reforms, perhaps by attaching it to a bill to keep the government open. But it’s not clear that would pass the House, where a subset of Republicans (plus many Democrats) are insisting on new limits to protect Americans’ privacy. Tick tock!
Anyway, on Wednesday evening, the House Permanent Select Committee on Intelligence added its own version of a no-serious-reforms bill to the pile. On quick read for two particular markers, the HPSCI bill, which would extend 702 by four years through December 2021, does not impose a warrant requirement to query the repository for information about an American and does not bar the NSA from turning “abouts” collection back on (but rather requires notice to Congress).
It also expands the definition of a permissible FISA foreign power target to explicitly include transnational malicious hacking organizations that are not primarily made up of Americans, i.e. removing any need to be able to peg it to a foreign state or terrorist group.
This is the draft manager’s amendment to H.R. 3989, the “USA Liberty Act,” which would extend the expiring FISA Amendments Act Section 702 warrantless surveillance law but impose some changes to it, and which is being pushed by bipartisan leadership in the House Judiciary Committee. It’s been circulating for several days. Among other things, it makes several changes to the wording of the exceptions to the new warrant requirement it would impose on searches for Americans’ information within the repository of e-mails and other content collected without a warrant by targeting foreigners under the 702 program.
Today the Senate Select Committee on Intelligence is marking up, in secret, Chairman Burr’s bill to extend the FISA Amendments Act Section 702 warrantless surveillance program, the FISA Amendments Reauthorization Act. While the bill is not yet public, I published a copy here yesterday, alongside a revised draft of the Goodlatte-Conyers House Judiciary Committee bill, the USA Liberty Act. Now comes a third major stab at legislation to deal with the 702 program, which is set to expire at the end of 2017 if Congress enacts no extension bill, and proposed reforms: Senators Ron Wyden’s and Rand Paul’s USA Rights Act, linked here and also posted below.
The Rights Act will be formally introduced later today, and I suspect Wyden will also propose its text as a substitute amendment to the Burr bill at the SSCI hearing today, and then it will probably be rejected by a majority of the committee, as that is also what happened with the Patriot Act Section 215 expiration/reform fight. [See Power Wars, Chapter 11 (Institutionalized: Surveillance 2009-2017), Section 10 (Outside the Oval Office: Freedom Act I).]
Sunset: Extension of the Section 702 warrantless surveillance law, which is now set to expire on Dec. 31, 2017, until
Dec. 31, 2025
Sept. 30, 2023
Sept. 30, 2021
“Backdoor searches” for Americans’ content within the 702 repository of e-mails etc. collected without a warrant
No change: US person queries still permitted without a court order
Queries without an order still permitted for intelligence purposes. Queries for criminal purposes would ping the database and say whether there is a hit, but a judicial warrant that there is probable cause for a serious crime would be necessary to view it.
Judicial warrant required for any type of query (criminal or intelligence); absent a warrant database would not show whether there was a hit
Would permit the NSA, with the FISA Court’s permission, to turn “about” collection back on, with 30 days prior notice to Congress and expedited consideration of any bill to block the resumption
Would codify a ban on “about” collection until the sunset of this cycle of 702 reauthorization
Would ban “about” collection
Limits on law enforcement use of 702 information against Americans
Would limit use of 702 information as courtroom evidence in criminal prosecutions to national-security cases and a list of serious crimes e.g. murder; but imposes no limit on use of 702 information for investigations or civil/administrative cases
Would impose no law-enforcement usage limits on investigations or courtroom evidence
Would limit law enforcement use across the board (investigations, courtroom evidence, administrative proceedings) to a list of national-security matters
Notice to defendants when they face evidence “derived from” 702 warrantless surveillance
Would tighten definition of what triggers a notification requirement
Lots of legislative action on FISA Amendments Act Section 702 warrantless surveillance is happening with drafts that are not public even though they are not classifed. Here are some.
The Senate Select Committee on Intelligence on October 24, 2017, will mark up – behind closed doors – a bill being pushed by its chairman, Senator Richard Burr, Republican of North Carolina. Burr isn’t showing his draft to the public, and not clear what it will look like when the hearing is done, but here is a copy of the draft legislation, with annotations, heading into that hearing.
Senators Ron Wyden and Rand Paul are developing their own bill, which I imagine Wyden will offer as a substitute amendment on Tuesday but will probably be voted down. (That’s what happened with Patriot Act 215 reform legislation.)
