Tag: oversight

How’s That Oversight Coming Along?

One of the claims made by defenders of NSA spying is that it’s overseen and approved by all three branches of the federal government.

Computer security expert Bruce Schneier provides some insight into how well congressional oversight is working in a short blog post entitled: “Today I Briefed Congress on the NSA.”

This morning I spent an hour in a closed room with six Members of Congress: Rep. Logfren, Rep. Sensenbrenner, Rep. Scott, Rep. Goodlate, Rep Thompson, and Rep. Amash. No staffers, no public: just them. Lofgren asked me to brief her and a few Representatives on the NSA. She said that the NSA wasn’t forthcoming about their activities, and they wanted me – as someone with access to the Snowden documents – to explain to them what the NSA was doing.

Many members of Congress have been derelict for years in not overseeing the National Security Agency. Now some members of Congress are asking questions, and they’re being stonewalled.

It’s the government so…

I suggested that we hold this meeting in a SCIF, because they wanted me to talk about top secret documents that had not been made public. The problem is that I, as someone without a clearance, would not be allowed into the SCIF.

Randy Barnett and I made the case last fall that the panels of judges who approve domestic spying under the Foreign Intelligence Surveillance Act should not be regarded as legitimate courts. Their use to dispose of Americans’ rights violates due process.

And the executive branch? Here’s President Obama: “I mean, part of the problem here is we get these through the press and then I’ve got to go back and find out what’s going on…”

How’s that tri-partite oversight coming along?

The CPSC’s Defective New Complaints Database

We are told constantly that government can play a beneficial role in the marketplace by taking steps to make sure consumers are more fully informed about the risks of the goods and services they use. But what happens when the government itself helps spread health and safety information that is false or misleading? That question came up recently in the controversy over New York City’s misleading nutrition-scare ad campaign, and it now comes up again in a controversy over a new database of complaints about consumer products sponsored by the federal Consumer Product Safety Commission (CPSC).

As part of the Consumer Product Safety Improvement Act of 2008 (CPSIA), Congress mandated that the CPSC create a “publicly available consumer product safety information database” compiling consumer complaints about the safety of products. Last week, by a 3-2 majority, the commission voted to adopt regulations that have dismayed many in the business community by ensuring that the database will needlessly include a wide range of secondhand, false, unfounded or tactical reports. The Washington Times editorializes:

…[Under the regulations as adopted last week] anybody who wants to trash a product, for whatever reason, can do so. The commission can leave a complaint on the database indefinitely without investigating its merits “even if a manufacturer has already provided evidence the claim is inaccurate,” as noted by Carter Wood of the National Association of Manufacturers’ “Shopfloor” blog….

Trial lawyers pushing class-action suits could gin up hundreds of anonymous complaints, then point the jurors to those complaints at the “official” CPSC website as [support for] their theories that a product in question caused vast harm. “The agency does not appear to be concerned about fairness and does not care that unfounded complaints could damage the reputation of a company,” said [Commissioner Nancy] Nord.

Commissioners Nord and Anne Northup introduced an alternative proposal (PDF) aimed at making the contents of the database more reliable and accurate but were outvoted by the Democratic commission majority led by Chairman Inez Tenenbaum. Nord: “under the majority’s approach, the database will not differentiate between complaints entered by lawyers, competitors, labor unions and advocacy groups who may have their own reasons to ‘salt’ the database, from those of actual consumers with firsthand experience with a product.” Commissioner Northup has published posts criticizing the regulations for their definitions of who can submit a report, who counts as a consumer, and who counts as a public safety entity.

For those interested in reading further, Rick Woldenberg, a leading private critic of the law who blogs at AmendTheCPSIA.com, has critically commented on the politics of the proposal here, here, here, here, and here. More coverage: ShopFloor with followups here and here, New York Times, Sean Wajert/Mass Tort Defense. I’ve been blogging for the past two years at my website Overlawyered about the wider problems with the CPSIA law, including its effects on books published before 1985, thrift stores, natural wooden toys, ballpoint pens, bicycles, plush animals, Irish dance costumes, rocks used in science class and many more. Most of these problems remain unresolved thanks to the inflexible wording of the law as well as, sometimes, the unsympathetic attitude of the commission majority. I’ve heard that bringing overdue investigative oversight to the ongoing CPSIA disaster is shaping up as a priority for many incoming lawmakers on the (newly Republican-led) House Energy and Commerce Committee, whose outgoing chair, California Democrat Henry Waxman, is closely identified with the law and its consumer-group backers.

