Tag: surveillance

How Many 215 Orders?

There was an interesting exchange during a Senate Intelligence Committee hearing yesterday concerning the use of the Patriot Act’s §215 orders for business records and other tangible things. FBI Director Robert Mueller hinted that the orders may have been used to track purchases of hydrogen peroxide purchases in the investigation of aspiring bomber Najibullah Zazi, while Sen. Ron Wyden (D-Oreg.) asserted that there is “a huge gap today between how you all are interpreting the PATRIOT Act and what the American people think the PATRIOT Act is all about and it’s going to need to be resolved.”

Let’s leave our curiosity about that by the wayside for the moment, though. I’m curious about one simple empirical claim Mueller made in his testimony: That the provision has been used over 380 times since 2001. I assume he’d know, but that seems inconsistent with what’s been publicly reported to date. It’s worth noting that there are actually minor discrepancies between the numbers provided in Congressional Research Service reports, audits from the Office of the Inspector General, and the Justice Department’s annual reports to Congress. But there are plenty of legitimate reasons these numbers might vary depending on how you count, and the total variance is a difference of about 17 orders total over the years.

We know from those Inspector General reports that the majority of those 215 orders issued were “combination” orders issued in tandem with another type of surveillance order called a “pen register” so that investigators could get subscriber information about the people whose communications patterns they were tracking. When Congress amended the Patriot Act in 2006, it built that authority right into the pen register statute, making it unnecessary to seek those “combination” orders. Prior to the amendment, the government got 173 of those “combination” orders. “Pure” 215 orders, which are now the only type needed, have been used much more sparingly. None were issued at all until 2004, and from 2004 through 2009 (depending on whose tally you want to use) there were between 75 and 92 orders issued (for an average of 12–15 annually since 2004). Throw in the combination orders and the upper-bound number through the end of 2009 is 265 orders.

Unless I’ve miscounted or missed something significant—you can get the reports at the links above and check my math—that leaves 115 orders unaccounted for, assuming Mueller’s number is accurate. There are two possibilities, then: Either the government got ten times as many orders in 2010 as the historical average (the figures should be out sometime in April) or there are a whole lot of these missing from the public reporting. Possibly these have something to do with the “sensitive collection program” in which these orders play a key role, alluded to in a Justice Department official’s testimony at a hearing during the 2009 reauthorization debate. Either alternative seems like it would merit additional scrutiny. I sent an e-mail seeking clarification this morning to some of the experts at the Congressional Research Service responsible for keeping legislators informed on these issues, but haven’t yet heard back.

I’m not belaboring this because it’s inherently hugely significant whether the government has used this authority 265 times or 380. Ideally, in the coming months we’ll see a substantial narrowing of National Security Letter authority, which would predictably lead to a large increase in the number of 215 orders issued. And that would be entirely proper, since it would mean more information being sought pursuant to a judicial order rather than FBI fiat. What I do think is significant, however, is that this reminds us how little we know—and how little the vast majority of legislators know—about the use of these powers. In contrast with criminal investigative tools, these powers are entirely covert: People whose records are swept up by the government almost never learn about it, and the recipients of the orders are subject to an effectively permanent gag on speaking about them. Rulings of the secret FISA Court interpreting the scope of these authorities are never made public. Our assurance that they have been or will continue to be used properly rests entirely on the minimal required reporting to Congress and the findings of internal audits. And yet it’s hard to pin down the facts on even this most elementary factual question about 215 orders: How many times have they been used?

Despite this, we have legislators confident enough that these expanded powers are both so necessary and so well controlled that they’re advocating making them permanent. I wish I were as confident.

Patriot Act Extension Runs Into Conservative Opposition

Reports the Los Angeles Times:

A House GOP push to permanently extend expiring provisions of the Patriot Act is running into opposition from conservative and “tea party”-inspired lawmakers wary of the law’s reach into private affairs.

Congress has made a practice of kicking the Patriot Act can down the road, but it could be that the new crop of legislators isn’t inclined to go along.

Julian Sanchez has blogged here about the complexities of this government surveillance law. His podcast on the topic, released yesterday, is titled “The Patriot Act Sneaks to Renewal.” Maybe it can’t sneak through after all…

Is a U.S. Company Assisting Egyptian Surveillance?

