Tag: NSA

A Surveillance State Coda

The program of warrantless NSA wiretapping (and data mining) authorized by President George W. Bush shortly after the 9/11 attacks prompted a flurry of intense debate over its legality when it was disclosed by The New York Times back in 2005. Those arguments have, by now, been so thoroughly rehearsed that there’s not a whole lot new to say about it.

But like Monty Python’s Black Knight, some of those old arguments keep popping up — as evidenced by John Eastman’s contribution to the Cato Unbound roundtable on the digital surveillance state we held last month. So while the roundtable’s over, I thought it would be convenient to round up a compact version of the main arguments in one place, for the convenience of folks who might not want to slog through the many law review articles that have been written on the subject.

The touchstone for modern analysis of executive war powers is, by general consensus, the tripartite schema elaborated by Justice Jackson in his concurrence in the Youngstown steel seizure case :

1. When the President acts pursuant to an express or implied authorization of Congress, his authority is at its maximum, for it includes all that he possesses in his own right plus all that Congress can delegate. In these circumstances, and in these only, may he be said (for what it may be worth) to personify the federal sovereignty. If his act is held unconstitutional under these circumstances, it usually means that the Federal Government, as an undivided whole, lacks power…

2. When the President acts in absence of either a congressional grant or denial of authority, he can only rely upon his own independent powers, but there is a zone of twilight in which he and Congress may have concurrent authority, or in which its distribution is uncertain…

3. When the President takes measures incompatible with the expressed or implied will of Congress, his power is at its lowest ebb, for then he can rely only upon his own constitutional powers minus any constitutional powers of Congress over the matter… Presidential claim to a power at once so conclusive and preclusive must be scrutinized with caution, for what is at stake is the equilibrium established by our constitutional system.

Using this as our starting point, it becomes clear that an analysis of the NSA program entails answering a series of distinct (though related) questions. First, we need to determine which level of the Youngstown schema applies. If we’re in Youngstown’s Category I, then the NSA program was illegal only if it exceeded the constitutional constraints on government surveillance established by the Fourth Amendment. If, on the other hand, we’re in Category III, a constitutionally permissible surveillance program might nevertheless be illegal. So I’ll consider three questions in turn: Did the NSA program violate federal statute? If so, does the statute trump whatever inherent power the president might enjoy as commander in chief in this context? Finally, does the program, as it’s been publicly described, violate the Fourth Amendment? An affirmative answer to either the first pair of questions or the third will entail that the NSA program was illegal.

The AUMF

The statutory question may seem like something of a no-brainer: The Foreign Intelligence Surveillance Act of 1978 states explicitly that its procedures establish the “exclusive means” for domestic electronic surveillance for foreign intelligence purposes. In this case, the obvious answer is the right one. But the Justice Department has attempted to claim that Congress cleverly managed to repeal the “exclusive means” language without telling anyone about it back in 2001, when it passed the Authorization for the Use of Military Force against the perpetrators of the 9/11 attacks. Probably the most decisive demolition of that argument was offered by David Kris, who currently heads the National Security Division at the Department of Justice, but it’s worth reviewing briefly why this argument is so implausible.

The central problem with reliance on the AUMF is that FISA itself contains a provision providing a 15-day surveillance grace period following a declaration of war. As the legislative conference report explains, this was intended to provide time for Congress to consider whether any wartime modifications to the FISA structure were necessary. Plainly, then, Congress did not imagine or intend that a declaration of war (or “authorization of force”) would in itself implicitly loosen FISA’s fetters beyond that grace period.

Moreover, Congress has repeatedly amended FISA since the 9/11 attacks, both in the PATRIOT Act passed almost simultaneously with the AUMF, and in subsequent legislation over a period of years. As Glenn Greenwald recounted in his lead essay for the Cato roundtable, Congress has expanded government surveillance powers in a variety of ways, but none of these prior to the Protect America Act of 2007 (superseded by the FISA Amendments Act of 2008) approached the breadth of the NSA program, and even these establish at least a modicum of judicial oversight, however inadequate. Again, this history sits uneasily with the premise that Congress understood itself to have authorized such broad domestic surveillance when it passed the AUMF.

Indeed, as former Senate Majority Leader Tom Daschle explained in a Washington Post op-ed shortly after the revelation of the warrantless wiretap program, the Senate explicitly rejected language sought by the White House that would have extended the authorization to actions within the United States. Then–attorney general Alberto Gonzales has publicly acknowledged that the Bush administration contemplated asking for a more specific amendment to FISA authorizing something like the NSA program, but concluded that it would be “difficult, if not impossible” to get such an amendment adopted. We are being asked to believe, in other words, that Congress intended to implicitly grant authority that the administration was certain would be refused had it been requested overtly. It is, as Justice Frankfurter put it in Youngstown, “quite impossible … to find secreted in the interstices of legislation the very grant of power which Congress consciously withheld.”

