Tag: FAA

House, Senate Pass Different Bills: To Become Law Anyway?

Something fishy happened on Friday, and without further action in Congress it should scuttle the legislation to exempt the Federal Aviation Administration from sequestration-based spending limits. But maybe the old saying, “close only counts in horseshoes and handgrenades,” also applies to Senate unanimous consent agreements. If President Obama gives the bill five days of public review under his Sunlight Before Signing promise, perhaps it can be hashed out before anyone does anything foolish.

You’re probably aware of the background: Across-the-board spending cuts were threatening air travel delays because of FAA furloughs. Late last week, the House and Senate both passed bills to allow the Department of Transportation to move money around, clearing up that problem. (No new spending; just movement of funds from lower priorities to air traffic control.)

As I detailed on the WashingtonWatch.com blog late Saturday, the Senate and then the House passed identical bills, but determined to see the House version passed into law. Because the House would pass its bill after the Senate was gone for the week, the Senate agreed to automatically pass a bill coming from the House “identical” to the one it had passed. Problem solved.

But on Friday afternoon, after the House had passed its identical bill, sponsor Rep. Tom Latham (R-IA) came to the floor and asked unanimous consent to change the word “account” to “accounts” in his bill. The change is a mystery. My guess is that the reference to a singular appropriation account would not allow needed flexibility because there are many FAA accounts. But the change also made the sentence ungrammatical as it has a second reference to a singular account.

Whatever the reason, there was a reason. And after changing the legislation, it was no longer identical to the Senate-passed bill. Thus, the bill sent to the Senate could not be automatically passed. Accordingly, the bill does not go to the president and does not become law.

Now, is the difference between the singular and the plural of the word “account” small enough that the Senate can go ahead and treat the bills as identical? That threatens the meaning of the word “identical.” It certainly mattered in the House. Procedure expert Walter Oleszek calls unanimous consent agreements of this type “akin to a negotiated ‘contract’ among all Senators, [which] can only be changed by another unanimous consent agreement.”

The House-passed bill not being identical to the Senate-passed bill, the better approach is to find that the Senate unanimous consent agreement does not apply, and the House bill should sit in the Senate awaiting further action.

At the time of this writing, no public sources indicate that H.R. 1765 has been passed in the Senate, presented to the president, or signed. If President Obama does receive the bill, he should give it the five days of public review that he promised as a campaigner in 2008. This would allow things to get sorted out, so that we avoid the constitutionally embarassing spectacle (and future Jeopardy/Trivial Pursuit item) of a president sitting down to sign a piece of paper that is not actually a bill readied to become a law.

It’s Plane Pork

The Washington Post’s David Fahrenthold has identified another budget zombie. This time it’s an obscure grant program administered by the Federal Aviation Administration that dumps money on tiny airports with scant activity. 

From the article: 

Along a country road in southern Oklahoma, there is a place that doesn’t make sense. It is an airport without passengers. 

Or, for that matter, planes. 

This is Lake Murray State Park Airport, one of the least busy of the nation’s 3,300-plus public airfields. In an entire week here, there might be one landing and one takeoff — often so pilots can use the bathroom. Or none at all. Visiting pilots are warned to watch out for deer on the runway. 

So why is it still open? Mostly, because the U.S. government insists on sending it money. 

Every year, Oklahoma is allotted $150,000 in federal funding because of this place, the result of a grant program established 13 years ago, in Congress’s golden age of pork. The same amount goes to hundreds of other tiny airfields across the country — including more than 80 like this one, with no paying customers and no planes based at the field. 

And why does the federal government insist on sending Lake Murray—and other seldom used airports—money? 

In the years since 2000, pork has gone far out of fashion in American politics. But this program has remained strikingly difficult for anyone — from Washington to Oklahoma City — to kill. 

President George W. Bush, more than once, proposed budget cuts that would have ended the program. In 2011, Coburn suggested making states share more of the costs. Instead, last February, Congress kept the program in place when it reauthorized the FAA. 

Budget watchdog groups say these airport entitlements are in a league with the Essential Air Service program — which subsidizes commercial flights to small places — and Amtrak. Their services are spread wide enough to give them a strong base in Congress. 

One constantly hears the cries that the federal government (i.e., taxpayers) isn’t “investing” enough money on “our crumbling infrastructure.” Yet this is precisely what happens when you put politicians in charge of allocating resources: decisions are largely made on the basis of political and parochial concerns rather than sound economic and financial considerations. 

(See this Cato essay for more on federal involvement in airports and air traffic control.)  