Boeing subsidiary Narus reports on its Web site that it “protects and manages” a number of worldwide networks, including that of Egypt Telecom. A recent IT World article entitled “Narus Develops a Scary Sleuth for Social Media” reported on a Narus product called Hone last year:

Hone will sift through millions of profiles searching for people with similar attributes — blogger profiles that share the same e-mail address, for example. It can look for statistically likely matches, by studying things like the gender, nationality, age, location, home and work addresses of people. Another component can trace the location of someone using a mobile device such as a laptop or phone.

Media advocate Tim Karr reports that “Narus provides Egypt Telecom with Deep Packet Inspection equipment (DPI), a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway.”

It’s very hard to know how Narus’s technology was used in Egypt before the country pulled the plug on its Internet connectivity, or how it’s being used now. Narus is declining comment.

So what’s to be done?

Narus and its parent, the Boeing Company, have no right to their business with the U.S. government. On our behalf, Congress is entitled to ask about Narus’s/Boeing’s assistance to the Mubarak regime in Egypt. If contractors were required to refrain from assisting authoritarian governments’ surveillance as a condition of doing business with the U.S. government, that seems like the most direct way to dissuade them from providing top-notch technology capabilities to regimes on the wrong side of history.

Of course, decades of U.S. entanglement in the Middle East have created the circumstance where an authoritarian government has been an official “friend.” Until a few weeks ago, U.S. unity with the Mubarak regime probably had our government indulging Egypt’s characterization of political opponents as “terrorists and criminals.” It shouldn’t be in retrospect that we learn how costly these entangling alliances really are.

Chris Preble made a similar point ably on the National Interest blog last week:

We should step back and consider that our close relationship with Mubarak over the years created a vicious cycle, one that inclined us to cling tighter and tighter to him as opposition to him grew. And as the relationship deepened, U.S. policy seems to have become nearly paralyzed by the fear that the building anger at Mubarak’s regime would inevitably be directed at us.

We can’t undo our past policies of cozying up to foreign autocrats (the problem extends well beyond Egypt) over the years. And we won’t make things right by simply shifting — or doubling or tripling — U.S. foreign aid to a new leader. We should instead be open to the idea that an arms-length relationship might be the best one of all.

Good News and Bad on PATRIOT Reform

Late last week, Attorney General Eric Holder sent a letter to Senate Judiciary Committee Chair Patrick Leahy (D-VT) in which he agreed to implement an array of policies designed to check abuse of USA PATRIOT Act powers. These include more thorough record keeping and more disclosures to Congress, prompt notification of telecommunications companies when gag orders have expired, and updated retention and dissemination procedures to govern the vast quantities of information obtained using National Security Letters.

In itself, this is all to the good. But civil libertarians should pause before popping the champagne corks. Last year, the fight over the reauthorization of several expiring PATRIOT provisions opened the door to the comprehensive reform that sweeping legislation sorely needs to better balance the legitimate needs of intelligence and law enforcement against the privacy and freedom of Americans. Despite serious abuses of PATRIOT powers uncovered by the Justice Department’s Office of the Inspector General, no such major changes were made. Instead, Congress opted for a shorter-term renewal that will require another reauthorization this February—in theory allowing for the question of broader reform to be revisited in the coming months.

Many of the milder reforms proposed during the last reauthorization debate now appear to have been voluntarily adopted by Holder. Unfortunately, this may make it politically easier for legislators to push ahead with a straight reauthorization that avoids locking in those reforms via binding statutory language—and entirely bypasses the vital discussion we should be having about a more comprehensive overhaul. If that happens, it will serve to confirm the thesis of Chris Mooney’s 2004 piece in Legal Affairs, which persuasively argued that “sunset” provisions, far from serving as an effective check on expansion of government power, often make radical “temporary” measures more politically palatable, only to create a kind of policy inertia that makes it highly unlikely those measures will ever be allowed to expire.

With the loss of Sen. Russ Feingold (D-WI), who whatever his other faults has been the Senate’s most vocal opponent of our metastasizing surveillance state, the prospects for placing more than cosmetic limits on the sweeping powers granted since 2001 appear to have dimmed. If there’s any cause for optimism, it’s that the recent fuss over intrusive TSA screening procedures appear to have reminded some conservatives that they used to believe in limits on government power even when that power was deployed in the name of fighting terrorism.