Basic principles of statutory construction disfavor inferring implicit repeal of specific statutory language from more general authorizations, except in the face of “overwhelming evidence” of congressional intent — and the Court has accordingly rejected parallel arguments in several recent War on Terror cases, as in Hamdan v. Rumsfeld, where the court found “nothing in the text or legislative history of the AUMF even hinting that Congress intended to expand or alter the authorization” for military commissions spelled out in the Uniform Code of Military Justice.

The evidence here is indeed overwhelming, and it uniformly cuts against the fanciful proposition that Congress somehow enacted a kind of sub silentio repeal of FISA. I’m inclined to assume this argument was offered primarily because of an understandable reluctance to rely entirely on a radical theory of inherent and preclusive executive powers, to which I turn next.

The President’s Inherent Authority

The first thing to observe with respect to claims of inherent executive authority is that if we exclude non-binding dicta, the evidence for a constitutional power to conduct warrantless domestic surveillance for foreign intelligence purposes is almost wholly negative. That is to say, it turns on inferences from questions the Supreme Court has declined to directly address rather than on its affirmative holdings. As we’ll see, this is a thin reed on which to hang ambitious claims.

Consider, for instance, the so-called Keith case. In addressing the scope of presidential power to authorize warrantless surveillance against domestic national security threats, the majority noted that they had “not addressed, and express no opinion as to, the issues which may be involved with respect to activities of foreign powers or their agents.” But in that very case, the unanimous majority held that a warrant was required in cases involving domestic national security threats, resolving a lacuna expressed in very similar language in a footnote to a previous ruling involving wiretaps:

Whether safeguards other than prior authorization by a magistrate would satisfy the Fourth Amendment in a situation involving the national security is a question not presented by this case.

The arguments deployed against unchecked executive discretion in Keith clearly have substantial cross-application to the War on Terror, which in many respects bears as much resemblance to those domestic threats as it does to traditional nation state–sponsored espionage and warfare. It will suffice to note, however, that declining to foreclose a power because the fact pattern under consideration provided no occasion to consider the distinct issues involved, as the Court did in both Katz and Keith, is not at all the same as affirmatively asserting it, let alone defining its scope — a point to which I’ll return in the next section.

Nevertheless, let’s suppose arguendo that there is some such inherent power, whether broad or narrow. Eastman and other defenders of the NSA program still err in conflating inherent power with preclusive or indefeasible power. As a simple conceptual matter, this cannot be right, or else the third Youngstown category would collapse into the second: If all “inherent” presidential powers were per se immune to Congressional limitation, Category III would be superfluous, since it would never yield a result different from analysis under Category II.

Fortunately, we need not restrict ourselves to conceptual analysis, because precedent and practice both speak directly to the question, and both support robust legislative power to constrain even those presidential powers grounded in Article II. The legislature has, from the founding era on, assumed that its Article I power to make “rules for the government of the land and naval forces” enabled it to cabin the discretion of the commander in chief, often in frankly picayune ways, by establishing general rules limiting the conduct of a conflict. Prior to the Truman administration there was little indication that presidents saw this as encroaching upon sacrosanct executive prerogatives. Even Lincoln — probably the most obvious early example of a wartime president acting without or contrary to statutory authority — did not claim some general constitutional power to defy Congress. Rather, he argued that when hostilities commenced during a congressional recess, he had acted as he thought necessary given the impracticality of securing advance approval, while acknowledging that it fell to the legislature to ratify or overrule his judgment once it reconvened.

In the few cases where the Supreme Court has had occasion to rule on the scope of executive power at “lowest ebb,” it has repeatedly confirmed that federal law binds the president even in war. In Little v. Barreme, during a conflict with France, the Court found that a specific congressional authorization for the seizure of ships bound to French ports rendered invalid an executive order that also permitted seizure of ships bound from those ports. And this was so, the Court noted, even though the president’s own commander-in-chief powers would have permitted him this discretion had Congress not spoken. Since the inauguration of the War on Terror, the Court has reaffirmed the validity of such statutory limits on executive discretion, as in Hamdan. Bush’s own Office of Legal Counsel ultimately repudiated a series of memos, penned by John Yoo, that had relied on a more expansive conception of executive power to justify the administration’s War on Terror programs, concluding that they were “not supported by convincing reasoning.”