Child Care Subsidies Fraud

The Department of Health and Human Services’ Child Care and Development Fund is a state aid program that subsidizes child care expenses for low-income working families with children. The federal government largely leaves it to the states to provide oversight for the CCDF program, which HHS estimates loses more than 10 percent of its funding in improper payments.

A new report from the Government Accountability Office shows widespread fraud by CCDF recipients in the sampling of states that it investigated:

Our proactive testing revealed that CCDF programs in the 5 states we tested were vulnerable to fraud because states did not adequately verify the information of children, parents, and providers and lacked adequate controls to prevent fraudulent billing. In 7 of 10 cases in four states, our fictitious parents and children were admitted into the CCDF program because states did not verify the personal and employment information provided by the applicants. Three of those states paid $11,702 in childcare subsidies to our fraudulent providers, and two states allowed the providers to over bill for services beyond their approved limit. Only one state successfully prevented our fictitious applicants from being admitted into the program, but officials from that state told us they perform only limited background checks on providers and cannot immediately detect over billing.

The GAO’s findings can be summarized as follows:

  • States lack effective controls to verify parent and child information, such as a parent’s income eligibility.
  • States do a poor job of checking the backgrounds of providers, which mean subsidized child care could be being provided by sex offenders.
  • States have weak controls to prevent fraudulent billing. Nonetheless, the GAO found numerous instances of delays in processing applications.

None of these findings are particularly surprising considering that government bureaucracies have little incentive to make sure funds are appropriately spent. The reason is simple: bureaucracies play with other people’s money and aren’t subject to competitive market forces.

When the government engages in “charitable” activities, it does so with money that it involuntarily obtains from taxpayers. In contrast, those who voluntarily donate to charities have an incentive to make sure their donations are properly used. If a charity does a poor job, donors have the freedom to turn to a different charity.

See this essay for more on the problems with subsidy programs administered by HHS, including the CCDF.

The Wall Street Journal’s Surveillance Fantasies

There are too few periodical venues for good short fiction these days, so I’d normally be enthusiastic about the Wall Street Journal’s decision to print works of fantasy. Unfortunately, they’ve opted to do so on their editorial page—starting with a long farrago of hypotheticals concerning the putative role of the Foreign Intelligence Surveillance Court in hindering the detection and apprehension of failed Times Square bomber Faisal Shahzad. In fairness to the editors, they acknowledge near the end of the piece that much of it is unvarnished speculation, but their flights of creative fancy extend to many claims presented as fact.

Let’s begin with the acknowledged fiction. The Journal editors wonder whether Shahzad might have been under surveillance before his botched Times Square attack, and posit that the NSA might have intercepted communications from “Waziristan Taliban talking about ‘our American brother Faisal,’ which could have been cross-referenced against Karachi flight manifests,” or “maybe Shahzad traded seemingly innocuous emails with Pakistani terrorists, and minimization precluded analysts from detecting a pattern.”  Anything is possible. But it’s a leap to make this inference merely because investigators appear to have had fairly specific knowledge about his contacts with terrorists after he had already been identified.  They would not have needed to “retroactively to reconstruct his activities from other already-gathered foreign wiretaps:” Once they had zeroed in on Shahzad, his calling patterns could have been reconstructed from phone company calling records whether or not he or his confederates were being targeted at the time the communications occurred, and indeed, those records could have been obtained by means of a National Security Letter without any oversight from the FISA Court.

This is part of a more general strategy we often see deployed by advocates of expanded surveillance powers. After the fact, one can always tell a story about how a known terrorist might have been detected by means of more unfettered spying authority, just as one can always tell a story about how any particular calamity would have been averted if the right sort of regulation were in place. Sometimes the story is even plausible. But if we look at the history of recent intelligence failures, it’s almost invariably the case that the real problem was the inability to connect the right set of data points from the flood of data already obtained, not insufficient ability to collect. The problem is that it’s easy and satisfying to call for legislation lifting the restraints on surveillance—and lifting still more when intelligence agencies fail to exhibit perfect clairvoyance—but difficult if not impossible, certainly for those of us without high-level clearances, to say anything useful about the internal process reforms that might help make better use of existing data. The pundit in me empathizes, but these just-so stories are a poor rationale for further diluting civil liberties protections.

