Tag: surveillance

Good News and Bad on PATRIOT Reform

Late last week, Attorney General Eric Holder sent a letter to Senate Judiciary Committee Chair Patrick Leahy (D-VT) in which he agreed to implement an array of policies designed to check abuse of USA PATRIOT Act powers. These include more thorough record keeping and more disclosures to Congress, prompt notification of telecommunications companies when gag orders have expired, and updated retention and dissemination procedures to govern the vast quantities of information obtained using National Security Letters.

In itself, this is all to the good. But civil libertarians should pause before popping the champagne corks. Last year, the fight over the reauthorization of several expiring PATRIOT provisions opened the door to the comprehensive reform that sweeping legislation sorely needs to better balance the legitimate needs of intelligence and law enforcement against the privacy and freedom of Americans. Despite serious abuses of PATRIOT powers uncovered by the Justice Department’s Office of the Inspector General, no such major changes were made. Instead, Congress opted for a shorter-term renewal that will require another reauthorization this February—in theory allowing for the question of broader reform to be revisited in the coming months.

Many of the milder reforms proposed during the last reauthorization debate now appear to have been voluntarily adopted by Holder. Unfortunately, this may make it politically easier for legislators to push ahead with a straight reauthorization that avoids locking in those reforms via binding statutory language—and entirely bypasses the vital discussion we should be having about a more comprehensive overhaul. If that happens, it will serve to confirm the thesis of Chris Mooney’s 2004 piece in Legal Affairs, which persuasively argued that “sunset” provisions, far from serving as an effective check on expansion of government power, often make radical “temporary” measures more politically palatable, only to create a kind of policy inertia that makes it highly unlikely those measures will ever be allowed to expire.

With the loss of Sen. Russ Feingold (D-WI), who whatever his other faults has been the Senate’s most vocal opponent of our metastasizing surveillance state, the prospects for placing more than cosmetic limits on the sweeping powers granted since 2001 appear to have dimmed. If there’s any cause for optimism, it’s that the recent fuss over intrusive TSA screening procedures appear to have reminded some conservatives that they used to believe in limits on government power even when that power was deployed in the name of fighting terrorism.

The Wall Street Journal’s Surveillance Fantasies

There are too few periodical venues for good short fiction these days, so I’d normally be enthusiastic about the Wall Street Journal’s decision to print works of fantasy. Unfortunately, they’ve opted to do so on their editorial page—starting with a long farrago of hypotheticals concerning the putative role of the Foreign Intelligence Surveillance Court in hindering the detection and apprehension of failed Times Square bomber Faisal Shahzad. In fairness to the editors, they acknowledge near the end of the piece that much of it is unvarnished speculation, but their flights of creative fancy extend to many claims presented as fact.

Let’s begin with the acknowledged fiction. The Journal editors wonder whether Shahzad might have been under surveillance before his botched Times Square attack, and posit that the NSA might have intercepted communications from “Waziristan Taliban talking about ‘our American brother Faisal,’ which could have been cross-referenced against Karachi flight manifests,” or “maybe Shahzad traded seemingly innocuous emails with Pakistani terrorists, and minimization precluded analysts from detecting a pattern.”  Anything is possible. But it’s a leap to make this inference merely because investigators appear to have had fairly specific knowledge about his contacts with terrorists after he had already been identified.  They would not have needed to “retroactively to reconstruct his activities from other already-gathered foreign wiretaps:” Once they had zeroed in on Shahzad, his calling patterns could have been reconstructed from phone company calling records whether or not he or his confederates were being targeted at the time the communications occurred, and indeed, those records could have been obtained by means of a National Security Letter without any oversight from the FISA Court.

This is part of a more general strategy we often see deployed by advocates of expanded surveillance powers. After the fact, one can always tell a story about how a known terrorist might have been detected by means of more unfettered spying authority, just as one can always tell a story about how any particular calamity would have been averted if the right sort of regulation were in place. Sometimes the story is even plausible. But if we look at the history of recent intelligence failures, it’s almost invariably the case that the real problem was the inability to connect the right set of data points from the flood of data already obtained, not insufficient ability to collect. The problem is that it’s easy and satisfying to call for legislation lifting the restraints on surveillance—and lifting still more when intelligence agencies fail to exhibit perfect clairvoyance—but difficult if not impossible, certainly for those of us without high-level clearances, to say anything useful about the internal process reforms that might help make better use of existing data. The pundit in me empathizes, but these just-so stories are a poor rationale for further diluting civil liberties protections.