There is, by general consensus, some “preclusive core” to the executive’s commander-in-chief authority. This includes, at the least, a prerogative of “superintendence”: Congress could not appoint Nancy Pelosi commander of U.S. forces in Afghanistan and forbid the president to remove her. Most commentators see it as similarly foreclosing efforts to achieve the same end by a series of micromanagerial statutes commanding specific tactics be employed at particular times. But the notion that this preclusive core encompasses discretion to unilaterally disregard a general statutory framework governing protracted electronic surveillance of U.S. persons on American soil is simply insupportable in the face of both history and precedent. The argument is, if anything, more absurd when it comes to the government’s illegal acquisition of the statutorily protected calling records of tens of millions of Americans, the vast majority of whom obviously have no ties to terrorism or Al Qaeda. Attempts to stitch together a countervailing line from desultory snatches of language about the president’s role as “sole organ” in foreign affairs are entertaining as a sort of exercise in experimental Burroughsian cut-up narrative, but as legal analysis they seem pretty desperate.

The Fourth Amendment

Finally, we turn to the Fourth Amendment. I will, for the most part, consider how the Fourth Amendment applies to the NSA surveillance program prior to the 2008 passage of the FISA Amendments Act.

As Eastman notes, while in most contexts the prohibition on “unreasonable searches and seizures” requires surveillance to be authorized by a probable cause warrant based on individualized suspicion, there are a variety of circumstances in which warrantless searches may nevertheless be reasonable. While this is not the place to conduct a detailed survey of such “special needs” exemptions, such exceptions tend to involve cases in which the subjects of the search are already understood to enjoy a diminished expectation of privacy (students in school), where the searches are standardized and minimally intrusive, where the targets are in a position to raise challenges before a neutral magistrate if necessary, and where prior court authorization would be highly impractical. No exception that I am aware of can plausibly be stretched so far as to permit sustained, discretionary, warrantless electronic surveillance of members of the general population — a method recognized to be so intrusive that in the criminal context, federal statute requires investigators to meet a higher standard than applies to ordinary physical search warrants.

It’s worth noting in passing that the existence of the statutory FISA framework is at least arguably relevant to the Fourth Amendment analysis here. What measures are “reasonable” will often depend on context, and upon the available alternatives: The use of lethal force in self-defense might be found reasonable as a last resort, but not when the victim has an easy avenue of escape or a taser handy. Similarly, if the only alternative to conventional criminal courts were warrantless surveillance — if Congress had made no provision for a highly secretive court to consider classified applications under secure conditions, with ample flexibility in cases of emergency — one might be more inclined to sympathize with some degree of executive improvisation. In light of the elaborate mechanisms Congress has provided, an appeal to impracticality is considerably less compelling.

But let’s bracket that for the moment, and again suppose for the sake of argument that the president has some inherent authority to conduct warrantless domestic wartime surveillance. Let’s further assume away any statutory problems. Can the NSA program be squared with the Fourth Amendment injunction that searches be reasonable, based on what little we know of it? It seems highly unlikely.

Multiple accounts suggest that the NSA program involved algorithmic selection of surveillance targets, possibly triggered by keywords within the communications themselves, almost certainly based on pattern analysis of calling records or other transactional data. The result, according to the Bush administration, was that the international communications of approximately 500 persons within the United States were being intercepted at any given time. Since the program operated for several years, both before and after being disclosed, a conservative estimate would place the total number of persons subject to surveillance in the thousands, and most likely in the tens of thousands.

What did all this spying yield? In 2006, under the headline “Surveillance Net Yields Few Suspects,” the Washington Post reported:

Fewer than 10 U.S. citizens or residents a year, according to an authoritative account, have aroused enough suspicion during warrantless eavesdropping to justify interception of their domestic calls, as well.

Nearly all the “leads” produced by the program appear to have been dead ends. Indeed, despite the assurances of the Bush administration that the NSA program had saved thousands of lives, a postmortem review by the intelligence community’s inspectors general found that officials they spoke to “had difficulty citing specific instances where [NSA program] reporting had directly contributed to counterterrorism successes,” though a classified version of the report apparently cites a handful of instances in which the program “may have contributed.”

As a point of reference, the government’s reporting suggests that under criminal wiretap orders, about 30 percent of intercepted communications contain incriminating content. Since “minimization” of innocent communications is necessarily imperfect, and since even the most hardened criminals presumably spend most of their time conversing about more mundane matters, the number of targets engaged in at least some incriminating communication is clearly far higher. That’s what one would expect when evidence establishing “probable cause” must justify surveillance — and Bush officials have claimed the NSA program’s targeting met the same standards. The evidence suggests otherwise.