Burr’s bill would extend 702 without significant reforms through 2025. The House bill would extend it to 2023 and would do things like codify a ban on “abouts” collection and require judicial warrants for FBI searches for Americans’ information within the repository for criminal but not foreign intelligence purposes. We’ll see whether the Wyden-Paul bill would go further on closing the so-called backdoor search loophole for intelligence searches too; Wyden has been a huge critic of warrantless queries for Americans’ info.
Here are the first and second tranches. This third tranche is long a dense – nearly 350 pages – but it seems to largely cover the same ground as was summarized in the most important documents in the second tranche, so I don’t immediately see a stand-alone general reader news story here. I’ve posted the documents on the New York Times website and will put them below as well. There’s some TLDR annotations in the margins on Document Cloud.
Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about the volume of internet communications the National Security Agency was collecting under the FISA Amendments Act (“Section 702”) warrantless surveillance program. In his opinion, declassified in August 2013, Judge Bates wrote that the NSA was collecting more than 250 million internet communications a year, of which 91 percent came from its Prism system (which collects stored e-mails from providers like Gmail) and 9 percent came from its upstream system (which collects transmitted messages from network operators like AT&T).
These numbers are wrong. This blog post will address, first, the widespread nature of this misunderstanding; second, how I came to FOIA certain documents trying to figure out whether the numbers really added up; third, what those documents show; and fourth, what I further learned in talking to an intelligence official. This is far too dense and weedy for a New York Times article, but should hopefully be of some interest to specialists.
First: This misunderstanding is widespread, showing up in court filings, articles, and books.The Washington Post cited it in one of its 2013 articles about the documents Edward Snowden sent to Bart Gellman. The Privacy and Civil Liberties Oversight Board, on pages 33-34 of its big 2014 report on 702, repeated it. I cited this statistic in my 2015 book, Power Wars. Laura Donahue refers to it on page 55 of her 2016 book, The Future of Foreign Intelligence. Tim Edgar cited it in an endnote on page 249 of his new book, Beyond Snowden, though he also cited a blog post I wrote last year raising doubts about it.
Second: I raised those doubts after reading a Medium post by Beatrice Hanssen that focused on Judges Bates’ opinion and the implications of “Multi-Communication Transactions” (where one intercepted upstream internet transaction might contain a bundle of many discrete communications). Hanssen raised the question of whether the existence of MCTs meant FISA Amendments Act upstream collection was bulkier than has been understood. I don’t agree with all of Hanssen’s analysis/claims about what an MCT is and what is happening. But her her claim seemed plausible to me that his ruling was mistakenly conflating “communications” and “transactions,” such that it was impossible for upstream to account for just 9 percent of the total 702 internet “communications” collected. That prompted me to FOIA the NSA for the other documents from the docket that led to the Bates rulings. I recently got the second big tranche from that lawsuit, which make a passing appearance in an article the New York Times published tonight.
Third: The documents show that the NSA/DOJ did tell Bates the numbers he recycled or paraphrased, but they strongly suggest that the government was misleadingly using the terms “communications” and “transactions” as interchangeable when they are not. Specifically, Bates was told (see Sept. 9, 2011 filing):
The NSA took a mid-July 2011 snapshot of stuff added to its 702 repository during the first six months of 2011 and identified 140.97 million such Internet “communications.”
So multiplying that by two to get a year’s worth, that means NSA was collecting more like 281 million internet … somethings (see below) a year in that time period. Bates simplified this to “more than 250 million.”
(Complication: Actually there were more somethings collected, but about 18k had been purged in the first six months for compliance reasons like roamers/overcollection before the snapshot, with the further complication that not all 18k had been gathered in 2011.)
Of these 140.97 million somethings in six months, 127.72 million (about 91 percent) came from Prism and 13.25 million (about 9 percent) came from upstream. So that is where that ratio came from.
The NSA also conducted a manual review of a statistically representative sample of upstream 702 “communications” in its repository. This covered 50,440 “transactions.” Of those, 5,081 (about 10 percent) were multi-communication transactions or MCTs and 45,359 (about 90 percent) were discrete/single communications or SCTs.
Since about 10 percent of upstream transactions were MCTs, each of which represent multiple communications, the upstream contribution to the total must be significantly more than 13.25 million in six months (or 26.5 million in a year). (Note: Hanssen’s Medium post got into some of this, too, citing a footnote in Bates’ opinion.)
