The FISA Amendment Will Legalize Data Mining, Part One
by emptywheel
I've been puzzling over something since the temporary FISA amendment passed in August. The Administration has claimed they needed on easy fix: to allow NSA to wiretap electronic communication that starts and finishes on foreign soil, whether or not that communication passes through the US between sender and recipient. Yet both times when Congress sets about providing that easy fix to FISA, the Administration demands much more. I believe those demands reveal what this FISA amendment is really about, and I believe this bill will legalize the Total Information Awareness program (or something like it) that the Administration had to scrap because Americans hated the idea. In other words, the battle happening in Thursday's Senate Judiciary Committee mark-up of the bill is about massive data mining--it's not primarily about discrete taps of individuals' phones.
There are two demands on which the Administration has refused to budge:
- Minimization
- Basket warrants
I'm going to do a three-part series, looking first at each of these issues on which the Administration is intransigent, then explaining why I think this means they're trying to authorize a massive data mining program.
Minimization
Minimization is the word for the procedures the government uses to remove and (eventually) delete any data from US persons collected incidentally in the course of surveilling someone overseas. If we could be guaranteed that minimization procedures are sound, then the whole debate over wiretapping would be easier because we could rest assured that if the NSA picked up anything on a US person it didn't have a warrant for, it had to destroy it. That would mean that Americans could trust that they would only be wiretapped with a warrant approved (eventually, anyway) by a judge.
But we don't have a guarantee that minimization procedures are sound. On the contrary, we've got an administration that absolutely refuses to pass a FISA amendment with such guaranteed minimization procedures. Back when Mike McConnell was blabbing about the FISA program, he revealed that the Administration's biggest complaint with the Democratic bills amending FISA was the language on minimization. The Democratic Senate bill required the Administration to tell Congress' Intelligence Committees if it failed to meet its own stated procedures on minimization. The Democratic House bill allowed (but did not require) the FISC to review the actual surveillance to ascertain whether the government had met its own standards for minimization.
Apparently, those two weak forms of minimization oversight were too much for the Administration, which withdrew its support for the Senate bill and instead supported a bill that didn't even require the Administration to reveal what its minimization procedures were, much less require the FISC to review compliance with those procedures.
The bill passed by the Senate Intelligence Committee is better than the temporary FISA amendment. It requires the government to tell the FISC and Congress what its minimization requirements are:
The Court shall review minimization procedures required by subsection (f) to assess whether such procedures meet the definition of minimization procedures under the definition of 101(h).
And it requires the Director of National Intelligence and the Attorney General to provide bi-annual reports to Congress and the FISC that include an assessment of whether the government is fulfilling its minimization procedures.
Not less frequently than once every 6 months, the Attorney General and the Director of National Intelligence shall assess compliance with the targeting and minimization procedures required by subsections (e) and (f) and shall submit each assessment to:
(1) the Foreign Intelligence Surveillance Court; and
(2) the congressional intelligence committees.
The Inspector Generals of agencies conducting surveillance under this law,
are authorized to review the compliance of their agency or element with the targeting and minimization procedures required by subsections (e) and (f);
But note: they are not required to review this compliance--they are simply authorized to do so. Nor are the DNI and AG required to integrate such IG reviews into their own reports to Congress.
In other words, the executive branch conducts the only review of whether the executive branch is complying with its minimization procedures. There is no court or Congressional review of whether the government is adequately isolating and protecting the information of US persons.
This is a problem that Sheldon Whitehouse is troubled by--and one he's trying to change.
In protecting the privacy of Americans while conducting surveillance, the critical element is judicial oversight. In the August law, the FISC was authorized only to review the Government’s determination that its surveillance targets persons ―reasonably believed to be outside the United States – and to intervene only if the Government’s determination is ―clearly erroneous. In contrast, under this bill, the FISC will need to approve both the ―targeting determination and the ―minimization procedures that are designed to protect U.S. citizens in America whose communications are intercepted incidentally. This bill also rejects the unduly permissive standard of review that the August law had imposed.