Let’s move on to the unacknowledged fictions, of which there are many.  Perhaps most stunning is the claim that “U.S. intelligence-gathering capability has been substantially curtailed in stages over the last decade.” They mean, one supposes, that Congress ultimately imposed a patina of judicial oversight on the lawless program of warrantless wiretapping and data program authorized by the Bush administration in the aftermath of the 9/11 attacks. But the claim that somehow intelligence gathering is more constrained now than it was in 2000 just doesn’t pass the straight face test. In addition to the radical expansion of the aforementioned National Security Letter authorities, Congress approved roving wiretaps for domestic intelligence, broad FISA orders for the production of “any tangible thing,” so-called “sneak and peek” searches, looser restraints on existing FISA wiretap powers, and finally, with the FISA Amendments Act of 2008, executive power to authorize broad “programs” of surveillance without specified targets. In a handful of cases, legislators have rolled back slightly their initial grants of power or imposed some restraints on powers the executive arrogated to itself, but it is ludicrous to deny that the net trend over the decade has been toward more, rather than less, intelligence-gathering capability.

Speaking of executive arrogation of power, here’s how the Journal describes Bush’s warrantless Stellar Wind program:

Via executive order after 9/11, the Bush Administration created the covert Terrorist Surveillance Program. TSP allowed the National Security Agency to monitor the traffic and content of terrorist electronic communications overseas, unencumbered by FISA warrants even if one of the parties was in the U.S.

This is misleading.  There was no such thing as the “Terrorist Surveillance Program.”  That was a marketing term concocted after the fact to allow administration officials to narrowly discuss the components of Stellar Wind initially disclosed by the New York Times.  It allowed Alberto Gonzales to claim that there had been no serious internal dissent about the legality of “the program” by arbitrarily redefining it to exclude the parts that had caused the most controversy, such as the vast data mining effort that went far beyond suspected terrorists. It was this aspect of Stellar Wind, and not the monitoring of overseas communication, that occasioned the now-infamous confrontation at Attorney General John Ashcroft’s hospital bed described in the editorial’s subsequent paragraph. We continue:

In addition to excessive delays, the anonymous FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks. FISA was written in an analog era and meant to apply to domestic wiretaps in the context of the Cold War, not to limit what wiretaps were ever allowed.

Forgive me if I’m a broken record on this, but the persistence of the claim in that first sentence above is truly maddening.  It is false that “FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks.”  Anyone remotely familiar with the FISA law would have known it was false when it was first bandied about, and a Justice Department official confirmed that it was false two years ago. FISA has never required a warrant for foreign-to-foreign wire communications, wherever intercepted, though there was a narrower problem with some e-mail traffic.  To repeat the canard at this late date betrays either dishonesty or disqualifying ignorance of elementary facts. Further, while it’s true that a great deal of surveillance has always, by design, remained beyond the scope of FISA, it is clearly false that it was “meant to apply to domestic wiretaps” if by this we mean only “wiretaps where all parties to the communication are within the United States.” The plain text and legislative history of the law make it clear beyond any possible doubt that Congress meant to impose restraints on the acquisition of all U.S.-to-foreign wire communications, as well as radio communications targeting U.S. persons. (The legislative history further suggests that they had hoped to tighten up the restraints on radio communications, though technical considerations made it difficult to craft functional rules.) We continue:

The 2008 FISA law mandates “minimization” procedures to avoid targeting the communications of U.S. citizens or those that take place entirely within the U.S. As the NSA dragnet searches emails, mobile phone calls and the like, often it will pick up domestic information. Intelligence officials can analyze, retain and act on true smoking guns. But domestic intercepts must be effectively destroyed within 72 hours unless they indicate “a threat of death or serious bodily harm to any person” or constitute “evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.”

This means that potentially useful information must be discarded if it is too vague to obtain a traditional judicial warrant. Minimization is the FISA equivalent of a fishing license that requires throwing back catches that don’t meet the legal limit. Yet the nature of intelligence analysis is connecting small, suggestive and often scattered clues.

The kernel of truth here is that the FISA Amendments Act did impose some new constraints on the surveillance of Americans abroad. But the implication that “minimization” is some novel invention is just false. Minimization rules have always been part of FISA, and they exist precisely because the initial scope of FISA acquisition is so incredibly broad. And those minimization rules give investigators enormous latitude.  As the FISA Court itself explained in a rare published ruling:

Minimization is required only if the information “could not be” foreign intelligence. Thus, it is obvious that the standard for retention of FISA-acquired information is weighted heavily in favor of the government.