I’m happy to grant that we should accept a somewhat lower “hit rate” when interception is geared toward protecting the nation from major terror attacks. But if the requirement that searches be “reasonable” is not to be rendered completely vacuous or totally severed from even a diluted standard of “probable cause,” then there must be some substantive test of whether such highly intrusive techniques are actually in service of that vital state interest. It cannot possibly be enough to simply observe that the president has uttered the magical incantation “War on Terror.” And it cannot possibly be enough that a program involving interception of the private conversations of thousands or tens of thousands of U.S. persons “may have contributed” to a handful of successful investigations. The question is closer with respect to post-FISAAA programs of interception, which are at least subject to some modicum of independent oversight, but unless we have gotten vastly better at sifting the guilty from the innocent, grave constitutional doubts should remain.

‘Perfect Citizen’: Congress’ Perfect Failure

Reliable national security reporter Siobhan Gorman at the Wall Street Journal has broken a story about an Internet surveillance program called “Perfect Citizen” to be managed by the National Security Agency.

Reading about it is frustrating, and for me blame quickly settles on Congress. Our legislature is utterly supine before the national security bureaucracy, which exaggerates cybersecurity threats and consistently uses the secrecy trump card to defy oversight.

If there is to be a federal government role in securing the Internet from cyberattacks, there is no good reason why its main components should not be publicly known and openly debated. Small parts, like threat signatures and such—the unique characteristics of new attacks—might be appropriately kept secret, but no favor is done to any potential attackers by revealing that there is a system for detecting their activities.

A cybersecurity effort that is not tested by public oversight will be weaker than ones that are scrutinized by private-sector experts, academics, security vendors, and watchdog groups.

Benign intentions do not control future results, and governmental surveillance of the Internet for “cybersecurity” purposes may warp over time to surveillance for ideological and political purposes.

These abstract criticisms of “Project Citizen” are all that publicly available information allows. Far better would come from me and others more qualified if Congress were to do its job.

Congress owes it to us, the United States’ true citizens, to have public hearings on “Perfect Citizen.” Congress should reject broad assertions of secrecy so that the whole body politic can participate in securing our country from all threats.

Congressional and public oversight—searching oversight that tests assumptions and asks hard questions—would strengthen any government cybersecurity effort we find warranted. It would also ameliorate the threat of such programs to our civil liberties, democratic processes, and privacy.

The Wall Street Journal’s Surveillance Fantasies

There are too few periodical venues for good short fiction these days, so I’d normally be enthusiastic about the Wall Street Journal’s decision to print works of fantasy. Unfortunately, they’ve opted to do so on their editorial page—starting with a long farrago of hypotheticals concerning the putative role of the Foreign Intelligence Surveillance Court in hindering the detection and apprehension of failed Times Square bomber Faisal Shahzad. In fairness to the editors, they acknowledge near the end of the piece that much of it is unvarnished speculation, but their flights of creative fancy extend to many claims presented as fact.

Let’s begin with the acknowledged fiction. The Journal editors wonder whether Shahzad might have been under surveillance before his botched Times Square attack, and posit that the NSA might have intercepted communications from “Waziristan Taliban talking about ‘our American brother Faisal,’ which could have been cross-referenced against Karachi flight manifests,” or “maybe Shahzad traded seemingly innocuous emails with Pakistani terrorists, and minimization precluded analysts from detecting a pattern.”  Anything is possible. But it’s a leap to make this inference merely because investigators appear to have had fairly specific knowledge about his contacts with terrorists after he had already been identified.  They would not have needed to “retroactively to reconstruct his activities from other already-gathered foreign wiretaps:” Once they had zeroed in on Shahzad, his calling patterns could have been reconstructed from phone company calling records whether or not he or his confederates were being targeted at the time the communications occurred, and indeed, those records could have been obtained by means of a National Security Letter without any oversight from the FISA Court.

This is part of a more general strategy we often see deployed by advocates of expanded surveillance powers. After the fact, one can always tell a story about how a known terrorist might have been detected by means of more unfettered spying authority, just as one can always tell a story about how any particular calamity would have been averted if the right sort of regulation were in place. Sometimes the story is even plausible. But if we look at the history of recent intelligence failures, it’s almost invariably the case that the real problem was the inability to connect the right set of data points from the flood of data already obtained, not insufficient ability to collect. The problem is that it’s easy and satisfying to call for legislation lifting the restraints on surveillance—and lifting still more when intelligence agencies fail to exhibit perfect clairvoyance—but difficult if not impossible, certainly for those of us without high-level clearances, to say anything useful about the internal process reforms that might help make better use of existing data. The pundit in me empathizes, but these just-so stories are a poor rationale for further diluting civil liberties protections.