Therefore, the NSA must have been collecting more than the 250-280 million internet “communications” Bates’ opinion and the newly disclosed NSA/DOJ submission to Bates suggested, and upstream must make up a larger percentage of the total haul of 702 collection than 9 percent.
Since we don’t know what the average number of discrete communications within an MCT is, we don’t know what the right multiplier is. We just know those numbers for total communications, and for the ratio of upstream communications collection versus Prism communications collection, must be wrong.
UPDATE: For example, if the MCT multiplier is 10, then total annual 702 collection circa 2011 was about 305.79 million communications, of which upstream accounted for 50.35 million or 16.5% of that total. If the multiplier is 100, the total was 544.29 million, of which upstream contributed 288.85 million, representing 53.1 percent.
Note that because of the end of “about” collection, these numbers are obsolete anyway and only of historical interest.
Fourth: After receiving and thinking about these documents, I spoke to a U.S. intelligence official about them. The official confirmed that the numbers were misleading, explaining that in that time period the NSA was using the words “communications” and “transactions” interchangeably, but after the 2011 attention to the existence of the MCT phenomenon made clear that was imprecise, it stopped doing so. The official said the 91 percent Prism to 9 percent upstream ratio was correct as far as units of stuff collected, but since sometimes one unit of stuff was many discrete communications, it’s not clear how many “communications” are in the upstream pile. The official was unaware of any NSA study that determined what the average number of communications in upstream MCT is.
But the official said there was another complexity that cut the other way. Sometimes, in upstream surveillance, a single discrete communications is chopped up and transmitted separately, and therefore intercepted as multiple transactions. In that case, rather than one transaction representing multiple communications, one communication would represent multiple transactions. So it’s twice murky.
In sum, we don’t know what we thought we knew. But we do know now that nobody should cite those numbers anymore, or at least not without a long and complicated caveat.
Several readers have brought to my attention that the web page containing the index to the hardcover edition of Power Wars will not load; it appears to have become corrupted.
Unfortunately it is so far proving to be beyond my WordPress skills to fix this problem. I can’t just create a new page and paste the index into it because the URL is printed at the back of the book and so the permalink needs to stay the same.
I apologize for the inconvenience. Fortunately, there is a workaround while I continue to seek a solution: please use the Google cache version of that web page, or you can download a PDF version.
Yesterday, Federal District Court Judge Christopher Cooper issued an unusual 14-page ruling in a Freedom of Information Act case brought by Protect Democracy and a preliminary injunction ordering the government to expedite its processing of the matter. The lawsuit is seeking documents laying out the Trump administration’s legal rationale for the United States’ April 6 airstrike against Assad regime forces in Syria as punishment for using chemical weapons. As a development, this is too incremental for a New York Times story, but it’s worth noting for executive power specialists — especially given some striking language the judge used.
A bit of background: One of the mysteries of the Trump administration’s first six months in power has been what the government was thinking, legally, when Trump ordered that airstrike. Congress had not authorized the U.S. government to use military force against the Syrian government as a matter of domestic law, and the United Nations Security Council had not done so as a matter of international law. Moreover, Syria had not attacked the United States and was not threatening to do so, so there was no self-defense claim. I wrote a New York Times article working through those war-powers legal puzzles on April 7, and on May 8 I wrote another NYT article about a newly filed a Freedom of Information Act lawsuit by Protect Democracy seeking documents. On June 20, I noted in another NYT article that the April 6 strike had been followed by several other violent encounters between the United States and Syrian government forces who were said to be threatening rebel militias that the United States is supporting — raising fears that the U.S. is sliding into war with Syria itself; the chairman of the Joint Chiefs of Staff, Gen. Joseph F. Dunford Jr., had claimed the authority for that subsequent combat stemmed from the 2001 authorization to use military force against the perpetrators of 9/11 because the American military presence in Syria was predicated on fighting Al Qaeda and the Islamic State there.
Against that backdrop, yesterday Judge Cooper wrote:
if production is unduly delayed, both Protect Democracy and the public at large will be “precluded . . . from obtaining in a timely fashion information vital to the current and ongoing debate surrounding the legality of” a high-profile government action, …—namely, military strikes against the Syrian government. Being closed off from such a debate is itself a harm in an open democracy. … But there is another potential harm, too: The possibility for the strikes to recur without legal justification. By then, any damage will have been done. … In short, because Protect Democracy has demonstrated a “compelling need” for the information it requested, the Court finds that the organization is likely to prevail on the merits of its expedited processing claim. (internal cites omitted)