Constant's pations

If it's more than 30 minutes old, it's not news. It's a blog.

Monday, February 13, 2006

NSA Hearing: House Judiciary

Added: 27 Mar 2006, 11:07P EST Important diagrams showing phone company traffic to NSA prior to Sept 2001, and problems with DoJ story over NSA illegal activirty [ Click ]

Update 27 Mar 2007: To House Judiciary Staffers and visitors: Look at Question 14 of the DoJ responses [ Here: Click ]. Scroll, and notice the diagram at the link in Qusetion 14.

The Question 14 analysis shows shows the phone companies' general counsel's have likely pressed Gonzalez for changes to FISA: They knew there were problems with the AUMF-excuse, and wanted FISA changes because of legal liabilities.

Look at the analysis of the DoJ responses to the 51 questions: There are listed questions which deserve follow-up. Note the diagrams in the discussion on Question 14. The House Judiciary staff whould include similar summary tables. This will help the C-span views understand. The summary charts like this his will help show the AUM of 2001: The 2004 changes to FISA show us the AUMF is not a blanket approval for anything. Even Gonzalez knows this and behind his reason to ask for changes to FISA, three years after the the AUMF. [ Click ]

* * *


House Judiciary meeting today, 3PM.

These are notes to prepare.

Most recent update: 11:05P EST, 13 Feb

There is a larger staregy unfodling: [ Click ]

* * *


Overview



HEADLINES


  • The White House and NSA failed to ensure the program requirements, and direction to the White House's contractors met the intent of Congress in FISA.

  • House Judiciary Committee to be given non-sense technical information today at 3PM EST to distract attention from this problem.

  • Executive Summary: [ More ]



  • As we proceed, keep in mind what the White House problem is: They have no defense. Their goal at this point is to get the opposition to cave in. Here's how they are doing it: [ Click ]

    For threads: [ Click Click Click Click Click]

    For your convenience:

  • A State Proclamation Archive; Click here to read other content in the State Proclamation Archive.]

  • An NSA Hearing Archive; Click here to read other content in the NSA Hearing Archive.]

    * * *


    Last week, Gonzalez' fatal admissions before the Senate Judiciary show us two things:

    A. FISA was known, but the NSA program managers oversee development programs which did not meet FISA; and

    B. The NSA managers and contractors did not have enough time to change the software after 9-11 -- the capability already existed before 9-11.

    The problem is that the technical issues -- however described to the Congress -- are irrelevant: The legal standard is FISA, not what the NSA or DoJ say "the program did or didn't do."

    The issue for the Judiciary Committee: Why was there no confirmation within NSA that the actual program -- as planned and designed -- met the FISA requirements before money was spent? This is part of the planning process. This is what is done at a software specification review: Review the requirements, ensure they are valid, and verify the planned program will meet the program objectives. The only way to review the NSA program is to review the difference between [a] the requirements at the software specification review [SSR]; and [b] the requirements in FISA.

    However, the House Judiciary Committee is not serious about this line of inquiry. We need only look at the comments of the Chairman, and the 51 questions to see the problem: The House is focusing on irrelevant issues. [ Click ]

    NSA has a problem. Its program doesn't match FISA; it matches a set of requirements that fell well short of FISA; and NSA knew this before approving the program.

    NSA doesn't want to let Congress find out. Rather than let Congress focus on either the FISA or the technical details showing the program is illegal, NSA is using a different strategy. NSA is trying to "rename what it is doing" to make it sound legal; but this "renaming" that they are doing for the House Judiciary Committee doesn't do anything to ensure the [a] the program, and [b] the actual activities are consistent with [c] the real FISA.

    The big problem with the NSA program management and software specification review is the signing decision. Senior NSA managers agreed to spending money on program requirements not linked with lawful criteria consistent with FISA. Rather, the end product simply met the "NSA version" of what they wanted -- not the law.

    Big mistake! And the DoJ has one goal -- to distract attention from this failed planning, and assert -- without proof, but using nonsense -- that the program -- as NSA describes it -- meets what NSA says is "the legal program". However this "NSA description" isn't the same as FISA.