While these changes are positive and significant, there remains important work to be done to improve the bill. The FISC should not be required to approve the minimization procedures for warrantless surveillance of Americans and then forced to ignore their implementation. I have drafted and introduced an amendment that would clarify that the FISC has the same powers to review the Government’s compliance with minimization procedures for warrantless surveillance as it does with the minimization procedures used pursuant to traditional FISA warrants. This change is not yet a part of the bill, but I will continue to press for the Court’s clear authority to check on the implementation of these minimization procedures. U.S. citizens whose communications are incidentally intercepted should enjoy a two-stage protection: the minimization procedures themselves, and the salutary prospect of judicial review of compliance. Engaging more than one branch of government is a traditional protection in our American system of government. [my emphasis]
But when Orrin Hatch discussed Whitehouse's proposed amendment with Ken Wainstein in the most recent Senate Judiciary hearing on the FISA amendment, Wainstein provided a reason why the government does not want FISC to review compliance with minimization requirements that is nothing short of wacky:
Hatch: FISC, minmization, wouldn’t this make FISC in the position of where it’s making intelligence analysis.
KW It would put FISC where’s it’s being operational. It would be a tall order for FISC to assess compliance.
Look carefully at that exchange: Hatch (who not doubt was prepped for this question by the Administration) suggests that if the Court reviews compliance with minimization procedures, it will put "FISC in the position where it's making intelligence analysis." And Wainstein corrects Hatch and says FISC would be put in an "operational" role. WTF do either one of these statements mean? Why would a simple review of compliance with procedures put a court in either an analytical or an operational role?
At a minimum, I suspect, the claim that FISC would be in an analytical or operational role if it reviewed the government's compliance with its own minimization procedures means that it is not very easy to review compliance with these procedures. Indeed, the language suggests any review of compliance with minimization procedures would itself require a great deal of data analysis.
So one possible reason the Administration refuses to allow real oversight of its minimization procedures is that such a review would itself require complex data analysis. There may well be another reason--the government may know that its minimization procedures aren't going to work, and so they don't want anyone getting too close. In any case, the reason the Administration is squeamish on minimization procedures because they're just not going to work with the program it intends to authorize.
Yup. Once upon a time, when the system worked by flagging keywords, it was simple for the lawyers to vet the list of allowable keywords.
Nowadays very few people have the technical savvy to grasp how the analysis works when it works *right*, much less how it can go wrong.
It's a little bit like back in the Nixon days. It turned out to be possible to recover what was on the 18-1/2 minute gap, but the digital signal processing technology to do it was so new, there was no way to explain it to an average person.
Posted by: AmIDreaming | November 13, 2007 at 10:05
Lessons I have learned over two decades of dealing with governmental acquisition of citizen's information in violation of the Fourth Amendment.
1. If they can get information; they will get the information.
2. Once they have information; they will not give it up, even if legally required to do so.
3. If they can use the information; they will use the information, even if illegal to do so.
Posted by: bmaz | November 13, 2007 at 10:33
Thanks for this post EW. I am puzzled by why Democrats might be inclined to go along with the administration on this one. I can understand the telco immunity: said telcos are bribing members of Congress with campaign contributions, perhaps even at the behest of Dead-Eye who might be threatening to cancel their contracts if they don't do his bidding. But aside from the insatiable administration apetite for power, who benefits here? What possible motivation would there be for Congresscritters to roll over on this one?
Posted by: phred | November 13, 2007 at 11:06
This is the simple fact.
In this new world of Terrorism, we must do things we didnt' need to do in the old days, and one of them is to allow Our Guardians and Protectors to be able to track phone calls, etc.
If you are doing something you don't want tracked, then stop it, or go back to slipping messages across the class room.
Posted by: Jodi | November 13, 2007 at 11:09
Phred - They are stupid, uninformed and scared. That is just for starters....
Posted by: bmaz | November 13, 2007 at 11:09
Under the guise of the rhetoric of liberty and freedom totalitarianism advances. In many ways the motives for total information awareness consists of business advantages gained by access to information that is otherwise proprietory. One can dress it up as a response to terrorism but it really is nothing more than the cynical advancement of the despotic impulse by any means available. As for the fate of the political advances of the Revolution and American Civil Law: the King is dead!! long live the King! I say we dress up as Indians and throw the telecoms overboard.
Posted by: J. Thomason | November 13, 2007 at 11:19
I am not a conspiracy theorist. Still I find it odd that a Republican Administration which in about a year will most likely be replaced by a Democratic one is so interested in putting in place the foundations of a police state. Is it ideology? Is it the belief that the intelligence community is and should be outside the purview of American law and the Constitution? Or is it all a feign (as with the MCA and torture or immunity for telecoms) to legalize before they leave office what Bush and company have been doing illegally for years?