Let’s move on to the unacknowledged fictions, of which there are many.  Perhaps most stunning is the claim that “U.S. intelligence-gathering capability has been substantially curtailed in stages over the last decade.” They mean, one supposes, that Congress ultimately imposed a patina of judicial oversight on the lawless program of warrantless wiretapping and data program authorized by the Bush administration in the aftermath of the 9/11 attacks. But the claim that somehow intelligence gathering is more constrained now than it was in 2000 just doesn’t pass the straight face test. In addition to the radical expansion of the aforementioned National Security Letter authorities, Congress approved roving wiretaps for domestic intelligence, broad FISA orders for the production of “any tangible thing,” so-called “sneak and peek” searches, looser restraints on existing FISA wiretap powers, and finally, with the FISA Amendments Act of 2008, executive power to authorize broad “programs” of surveillance without specified targets. In a handful of cases, legislators have rolled back slightly their initial grants of power or imposed some restraints on powers the executive arrogated to itself, but it is ludicrous to deny that the net trend over the decade has been toward more, rather than less, intelligence-gathering capability.

Speaking of executive arrogation of power, here’s how the Journal describes Bush’s warrantless Stellar Wind program:

Via executive order after 9/11, the Bush Administration created the covert Terrorist Surveillance Program. TSP allowed the National Security Agency to monitor the traffic and content of terrorist electronic communications overseas, unencumbered by FISA warrants even if one of the parties was in the U.S.

This is misleading.  There was no such thing as the “Terrorist Surveillance Program.”  That was a marketing term concocted after the fact to allow administration officials to narrowly discuss the components of Stellar Wind initially disclosed by the New York Times.  It allowed Alberto Gonzales to claim that there had been no serious internal dissent about the legality of “the program” by arbitrarily redefining it to exclude the parts that had caused the most controversy, such as the vast data mining effort that went far beyond suspected terrorists. It was this aspect of Stellar Wind, and not the monitoring of overseas communication, that occasioned the now-infamous confrontation at Attorney General John Ashcroft’s hospital bed described in the editorial’s subsequent paragraph. We continue:

In addition to excessive delays, the anonymous FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks. FISA was written in an analog era and meant to apply to domestic wiretaps in the context of the Cold War, not to limit what wiretaps were ever allowed.

Forgive me if I’m a broken record on this, but the persistence of the claim in that first sentence above is truly maddening.  It is false that “FISA judges demanded warrants even for foreign-to-foreign calls that were routed through U.S. switching networks.”  Anyone remotely familiar with the FISA law would have known it was false when it was first bandied about, and a Justice Department official confirmed that it was false two years ago. FISA has never required a warrant for foreign-to-foreign wire communications, wherever intercepted, though there was a narrower problem with some e-mail traffic.  To repeat the canard at this late date betrays either dishonesty or disqualifying ignorance of elementary facts. Further, while it’s true that a great deal of surveillance has always, by design, remained beyond the scope of FISA, it is clearly false that it was “meant to apply to domestic wiretaps” if by this we mean only “wiretaps where all parties to the communication are within the United States.” The plain text and legislative history of the law make it clear beyond any possible doubt that Congress meant to impose restraints on the acquisition of all U.S.-to-foreign wire communications, as well as radio communications targeting U.S. persons. (The legislative history further suggests that they had hoped to tighten up the restraints on radio communications, though technical considerations made it difficult to craft functional rules.) We continue:

The 2008 FISA law mandates “minimization” procedures to avoid targeting the communications of U.S. citizens or those that take place entirely within the U.S. As the NSA dragnet searches emails, mobile phone calls and the like, often it will pick up domestic information. Intelligence officials can analyze, retain and act on true smoking guns. But domestic intercepts must be effectively destroyed within 72 hours unless they indicate “a threat of death or serious bodily harm to any person” or constitute “evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.”

This means that potentially useful information must be discarded if it is too vague to obtain a traditional judicial warrant. Minimization is the FISA equivalent of a fishing license that requires throwing back catches that don’t meet the legal limit. Yet the nature of intelligence analysis is connecting small, suggestive and often scattered clues.

