The Privacy and Civil Liberties Oversight Board had more than 100 facts declassified, board chairman David Medine boasted at a press conference, for its report on NSA’s Internet surveillance program and how it uses Section 702 of the FISA Amendments Act. In general, the report — produced by a five-person panel picked by the president — found the Section 702 program was important and narrowly legal, while it raised several concerns about issues that affect Americans’ privacy under it.
Medine did not say what those newly declassified facts included, but there are a number of footnotes that refer to and describe still-redacted parts of at least one previously released report. In addition, in recent days, the government released a transparency report admitting that the government collected 89,138 targets under the Section 702 program, and released a report to Sen. Ron Wyden providing the numbers of “back door searches” various agencies conducted last year — or in the case of the FBI, that it conducts a substantial amount but doesn’t count them. In addition, PCLOB relies heavily on a report written by NSA’s privacy officer that purported to provide new information; even when NSA released the report in April, however, that report stopped short of reporting all the known details about the 702 program and as such read like a press release.
So there have been new details released, and the PCLOB report does provide the kind of initial description of the program the government should have released over a year ago.
But the report still gets corrupted by the government’s Kafkaesque secrecy over a massive program about which they should be more open.
Consider just the example of the NSA targeting procedures that are the first line of protection for Americans’ privacy. Those are the rules designed to ensure that NSA makes a real effort to ensure it only targets foreigners overseas. PCLOB insists that the notion ”that the agency employs a ’51% test’” is “not accurate” and points, in part, to the NSA’s targeting procedures as proof. But elsewhere, it claims “NSA’s targeting procedures … have not been released to the public.”
Sure, the government hasn’t released the targeting procedures. But Edward Snowden did – at least the ones in place in 2009. Those procedures have long been a source of concern about NSA’s targeting process (indeed, even on the issue of training, which is what PCLOB addressed in claiming they weren’t public, the targeting procedures raise concerns about the adequacy of the training). Perhaps the government has vastly improved the targeting procedures since 2009, but if they have, they should say so. If they haven’t, then previously expressed concerns based on those procedures remain unanswered because PCLOB has been limited by the government’s desire to pretend nothing Snowden released has been released. Given that there’s a copy in the public, there’s really little excuse for the government to hide the most current procedures (except, perhaps, to make court challenges to the program more difficult).
Ultimately, then, this report relies primarily on relatively few documents: one 2011 FISC opinion and follow-ups (including NSA’s minimization procedures), the NSA privacy officer report, and a Semiannual Compliance report (and PCLOB’s description of redacted sections that we still can’t see) covering 2012.
Compare that to what PCLOB — and public observers — had to draw on in advance of its report on Section 215, which authorizes the phone dragnet. By that point, the government had released the primary orders covering about six of the eight years the program operated; the descriptions to the court and Congress of the violations PCLOB described; multiple training programs NSA personnel used on the program. In some areas — particularly with respect to the “corporate store” of predominantly innocent Americans whose phone records get sucked up into NSA’s analytical maw — PCLOB’s analysis on the earlier report really fleshed out concerns raised in the public debate. Here, PCLOB speaks from the same position — trust us — as the government, limiting real public discussion on this program.
That’s especially true in one area where PCLOB inexplicably remained entirely silent. PCLOB noted in its report that, because Congress limited its mandate to counterterrorism programs, it focused primarily on those uses of Section 702. That meant a number of PCLOB’s discussions — particularly regarding “incidental collections” of Americans sucked up under Section 702 — minimized the degree to which Americans who corresponded with completely innocent foreigners could be in a government database. That said, PCLOB did admit there were other uses, and it discussed the government’s use of Section 702 to pursue weapons proliferators.
Yet PCLOB remained silent about a use of Section 702 that both Director of National Intelligence James Clapper’s office, in its very first information sheet on Section 702 released in June 2013, and multiple government witnesses at PCLOB’s own hearing on this topic in March, discussed: cybersecurity. Not only should that have been discussed because Congress is preparing to debate cybersecurity legislation that would be modeled on Section 702. But the use of Section 702 for cybersecurity presents a number of unique, and potentially more significant, privacy concerns.
And PCLOB just dodged that issue entirely, even though Section 702′s use for cybersecurity is unclassified.
All those silences are due largely or entirely to the government’s own neuroses about information that is already public.
But there is one silence that PCLOB bears complete responsibility for, and it significantly discredits the report. PCLOB claims that both Americans and non-Americans will be protected by a requirement the government tell criminal defendants if it uses Section 702-derived information against them. In fact, the government never complied with this requirement until last year, simply ignoring that requirement of the law for five years. Worse still, when ACLU tried to challenge Section 702, DOJ falsely told the Supreme Court it had been complying with that requirement; it still hasn’t corrected that false claim. And even while the government has started giving a few defendants the required notice, it has not given notice to all known defendants caught using Section 702. In fact, the two people named in its report (and one named in their earlier report) as having been identified using Section 702 never got such notice.
It is public — and unclassified — that the government has not complied with a crucial aspect of the law. Not only did PCLOB not consider that non-compliance in its assessment of the program’s legality and constitutionality. But it claimed it had found no instance of deliberate non-compliance.
I guess it chose to ignore that glaring one.
PCLOB’s report has a lot of useful new information showing the NSA is exercising due diligence but FBI may not be. Its recommendations, if adopted, would provide some key new privacy protections. But unlike its previous report, it fails to engage what should be a public debate on this issue — largely, though not entirely, because it remains silenced by the government.