    A program that is "NSA authorized" isn't necessarily legal unless the actual product meets the FISA standard. NSA failed to ensure its program requirements, and direction to the Contractor met the intent of Congress.

    * * *


    Summation

    The Congress has not shown it is serious in addressing these issues. The Questions from the House Judiciary committee are meaningless.

  • A. House Judiciary note serious about oversight: Case Study 51 Questions coordinated with White House. [ Click ]

  • B. Contrast the issues raised in the following questions with the approach of the House Judiciary: [ Click ] -- Issues not getting sufficient attention; credibility of the reviews by the committee; competence of the Congressional oversight.

    Lesson: Congress is not up to the task for oversight on impeachment. States should proceed with all dues speed to debate state proclamations on impeachment, and force the House to vote in March 2006 on impeachment. [ Click ]

    Another challenge for the telecommunications industry: See: U.S. District Judge Leonie Brinkeman in re Iyman Faris, orders NSA to provide data in 60 days.

    * * *


    Detailed discussion

    Gonzalez made two fatal admissions:

    1. The date of the first updates after 9-11

    2. The number of FISA changes

    These are important to keep in mind during the House Judiciary Committee meeting today. These have two implications:

    A. Exiting software capabilities existed prior to 9-11;

    B. There should have been changes to the software, and recognized during the software specification review [SSR, or S/W SpRev]

    The required budgets and work to fully comply with the FISA was never completed. Rather, the software baseline and legal review approved the illegal program.

    The issue: Was the money allocated for this work -- that was never done to comply with FIAS -- spent on NSA-DoJ programs to prevent/obstruct/hinder Congressional knowledge of this compliance.

    It remains to be understood who knew of this misconduct, still provided misleading information to the Fee Determining Official [FDO]

    * * *


    The objective of the briefing is to get the Committee to agree that the program technical issues -- as they define them, not as what is written in FISA -- are lawful. However, FISA, not the software capability defines what is acceptable: Why was this capability approved, used, and developed, despite the changes in FISA and the Constitutional requirements?

    Warning: do not let the software and technical issues cloud reality: The standard is FISA and the Constitution, not the derivative-implied technical baseline.

    DoJ's goal is to suggest that the technology crated a new standard. During the DoJ briefing, we judge the committee will be given information that is designed to mislead, specifically following this tortured logic:

    1. The original FISA requirements were baselined

    2. Subsequent changes to FISA were incorporated, not by changes in software, but by changes in the software description.

    3. The way to refer to the program is in terms of what it technically accomplishes, not in whether it does or does not comply with FISA or the Constitution.

    As emphasis, changes to FISA did not mean that the technology and work appropriately mirrored these changes. NSA has defined the activity -- however narrowly they need to, and removed other unlawful activity from review -- so that the defined activity matches the technology and the statute. The problem is that the actual activity does not meet the FISA requirements.

    In other words, NSA used new words/program descriptions to legalize an activity that was known to violate FISA. Rather than focus on FISA or the actual technology, NSA has focused on massaging the description to fit into 'their view" of what was appropriate. This widespread practice is well known to the DoD IG and criminal investigators within DoD.

    The issue: When was the DoD and NSA IG going to brief the Congress on the disconnect between [a] FISA; [b] program language; [c] actual conduct; [d] software specification reviews; and [e] ongoing investigations into this criminal activity. They cannot explain the disconnects or the failure to provide timely information to congress.

    * * *


    During today's briefing, be prepared to ask questions:

  • A. Who signed off on the software specifications that were known to violate the law, not meet FISA requirements;

  • B. What review, if any, has DoJ made of the system per US Statute.

  • C. How much data is in the FBI I-drive related to these known problems with the technical capabilities?

    * * *


    In a broad sense the issue is comparing two hands. In the right hand we have FISA deviation and the existing standards; and in the left hand the assertions about the technology and the NSA intercept targets. These are inconsistent.

    The White House has already coordinated with the House Judiciary Committee on the 51 questions.