Addendum: Fahrenthold notes that former House Transportation and Infrastructure Committee chairman Bud Shuster (R-PA) engineered the “carpet-bombing” of money from this program to congressional districts far and wide. His son, Bill Shuster, now heads the same committee and the apple didn’t fall far from the tree. So don’t expect this zombie to finally be put down anytime soon. 

What the Manual by DOJ’s Top Intelligence Lawyer Says About the FISA Amendments Act

To a casual observer, debates about national security spying can seem like a hopeless game of he-said/she-said. Government officials and congressional surveillance hawks characterize the authorities provided by measures like the FISA Amendments Act of 2008 in one way, while paranoid civil libertarians like me tell a more unsettling story. Who can say who’s right?

Fortunately, there is an authoritative unclassified source that explains what the law means: the revised 2012 edition of National Security Investigations and Prosecutions by David S. Kris (who headed the Justice Department’s National Security Division from 2009–2011) and J. Douglas Wilson. As the definitive (unclassified) treatise on what foreign intelligence surveillance law says, means, and permits, it’s the same resource you’d expect the government attorneys who apply for surveillance authority to consult for guidance on what the law does and doesn’t allow spy agencies to do. Let’s see what it says about the scope of surveillance authorized by the FAA:

[The FAA’s] certification provision states that the government under Section 1881a is “not required to identify the specific facilities, places premises, or property at which an acquisition … will be directed or conducted.” This is a significant grant of authority, because it allows for authorized acquisition—surveillance or a search—directed at any facility or location. For example, an authorization targeting “al Qaeda”—which is a non-U.S. person located abroad—could allow the government to wiretap any telephone that it believes will yield information from or about al Qaeda, either because the telephone is registered to a person whom the government believes is affiliated with al Qaeda, or because the government believes that the person communicates with others who are affiliated with al Qaeda, regardless of the location of the telephone. Unless the FISC attempts to address the issue under the rubric of minimization, no judge will contemporaneously review the government’s choice of facilities or places at which to direct acquisition. [….] Review of the certification is limited to the question “whether [it] contains all the required elements”; the FISC does not look behind the government’s assertion’s. Thus, for example, the FISC could not second-guess the government’s foreign intelligence purpose of conducting the acquisition, as long as the certification in fact asserts such a purpose.

Got that? The requirement that surveillance have a foreign “target” is satisfied if the general purpose of a wiretap program is to gather information about a foreign group like al Qaeda, and it employs procedures designed for that purpose. It does not mean that the particular phone numbers or e-mail accounts or other “facilities” targeted for surveillance have to belong to a foreigner: those could very well belong to an American citizen located within the United States, and no court or judge is required to approve or review the choice of which individuals to tap.

Kris and Wilson elaborate in a discussion of surveillance under the Protect America Act, the stopgap legislation that preceded the FAA, explaining how the language of the law could be exploited to conduct what most of us would think of as domestic surveillance despite the nominal requirement of a “foreign” target:

The concern was that the government could be said to “direct” surveillance at the entity abroad, but still monitor communications on a facility used (or used exclusively) by an individual U.S. person in this country. Indeed, the government in the recent past had taken the position that surveillance of a U.S. person’s home and mobile telephones was “directed at” al Qaeda, not at the U.S. person himself. Applied to the PAA, this logic seemed to allow surveillance of Americans’ telephones and e-mail accounts, inside the United States, without adherence to traditional FISA, as long as the government could persuade itself that the surveillance was indeed “directed” at al Qaeda or another foreign power that was reasonably believed to be abroad. When confronted with these concerns the government explicitly equated the PAA’s “directed at” standard with FISA’s “targeting” standard, meaning that acquisition was “directed” at an entity when the government was trying to acquire information from or about that entity.

More importantly for present purposes, the government’s equation of the “targeting” and “directed at” standards meant that concerns raised about the PAA applied equally to the FAA, which (as discussed above) authorizes acquisition “targeting” a “person” reasonably believed to be abroad, and explicitly adopts traditional FISA’s broad definition of the term “person.” The concern was that the government could use Section 1881a for an acquisition “targeting” al Qaeda, but “directed” at a facility or place used (or used exclusively) by John Smith, a U.S. person located in the United States, for Smith’s domestic communications. [Emphasis added.]

As Kris and Wilson note, Congress ultimately added a further limitation designed to allay such concerns, but it did not do so by prohibiting any flagging of Americans’ e-mail accounts or phone lines for interception and recording without a warrant. That is still allowed—though “minimization procedures” are then supposed to limit the retention and use of such information.

