Data-Mining Two
by emptywheel
Marty Lederman's post on data-mining says what I've been trying to say for two years about the NSA program. Contrary to what the NYT and others suggest, we don't have to look beyond data-mining to find something so horrible that a good conservative like James Comey would object. We just need to get to the point where the US is using data-mining of dubious connections to replace the idea of probable cause in a surveillance program.
Here's the theory, roughly:
There was some sort of data mining program going on. Probably not of content, almost certainly not content reviewed by humans. That is to say, it involved computers searching through "meta-data" related to calls and e-mails, looking for certain patterns that might suggest connections to Al Qaeda or to suspicious activitiy that might be terrorism-related. (I have my theories as to what the programs might have been looking for, but don't want to get into such speculation in this forum. And in any case, my theories are probably way off.)
This data-mining indicated that it might be valuable to do more targeted searches of particular communications "pipelines" (John Yoo's phrase), looking for more specific information. But that's where FISA came in. In order to target a particular U.S. person, or to wiretap a particular "facility," FISA requires that the NSA demonstrate to the FISA court probable cause to believe (i) that the target of the electronic surveillance is a foreign power or an agent of a foreign power, and (ii) that each of the facilities or places at which the electronic surveillance is directed is being used, or is about to be used, by a foreign power or an agent of a foreign power. 50 U.S.C. 1805(a)(3).Perhaps, as John Yoo suggests in his book, FISA would have prohibited following up on the leads revealed by the data mining with more targeted wiretaps of suspicious "channels" or "pipelines," "because we would have no specific al Qaeda suspects, and thus no probable cause." [Lederman's bold, my italics]
And again, we can be sure that this is one of the things that was going on, because when Bush "confirmed" a program in December 2005--clearly aiming to confirm just that part of the program of undisputed legality--he stressed that the targets for wiretapping were people with clear ties to Al Qaeda. The problem was that the Administration was using data mining (already of dubious legality for reasons I'll get into a second) as their basis for choosing targets to wiretap. They were therefore tapping people whose communication patterns--rather than their actions--suggested they might have terrorist ties.
Abu Zubaydah's Laptop
Before I get into the dubious legality of the data-mining itself, let me explore why using data-mining, rather than known connections to Al Qaeda, is sufficiently horrible to be the issue. The first story on this (thanks to Maguire for allowing me to be lazy) provides a clue on how they designed their data-mining.
What the agency calls a "special collection program" began soon after the Sept. 11 attacks, as it looked for new tools to attack terrorism. The program accelerated in early 2002 after the Central Intelligence Agency started capturing top Qaeda operatives overseas, including Abu Zubaydah, who was arrested in Pakistan in March 2002. The C.I.A. seized the terrorists' computers, cellphones and personal phone directories, said the officials familiar with the program. The N.S.A. surveillance was intended to exploit those numbers and addresses as quickly as possible, they said. [my emphasis]
That is, after we seized a bunch of gadgets from known terrorists, the program accelerated because we had more data for ... something.
Undoubtedly, the Administration proceeded to tap everyone in Zubaydah's personal phone directory--though they almost certainly could use FISA to do those taps. I'm no lawyer, but I'd assume that if Abu Zubaydah has you in his palm pilot, that's a sufficiently strong connection to a known Al Qaeda figure to constitute probable cause.
But if they used the gadget data for this illegal program, that means they used the data to do more than just demonstrate a known relationship with Al Qaeda. I've long suspected they used that data to develop a metadata profile of a terrorist: they took Abu Zubaydah and everyone in his phone book (say, a universe of about 300 people) and figured out the kinds of telecommunications patterns they had. It might have resulted in a weighted series of activities that they could then use on the known universe of data available to telecommunications partners of NSA, to find other likely "terrorists." I've speculated about what this might include before, but it's likely things like: frequent calls to certain areas of Kandahar, frequent use of online financial transactions (though by this point the real terrorists had forgone travelocity and such things), if in the US, frequent calls to (and presumably a reliance on) take-out food. If AT&T pulled up all their customers who fit such a profile, they might well net some folks with ties to Islamic extremists (presuming that that neighborhood in Kandahar held a clan of people with ties to the Taliban, for example). But it might also net some folks like the Iranian doctor who has been reported to have been incorrectly labeled as a terrorist through the program.