Similarly, the redaction of identifying information about U.S. persons is not required when that information is needed to properly interpret the intelligence, so the idea that analysts would have scrubbed mention of “our American brother Faisal” from an intercept of Taliban communications cannot be taken too seriously.  It’s not entirely clear what the editors are referring to when they say “domestic intercepts must be effectively destroyed within 72 hours:” Do they mean “inadvertent” intercepts of entirely domestic communications, or one-end domestic communications legitimately acquired under the FAA, or what? Either way, that’s not really consistent with what we know about FISA minimization in practice: At least as of 2005, it appears that “minimized” communications were at least sometimes retained in ultimately retrievable form, though not logged.  In any event, if I’m reading them correctly, the Journal is suggesting that NSA should be broadly sweeping up and retaining even the apparently innocent domestic communications of Americans, on the off chance that they might later prove useful? I can imagine being that consumed by terror, but I think I would be ashamed to admit it in public.  Moving on:

Meanwhile, the FISA court reported in April that the number of warrant applications fell to 1,376 in 2009, the lowest level since 2003. A change in quantity doesn’t necessarily mean a change in intelligence quality—though it might.

As it happens, I covered this in a post just the other day.  As a Justice Department official explained to the bloggers at Main Justice, the numerical decline is due to significant changes in the legal authorities that govern FISA surveillance — specifically, the enactment of the FISA Amendments Act in 2008 — and shifting operational demands, but the fluctuation in the number of applications does not in any way reflect a change in coverage.”  Finally:

These constraints are being imposed at the same time that domestic terror plots linked to, or inspired by, foreigners are increasing. Our spooks did manage to pre-empt Najibullah Zazi and his co-conspirators in a plot to bomb New York subways, but they missed Shahzad and Nidal Hasan, as well as Umar Farouk Abdulmutallab’s attempt to bring down Flight 253 on Christmas Day.

Abdulmutallab was a non-U.S. person who didn’t set foot in the country until after setting his underpants aflame; there is no reason whatever to believe that FISA restrictions would have posed an obstacle to monitoring him. As for Nidal Hasan, investigators did intercept his e-mails with radical cleric Anwar al Awlaki. While it seems clear in retrospect that the decision not to investigate further was an error in judgment, they were obviously not destroyed after the fact, since they were later quoted in various press accounts. Maybe those exchanges really did seem legitimately related to Hasan’s research at the time, or maybe investigators missed some red flags. Either way, the part of the process the Journal is wringing its hands about worked: The intercepts were retained and disseminated to the Joint Terrorism Task Force, which concluded that Hasan was “not involved in terrorist activities or terrorist planning” and, along with Army officials, declined to open an investigation. Rending already gossamer-thin minimization requirements is not going to avoid errors of that sort.

The Journal closes out their fantasy by melodramatically asking “whether FISA is in practice giving jihadists a license to kill.” But the only “license” I see here is of the “creative” variety; should they revisit the topic in the future, the editors might consider taking less of it.

The Case for Auditing the Fed

Recently, the Federal Reserve has significantly altered the procedures and goals that it had followed for decades. Rep. Ron Paul (R-TX) has introduced a bill calling for an audit of the Fed.

Remarkably, there is significant opposition to such oversight, and the political prospects for undertaking such an audit are relatively bleak. In a new paper, Cato scholar Arnold Kling examines the processes and outcomes on which an audit should focus, and looks at opposition to the audit:

We should document why the Fed took each step, what the expected results were, and whether those results were achieved. …The profit or loss of the Fed’s investments would provide a very helpful indicator of whether the Fed’s actions served the economy as a whole or merely transferred wealth from ordinary taxpayers to bank shareholders.

Read the whole thing.

Accountability for ‘Exigent Letter’ Abuse At Last?

It is more than three years since the Office of the Inspector General first brought public attention to the FBI’s systematic misuse of the National Security Letter statutes to issue fictitious “exigent letters” and obtain telecommunications records without due process. Nobody at the Bureau has been fined, or even disciplined, for  this systematic lawbreaking and the efforts to conceal it. But the bipartisan outrage expressed at a subcommittee hearing of the House Judiciary Committee this morning hints that Congress may be running out of patience—and looking for some highly-placed heads to roll. Just to refresh, Committee Chairman John Conyers summarized the main abuses in an opening statement:

The IG found that more than 700 times, such information was obtained about more than 2,000 phone numbers by so-called“exigent letters” from FBI personnel. In some cases, the IG concluded, FBI agents sent the letters even though they believed that factual information in the letters was false. For more than 3,500 phone numbers, the call information was extracted without even a letter, but instead by e‐mail, requests on a post‐it note, or “sneak peaks” of telephone company computer screens or other records…. In one case, the FBI actually obtained phone records of Washington Post and New York Times reporters and kept them in a database, leading to an IG conclusion of “serious abuse” of FBI authority and an FBI public apology.

