With impeachment headlines absorbing most attention, there is a quiet background story happening in DC where re-authorization of the USA Freedom Act is needed prior to expiration on December 15th. Techno Fog points out the bulk NSA data collection and FISA(702) surveillance programs are part of this reauthorization.
Just yesterday, November 6th, the Senate Judiciary Committee held hearings on the reauthorization. “Senators expressed their displeasure Wednesday with the Trump administration’s inability to answer questions about the National Security Agency’s collection of data records” (link). Which begs the question:
Is the current Inspector General report on FISA abuse being delayed due to the need for congress to reauthorize the very same programs the IG is about to criticize?
For context to this question, and considering the potential for some surprising revelations within the IG report on FISA, it is worth noting the Office of the Director of National Intelligence held back the the findings of FISA Judge James Boasberg that strongly criticized the FISA-702 process for a year.
The Judge Boasberg report was written in September of 2018 but not released (redacted) until last month.
There is a serious problem here…
FISA Court judges Rosemary Collyer (declassified 2017) and James Boasberg (declassified 2019) both identified issues with the NSA database being exploited for unauthorized reasons. We have a large amount of supplemental research to see through most of Collyer’s report and we are now starting the same process for Boasberg. However, an alarming possibility makes it important to outline a rough draft of what appears present.
Initially when Collyer’s report was declassified in April 2017 we were able to start assembling additional circumstantial and direct evidence. Two years of releases allowed us to see a more detailed picture.
Additional documents, direct testimony from NSA Director Mike Rogers, and later connected material from court filings, classified releases and ODNI statements made the understanding much clearer. What became visible was a process of using the NSA database for political surveillance. [SEE HERE]
With the Boasberg report we do not yet have enough supportive material to identify specific purposes. However, directly from the report itself there is a lot of information that shows a continuum of database activity that did not stop after Collyer’s warnings, and the NSA promises. It seems, the political exploitation continues; and with that in mind some recent events are much more troubling.
Boasberg notes the “about” query option that NSA Director Mike Rogers halted, technically didn’t stop. Instead operators used the “to and from” option almost identically as the “about” queries for downstream data review and extraction. The FISA Appellate Court appointed amici curiae to review Boasberg’s opinion and reconcile counter claims by the FBI. Boasberg was never satisfied despite the FISC-R amicus assurances. His opinion reflects valid judicial cynicism within his reluctant re-authorization.
One of the weird aspects to both Collyer and Boasberg is that both FISC judges did not ever seek to ask the “why” question: why are all these unauthorized database searches taking place? Instead, both judges focus on process issues and technical procedural questions, seemingly from a position that all unauthorized searches were done without malicious intent.
Accepting that neither judge had the purpose of benefit to overlay any other information upon their FISA review, their lack of curiosity is not necessarily a flaw but rather a feature of a very compartmentalized problem.
Boasberg and Collyer are only looking at one set of data-points all centered around FISA(702) search queries. Additionally, the scale of overall annual database searches outlined by Boasberg extends well over three million queries by the FBI and thousands of anonymous users; and the oversight only covers a sub-set of around ten percent.
As a result of the number of users with database access; and as Boasberg notes in his declassified opinion there is no consistent application of audit-trails or audit-logs; and worse yet, users don’t have to explain “why”, so there’s no FISC digging into “why”; the process is a bureaucratic FUBAR from a compliance standpoint; perhaps that’s by design.