In other words, they're tapping people who have no ties to Al Qaeda, but who share the same communications profiles as some people in Al Qaeda, and therefore invading their privacy and the privacy of Americans who they communicate with. Reports have suggested they moved people in and out of the program quickly, presumably meaning they'd end the taps on the false positives pretty quickly once they learned they were simply aid workers rather than terrorists. But that's putting the best spin on things: what have they dug up in those periods before they established someone was a false positive? Do they check in on those false positives to make sure they were right?
Another key aspect of this is the bit about the "known universe of 300 people." Pattern analysis works great when you've got a known universe of 10,000. But it works pretty poorly if your universe fits in one low-tech terrorists telecommunications device. Which suggests it was not just data-mining with false positives, it was data-mining with a lot of false positives.
Data-Mining Americans
Now I'd like to summarize something else Marty points to. He reviews a signing statement Bush made to the Defense Appropriations Act for 2004 (written in fall 2003) that defunded the Total Information Awareness Program. Bush used some legal mumbo jumbo (described in section two of Marty's post) to exempt at least one program besides TIA from defunding. It's unclear how extensive was the exemption Bush imagined he secured himself with his signing statement, but one of the restrictions on data-mining specified in the Act was the following:
Well, the very next subsection -- 8131(b) -- also purported to impose a limitation on that data-mining program [the permitted one]: "None of the funds provided for Processing, analysis, and collaboration tools for counterterrorism foreign intelligence shall be available for deployment or implementation except for:
(1) lawful military operations of the United States conducted outside the United States; or
(2) lawful foreign intelligence activities conducted wholly overseas, or wholly against non-United States citizens."
In other words, when Congress defunded TIA, they at least tried to prevent at least one other data-mining program from accessing data on Americans or people in the US. But we know that Bush's program only requires that one end of tap (which we now know is the end-product of the data-mining program) to be outside of the US, and it only requires one target of the tap to be a non-US citizen. Add in the reports that the NSA was never entirely successful at isolating the US data from the non-USA data, and it seems not just likely, but probable, that Bush was violating this part of the Appropriations Act.
Which is a fancy way of saying that the data-mining violated the requirements for probable cause in FISA, but the data-mining itself probably violated a law Congress had passed in Fall 2003 specifically to prevent data-mining of American citizens. Which would mean that, no matter the outcome of debates over the AUMF-based justification for violating FISA and the Article II-based justification for violating FISA, if Bush was also violating this provision, then he was violating something passed subsequent to the AUMF and subsequent to Bush's initial authorization of the program.
A quick admonition as one reads the cases and commentary - the prhase "probable cause" is used in two very different ways, and one needs to be careful not to comingle the two meanings. The majority of commentators fail to make the distinction (Lederman is more clear on this than most), and in so doing, are prone to reach erroneous conclusions or make completely false contentions.
Under criminal law, "probable cause" is a measure of finding evidence pertinent to finding a criminal act
Under FISA, "probable cause" is a measure of finding the inforamtion to be a matter of foreign intelligence (no need for ANY crime to be implicated)
Posted by: cboldt | July 29, 2007 at 12:23
Thanks for that, cboldt
That was my understanding--and intent--when I suggested that anyone in Zubaydah's palm pilot likely surpasses the intelligence bar of probable cause, whereas the people who shop at the same falafel joint do not.