The kernel of truth here is that the FISA Amendments Act did impose some new constraints on the surveillance of Americans abroad. But the implication that “minimization” is some novel invention is just false. Minimization rules have always been part of FISA, and they exist precisely because the initial scope of FISA acquisition is so incredibly broad. And those minimization rules give investigators enormous latitude.  As the FISA Court itself explained in a rare published ruling:

Minimization is required only if the information “could not be” foreign intelligence. Thus, it is obvious that the standard for retention of FISA-acquired information is weighted heavily in favor of the government.

Similarly, the redaction of identifying information about U.S. persons is not required when that information is needed to properly interpret the intelligence, so the idea that analysts would have scrubbed mention of “our American brother Faisal” from an intercept of Taliban communications cannot be taken too seriously.  It’s not entirely clear what the editors are referring to when they say “domestic intercepts must be effectively destroyed within 72 hours:” Do they mean “inadvertent” intercepts of entirely domestic communications, or one-end domestic communications legitimately acquired under the FAA, or what? Either way, that’s not really consistent with what we know about FISA minimization in practice: At least as of 2005, it appears that “minimized” communications were at least sometimes retained in ultimately retrievable form, though not logged.  In any event, if I’m reading them correctly, the Journal is suggesting that NSA should be broadly sweeping up and retaining even the apparently innocent domestic communications of Americans, on the off chance that they might later prove useful? I can imagine being that consumed by terror, but I think I would be ashamed to admit it in public.  Moving on:

Meanwhile, the FISA court reported in April that the number of warrant applications fell to 1,376 in 2009, the lowest level since 2003. A change in quantity doesn’t necessarily mean a change in intelligence quality—though it might.

As it happens, I covered this in a post just the other day.  As a Justice Department official explained to the bloggers at Main Justice, the numerical decline is due to significant changes in the legal authorities that govern FISA surveillance — specifically, the enactment of the FISA Amendments Act in 2008 — and shifting operational demands, but the fluctuation in the number of applications does not in any way reflect a change in coverage.”  Finally:

These constraints are being imposed at the same time that domestic terror plots linked to, or inspired by, foreigners are increasing. Our spooks did manage to pre-empt Najibullah Zazi and his co-conspirators in a plot to bomb New York subways, but they missed Shahzad and Nidal Hasan, as well as Umar Farouk Abdulmutallab’s attempt to bring down Flight 253 on Christmas Day.

Abdulmutallab was a non-U.S. person who didn’t set foot in the country until after setting his underpants aflame; there is no reason whatever to believe that FISA restrictions would have posed an obstacle to monitoring him. As for Nidal Hasan, investigators did intercept his e-mails with radical cleric Anwar al Awlaki. While it seems clear in retrospect that the decision not to investigate further was an error in judgment, they were obviously not destroyed after the fact, since they were later quoted in various press accounts. Maybe those exchanges really did seem legitimately related to Hasan’s research at the time, or maybe investigators missed some red flags. Either way, the part of the process the Journal is wringing its hands about worked: The intercepts were retained and disseminated to the Joint Terrorism Task Force, which concluded that Hasan was “not involved in terrorist activities or terrorist planning” and, along with Army officials, declined to open an investigation. Rending already gossamer-thin minimization requirements is not going to avoid errors of that sort.

The Journal closes out their fantasy by melodramatically asking “whether FISA is in practice giving jihadists a license to kill.” But the only “license” I see here is of the “creative” variety; should they revisit the topic in the future, the editors might consider taking less of it.

FISA Applications Are Down, but Is Surveillance?

The invaluable Main Justice blog notes that we’ve just gotten our annual dribble of information from the Foreign Intelligence Surveillance Court, showing that the number of surveillance applications sought and approved by the court dropped for a second consecutive year, to their lowest  level since 2002. Applications fell to 1,376—down from 2007’s record high of 2,370.

So does that mean there’s less FISA surveillance going on? Nope—according to an anonymous source at the Justice Department, you can’t infer much from the raw numbers, especially given the passage of the FISA Amendments Act of 2008, which empowered the executive branch to authorize broad programs of surveillance with slight court oversight:

“The number of Foreign Intelligence Surveillance Act applications submitted to the Foreign Intelligence Surveillance Court decreased in 2008 and again in 2009 due to significant changes in the legal authorities that govern FISA surveillance — specifically, the enactment of the FISA Amendments Act in 2008 — and shifting operational demands, but the fluctuation in the number of applications does not in any way reflect a change in coverage,” the official said.