What Congress prohibited instead was the use of FAA surveillance to “intentionally acquire any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States.” But as Kris and Wilson point out, this restriction  “is imperfect because location is difficult to determine in the modern world of communications, and the restriction applies only when the government ‘knows’ that the communication is domestic.”

So to review: under the FAA, a court approves general procedures for surveillance “targeting” a foreign group. But the court does not approve or (necessarily) review any intelligence agency’s own discretionary determination about which specific people’s e-mail addresses, phone lines, or online accounts should be flagged for interception in order to gather information about that foreign group. The government’s past arguments indicate that it believes it may spy on the accounts or phones of individual American citizens located in the United States under an authorization to gather information about a foreign “target.” All the law requires is that they not intentionally record the American’s calls and e-mails when they are are known in advance to be to or from another American.

Remember: this isn’t my interpretation of the law. This isn’t speculation from someone at the American Civil Liberties Union or the Electronic Frontier Foundation about how the government might try to read the statute. This a legal reference text written by the lawyer who, until quite recently, ran the show at DOJ when it came to FISA surveillance. The next time you hear a member of Congress declare that the FAA has nothing to do with eavesdropping on Americans, ask yourself who is more likely to have  an accurate understanding of what the law really says.

What We Can and Can’t Know About NSA Spying: A Reply to Prof. Cordero

Georgetown Law professor Carrie Cordero—who previously worked at the Department of Justice improving privacy procedures for monitoring under the Foreign Intelligence Surveillance Act—attended our event with Sen. Ron Wyden (D-OR) on the FISA Amendments Act last week.  Perhaps unsurprisingly, she’s rather more comfortable with the surveillance authorized by the law than our speakers were, and posted some critical commentary at the Lawfare blog (which is, incidentally, required reading for national security and intelligence buffs). Marcy Wheeler has already posted her own reply, but I’d like to hit a few points as well. Here’s Cordero:

Since at least the summer of 2011, [Wyden and Sen. Mark Udall] have been pushing the Intelligence Community to provide more public information about how the FAA works, and how it affects the privacy rights of Americans. In particular, they have, in a series of letters, requested that the Executive Branch provide an estimate of the number of Americans incidentally intercepted during the course of FAA surveillance. According to the exchanges of letters, the Executive Branch has repeatedly denied the request, on the basis that: i) it would be an unreasonable burden on the workforce (and, presumably, would take intelligence professionals off their national security mission); and ii) gathering the data the senators are requesting would, in and of itself, violate privacy rights of Americans.

The workforce argument, even if true, is, of course, a loser. The question of whether the data call itself would violate privacy rights is a more interesting one. Multiple oversight personnel independent of the operational and analytical wings of the Intelligence Community – including the Office of Management and Budget, the NSA Inspector General, and just last month, the Inspector General of the Intelligence Community, have all said that the data call requested by the senators is not feasible. The other members of the SSCI appear to accept this claim on its face. Meanwhile, Senator Wyden states he just finds the claim unbelievable. That there must be some way it can be done, he says, if even on a sample basis. Maintaining that position puts him in an interesting place, however: is the privacy advocate actually advocating for violating the privacy rules, to appease a Congressional request? Assuming that he would not actually want to advocate that the rules be waived at the request of a politician, a question then arises as to whether the Intelligence Community has adequately explained exactly how the data call would work and why it would conflict with existing privacy rules and protections, such as minimization procedures.

I’ll grant Cordero this point: as absurd as it sounds to say “we can’t tell you how many Americans we’re spying on, because it would violate their privacy,” this might well be a concern if those of us who follow these issues from the outside are correct in our surmises about what NSA is doing under FAA authority. The only real restriction the law places on the initial interception of communications is that the NSA use “targeting procedures” designed to capture traffic to or from overseas groups and individuals. There’s an enormous amount of circumstantial evidence to suggest that initial acquisition is therefore extremely broad, with a large percentage of international communications traffic being fed into NSA databases for later querying. If that’s the case, then naturally the tiny subset of communications later reviewed by a human analyst—because they match far narrower criteria for suspicion—is going to be highly unrepresentative. To get even a rough statistical sample of what’s in the larger database, then, one would have to “inspect”—possibly using software—a whole lot of the innocent communications that wouldn’t otherwise ever be analyzed. And possibly the rules currently in place don’t make any allowance for querying the database—even to analyze metadata for the purpose of generating aggregate statistics—unless it’s directly related to an intelligence purpose.

A few points about this.  First: assuming, for the moment, that  this is the case, why can’t NSA and DOJ say so clearly and publicly? Because it would somehow imperil national security to characterize the surveillance program even at this highest level of generality, without any mention of particular search parameters or targets? Would it “help the terrorists” if they answered a more recent query from a bipartisan group of senators, asking whether database searches (as opposed to initial “targeting”) had focused on specific American citizens?  Please.