    Rather than respond to legal issues, the approach is to change the characterization of what is going on. They are changing requirements. There will be slips and adjustments in the technical descriptions. Notice the shift from the law to "what they are doing," as a means to change the issue from [a] whether they violated FISA; to [b] whether the technology is or is not sufficient to face the threat. This is the logic slip/path:

    A. First, they plan to assert that the technology met X-requirement;

    B. Then they argue therefore changes from that requirement, translated to technical changes; and

    C. They will ask you to accept changes in the technical requirements responded to the change in threat.

    Notice what they have shifted focus from: Article 1 section 8 which afford the Congress to define, and target that threat -- in a way that is consistent with the law; to whether the unlawful program is or is not needed. This argument fails.

    * * *


    It is clear there is a disconnect between the statute and what they are doing. NSA needs to explain how GAO was or was not appropriately informed of these changes.

    NSA and DoJ need to explain what type of testing was done on the NSA software.

    * * *


    A curious issues is given the software capabilities existed prior to 9-11:

  • Why did DoJ bother pressing for the Patriot Act, and NSA-JTTF sharing of data if they were going to [a] do it anyway; [b] violate the law regardless?

  • How many FY06/07 contracts -- that fail to meet FISA -- were approved on the assumption that the Patriot Act will be renewed? These need to be reconsidered in terms of legal reviews, appropriateness. We recommend these contract efforts be frozen until NSA and DoJ provide full explanations. Potential termination liabilities should be taken out of existing funds, not from additional appropriations.

    * * *


    In the event DoJ begins to wander in to the technical-non-sense land, ask about the NSA measurement and calibration system. These are the tests done on the NSA messages.

    The Joint Staff can provide this information. It is available from any remote location, and can be accessed easily within minutes. You will want to ask for a copy of the load file when they changed the satellite orientation. This relates to the special domestic satellite missions coordinated between NSA and the NRO.

    Anytime NSA does a system test, they send out test messages. These are available for subsequent review. It was known that the tests – and how the software was working – were not meeting FISA. Your job is to get NSA and DoJ to commit to providing the Committee the names of the NSA personnel who signed off on these periodic reviews. These are kept in files and subject to audit disclosure requirements.

    The issue: Someone in charge in NSA reviewed these tests, knew they were against US targets, realized there was no warrant; knew there was a problem [in that FISA says X; but what they were doing was Y]; but still signed off on the test messages saying, “Good to go.” There’s your evidence related to ongoing activities.

    * * *


    Now, let’s focus on the other end of the food chain: The software spec reviews during the development effort. Again, someone had to certify that the [a] planned program; [b] actual software specification – as planned; was consistent with [c] FISA.

    Self-evidently, the actual program does not comply and this was known. The issue is: What cut off mechanism was discussed – one that would automatically destroy collected data against targets that had no warrant -- ; and why was this feature not incorporated into the final design?

    FISA clearly made the feature a necessary requirement; the Congress needs to understand at what phase this feature was not included; and why despite no capability existing we are to believe that the NSA activity complies with FISA. This was a conscious decision not to fully comply with FISA.

    Bluntly, the hand waving this afternoon is designed to accomplish one objective: To hide that the system never was designed, as required to fully comply with the statutes, and this was well known.

    * * *


    There are also test plans of this effort. The issue for Congress is to gather the results of these NSA tests and reviews which confirmed the contractor test, verification, and audits were “valid with respect to the program”, but were not sufficient to meet the FISA requirement.

    The issue is twofold:

  • there is a disconnect between [a] FISA; [b] NSA program management of the contractor; and [c] the tests.

  • the test reports were never compared to FISA requirements; rather they were only compared to the program description.

    Had there been a bonafide independent review, they would have discovered the NSA test messages and program progress did not meet the FISA requirements. Congress needs NSA and DoJ to identify the specific NSA Systems Engineering and Technical Analysis [SETA] contractor which provided guidance on this test plan; and what certifications they made that the program plan, test plan, and their review of the contractor test results matched [a] FISA requirements; and [b] the program requirements. The issue is that the SETA appears to have only certified that the test reports met the program requirements, but never made a comment nor certified the program – as it was intended to operate – would or would not fully meet the FISA requirements.