Posted by: emptywheel | July 29, 2007 at 12:30
CSPAN is re-airing Gonzalez testimony and I just listened to Sen. Whitehouse ask Gonzo what document he had when he went to see Ashcroft in the hospital. Gonzo said he had a document to reauthorize "the program". Whitehouse asked him where that document is and Gonzo said it would be "at the White House; it was a White House document". Sen. Whitehouse asked if it would be covered under "Presidential Records" and Gonzo was very careful not to directly answer that question. He simply reiterated that it was a "White House document".
Looks to me that Cheney was the force behind all this, as Gonzo also was clear to parse that he was sent at the behest of "the White House", but has never directly said that he was sent by the President.
Hopefully, SJC will request the document Gonzalez wanted Aschroft to sign. It shouldn't be covered by executive privilege if it was a document from Cheney.
Posted by: Tross | July 29, 2007 at 12:36
Your post seems to understand the two different applications of the phrase "probable cause." My comment aimed to firmly plant the difference in other readers' minds, as they go out and read other stuff on FISA and the general issue of warrantless surveillance.
Posted by: cboldt | July 29, 2007 at 12:36
CSPAN is re-airing Gonzalez testimony and I just listened to Sen. Whitehouse ask Gonzo what document he had when he went to see Ashcroft in the hospital. Gonzo said he had a document to reauthorize "the program". Whitehouse asked him where that document is and Gonzo said it would be "at the White House; it was a White House document". Sen. Whitehouse asked if it would be covered under "Presidential Records" and Gonzo was very careful not to directly answer that question. He simply reiterated that it was a "White House document".
Looks to me that Cheney was the force behind all this, as Gonzo also was clear to parse that he was sent at the behest of "the White House", but has never directly said that he was sent by the President.
Hopefully, SJC will request the document Gonzalez wanted Aschroft to sign. It shouldn't be covered by executive privilege if it was a document from Cheney.
Posted by: Tross | July 29, 2007 at 12:37
Sorry for the double post. Internet Explorer a bit dodgy this morning.
Posted by: Tross | July 29, 2007 at 12:38
The NYTimes lead editorial today appears to confirm that Dick Cheney was the person who sent Gonzales and Card to Ashcroft's bedside.
http://www.nytimes.com/2007/07/29/opinion/29sun1.html
"Both men say that in March 2004 — when Mr. Gonzales was still the White House counsel — the Justice Department refused to endorse a continuation of the wiretapping program because it was illegal. (Mr. Comey was running the department temporarily because Attorney General John Ashcroft had emergency surgery.) Unwilling to accept that conclusion, Vice President Dick Cheney sent Mr. Gonzales and another official to Mr. Ashcroft's hospital room to get him to approve the wiretapping."
Posted by: &1 | July 29, 2007 at 12:46
As I commented in a previous thread, that was my understanding of Gonzo's "at the behest of the President" locution. Cheney acts under some sort of verbal delegation agreement with Bush, and so acts "at the behest" of the Prez when he acts in his stead. So Gonzo did mean that Cheney was the authorizer here.
Posted by: Mimikatz | July 29, 2007 at 12:52
EW and cboldt - There is indeed a tension between the two "definitions" of probable cause between FISA and a traditional Constitutional analysis. At some point, even pesky lawyers have to be pragmatic, and that is why, as I stated below in response to cboldt, my real consternation as it related to my actual practice was in terms of the confrontation clause (and I will admit that I came out on the short end of the stick when I posed that argument in a case, but I still maintain it is correct). Going further than cboldt's succinct explanation of the arguably two different definitions of probable cause really doesn't behoove us for the purposes at hand. I will raise a corollary thought though, and that is what is the threshold basis for determining that a target is "al Qaida"? Probable cause? Reasonable suspicion? Mere conjecture? Whole cloth fabrication? Now I know cboldt, or someone else, is going to come back at me with statutory language purporting to cover this question, but I think the track record of this administration may lend itself more to, at best, the "mere conjecture" explanation.