Posted by: Hugh | November 13, 2007 at 11:29
What troubles me is WHY, when these crooks are SUPPOSED to only have a year left to run their scams, are they so worried about all this. I don't, for a second, believe anyone in this criminal enterprise is actually worried about protecting normal Americans from foreign attack. That leaves me suspecting some troubling motivations:
- Protecting themselves. That is a nobrainer and the main thrust of everything they have done since the "shock" of 2006. What we need to figure out is how anything they get in their FISA bill works retroactively.
- Continued "total information awareness" of ALL communications between their POLITICAL enemies. But when you run a scam as big as this, you have to pay for the cooperation of non-political operators (Telco immunity). Who else is getting what out of this? Insider trading or industrial espionage? This would be easy since the DOJ and most other government agencies are non-functioning in any way but for GOP political gain.
- They really believe that they are still going to be in power after 2008, either by fixed elections (dirt on uncooperative election officials), shadow government using intercepted communication against any dissenters, or, of course, Marshal Law which requires spying on the controlled populous (us).
I just can't believe that any of these crooks (including the BushDogs) would put out ANY of this effort to give the incoming Democratic government these powers. So what is this really all about?
Posted by: JDJ | November 13, 2007 at 11:31
Hugh - I think it is both; but by far mostly the latter.
Posted by: bmaz | November 13, 2007 at 11:33
Sorry Hugh. Our posts crossed.
Posted by: JDJ | November 13, 2007 at 11:36
Jodi--Please be advised that in this day and (rotten) age, no facts are simple.
Posted by: mighty mouse | November 13, 2007 at 11:36
I haven't checked the proposed statute, but last year's proposed version modified the minimization practices by removing 101(h)(4) - a provision that requires destruction of some acquired communications (but not necessarily PR/TT data).
I'm squeamish with the notion of "privacy" being equated with protection of acquired data, but that's what "privacy" will be redefined as. The government will have full right of access and use, and as long as they only use it to prosecute criminals, no fourth amendment issue.
Posted by: cboldt | November 13, 2007 at 11:37
My Guardians and Protectors are named Sheba, Trina, Buck and Tobie. All four can track scent very well, phone calls - not so much.
Still, they would have done a job equal to the job done by the NSA before 9/11, when the problems were not that NSA didn't have access to all the calls and info it needed to have access to, but rather that, under Hayden it was incompetent and incapable of getting accurate and timely translations, sharing information captured lawfully with the correct operational wings of govt, and implementing follow up.
EW - glad you are breaking it down in parts. These kinds of things need that IMO. When you get to this -
At a minimum, I suspect, the claim that FISC would be in an analytical or operational role if it reviewed the government's compliance with its own minimization procedures means that it is not very easy to review compliance with these procedures. Indeed, the language suggests any review of compliance with minimization procedures would itself require a great deal of data analysis.
- you are at what I think may have been a big element in the Hospital showdown. No one mentions much the Leonig story, which says that a) when the program was first briefed to each of the Chief FISA Judges in turn (Lambert, then Kollar-Kotelly) they thought it was illegal and unconsitutional, and b) the FISA court established firewalls that DOJ was supposed to follow to keep the illegally compiled infomration out of the FISA court and c) there was at a minimum two big ooops, one of which sent the FISC Chief Judge at the time to contact Ashcroft and tell him that he and Mueller and others signing off were about to be getting held to account for evading the court's orders on firewalls and abusing the FISC process.
Couple this with the fact that Comey needed several weeks to "fix" what he saw as the problem and that "fix" seemingly had nothing to do with making the program itself less invasive (as it has been dinged by every court that looked behind the standing and state secrets arguments to the merits). [Aside, I have to wonder if the something like a charities case - or the Holy Land Foundation case in particular, where there were valid surveillance warrants sought and granted but where there was also evidence of illegal surveillance [unlike the Keith case, DOJ was also not bothering to disclose to the courts and actively hiding the illegal surveillance despite discovery requests]
If the way FISC found out that its firewall orders were spit on by DOJS was to hear about a case where they had granted surveillance orders without ever being advised of illegal surveillance already in place and they heard about it via the mechanism of defense counsel in the case discovering the info and raising a flap over it - - - no judge is going to be very happy about that.
So the Comey fix may have all been operational and may have been to install a better screening process for FISA applications to make sure the data analysis was done to make sure the firewalls were not being breached. That might, as well, have added a level of complexity and delay to the applications which might have supported the grousing and "why bother" approach to FISA warrants. Just conduct illegal surveillance and use black sites and torture - don't bother with legal surveillance, courts and trials.