Let’s move on to the unacknowledged fictions, of which there are many.  Perhaps most stunning is the claim that “U.S. intelligence-gathering capability has been substantially curtailed in stages over the last decade.” They mean, one supposes, that Congress ultimately imposed a patina of judicial oversight on the lawless program of warrantless wiretapping and data program authorized by the Bush administration in the aftermath of the 9/11 attacks. But the claim that somehow intelligence gathering is more constrained now than it was in 2000 just doesn’t pass the straight face test. In addition to the radical expansion of the aforementioned National Security Letter authorities, Congress approved roving wiretaps for domestic intelligence, broad FISA orders for the production of “any tangible thing,” so-called “sneak and peek” searches, looser restraints on existing FISA wiretap powers, and finally, with the FISA Amendments Act of 2008, executive power to authorize broad “programs” of surveillance without specified targets. In a handful of cases, legislators have rolled back slightly their initial grants of power or imposed some restraints on powers the executive arrogated to itself, but it is ludicrous to deny that the net trend over the decade has been toward more, rather than less, intelligence-gathering capability.

Speaking of executive arrogation of power, here’s how the Journal describes Bush’s warrantless Stellar Wind program:

Via executive order after 9/11, the Bush Administration created the covert Terrorist Surveillance Program. TSP allowed the National Security Agency to monitor the traffic and content of terrorist electronic communications overseas, unencumbered by FISA warrants even if one of the parties was in the U.S.

This is misleading.  There was no such thing as the “Terrorist Surveillance Program.”  That was a marketing term concocted after the fact to allow administration officials to narrowly discuss the components of Stellar Wind initially disclosed by the New York Times.  It allowed Alberto Gonzales to claim that there had been no serious internal dissent about the legality of “the program” by arbitrarily redefining it to exclude the parts that had caused the most controversy, such as the vast data mining effort that went far beyond suspected terrorists. It was this aspect of Stellar Wind, and not the monitoring of overseas communication, that occasioned the now-infamous confrontation at Attorney General John Ashcroft’s hospital bed described in the editorial’s subsequent paragraph. We continue:

In addition to excessive delays, the anonymous FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks. FISA was written in an analog era and meant to apply to domestic wiretaps in the context of the Cold War, not to limit what wiretaps were ever allowed.

Forgive me if I’m a broken record on this, but the persistence of the claim in that first sentence above is truly maddening.  It is false that “FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks.”  Anyone remotely familiar with the FISA law would have known it was false when it was first bandied about, and a Justice Department official confirmed that it was false two years ago. FISA has never required a warrant for foreign-to-foreign wire communications, wherever intercepted, though there was a narrower problem with some e-mail traffic.  To repeat the canard at this late date betrays either dishonesty or disqualifying ignorance of elementary facts. Further, while it’s true that a great deal of surveillance has always, by design, remained beyond the scope of FISA, it is clearly false that it was “meant to apply to domestic wiretaps” if by this we mean only “wiretaps where all parties to the communication are within the United States.” The plain text and legislative history of the law make it clear beyond any possible doubt that Congress meant to impose restraints on the acquisition of all U.S.-to-foreign wire communications, as well as radio communications targeting U.S. persons. (The legislative history further suggests that they had hoped to tighten up the restraints on radio communications, though technical considerations made it difficult to craft functional rules.) We continue:

The 2008 FISA law mandates “minimization” procedures to avoid targeting the communications of U.S. citizens or those that take place entirely within the U.S. As the NSA dragnet searches emails, mobile phone calls and the like, often it will pick up domestic information. Intelligence officials can analyze, retain and act on true smoking guns. But domestic intercepts must be effectively destroyed within 72 hours unless they indicate “a threat of death or serious bodily harm to any person” or constitute “evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.”

This means that potentially useful information must be discarded if it is too vague to obtain a traditional judicial warrant. Minimization is the FISA equivalent of a fishing license that requires throwing back catches that don’t meet the legal limit. Yet the nature of intelligence analysis is connecting small, suggestive and often scattered clues.