Posted by: bmaz | July 29, 2007 at 12:58
I think you're probably right that data mining was part of the apparatus used in the program Comey, Ashcroft and Mueller objected to. But what Cheney and his Orcs were doing had to have gone much further than simply wiretapping people without probable cause. Comey, Ashcroft and Mueller are not shrinking violets. The FBI and local cops violate the Fourth Amendment restriction on search and seizure all the time and these guys just applaud.
There had to be political dynamite going on, perhaps the kinds of profiles that were used, such that the phones of peace activists, liberal professors, Democratic congressmen, members of the media elite, etc. were being tapped. Or Cheney's creeps were clearly lying to the FISA judges or violating a clear (but secret) court order.
No way would Comey, Mueller and Ashcroft threaten to resign en masse over a simple wiretapping program that had lots of false positives when they tapped the phones of non-citizens.
Posted by: kaleidscope | July 29, 2007 at 13:03
I think you're probably right that data mining was part of the apparatus used in the program Comey, Ashcroft and Mueller objected to. But what Cheney and his Orcs were doing had to have gone much further than simply wiretapping people without probable cause. Comey, Ashcroft and Mueller are not shrinking violets. The FBI and local cops violate the Fourth Amendment restriction on search and seizure all the time and these guys just applaud.
There had to be political dynamite going on, perhaps the kinds of profiles that were used, such that the phones of peace activists, liberal professors, Democratic congressmen, members of the media elite, etc. were being tapped. Or Cheney's creeps were clearly lying to the FISA judges or violating a clear (but secret) court order.
No way would Comey, Mueller and Ashcroft threaten to resign en masse over a simple wiretapping program that had lots of false positives when they tapped the phones of non-citizens.
Posted by: kaleidscope | July 29, 2007 at 13:04
Bmaz: It's the One Percent Doctrine. If someone might be dangerous, we treat him/her as if their dangerousness were a certainty. It's been Cheney's policy since 9/11. Call it the paranoid's paradox, because they lose any ability to control what might be controlable by trying to control everything.
Posted by: Mimikatz | July 29, 2007 at 13:05
I agree with Kaleidoscope, and said so yesterday. I think they were getting into tapping political enemies, or potential enemies.
Posted by: Mimikatz | July 29, 2007 at 13:07
Blast from the past:
and Abu from same:
Woohoo - the conservatives have finally decided penumbra isn't a dirty word!
Posted by: tryggth | July 29, 2007 at 13:20
Agree with kaleidscope -- to an "administration" prepared to defend torture and suspension of habeas, widespread data mining and illegal taps are small potatoes, and unlikely to cause them enough political or legal damage to be so urgently protective about them. Look how readily they're riding out the FBI's illegal use of NSLs. I'm willing to bet that the NYT's revelations about data mining will not cause a firestorm any more bothersome than that did.
No, the information that will greatly harm Bushco is WHO they ended up tapping and HOW they used the information gathered. When we find out about a J. Edgar Hoover level of political blackmail against people who are considered "respectable" -- politicians, journalists -- unlike the expendable Muslim immigrants and peace activists, then we will get the firestorm. And the irony is, some of the prominent people protecting Bushco right now are probably the victims of this enterprise.
Posted by: mamayaga | July 29, 2007 at 13:23
And I wonder how the data mining played into the arrest and torture of innocent people?? My guess is that this is how they "caught" several of the poor tortured souls who were later exonerated. Giving up this information would lay the ground work for huge law suits, and would put a nail in the coffin in regard to the discussion. How the good out weighs the bad.
Maybe it's bigger than this but this is the only reason I can think of that would cause them to forsake the discussion, completely. They are good at spinning and could have surely spun the action in such at way to recieve very little blow back from the American people. But if they arrested multiple innocents folks AND THEN TORTURED THEM??? Well, it all ties together. It not only screws them, but it screws the idea of data mining altogether.