I note with some disappointment that the normally astute folks at Main Justice repeat the canard that the FISA Amendments Act were a response to a 2007 court ruling that “surveillance of purely foreign communications that pass through a U.S. communications node was illegal without a warrant.” Boosters of broader executive power trumpeted that line, but as we learned in 2008, the court’s limitations were really centrally about certain kinds of e-mail traffic; it has never been the case that purely foreign communications in general required a warrant if they passed through the U.S.—and indeed, nobody reading the plain text of the FISA law could possibly believe that to be the case.

In any event, as I suggested recently when last year’s criminal wiretap figures were released, this is one more reason to suspect that current reporting requirements amount to so much oversight theater—giving us the illusion that we have some understanding of the real scope of electronic surveillance, while providing (at best) a spotty and incomplete picture.

Surveillance Cameras and Civil Liberties II

In a piece at Politico today, David Rittgers raised a number of important points on the role of surveillance cameras in law enforcement, about which I blogged yesterday at Politico Arena and Cato@Liberty. To add still more to the subject, David is quite right: the cop on the beat, assuming he’s there, will be better than the camera at preventing crime. In at least two cases, however, cameras can fight crime not only ex post but ex ante as well. First, cameras monitored in real time – as private cameras often are in apartment buildings, casinos, warehouses, and elsewhere – can facilitate crime prevention by alerting monitors to suspicious activity. And second, would-be criminals who are concerned about being caught may think twice if they suspect they’re being monitored. Cameras will not deter suicide bombers, of course; nor will they deter those who are unaware they’re being monitored, as may have been the case with the incompetent bomb maker in Times Square – who seems at this writing (we await more facts) to have wanted to “get away,” all the way to Pakistan.

But to add further to the civil liberties point I made yesterday, not only are surveillance tapes usually more accurate that eyewitness accounts in identifying criminals, thereby lessening the very real problem of mistaken prosecutions and convictions, but they aid also in the equally real problem of police (and even prosecutorial) abuse. Two weeks ago David blogged about the recent University of Maryland case involving the notorious Prince George’s County police department, where a video showed police brutality that the police later falsified in their report. And surveillance tapes can work in the other direction too – to protect police from false accusations of brutality. So the civil liberties implications of surveillance cameras are many, and often not what they seem on first impression.

School Laptop Spycams Took 56,000 Pictures

Last week, I wrote that we’d learned that the Lower Merion School District may have gathered many more photos of more students than had previously been revealed. Now, the Philadelphia Inquirer has put a number on it: A security program installed on laptops assigned to students captured 56,000 images over the course of two years, including screenshots (showing programs in use and private messages being sent) and surreptitious webcam photos of students at home.

Many of these images, it should be noted at the outset, do appear to have come from laptops that really had been stolen. Almost two-thirds of the total came from six laptops that had been stolen from a high school gym, and which kept transmitting for  almost six months, though even there it’s a close question whether a warrant should have been obtained. (Why it took six months to recover the laptops with an active security program running is a good question for another time.) But many of those pictures seem much harder to justify:

[I]n at least five instances, school employees let the Web cams keep clicking for days or weeks after students found their missing laptops, according to the review. Those computers - programmed to snap a photo and capture a screen shot every 15 minutes when the machine was on - fired nearly 13,000 images back to the school district servers.

Emphasis added. The district also says it only once activated the tracking program because a student had not paid the $55 insurance fee required before taking a laptop home. Blake Robbins, the student whose lawsuit brought the story to national attention, says that one case was his.  That raises obvious questions about whether school officials might have exercised their discretion to activate the tracking program more readily in the case of particular students. The activation procedure itself hardly imbues one with great confidence: Apparently 10 school officials had the authority to request laptop tracking, which they might do with a simple informal e-mail.

Just turn this over in your head for a moment. You’ve got ten different administrators—and in practice, the network techs themselves—able to turn a child’s home laptop into a remote surveillance camera just by sending an e-mail reporting that a laptop is missing, or that a fee didn’t get paid on time. The laptop can take thousands of photos over the course of days or weeks, with neither parents nor students any the wiser until a scandal forces closer scrutiny. If Robbins hadn’t been confronted, or if administrators had made a point of deleting these pictures of children at home rather than keeping them lying around in storage indefinitely, there’s no reason to think anyone would ever have known.  How many tens of thousands of parents have kids in one-to-one school laptop programs now? What don’t they know?