The kernel of truth here is that the FISA Amendments Act did impose some new constraints on the surveillance of Americans abroad. But the implication that “minimization” is some novel invention is just false. Minimization rules have always been part of FISA, and they exist precisely because the initial scope of FISA acquisition is so incredibly broad. And those minimization rules give investigators enormous latitude.  As the FISA Court itself explained in a rare published ruling:

Minimization is required only if the information “could not be” foreign intelligence. Thus, it is obvious that the standard for retention of FISA-acquired information is weighted heavily in favor of the government.

Similarly, the redaction of identifying information about U.S. persons is not required when that information is needed to properly interpret the intelligence, so the idea that analysts would have scrubbed mention of “our American brother Faisal” from an intercept of Taliban communications cannot be taken too seriously.  It’s not entirely clear what the editors are referring to when they say “domestic intercepts must be effectively destroyed within 72 hours:” Do they mean “inadvertent” intercepts of entirely domestic communications, or one-end domestic communications legitimately acquired under the FAA, or what? Either way, that’s not really consistent with what we know about FISA minimization in practice: At least as of 2005, it appears that “minimized” communications were at least sometimes retained in ultimately retrievable form, though not logged.  In any event, if I’m reading them correctly, the Journal is suggesting that NSA should be broadly sweeping up and retaining even the apparently innocent domestic communications of Americans, on the off chance that they might later prove useful? I can imagine being that consumed by terror, but I think I would be ashamed to admit it in public.  Moving on:

Meanwhile, the FISA court reported in April that the number of warrant applications fell to 1,376 in 2009, the lowest level since 2003. A change in quantity doesn’t necessarily mean a change in intelligence quality—though it might.

As it happens, I covered this in a post just the other day.  As a Justice Department official explained to the bloggers at Main Justice, the numerical decline is due to significant changes in the legal authorities that govern FISA surveillance — specifically, the enactment of the FISA Amendments Act in 2008 — and shifting operational demands, but the fluctuation in the number of applications does not in any way reflect a change in coverage.”  Finally:

These constraints are being imposed at the same time that domestic terror plots linked to, or inspired by, foreigners are increasing. Our spooks did manage to pre-empt Najibullah Zazi and his co-conspirators in a plot to bomb New York subways, but they missed Shahzad and Nidal Hasan, as well as Umar Farouk Abdulmutallab’s attempt to bring down Flight 253 on Christmas Day.

Abdulmutallab was a non-U.S. person who didn’t set foot in the country until after setting his underpants aflame; there is no reason whatever to believe that FISA restrictions would have posed an obstacle to monitoring him. As for Nidal Hasan, investigators did intercept his e-mails with radical cleric Anwar al Awlaki. While it seems clear in retrospect that the decision not to investigate further was an error in judgment, they were obviously not destroyed after the fact, since they were later quoted in various press accounts. Maybe those exchanges really did seem legitimately related to Hasan’s research at the time, or maybe investigators missed some red flags. Either way, the part of the process the Journal is wringing its hands about worked: The intercepts were retained and disseminated to the Joint Terrorism Task Force, which concluded that Hasan was “not involved in terrorist activities or terrorist planning” and, along with Army officials, declined to open an investigation. Rending already gossamer-thin minimization requirements is not going to avoid errors of that sort.

The Journal closes out their fantasy by melodramatically asking “whether FISA is in practice giving jihadists a license to kill.” But the only “license” I see here is of the “creative” variety; should they revisit the topic in the future, the editors might consider taking less of it.

The Latest ‘Intelligence Gap’

Stop me if you think you’ve heard this one before. The Washington Post reports that the National Security Agency has halted domestic collection of some type of communications metadata—the details are predictably fuzzy, though I’ve got a guess—in order to allay the concerns of the secret FISA Court that the NSA’s activity might not be technically permissible under the Foreign Intelligence Surveillance Act. Naturally, there’s the requisite quote from the anonymous concerned intel official:

“This is a basic tool we used to have, and it’s now gone,” said one intelligence official familiar with the impasse. “Every day, every week that goes by, there’s just one more week of information that we’re not collecting. You sit there and say, ‘This is unbelievable that we have this gap.’”

I want to take claims like these with due gravity, but I can’t anymore.  Because we’ve heard them again and again over the past decade, and they’ve proven to be bogus every time.  We were told that the civil liberties restrictions built into pre-9/11 surveillance law kept the FBI from searching “20th hijacker” Zacarias Moussaoui’s laptop—but a bipartisan Senate panel found it wasn’t true. We were told limits on National Security Letters were FBI delaying agents seeking vital records in their investigations—but the delay turned out to have been manufactured by the FBI itself. Most recently, we were warned that the FISA Court had somehow imposed a requirement that a warrant be obtained in order to intercept purely foreign telephone calls that were traveling through U.S. wires.  Anyone who understood the FISA law realized that this couldn’t possibly be right—and as Justice Department officials finally admitted under pressure, that wasn’t true either.  But this time there’s a really real for serious “intelligence gap” and we’ll all be blown up by scary terrorists any minute if it’s not fixed?  Pull the other one.