Posted by: Katie Jensen | July 29, 2007 at 13:28
Kaleidoscope and Mimikatz - That is the problem isn't it? Once the government possesses the ultimate database, it is a given that someone in the government will access and use it for nefarious purposes. Malfeasants care not whether the fruit comes from a poisonous tree or not; if it will give them temporary sustenance for their evil crusade, they will consume it.
Posted by: bmaz | July 29, 2007 at 13:31
&1, I wonder if the Times got this information during the investigation for the initial report, and published it today on purpose or by mistake. It's huge that the Tin Man sent Fredo and Dandy Card on the mission to the hospital.
Posted by: Sally | July 29, 2007 at 13:31
-- I will raise a corollary thought though, and that is what is the threshold basis for determining that a target is "al Qaida"? Probable cause? Reasonable suspicion? Mere conjecture? Whole cloth fabrication? Now I know cboldt, or someone else, is going to come back at me with statutory language purporting to cover this question --
Heheheh. Well, I don't know of any statutory language that covers the threshold basis for looking in the first place. Of course, there isn't an "al Qaeda only" limitation on gathering of foreign intelligence.
I've speculated that the investigators are attempting to bootstrap a finding that a communications is in the nature of foreign intelligence, AFTER reviewing at least part of the communications with NO CAUSE whatsoever. Similar to a speed trap, everybody gets radar gunned, some speeders are ticketed. In communications surveillance, unlike driving, people reasonably assert some expectation of privacy.
Here's an old comment where I speculate such bootstrapping, and (not that it affects the occurrence of bootstrapping) you'll notice I used the "criminal event" meaning of "probable cause," when, under FISA, the "probable cause" is related to finding foreign intelligence, even if the foreign intelligence has zero criminal content. The bootstrapping problem can arise under either meaning.
Posted by: cboldt | July 29, 2007 at 13:52
Just wanted to point to an article a friend wrote in Dec '05 theorizing on what types of datamining might have been going on. http://arstechnica.com/news.ars/post/20051220-5808.html.
Alot of what you wrote in your post above reminded me of stuff that Jon was talking about a while ago.
Posted by: zAmboni | July 29, 2007 at 13:53
How did preventing the exposure of politically dangerous data mining programs - so legally suspect that the thirty top lawyers at a highly conservative DOJ threatened to resign - affect KKKarl's math and the 2004 election?
Posted by: earlofhuntingdon | July 29, 2007 at 13:55
Well it certainly seems like things will be heating up and at the very least get more interesting for Bushco. Laura Rozen at War and Piece found this interesting piece of information about Mr. Goldsmith, who wrote the OLC opinion that Mr. Comey used to justify his own concerns for not re-authorizing "the program". Most likely the swiftboating of Mr. Goldsmith will begin shortly especially since he also has written a book. As everyone knows writing and selling a book that may not take too kindly to the Bush-Cheney administration's lawlessness immediately and totally invalidates any reasoned and insider fact-based opinion you may have on the issue.
Posted by: my too sense | July 29, 2007 at 14:08
Glenn Greenwald has an interesting analysis of the motivations behind this leak -- he thinks it's Bushco's way to paper over Gonzalez' perjury. Apparently a number of corporate media flacks are picking up this meme.
Posted by: mamayaga | July 29, 2007 at 14:17
-- But if they arrested multiple innocents folks AND THEN TORTURED THEM? --
I think the Khaled El-Masri case fits this template. However, I don't think there is a contention or evidence that he was identified through a domestic warrantless search, or anything associated with FISA/NSA activities.
Posted by: cboldt | July 29, 2007 at 14:23
-- If someone might be dangerous, we treat him/her as if their dangerousness were a certainty. --
There is another principle at work, in the same vein, that being a presumption of dangerous. It's why 100% of people are screened at airports, we are all presumed to be dangerous, until inspection proves otherwise.
In other words, as a practical matter, there is no "if" in your "If someone might be dangerous." The government's attitude is that everyone (every commoner) might be dangerous.
Posted by: cboldt | July 29, 2007 at 14:25