Pages

Thursday, October 31, 2013

NSA Used FBI Abuses To Justify Metadata Collection

from the another-bad-argument,-'bolstered'-by-worse-tactics dept

James Clapper's office has released another batch of documents in a grudging nod to the transparency forced on it by the ACLU's FOIA requests (and subsequent lawsuit). Mike covered one yesterday that detailed the NSA's collection of location data, something it had previously assured legislators hadn't actually happened. Well, it did happen but the agency excused it as a "test," something it felt the FISA bulk records orders allowed it to do. Tellingly, it informed officials after the fact, rather than seeking explicit approval beforehand.

Beyond that, these documents are rather light on details. If I were in Clapper's position, these are the sorts of documents I'd release -- ones that nod toward openness but provide as little information as possible. Most of what's been released is memos issued to intelligence committees stating that the NSA has fixed its problems (the end-to-end reviews) and is behaving itself. The memos also indicate that the NSA has a very bad habit of doing things first and seeking permission or forgiveness later -- "playing to the edges of the box," as it were.

That's not to say there's nothing useful, informative or revealing in this release, but what is there is very limited, and a handful of the memos are redundant. All in all, it's a very safe document release.

One of the more interesting bits appears in a joint statement issued in October, 2009 by the National Counterterrorism Center and the NSA in support of the PATRIOT Act reauthorization.

While defending the Section 215 collections, the following points are listed as evidence of the program's worthiness.
FBI representatives have indicated to NSA that the telephone contact reporting has provided leads and linkages to individuals in the United States with potential ties to terrorism who may not have otherwise been known to or identified by the FBI. In Calendar Year 2008, telephone numbers tipped from the NSA business records results either added value or led to:
  • the opening of over 240 Threat Assessments
  • the opening of over 100 Preliminary Investigations
  • the opening of approximately 15 Full Investigations
  • 180 National Security Letters issued.
That both the NSA and FBI actually believe "threat assessments" and NSLs hold any worth indicates there's been a little too much Kool-Aid in the interdepartmental water cooler, to say nothing about the fact that 100 "preliminary investigations" resulted in only 15 "full investigations."

The ACLU's rundown of the FBI's abuse of its powers had this to say about the uselessness of "threat assessments."
In 2008, the US Attorney General granted the FBI permission to utilize investigations called "assessments" which required no predicate and granted the agency power to conduct these as though they were actual investigations and use all the tools normally available. The FBI was only too happy to take the AG up on his offer.

In a two-year period from 2009 to 2011, the FBI opened over 82,000 “assessments” of individuals or organizations, less than 3,500 of which discovered information justifying further investigation.
To credit the NSA with "tipping" leads that resulted in "assessments" is hardly an indicator of the program's usefulness. The FBI's enthusiasm for exploiting this "tool" is well documented. Handing the FBI a few random pages from the nearest phonebook would likely have resulted in the same number of "assessments" over that same time period.

The FBI has a fondness for National Security Letters as well. These allow agents to bypass legal safeguards when seeking info -- little things like warrants, subpoenas and court orders. The FBI's abuse of NSLs is also well-documented.
A 2007 Inspector General audit revealed that from 2003 through 2005 the FBI issued over 140,000 National Security Letters —secret demands for certain account information from telecommunications companies, financial institutions, and credit agencies that require no judicial approval — almost half of which targeted Americans.

The FBI's abuse of the NSLs goes even further than the fact that the agency nearly continuously wrote itself blank surveillance checks for three straight years. The ACLU notes that the agency so thoroughly abused the program that it truly had no idea how many letters had been issued. An audit of the program also found that 60% of the audited files had no supporting documentation and that 22% contained at least one unreported legal violation.
And when the agency's NSL abuse came under fire, it switched to exigent circumstance letters, Post-It notes or showing up at the telco offices and reading search results over employees' shoulders.

The NSA using these horrendously abused processes as "proof" of the bulk records collection's worth is just as ridiculous as someone pointing to overflowing prisons as proof minimum sentencing standards are an effective deterrent of criminal activity.

The paper also makes the claim that having these records would have prevented the 9/11 attacks which, if nothing else, gives some idea how long that particular (bad) argument has been in play. It points to the fact that it couldn't collect domestic phone data at that point as the essential missing element, while omitting any mention of the CIA's failure to put Khalid al-Mihdhar on a watch list, which allowed him to return to the US unnoticed after he fell off the agency's radar during a visit to the Middle East.

In all likelihood, this "essential element" would have been just another dot for the NSA to connect. Whether or not it would have made the connection in time to prevent the attack is open to speculation. NSA heads and its defenders believe it would have, but there's been no evidence produced so far that would indicate the 215 programs do anything more than create another set of dots.

The key element would have been preventing al-Mihdhar from boarding that plane on 9/11. If the CIA had placed him on a watch list after it lost track of him, this could very well have been prevented as any attempts to travel would have triggered a response from security and intelligence agencies.

Finally, there's this bizarre redaction, which directly follows discussion of the tracking and arrest of a suspected al-Qaeda member.


Given the context, this missing word can't be anything other than al-Qaeda ("continues their aspirations and attempts to achieve another spectacular attack in the United States..."). There's that over-classification and opacity at work again, redacting a word that can be inferred by context and which would come as no surprise to any al-Qaeda members who might be viewing the DNI's recently released documents.http://www.techdirt.com/articles/20131030/08215225065/nsa-used-fbi-abuses-to-justify-metadata-collection.shtml

No comments:

Post a Comment