Marty Lederman's post on data-mining says what I've been trying to say for two years about the NSA program. Contrary to what the NYT and others suggest, we don't have to look beyond data-mining to find something so horrible that a good conservative like James Comey would object. We just need to get to the point where the US is using data-mining of dubious connections to replace the idea of probable cause in a surveillance program.
Here's the theory, roughly:
There was some sort of data mining program going on. Probably not of content, almost certainly not content reviewed by humans. That is to say, it involved computers searching through "meta-data" related to calls and e-mails, looking for certain patterns that might suggest connections to Al Qaeda or to suspicious activitiy that might be terrorism-related. (I have my theories as to what the programs might have been looking for, but don't want to get into such speculation in this forum. And in any case, my theories are probably way off.)
This data-mining indicated that it might be valuable to do more targeted searches of particular communications "pipelines" (John Yoo's phrase), looking for more specific information. But that's where FISA came in. In order to target a particular U.S. person, or to wiretap a particular "facility," FISA requires that the NSA demonstrate to the FISA court probable cause to believe (i) that the target of the electronic surveillance is a foreign power or an agent of a foreign power, and (ii) that each of the facilities or places at which the electronic surveillance is directed is being used, or is about to be used, by a foreign power or an agent of a foreign power. 50 U.S.C. 1805(a)(3).
Perhaps, as John Yoo suggests in his book, FISA would have prohibited following up on the leads revealed by the data mining with more targeted wiretaps of suspicious "channels" or "pipelines," "because we would have no specific al Qaeda suspects, and thus no probable cause." [Lederman's bold, my italics]
And again, we can be sure that this is one of the things that was going on, because when Bush "confirmed" a program in December 2005--clearly aiming to confirm just that part of the program of undisputed legality--he stressed that the targets for wiretapping were people with clear ties to Al Qaeda. The problem was that the Administration was using data mining (already of dubious legality for reasons I'll get into a second) as their basis for choosing targets to wiretap. They were therefore tapping people whose communication patterns--rather than their actions--suggested they might have terrorist ties.
Abu Zubaydah's Laptop
Before I get into the dubious legality of the data-mining itself, let me explore why using data-mining, rather than known connections to Al Qaeda, is sufficiently horrible to be the issue. The first story on this (thanks to Maguire for allowing me to be lazy) provides a clue on how they designed their data-mining.
What the agency calls a "special collection program" began soon after the Sept. 11 attacks, as it looked for new tools to attack terrorism. The program accelerated in early 2002 after the Central Intelligence Agency started capturing top Qaeda operatives overseas, including Abu Zubaydah, who was arrested in Pakistan in March 2002. The C.I.A. seized the terrorists' computers, cellphones and personal phone directories, said the officials familiar with the program. The N.S.A. surveillance was intended to exploit those numbers and addresses as quickly as possible, they said. [my emphasis]
That is, after we seized a bunch of gadgets from known terrorists, the program accelerated because we had more data for ... something.
Undoubtedly, the Administration proceeded to tap everyone in Zubaydah's personal phone directory--though they almost certainly could use FISA to do those taps. I'm no lawyer, but I'd assume that if Abu Zubaydah has you in his palm pilot, that's a sufficiently strong connection to a known Al Qaeda figure to constitute probable cause.
But if they used the gadget data for this illegal program, that means they used the data to do more than just demonstrate a known relationship with Al Qaeda. I've long suspected they used that data to develop a metadata profile of a terrorist: they took Abu Zubaydah and everyone in his phone book (say, a universe of about 300 people) and figured out the kinds of telecommunications patterns they had. It might have resulted in a weighted series of activities that they could then use on the known universe of data available to telecommunications partners of NSA, to find other likely "terrorists." I've speculated about what this might include before, but it's likely things like: frequent calls to certain areas of Kandahar, frequent use of online financial transactions (though by this point the real terrorists had forgone travelocity and such things), if in the US, frequent calls to (and presumably a reliance on) take-out food. If AT&T pulled up all their customers who fit such a profile, they might well net some folks with ties to Islamic extremists (presuming that that neighborhood in Kandahar held a clan of people with ties to the Taliban, for example). But it might also net some folks like the Iranian doctor who has been reported to have been incorrectly labeled as a terrorist through the program.
In other words, they're tapping people who have no ties to Al Qaeda, but who share the same communications profiles as some people in Al Qaeda, and therefore invading their privacy and the privacy of Americans who they communicate with. Reports have suggested they moved people in and out of the program quickly, presumably meaning they'd end the taps on the false positives pretty quickly once they learned they were simply aid workers rather than terrorists. But that's putting the best spin on things: what have they dug up in those periods before they established someone was a false positive? Do they check in on those false positives to make sure they were right?
Another key aspect of this is the bit about the "known universe of 300 people." Pattern analysis works great when you've got a known universe of 10,000. But it works pretty poorly if your universe fits in one low-tech terrorists telecommunications device. Which suggests it was not just data-mining with false positives, it was data-mining with a lot of false positives.
Now I'd like to summarize something else Marty points to. He reviews a signing statement Bush made to the Defense Appropriations Act for 2004 (written in fall 2003) that defunded the Total Information Awareness Program. Bush used some legal mumbo jumbo (described in section two of Marty's post) to exempt at least one program besides TIA from defunding. It's unclear how extensive was the exemption Bush imagined he secured himself with his signing statement, but one of the restrictions on data-mining specified in the Act was the following:
Well, the very next subsection -- 8131(b) -- also purported to impose a limitation on that data-mining program [the permitted one]: "None of the funds provided for Processing, analysis, and collaboration tools for counterterrorism foreign intelligence shall be available for deployment or implementation except for:
(1) lawful military operations of the United States conducted outside the United States; or
(2) lawful foreign intelligence activities conducted wholly overseas, or wholly against non-United States citizens."
In other words, when Congress defunded TIA, they at least tried to prevent at least one other data-mining program from accessing data on Americans or people in the US. But we know that Bush's program only requires that one end of tap (which we now know is the end-product of the data-mining program) to be outside of the US, and it only requires one target of the tap to be a non-US citizen. Add in the reports that the NSA was never entirely successful at isolating the US data from the non-USA data, and it seems not just likely, but probable, that Bush was violating this part of the Appropriations Act.
Which is a fancy way of saying that the data-mining violated the requirements for probable cause in FISA, but the data-mining itself probably violated a law Congress had passed in Fall 2003 specifically to prevent data-mining of American citizens. Which would mean that, no matter the outcome of debates over the AUMF-based justification for violating FISA and the Article II-based justification for violating FISA, if Bush was also violating this provision, then he was violating something passed subsequent to the AUMF and subsequent to Bush's initial authorization of the program.