A  more plausible hypothesis is that they recognize that an official, public acknowledgement that the government is routinely copying and warehousing millions of completely innocent communications—even if they’re only looking at the “suspicious” minority— would not go over entirely smoothly with the citizenry. There might even be a demand for some public debate about whether this is the kind of thing we’re willing to countenance. Legal scholars might become curious whether whatever arguments support the constitutionality of this practice hold up as well in the light of the day as they do when they’re made unopposed in closed chambers. Even without an actual estimate, any meaningful discussion of the workings of the program would be likely to undermine the whole pretense that it only “incidentally” involves the communications of innocent Americans, or that the constraints on “targeting”constitute a meaningful safeguard.  The desire to avoid the whole hornet’s nest using the pretext of national security is perhaps understandable, but it shouldn’t be acceptable in a democracy. Yet everyone knows overclassification is endemic—even the government’s own former “classification czar” has blasted the government’s use of inappropriate secrecy as a weapon against critics.

Second, transparency at this level of generality is an essential component of privacy protection. To the extent that the rules governing  access to the database preclude any attempt to audit its aggregate contents—including by automated software tallying of identifiers such as area codes and IP addresses—then they should indeed be changed, not because a senator demanded it, but because they otherwise preclude adequate oversight. An online service that keeps no server logs would be somewhat more protective of its users privacy… if  its database were otherwise perfectly secure against intrusion or misuse. In the real world, where there’s no such thing as perfect security, such a service would be protecting user privacy extremely poorly, because it would lack the ability to detect and prevent breaches. If it is not possible to audit the NSA’s system in this way, then that system needs to be altered until it is possible. If giving Congress a rough sense of the extent of the agency’s surveillance of Americans falls outside the parameters of the intelligence mission (and therefore the permissible uses of the database), it’s time for a new mission statement.

Finally, Cordero closes by noting the SSCI has touted its own oversight as “extensive” and “robust,” which Cordero thinks “debunks” the  suggestion embedded in our event title that the FAA enables “mass spying without accountability.”  (Can I debunk the debunking by lauding the accuracy and thoroughness of my own analysis?)  Unfortunately, the consensus of most independent analysts of the intelligence committees’ performance is a good deal less sanguine—which makes me hesitant to take that self-assessment at face value.

As scholars frequently point out, the overseers are asked to process incredibly complex information with a limited cleared staff to assist them, and often forbidden to take notes at briefings or remove reports from secure facilities. When you read about those extensive reports, recall that in the run-up to the invasion of Iraq only six senators and a handful of representatives ever read past the executive summary of the National Intelligence Estimate on Iraq’s WMD programs to the far more qualified language of the  full 92-page report. You might think the intel committees would need to hold more hearings than their counterparts to compensate for these disadvantages, but UCLA’s Amy Zegart has found that they consistently rank at the bottom of the pack, year after year. Little wonder, then, that years of flagrant and systemic misuse of another controversial surveillance tool—National Security Letters—was not uncovered by the “extensive” and “robust” oversight of the intelligence committees, but by the Justice Department’s inspector general.

In any event, we seem to have at least 13 senators who don’t believe they’ve been provided with enough information to perform their oversight role adequately. Perhaps they’re setting the bar too high, but I find it more likely that their colleagues—who over time naturally grow to like and trust the intelligence officials upon whom they rely for their information—are a bit too easily satisfied. There are no  prizes for expending time, energy, and political capital on ferreting out civil liberties problems in covert intelligence programs, least of all in an election year. It’s far easier to be satisfied with whatever data the intelligence community deigns to dribble out—often with heroic indifference to statutory reporting deadlines—and take it on faith that everything’s running as smoothly as they say. That allows you to write, and even believe, that you’re conducting “robust” oversight without knowing (as Wyden’s letter suggests the committee members do not) roughly how many Americans are being captured in NSA’s database, how many purely-domestic communications have been intercepted,  whether warrantless “backdoor” targeting of Americans is being done via the selection of database queries. But the public need not be so easily satisfied, nor accept that meaningful “accountability” exists when all those extensive reports leave the overseers ignorant of so many basic facts.

NSA Spying and the Illusion of Oversight

Last week, the House Judiciary Committee hurtled toward reauthorization of a controversial spying law with a loud-and-clear declaration: not only do we have no idea how many American citizens are caught in the NSA’s warrantless surveillance dragnet, we don’t care—so please don’t tell us! By a 20–11 majority, the panel rejected an amendment that would have required the agency’s inspector general to produce an estimate of the number of Americans whose calls and e-mails were vacuumed up pursuant to broad “authorizations” under the FISA Amendments Act.