That said, Republicans are claiming the problem requires a mere “technical fix” to FISA, so we should at least be able to get a rough sense of what the issue is, if Congress actually decides to act.  Democrats, by contrast, appear to think NSA can “address the court’s concerns without resorting to legislation.” The word “resort” here seems depressingly apt: They’ll ask for a legislative tweak if there’s absolutely no way to shoehorn what they want to do into the statute through clever lawyering in an ex parte proceeding in front of a highly deferential court, but it’s a last resort.

As for what the problem might be, I can think of a couple of possibilities off the top of my head.  A few years back, the FISA pen register provision was amended to effectively build into the legal order for a standard pen register, which records data about calls or e-mails made and received, language mirroring a legal demand for subscriber records known as a 2703(d) order in the criminal context.  Law enforcement routinely uses that combination of a 2703(d) plus a pen register to get location tracking information for cell phones. But the evidentiary standard for getting a 2703(d) order is (very) slightly higher than the standard for a pen register alone, and federal law prohibits the use of a pen register alone to gather location data. So there might be a question about whether FISA pen registers alone can be used for cell phone location tracking purposes.

Alternatively, given that Internet communications aren’t just “metadata” and “content” but rather a whole series of layers containing different types of information, there could be a question about just how far down “metadata” goes. This might be especially tricky for protocols where quite a lot of information about the content of the communication—which is supposed to require a full probable cause warrant—can be gleaned from sophisticated analysis of the size and timing of packets in the stream.

These are, of course, blind guesses.  What’s disturbing is how much blind guessing the FISA court itself may be doing.  The new hiatus, the Post tells us via an anonymous source, came about when the FISA Court “got a little bit more of an understanding”of what the NSA was up to. Their enhanced understanding concerns data that NSA has been getting with the court’s approval for “several years,” according to the Post. And there you have the real “intelligence gap” in modern surveillance: We have a Court going through a pantomime of oversight over thousands of highly technologically sophisticated interception programs, but it may take a few years for them to really understand what they’ve been signing off on.

We’ll understand still less about the rationale for any “technical fix” to FISA that Congress might approve, if they deign to go that route. But we’ll be reassured that it’s very important, necessary to keep us safe from the terrorist hordes, and nothing worth bothering our pretty heads about.

Crime and Punishment in the Intel Community

On Thursday, the government indicted former National Security Agency executive Thomas Drake for obstructing justice and mishandling classified documents—though the underlying crime, for which Drake was not actually charged, was leaking embarrassing information to national security reporter Siobhan Gorman (then of the Baltimore Sun, now at The Wall Street Journal). As Glenn Greenwald observes, the decision to move forward with a rare leak prosecution in Drake’s case stands in rather sharp contrast to the decision to look the other way when it comes to other sorts of wrongdoing in the world of intelligence.

For years, the NSA managed a sweeping program of warrantless wiretaps and large-scale data mining, which a federal judge recently confirmed was in gross violation of the Foreign Intelligence Surveillance Act. The telecoms who participated in the scheme were, equally clearly, violating the Electronic Communications Privacy Act. The FBI separately and systematically flouted the same law by obtaining call records for thousands of phone numbers without any legitimate legal process. And, of course, there’s the little matter of torture. For these crimes, the administration has pronounced a verdict of “boys will be boys,” on the grounds that it’s better to gaze boldly into our shining future than get bogged down in recriminations over all that old stuff.

Drake didn’t spy on the conversations of Americans without a court order, or subject detainees to simulated drowning or sleep deprivation. Far worse, apparently, he embarrassed the NSA. The first article for which he acted as a source, “Computer ills hinder the NSA,”detailed how the agency had squandered billions on faulty computer systems that were getting in the way of effective intelligence work:

One [system] is Cryptologic Mission Management, a computer software program with an estimated cost of $300 million that was designed to help the NSA track the implementation of new projects but is so flawed that the agency is trying to pull the plug. The other, code-named Groundbreaker, is a multibillion-dollar computer systems upgrade that frequently gets its wires crossed.

The downfall of the Cryptologic Mission Management program has not previously been disclosed. While Congress raised concerns about the agency’s management of Groundbreaker in a 2003 report, the extent and impact of its inadequacies have not been discussed publicly.