It’s probably actually worse than that: Since these letters often requested a “community of interest” analysis for targeted numbers, the privacy of many people beyond the nominal targets may have been implicated—though it’s hard to be sure, since the IG report redacts almost all details about this CoI mapping.

And as Rep. Jerry Nadler pointed out, the IG report suggests a “clear pattern here of deliberate evasion,” rather than the innocent oversight the Bureau keeps pleading.  Both Nadler and the Republican ex-chair of the committee, Rep. James Sensenbrenner, expressed frustration at their sense that, when the FBI had failed to win legislative approval for all the powers on its wish list, it had simply ignored lawful process, seizing by fiat what Congress had refused to grant. Sensenbrenner, one of the authors of the Patriot Act, even declared that he felt “betrayed.” But we’ve heard similar rhetoric before. It was the following suggestion from Conyers (from my notes, but pretty near verbatim) that really raised an eyebrow:

There must be further investigation as to who and why and how somebody in the Federal Bureau of Investigation could invent a practice and have allowed it to have gone on for three consecutive years.  I propose and hope that this committee and its leadership will join me, because I think there may be grounds for removal of the general counsel of the FBI.

That would be Valerie Caproni, one of the hearing’s two witnesses, and an executive-level official whose dismissal would be the first hint of an administration response commensurate with the gravity of the violations that occurred. Caproni’s testimony, consistent with previous performances, was an awkward effort to simultaneously minimize the seriousness of FBI’s abuses—she is fond of saying “flawed” when le mot juste is “illegal”—and also to assure legislators that the Bureau was treating it with the utmost seriousness already. Sensenbrenner appeared unpersuaded, at one point barking in obvious irritation: “I don’t think you’re getting the message; will you get the message today?” The Republican also seemed to indirectly echo Conyers’ warning, declaring himself “not unsympathetic” to the incredulous chairman’s indictment of her office. Of course, the FBI has it’s own Office of Professional Responsibility which is supposed to be in charge of holding agents and officials accountable for malfeasance, but apparently the wheels there are still grinding along.

It’s also worth noting that Inspector General Glenn Fine, who also testified, specifically urged Congress to look into a secret memo issued in January by the Office of Legal Counsel, apparently deploying some novel legal theory to conclude that many of the call records obtained by the FBI were not covered by federal privacy statutes after all. This stood out just because my impression is that OIG usually limits itself to straight reporting and leaves it to Congress to judge what merits investigation, suggesting heightened concern about the potential scope of the ruling, despite FBI’s pledge not to avail itself of this novel legal logic without apprising its oversight committees. Alas, the details here are classified, but Caproni did at one point in her testimony conclude that “disclosure of approximately half of the records at issue was not forbidden by ECPA and/or was
connected to a clear emergency situation.”  There were 4,400 improperly obtained “records at issue” in the FBI’s internal review, of which about 150 were ultimately retained on the grounds that they would have qualified for the emergency exception in the Electronic Communications Privacy Act.  Since that tally didn’t include qualifying records for which legitimate process had nevertheless been issued at some point, the number of “real” emergencies is probably slightly higher, but that still suggests that the “half” Caproni alludes to are mostly in the “disclosure…not forbidden by ECPA” category.  Since ECPA is fairly comprehensive when it comes to telecom subscriber records—or at least, so we all thought until recently—we have to assume she means that these are the types of records the OLC opinion has removed from FISA’s protection. If those inferences are correct, and the new OLC exception covers nearly half of the call detail records FBI obtains, that would not constitute a “loophole” in federal electronic privacy law so much as its evisceration.

Of course, it’s possible that the specific nature of the exception would allay civil libertarian fears. What’s really intolerable in a democratic society is that we don’t know. Operational facts about specific investigations, and even specific investigatory techniques, are rightly classified. But an interpretation of a public statute so significant as to potentially halve its apparent protections cannot be kept secret without making a farce of the rule of law.

Wednesday Links

  • John McCain channels Dick Cheney: On March 4, McCain introduced a bill that  “would require that anyone anywhere in the world, including American citizens, suspected of involvement in terrorism – including ‘material support’ (otherwise undefined) – can be imprisoned by the military on the authority of the president as commander in chief.”
  • President Obama declared passage of a major student-aid reform law yesterday. Will it help? Cato education expert Neal McCluskey calls it a mixed bag.
Topics:

Pages