When you get to this:
So one possible reason the Administration refuses to allow real oversight of its minimization procedures is that such a review would itself require complex data analysis. There may well be another reason--the government may know that its minimization procedures aren't going to work, and so they don't want anyone getting too close. In any case, the reason the Administration is squeamish on minimization procedures because they're just not going to work with the program it intends to authorize.
I tend to agree and also think that too much judicial oversight at some point is going to knock heads against what has already been done with compiling surveillance databanks and records. Bc at some point oversight of those minimization procedures will run up against not just the minimization with respect to the newly picked up info (screening out US info from the new intercepts) but also with what is done with the info picked up (running it through programs that have prior years compiliations of non-minimized US info).
I'm not very techie, so that may not be the case, but it's one of the things I see as making them very nervous. What happens with all the accumulated illegal data if someone gets oversight now?
This is also where I am going to give Harman a positive plug. She did proffer legislation that the Dems never tried to promote. This was done back around the time of the elections and it was a very good approach to leave all oversight with the FISC but to expand the personnel and resources and funding for FISC so that it could actually do the oversight it would need to do. That died a swift death.
And now we are back to the program that has never before attempted to have legislation supporting it, because Gonzales flat out said that while the Republicans were in charge he knew the WH couldn't get the legislation - - - and now we have Dems, throwing roses before the feet of an incoming Hillary, bending over backwards to authorize the program and worse and all without ever even asking about prudence and Constitutionality and why you would take a department thoroughly riddled now with felons and grant immunity to all and give them more power.
That's what the headlines should really be.
Democrats in Congress Pardon Thousands of Felonies And Grant Felons More Power to Spy on Americans.
Posted by: Mary | November 13, 2007 at 11:47
To make a connection that isn't clear from a quick read of "removing 101(h)(4)," that provision deals with warrantless surveillance under the old definition of electronic surveillance. Under the new definition, 101(h)(4) can sit there, and have no effect, because 101(h)(4) only pertains to warrantless electronic surveillance, and surveillance of international communications has been redefined as "not electronic surveillance."
For more fun, check out the extent of elements of the intelligence community. I like element 50 USC 401a(4)(L), myself.
See too, the sections of S.2248 that preclude the ability of states to protect privacy (as traditionally understood, not as redefined by the feds).
Posted by: cboldt | November 13, 2007 at 11:53
"I'm squeamish with the notion of "privacy" being equated with protection of acquired data, but that's what "privacy" will be redefined as."
That was exactly my point. Once they have the information the deal is effectively done. Historically, under 4th amendment law it has always been the acquisition itself that was prohibited; the government was never trusted to gather up a bunch of stuff and not use it.
Posted by: bmaz | November 13, 2007 at 11:53
My surmise is that the architecture of "listening" has fundamentally changed. The govt has permanent or prolonged access to virtually the full data stream, then culls what it wants as and when it wants it, rather like the Chinese govt. It presumably uses constantly tweaked search s/w and search priorities, with the ability to do special "tasking" as needed.
Forceful and enforceable minimization standards in FISA would probably force an admission of that, which would require either a change in architecture, or an elaborate protocol to ensure that even though the govt has access to the full data stream, it won't look at anything except what it's allowed to look at.
Like Eve in the Garden? More like filling a fraternity library with pornography and then saying that only seniors get to use it.
Posted by: earlofhuntingdon | November 13, 2007 at 11:55
Comrades--
If you don't wish for us to hear that you are criticizing General Secretary Brezhnev, either stop it, or go back to silently putting your hand out over your eyes to signify his eyebrows!
Posted by: Andrew Foland | November 13, 2007 at 11:58
So Mary, I take it then you believe the Dems are doing this so that HRC can continue Bush's expansion of executive powers. If so, we are well and truly screwed.
Posted by: phred | November 13, 2007 at 12:02
This is made all the more strange since Whitehouse and the SJC have seen the 4-Page Writ of Above-the-Law-ness that Bush used to originally get the Telecoms to comply with the Program.
For the Members of the Legislative Branch to grant Executive-only review of the targeting and profiling going forward would be to undercut their own function according to the Constitution, and implicitly endorse the Unitary Executive - not to mention leaving themselves open to un-reviewable targeting for Political Advantage.
I'm with bmaz, if the Power is given to them, they will use it to its full potential to serve themselves.
This is a surrender of the Constitution and the Rule of Law to the Ideology of the Executive. Doesn't this move also effectively undermine our 4th Amendment protection by 'allowing' surveillance-by-association with an un-warranted 'person of interest'?