To be sure, Drake broke the law—just as Daniel Ellsberg did when he leaked the Pentagon Papers. But it’s hard to say how the law here was working to protect national security, as opposed to the agency’s image. In any event, the contrast between the reaction to Drake and the non-reaction to other forms of lawbreaking makes the standard in effect for Bush-era misdeeds clear: If you illegally gathered information on members of the public, Obama’s DOJ would rather let sleeping dogs lie. If you illegally tried to get information to the public, you’d better lawyer up.  From Main Justice to Fort Meade, message received.

State Secrets, Courts, and NSA’s Illegal Wiretapping

As Tim Lynch notes, Judge Vaughn Walker has ruled in favor of the now-defunct Al-Haramain Islamic Foundation—unique among the many litigants who have tried to challenge the Bush-era program of warrantless wiretapping by the National Security Agency because they actually had evidence, in the form of a document accidentally delivered to foundation lawyers by the government itself, that their personnel had been targeted for eavesdropping.

Other efforts to get a court to review the program’s legality had been caught in a kind of catch-22: Plaintiffs who merely feared that their calls might be subject to NSA filtering and interception lacked standing to sue, because they couldn’t show a specific, concrete injury resulting from the program.

But, of course, information about exactly who has been wiretapped is a closely guarded state secret. So closely guarded, in fact, that the Justice Department was able to force the return of the document that exposed the wiretapping of Al-Haramain, and then get it barred from the court’s consideration as a “secret” even after it had been disclosed. (Contrast, incidentally, the Supreme Court’s jurisprudence on individual privacy rights, which often denies any legitimate expectation of privacy in information once revealed to a third party.) Al-Haramain finally prevailed because they were ultimately able to assemble evidence from the public record showing they’d been wiretapped, and the government declined to produce anything resembling a warrant for that surveillance.

If you read over the actual opinion, however it may seem a little anticlimactic—as though something is missing. The ruling concludes that there’s prima facie evidence that Al-Haramain and their lawyers were wiretapped, that the government has failed to produce a warrant, and that this violates the Foreign Intelligence Surveillance Act. But of course, there was never any question about that. Not even the most strident apologists for the NSA program denied that it contravened FISA; rather, they offered a series of rationalizations for why the president was entitled to disregard a federal statute.

There was the John Yoo argument that the president essentially becomes omnipotent during wartime, and that if we can shoot Taliban on a foreign battlefield, surely we can wiretap Americans at home if they seem vaguely Taliban-ish. Even under Bush, the Office of Legal Counsel soon backed away from such… creative… lines of argument. Instead, they relied on the post-9/11 Authorization for the Use of Military Force (AUMF) against al-Qaeda, claiming it had implicitly created a loophole in the FISA law. It was David Kris, now head of DOJ’s National Security Division, who most decisively blew that one out of the water, concluding that it was “essentially impossible” to sustain the government’s reading of the AUMF.

Yet you’ll note that none of these issues arise in Walker’s opinion, because the DOJ, in effect, refused to play. They resisted the court at every step, insisting that a program discussed at length on the front pages of newspapers for years now was so very secret that no aspect of it could be discussed even in a closed setting. They continued to insist on this in the face of repeated court rulings to the contrary. So while Al-Haramain has prevailed, there’s no ruling on the validity of any of those arguments. That’s why I think Marcy Wheeler is probably correct when she predicts that the government will simply take its lumps and pay damages rather than risk an appeal. For one, while Obama administration has been happy to invoke state secrecy as vigorously as its predecessor, it would obviously be somewhat embarrassing for Obama’s DOJ to parrot Bush’s substantive claims of near-limitless executive power. Perhaps more to the point, though, some of those legal arguments may still be operative in secret OLC memos. The FISA Amendments Act aimed to put the unlawful Bush program under court supervision, and even reasserted FISA’s language establishing it as the “exclusive means” for electronic surveillance, which would seem to drive a final stake in the heart of any argument based on the AUMF. But we ultimately don’t know what legal rationales they still consider operative, and it would surely be awkward to have an appellate court knock the legs out from under some of these secret memoranda.

None of this is to deny that the ruling is a big deal—if nothing else because it suggests that the government does not enjoy total carte blanche to shield lawbreaking from review with broad, bald assertions of privilege. But I also know that civil libertarians had hoped that the courts might be the only path to a more full accounting of—and accountability for—the domestic spying program. If the upshot of this is simply that the government must pay a few tens, or even hundreds of thousands of dollars in damages, it’s hard not to see the victory as something of a disappointment.