The Latest ‘Intelligence Gap’

Stop me if you think you’ve heard this one before. The Washington Post reports that the National Security Agency has halted domestic collection of some type of communications metadata—the details are predictably fuzzy, though I’ve got a guess—in order to allay the concerns of the secret FISA Court that the NSA’s activity might not be technically permissible under the Foreign Intelligence Surveillance Act. Naturally, there’s the requisite quote from the anonymous concerned intel official:

“This is a basic tool we used to have, and it’s now gone,” said one intelligence official familiar with the impasse. “Every day, every week that goes by, there’s just one more week of information that we’re not collecting. You sit there and say, ‘This is unbelievable that we have this gap.’”

I want to take claims like these with due gravity, but I can’t anymore.  Because we’ve heard them again and again over the past decade, and they’ve proven to be bogus every time.  We were told that the civil liberties restrictions built into pre-9/11 surveillance law kept the FBI from searching “20th hijacker” Zacarias Moussaoui’s laptop—but a bipartisan Senate panel found it wasn’t true. We were told limits on National Security Letters were FBI delaying agents seeking vital records in their investigations—but the delay turned out to have been manufactured by the FBI itself. Most recently, we were warned that the FISA Court had somehow imposed a requirement that a warrant be obtained in order to intercept purely foreign telephone calls that were traveling through U.S. wires.  Anyone who understood the FISA law realized that this couldn’t possibly be right—and as Justice Department officials finally admitted under pressure, that wasn’t true either.  But this time there’s a really real for serious “intelligence gap” and we’ll all be blown up by scary terrorists any minute if it’s not fixed?  Pull the other one.

That said, Republicans are claiming the problem requires a mere “technical fix” to FISA, so we should at least be able to get a rough sense of what the issue is, if Congress actually decides to act.  Democrats, by contrast, appear to think NSA can “address the court’s concerns without resorting to legislation.” The word “resort” here seems depressingly apt: They’ll ask for a legislative tweak if there’s absolutely no way to shoehorn what they want to do into the statute through clever lawyering in an ex parte proceeding in front of a highly deferential court, but it’s a last resort.

As for what the problem might be, I can think of a couple of possibilities off the top of my head.  A few years back, the FISA pen register provision was amended to effectively build into the legal order for a standard pen register, which records data about calls or e-mails made and received, language mirroring a legal demand for subscriber records known as a 2703(d) order in the criminal context.  Law enforcement routinely uses that combination of a 2703(d) plus a pen register to get location tracking information for cell phones. But the evidentiary standard for getting a 2703(d) order is (very) slightly higher than the standard for a pen register alone, and federal law prohibits the use of a pen register alone to gather location data. So there might be a question about whether FISA pen registers alone can be used for cell phone location tracking purposes.

Alternatively, given that Internet communications aren’t just “metadata” and “content” but rather a whole series of layers containing different types of information, there could be a question about just how far down “metadata” goes. This might be especially tricky for protocols where quite a lot of information about the content of the communication—which is supposed to require a full probable cause warrant—can be gleaned from sophisticated analysis of the size and timing of packets in the stream.

These are, of course, blind guesses.  What’s disturbing is how much blind guessing the FISA court itself may be doing.  The new hiatus, the Post tells us via an anonymous source, came about when the FISA Court “got a little bit more of an understanding”of what the NSA was up to. Their enhanced understanding concerns data that NSA has been getting with the court’s approval for “several years,” according to the Post. And there you have the real “intelligence gap” in modern surveillance: We have a Court going through a pantomime of oversight over thousands of highly technologically sophisticated interception programs, but it may take a few years for them to really understand what they’ve been signing off on.

We’ll understand still less about the rationale for any “technical fix” to FISA that Congress might approve, if they deign to go that route. But we’ll be reassured that it’s very important, necessary to keep us safe from the terrorist hordes, and nothing worth bothering our pretty heads about.

Accountability for ‘Exigent Letter’ Abuse At Last?

It is more than three years since the Office of the Inspector General first brought public attention to the FBI’s systematic misuse of the National Security Letter statutes to issue fictitious “exigent letters” and obtain telecommunications records without due process. Nobody at the Bureau has been fined, or even disciplined, for  this systematic lawbreaking and the efforts to conceal it. But the bipartisan outrage expressed at a subcommittee hearing of the House Judiciary Committee this morning hints that Congress may be running out of patience—and looking for some highly-placed heads to roll. Just to refresh, Committee Chairman John Conyers summarized the main abuses in an opening statement:

The IG found that more than 700 times, such information was obtained about more than 2,000 phone numbers by so-called“exigent letters” from FBI personnel. In some cases, the IG concluded, FBI agents sent the letters even though they believed that factual information in the letters was false. For more than 3,500 phone numbers, the call information was extracted without even a letter, but instead by e‐mail, requests on a post‐it note, or “sneak peaks” of telephone company computer screens or other records…. In one case, the FBI actually obtained phone records of Washington Post and New York Times reporters and kept them in a database, leading to an IG conclusion of “serious abuse” of FBI authority and an FBI public apology.