The Wall Street Journal’s Surveillance Fantasies

There are too few periodical venues for good short fiction these days, so I’d normally be enthusiastic about the Wall Street Journal’s decision to print works of fantasy. Unfortunately, they’ve opted to do so on their editorial page—starting with a long farrago of hypotheticals concerning the putative role of the Foreign Intelligence Surveillance Court in hindering the detection and apprehension of failed Times Square bomber Faisal Shahzad. In fairness to the editors, they acknowledge near the end of the piece that much of it is unvarnished speculation, but their flights of creative fancy extend to many claims presented as fact.

Let’s begin with the acknowledged fiction. The Journal editors wonder whether Shahzad might have been under surveillance before his botched Times Square attack, and posit that the NSA might have intercepted communications from “Waziristan Taliban talking about ‘our American brother Faisal,’ which could have been cross-referenced against Karachi flight manifests,” or “maybe Shahzad traded seemingly innocuous emails with Pakistani terrorists, and minimization precluded analysts from detecting a pattern.”  Anything is possible. But it’s a leap to make this inference merely because investigators appear to have had fairly specific knowledge about his contacts with terrorists after he had already been identified.  They would not have needed to “retroactively to reconstruct his activities from other already-gathered foreign wiretaps:” Once they had zeroed in on Shahzad, his calling patterns could have been reconstructed from phone company calling records whether or not he or his confederates were being targeted at the time the communications occurred, and indeed, those records could have been obtained by means of a National Security Letter without any oversight from the FISA Court.

This is part of a more general strategy we often see deployed by advocates of expanded surveillance powers. After the fact, one can always tell a story about how a known terrorist might have been detected by means of more unfettered spying authority, just as one can always tell a story about how any particular calamity would have been averted if the right sort of regulation were in place. Sometimes the story is even plausible. But if we look at the history of recent intelligence failures, it’s almost invariably the case that the real problem was the inability to connect the right set of data points from the flood of data already obtained, not insufficient ability to collect. The problem is that it’s easy and satisfying to call for legislation lifting the restraints on surveillance—and lifting still more when intelligence agencies fail to exhibit perfect clairvoyance—but difficult if not impossible, certainly for those of us without high-level clearances, to say anything useful about the internal process reforms that might help make better use of existing data. The pundit in me empathizes, but these just-so stories are a poor rationale for further diluting civil liberties protections.

Let’s move on to the unacknowledged fictions, of which there are many.  Perhaps most stunning is the claim that “U.S. intelligence-gathering capability has been substantially curtailed in stages over the last decade.” They mean, one supposes, that Congress ultimately imposed a patina of judicial oversight on the lawless program of warrantless wiretapping and data program authorized by the Bush administration in the aftermath of the 9/11 attacks. But the claim that somehow intelligence gathering is more constrained now than it was in 2000 just doesn’t pass the straight face test. In addition to the radical expansion of the aforementioned National Security Letter authorities, Congress approved roving wiretaps for domestic intelligence, broad FISA orders for the production of “any tangible thing,” so-called “sneak and peek” searches, looser restraints on existing FISA wiretap powers, and finally, with the FISA Amendments Act of 2008, executive power to authorize broad “programs” of surveillance without specified targets. In a handful of cases, legislators have rolled back slightly their initial grants of power or imposed some restraints on powers the executive arrogated to itself, but it is ludicrous to deny that the net trend over the decade has been toward more, rather than less, intelligence-gathering capability.

Speaking of executive arrogation of power, here’s how the Journal describes Bush’s warrantless Stellar Wind program:

Via executive order after 9/11, the Bush Administration created the covert Terrorist Surveillance Program. TSP allowed the National Security Agency to monitor the traffic and content of terrorist electronic communications overseas, unencumbered by FISA warrants even if one of the parties was in the U.S.

This is misleading.  There was no such thing as the “Terrorist Surveillance Program.”  That was a marketing term concocted after the fact to allow administration officials to narrowly discuss the components of Stellar Wind initially disclosed by the New York Times.  It allowed Alberto Gonzales to claim that there had been no serious internal dissent about the legality of “the program” by arbitrarily redefining it to exclude the parts that had caused the most controversy, such as the vast data mining effort that went far beyond suspected terrorists. It was this aspect of Stellar Wind, and not the monitoring of overseas communication, that occasioned the now-infamous confrontation at Attorney General John Ashcroft’s hospital bed described in the editorial’s subsequent paragraph. We continue:

In addition to excessive delays, the anonymous FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks. FISA was written in an analog era and meant to apply to domestic wiretaps in the context of the Cold War, not to limit what wiretaps were ever allowed.