A reasonable way to explain this un-reasonable behavior by Our Congress would be Duress from a threat already present.
Our Citizenship may now come second to Bush's Ideological Suspicions.
Posted by: radiofreewill | November 13, 2007 at 12:09
I don't have a hot clue as to who "bmaz" is or whether his claim to have been inside the WireTap game is accurate but regardless: writing now as who has been in that game - for many players - for too many years - let me lend my assurance to Ms E Wheeler's intrepid band of eager readers - even the BAdministration plant[s]: the white guy wearing the little glove at second speaks straight.
One time my number came up to be dispatched off to one of the hinterland prosecution offices in the throes of one of those quadr-/oct-ennial change-overs - ostensibly to assess staffing but with particular directions to assess compliance with security & reporting standards on warrants & offer help where needed & welcomed.
[Typically DOJ HQ quarterbacks or coaches or at least is intensely consulted on anything falling under whatever the AG of the day wants treated as bearing "national interest" & there is a boot camp for newbee USas & also for AUSas if the particular posting is experiencing major turnover or growth & there are periodic drop-ins - but the business still comes down to humans & stuff still happens.]
What I found was WAY more WT info gathered & ongoing info collection than reported yet quite a fair bit LESS compliance with EVERY aspect of reporting than according to the demands of both policy & law. Others I spoke with sent on parallel assignments found pretty much the same. It seemed there was always someone who kept info on a hedge that it's value might appreciate over time & in the bureaucratic sense only rarely is that the same person strictly accountable for complying with reporting or other security requirements.
Posted by: LabDancer | November 13, 2007 at 12:16
Jodi's jejeune notion that an all knowing govt only acts badly if it sees its targets acting badly was razed by John Dean. It's not just the bad actor who needs fear his or her government.
Govt's rightful concern is largely defined by lawbreaking, dropping through the floor of acceptable human behavior, which justifies government intervention. Much that is legal - and beyond the legitimate concern of government - is not beyond the rightful or wrongful concern of our neighbors. We all covet needful things.
Privacy is essential to civil society just as transparency and openness in government is essential to a democracy.
Among other things, thinking about doing evil is not the same as doing it. If that were the standard, what spouse, employee, adolescent or artful competitor "shall escape whipping?" For another, an all knowing Abe Lincoln can always give way to a know nothing Andrew Johnson or George Bush.
Only God could be trusted with all our secrets. As for humans, well, two of them can keep a secret only when one of them is dead. Something that every village postmistress knows all too well.
Posted by: earlofhuntingdon | November 13, 2007 at 12:16
"Minimization" nor the "FISA Bill updates" do not appear to prevent investigative leads to be provided to law enforcement. "Investigative leads" is a round about way of saying, "We know we have this illegally-obtained information; but here's a tip for you in lau enforcement: The evidence you need is here; and this is how you can lawfully get that information which you're not supposed ot know about."
The current FISA bill doesn't adequately prevent these "stumbled upon" scenarios from occurring. Sure, the information/evidence may be illegally obtained, but like money laundering, that evidence can be washed and turned into something else. NSA has been monitoring American citizens, in violation of attorney client privilege. [See the NSA litigation where the NSA logs were classified, but court permitted witnesses to rely on their memory of the redacted-NSA log.]
Posted by: Laundered Evidence | November 13, 2007 at 12:53
EW
Linked is a side-by side analysis of the Senate and House FISA update bills from a couple of months ago, concluding the same thing (FISA update is TIA)...
http://www.dailykos.com/story/2007/8/24/74230/9223
Posted by: drational | November 13, 2007 at 12:56
In this new world of Terrorism, we must do things we didnt' need to do in the old days, and one of them is to allow Our Guardians and Protectors to be able to track phone calls, etc.
Posted by: Shit Stain Jodi | November 13, 2007 at 11:09
Trust is a beautiful thing but your government doesn't love you the way your parents do. Still, you're doing your part and it's cute, the trust and deferrence, yes it's cute because it reminds me of the old days, when we were kids and didn't know better.
Posted by: Shit Stain Remover | November 13, 2007 at 13:03
LabDancer - I am simply an attorney who has represented a lot of criminal defendants in cases that involved wiretaps, pen registers, trap and traces, etc. and have also done civil rights cases for violation of the Fourth Amendment. Just enough to be pretty certain about what I speak.
Posted by: bmaz | November 13, 2007 at 14:19