It’s probably actually worse than that: Since these letters often requested a “community of interest” analysis for targeted numbers, the privacy of many people beyond the nominal targets may have been implicated—though it’s hard to be sure, since the IG report redacts almost all details about this CoI mapping.

And as Rep. Jerry Nadler pointed out, the IG report suggests a “clear pattern here of deliberate evasion,” rather than the innocent oversight the Bureau keeps pleading.  Both Nadler and the Republican ex-chair of the committee, Rep. James Sensenbrenner, expressed frustration at their sense that, when the FBI had failed to win legislative approval for all the powers on its wish list, it had simply ignored lawful process, seizing by fiat what Congress had refused to grant. Sensenbrenner, one of the authors of the Patriot Act, even declared that he felt “betrayed.” But we’ve heard similar rhetoric before. It was the following suggestion from Conyers (from my notes, but pretty near verbatim) that really raised an eyebrow:

There must be further investigation as to who and why and how somebody in the Federal Bureau of Investigation could invent a practice and have allowed it to have gone on for three consecutive years.  I propose and hope that this committee and its leadership will join me, because I think there may be grounds for removal of the general counsel of the FBI.

That would be Valerie Caproni, one of the hearing’s two witnesses, and an executive-level official whose dismissal would be the first hint of an administration response commensurate with the gravity of the violations that occurred. Caproni’s testimony, consistent with previous performances, was an awkward effort to simultaneously minimize the seriousness of FBI’s abuses—she is fond of saying “flawed” when le mot juste is “illegal”—and also to assure legislators that the Bureau was treating it with the utmost seriousness already. Sensenbrenner appeared unpersuaded, at one point barking in obvious irritation: “I don’t think you’re getting the message; will you get the message today?” The Republican also seemed to indirectly echo Conyers’ warning, declaring himself “not unsympathetic” to the incredulous chairman’s indictment of her office. Of course, the FBI has it’s own Office of Professional Responsibility which is supposed to be in charge of holding agents and officials accountable for malfeasance, but apparently the wheels there are still grinding along.

It’s also worth noting that Inspector General Glenn Fine, who also testified, specifically urged Congress to look into a secret memo issued in January by the Office of Legal Counsel, apparently deploying some novel legal theory to conclude that many of the call records obtained by the FBI were not covered by federal privacy statutes after all. This stood out just because my impression is that OIG usually limits itself to straight reporting and leaves it to Congress to judge what merits investigation, suggesting heightened concern about the potential scope of the ruling, despite FBI’s pledge not to avail itself of this novel legal logic without apprising its oversight committees. Alas, the details here are classified, but Caproni did at one point in her testimony conclude that “disclosure of approximately half of the records at issue was not forbidden by ECPA and/or was
connected to a clear emergency situation.”  There were 4,400 improperly obtained “records at issue” in the FBI’s internal review, of which about 150 were ultimately retained on the grounds that they would have qualified for the emergency exception in the Electronic Communications Privacy Act.  Since that tally didn’t include qualifying records for which legitimate process had nevertheless been issued at some point, the number of “real” emergencies is probably slightly higher, but that still suggests that the “half” Caproni alludes to are mostly in the “disclosure…not forbidden by ECPA” category.  Since ECPA is fairly comprehensive when it comes to telecom subscriber records—or at least, so we all thought until recently—we have to assume she means that these are the types of records the OLC opinion has removed from FISA’s protection. If those inferences are correct, and the new OLC exception covers nearly half of the call detail records FBI obtains, that would not constitute a “loophole” in federal electronic privacy law so much as its evisceration.

Of course, it’s possible that the specific nature of the exception would allay civil libertarian fears. What’s really intolerable in a democratic society is that we don’t know. Operational facts about specific investigations, and even specific investigatory techniques, are rightly classified. But an interpretation of a public statute so significant as to potentially halve its apparent protections cannot be kept secret without making a farce of the rule of law.