Forgive me if I’m a broken record on this, but the persistence of the claim in that first sentence above is truly maddening.  It is false that “FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks.”  Anyone remotely familiar with the FISA law would have known it was false when it was first bandied about, and a Justice Department official confirmed that it was false two years ago. FISA has never required a warrant for foreign-to-foreign wire communications, wherever intercepted, though there was a narrower problem with some e-mail traffic.  To repeat the canard at this late date betrays either dishonesty or disqualifying ignorance of elementary facts. Further, while it’s true that a great deal of surveillance has always, by design, remained beyond the scope of FISA, it is clearly false that it was “meant to apply to domestic wiretaps” if by this we mean only “wiretaps where all parties to the communication are within the United States.” The plain text and legislative history of the law make it clear beyond any possible doubt that Congress meant to impose restraints on the acquisition of all U.S.-to-foreign wire communications, as well as radio communications targeting U.S. persons. (The legislative history further suggests that they had hoped to tighten up the restraints on radio communications, though technical considerations made it difficult to craft functional rules.) We continue:

The 2008 FISA law mandates “minimization” procedures to avoid targeting the communications of U.S. citizens or those that take place entirely within the U.S. As the NSA dragnet searches emails, mobile phone calls and the like, often it will pick up domestic information. Intelligence officials can analyze, retain and act on true smoking guns. But domestic intercepts must be effectively destroyed within 72 hours unless they indicate “a threat of death or serious bodily harm to any person” or constitute “evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.”

This means that potentially useful information must be discarded if it is too vague to obtain a traditional judicial warrant. Minimization is the FISA equivalent of a fishing license that requires throwing back catches that don’t meet the legal limit. Yet the nature of intelligence analysis is connecting small, suggestive and often scattered clues.

The kernel of truth here is that the FISA Amendments Act did impose some new constraints on the surveillance of Americans abroad. But the implication that “minimization” is some novel invention is just false. Minimization rules have always been part of FISA, and they exist precisely because the initial scope of FISA acquisition is so incredibly broad. And those minimization rules give investigators enormous latitude.  As the FISA Court itself explained in a rare published ruling:

Minimization is required only if the information “could not be” foreign intelligence. Thus, it is obvious that the standard for retention of FISA-acquired information is weighted heavily in favor of the government.

Similarly, the redaction of identifying information about U.S. persons is not required when that information is needed to properly interpret the intelligence, so the idea that analysts would have scrubbed mention of “our American brother Faisal” from an intercept of Taliban communications cannot be taken too seriously.  It’s not entirely clear what the editors are referring to when they say “domestic intercepts must be effectively destroyed within 72 hours:” Do they mean “inadvertent” intercepts of entirely domestic communications, or one-end domestic communications legitimately acquired under the FAA, or what? Either way, that’s not really consistent with what we know about FISA minimization in practice: At least as of 2005, it appears that “minimized” communications were at least sometimes retained in ultimately retrievable form, though not logged.  In any event, if I’m reading them correctly, the Journal is suggesting that NSA should be broadly sweeping up and retaining even the apparently innocent domestic communications of Americans, on the off chance that they might later prove useful? I can imagine being that consumed by terror, but I think I would be ashamed to admit it in public.  Moving on:

Meanwhile, the FISA court reported in April that the number of warrant applications fell to 1,376 in 2009, the lowest level since 2003. A change in quantity doesn’t necessarily mean a change in intelligence quality—though it might.

As it happens, I covered this in a post just the other day.  As a Justice Department official explained to the bloggers at Main Justice, the numerical decline is due to significant changes in the legal authorities that govern FISA surveillance — specifically, the enactment of the FISA Amendments Act in 2008 — and shifting operational demands, but the fluctuation in the number of applications does not in any way reflect a change in coverage.”  Finally:

These constraints are being imposed at the same time that domestic terror plots linked to, or inspired by, foreigners are increasing. Our spooks did manage to pre-empt Najibullah Zazi and his co-conspirators in a plot to bomb New York subways, but they missed Shahzad and Nidal Hasan, as well as Umar Farouk Abdulmutallab’s attempt to bring down Flight 253 on Christmas Day.