The agency’s Inspector General has apparently claimed that producing such an estimate would be “beyond the capacity of his office” and (wait for it) “would itself violate the privacy of U.S. persons.” This is hard to swallow on its face: there might plausibly be difficulties identifying the parties to intercepted e-mail communications, but at least for traditional phone calls, it should be trivial to tally up the number of distinct phone lines with U.S. area codes that have been subject to interception.

If the claim is even partly accurate, however, this should in itself be quite troubling. In theory, the FAA is designed to permit algorithmic surveillance of overseas terror suspects—even when they communicate with Americans. (Traditionally, FISA left surveillance of wholly foreign communications unregulated, but required a warrant when at least one end of a wire communication was in the United States.) But FAA surveillance programs must be designed to “prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States”—a feature the law’s supporters tout to reassure us they haven’t opened the door to warrantless surveillance of purely domestic communications. The wording leaves a substantial loophole, though. “Persons” as defined under FISA covers groups and other corporate entities, so an interception algorithm could easily “target persons” abroad but still flag purely domestic communications—a concern pointedly raised by the former head of the Justice Department’s National Security Division. The “prevent the intentional acquisition” language is meant to prevent that. Attorney General Eric Holder has made it explicit that the point of the FAA is precisely to allow eavesdropping on broad “Categories” of surveillance targets, defined by general search criteria, without having to identify individual targets. But, of course, if the NSA routinely sweeps up communications in bulk without any way of knowing where the endpoints are located, then it never has to worry about violating the “known at the time of acquisition” clause. Indeed, we already know that “overcollection” of purely domestic communications occurred on a large scale, almost immediately after the law came into effect.

If we care about the spirit as well as the letter of that constraint being respected, it ought to be a little disturbing that the NSA has admitted it doesn’t have any systematic mechanism for identifying communications with U.S. endpoints. Similar considerations apply to the “minimization procedures” which are supposed to limit the retention and dissemination of information about U.S. persons: How meaningfully can these be applied if there’s no systematic effort to detect when a U.S. person is party to a communication? If this is done, even if only for the subset of communications reviewed by human analysts, why can’t that sample be used to generate a ballpark estimate for the broader pool of intercepted messages? How can the Senate report on the FAA extension seriously tout “extensive” oversight of the law’s implementation when it lacks even these elementary figures? If it is truly impossible to generate those figures, isn’t that a tacit admission that meaningful oversight of these incredible powers is also impossible?

Here’s a slightly cynical suggestion: Congress isn’t interested in demanding the data here because it might make it harder to maintain the pretense that the FAA is all about “foreign” surveillance, and therefore needn’t provoke any concern about domestic civil liberties. A cold hard figure confirming that large numbers of Americans are being spied on under the program would make such assurances harder to deliver with a straight face. The “overcollection” of domestic traffic by NSA reported in 2009 may have encompassed “millions” of communications, and still constituted only a small fraction of the total—which suggests that we could be dealing with a truly massive number.

In truth, the “foreign targeting” argument was profoundly misleading. FISA has never regulated surveillance of wholly foreign communications: if all you’re doing is listening in on calls between foreigners in Pakistan and Yemen, you don’t even need the broad authority provided by the FAA. FISA and the FAA only need to come into play when one end of the parties to the communication is a U.S. person—and perhaps for e-mails stored in the U.S. whose ultimate destination is unknown. Just as importantly, when you’re talking about large scale, algorithm-based surveillance, it’s a mistake to put too much weight on “targeting” in the initial broad acquisition stage. If the first stage of your acquisition algorithm says “intercept all calls and e-mails between New York and Pakistan,” that will be kosher for FAA purposes provided the nominal target is the Pakistan side, but will entail spying on just as many Americans as foreigners in practice. If we knew just how many Americans, the FAA might not enjoy such a quick, quiet ride to reauthorization.

This Week in Government Failure

Over at Downsizing Government, we focused on the following issues this week:

  • On getting out of Afghanistan.
  • $61 billion in spending cuts amounts to less than a third of what taxpayers will pay in interest on the debt alone this year.
  • The political stakes in the latest debt ceiling game are high. The consequences of failing to use it as an opportunity to start reining in the federal government are even higher.
  • The IRS is handing out “free” candy.
  • New data from the Federal Aviation Administration shows that reported air traffic control errors have increased by 81 percent since 2007.