Abdulmutallab was a non-U.S. person who didn’t set foot in the country until after setting his underpants aflame; there is no reason whatever to believe that FISA restrictions would have posed an obstacle to monitoring him. As for Nidal Hasan, investigators did intercept his e-mails with radical cleric Anwar al Awlaki. While it seems clear in retrospect that the decision not to investigate further was an error in judgment, they were obviously not destroyed after the fact, since they were later quoted in various press accounts. Maybe those exchanges really did seem legitimately related to Hasan’s research at the time, or maybe investigators missed some red flags. Either way, the part of the process the Journal is wringing its hands about worked: The intercepts were retained and disseminated to the Joint Terrorism Task Force, which concluded that Hasan was “not involved in terrorist activities or terrorist planning” and, along with Army officials, declined to open an investigation. Rending already gossamer-thin minimization requirements is not going to avoid errors of that sort.

The Journal closes out their fantasy by melodramatically asking “whether FISA is in practice giving jihadists a license to kill.” But the only “license” I see here is of the “creative” variety; should they revisit the topic in the future, the editors might consider taking less of it.

FISA Applications Are Down, but Is Surveillance?

The invaluable Main Justice blog notes that we’ve just gotten our annual dribble of information from the Foreign Intelligence Surveillance Court, showing that the number of surveillance applications sought and approved by the court dropped for a second consecutive year, to their lowest  level since 2002. Applications fell to 1,376—down from 2007’s record high of 2,370.

So does that mean there’s less FISA surveillance going on? Nope—according to an anonymous source at the Justice Department, you can’t infer much from the raw numbers, especially given the passage of the FISA Amendments Act of 2008, which empowered the executive branch to authorize broad programs of surveillance with slight court oversight:

“The number of Foreign Intelligence Surveillance Act applications submitted to the Foreign Intelligence Surveillance Court decreased in 2008 and again in 2009 due to significant changes in the legal authorities that govern FISA surveillance — specifically, the enactment of the FISA Amendments Act in 2008 — and shifting operational demands, but the fluctuation in the number of applications does not in any way reflect a change in coverage,” the official said.

I note with some disappointment that the normally astute folks at Main Justice repeat the canard that the FISA Amendments Act were a response to a 2007 court ruling that “surveillance of purely foreign communications that pass through a U.S. communications node was illegal without a warrant.” Boosters of broader executive power trumpeted that line, but as we learned in 2008, the court’s limitations were really centrally about certain kinds of e-mail traffic; it has never been the case that purely foreign communications in general required a warrant if they passed through the U.S.—and indeed, nobody reading the plain text of the FISA law could possibly believe that to be the case.

In any event, as I suggested recently when last year’s criminal wiretap figures were released, this is one more reason to suspect that current reporting requirements amount to so much oversight theater—giving us the illusion that we have some understanding of the real scope of electronic surveillance, while providing (at best) a spotty and incomplete picture.

Surveillance Cameras and Civil Liberties II

In a piece at Politico today, David Rittgers raised a number of important points on the role of surveillance cameras in law enforcement, about which I blogged yesterday at Politico Arena and Cato@Liberty. To add still more to the subject, David is quite right: the cop on the beat, assuming he’s there, will be better than the camera at preventing crime. In at least two cases, however, cameras can fight crime not only ex post but ex ante as well. First, cameras monitored in real time – as private cameras often are in apartment buildings, casinos, warehouses, and elsewhere – can facilitate crime prevention by alerting monitors to suspicious activity. And second, would-be criminals who are concerned about being caught may think twice if they suspect they’re being monitored. Cameras will not deter suicide bombers, of course; nor will they deter those who are unaware they’re being monitored, as may have been the case with the incompetent bomb maker in Times Square – who seems at this writing (we await more facts) to have wanted to “get away,” all the way to Pakistan.

But to add further to the civil liberties point I made yesterday, not only are surveillance tapes usually more accurate that eyewitness accounts in identifying criminals, thereby lessening the very real problem of mistaken prosecutions and convictions, but they aid also in the equally real problem of police (and even prosecutorial) abuse. Two weeks ago David blogged about the recent University of Maryland case involving the notorious Prince George’s County police department, where a video showed police brutality that the police later falsified in their report. And surveillance tapes can work in the other direction too – to protect police from false accusations of brutality. So the civil liberties implications of surveillance cameras are many, and often not what they seem on first impression.