    * * *


    Next comes the management review. NSA Management signed the NSA training, test, and exercise messages. This was supposed to have been done to validate that the tests complied with statute.

    Again, what appears to have happened is the management reviews only reviewed the NSA program in terms of how the NSA defined the requirements, not in the original FISA requirements. It remains to be understood how these management checklists, and periodic reviews were validated; and how the program requirements overshadowed FISA; and if there were any discussions that the program criteria was not 100% linked with all FISA requirements. It appears there were discussions on this issue. However, it appears the discussion moved away from the legal aspects, and focused solely on whether the program met or did not meet the program description. Once the program – regardless its connection to FISA – was approved, and the contractor met those program requirements, it does not appear as through there was any oversight to ensure the actual program met the statutory requirements.

    * * *


    Once FISA changed – as Gonzalez admits, they have a new set of problems. Any time the FISA changes, there would have been a trace to the software specifications. In this case, given we know the program does not meet FISA, there is no way that this trace was done; or that any program analysis was accomplished to verify that the software changes – as mandated by the FISA changes – was every accomplished as it should have been.

    Thus, going backwards in time over the defense appropriations, the issue will be for the Judiciary Committee to see whether DoJ did or did not adequately review this disconnect in terms of criminal liability or other reviews. It is our view this review never occurred as it should have been, and which should have been prompted by internal NSA discussions. It remains to be understood which specific complaints by NSA personnel and contractors to the NSA IG and or DoD criminal investigators were not appropriately reviewed and investigated.

    * * *


    In the event the House Judiciary is given any type of program milestone, or a schedule chart, this will be a chance to ask about the NSA contractor schedule.

    Specifically, the key will be to notice what efforts and reviews are linked with the FISA changes. The key will be to force DoJ to physically point on the schedule when the FISA changes were approved; then for them to point to the NSA program efforts to incorporate these changes.

    The key will be that there is no link between the FISA changes, and the planned contractor effort; and that the planned effort was insufficient to accomplish these requirements. Bluntly, there was no adequately time scheduled to incorporate these changes; and the cost estimates related to these budget requirements were not related to appropriate analogies. This is another way of saying that the basis to say that the funding requests to Congress were not linked with bonafide planned work – rather, the funding was linked to “something else.” That “something else” is what the Congress needs to explore: Why was money allocated to NSA for this type of activity, but the money was not spent to incorporate the FISA changes.

    The FISA changes are not linked with planned/appropriate work to modify the NSA software specifications; nor was there any work accomplished. Rather, the scheduled work was certified as having met the program requirements, but not the FISA requirements. Congress needs to understand why the funding was appropriated without there being a check to ensure the final work product met the FISA requirements.

    Program Schedule and FISA

  • Look for changes to FISA

  • After those FISA changes, budget and effort needs to have been assigned to review these changes, change the software, and then test and validate the results met FISA.

  • Test messages should be available for the committee confirming the changes were incorporated; and

  • Management reviews and test messages are archived in NSA.

    * * *


    It remains to be understood how much money Congress appropriated to NSA was related to one objective: To hide from Congress the problem that the program as it was designed did not meet FISA requirements.

    NSA secrecy is problematic. It remains to be understood how much NSA secrecy there exists to hide NSA efforts prior to 9-11. Again, there was insufficient time to change the software once Gonzalez confirmed that there was a “new program.” The capabilities – as they existed at the time the President ordered them in the wake of 9-11 – already existed, and these were contrary to FISA.

    In turn, because the NSA capability already existed – and was in violation of the law – it remains for DoD to explain why they bothered establishing an office of special plans. Again, if DoD was already violating the law, why go through the trouble of creating a story that pretended to provide evidence? Why not simply do what they had done in NSA: Do it anyway regardless the law? The Committee needs to understand the nature of the OSP and its relationship to the Smith Act.

    * * *


    Let’s consider the Uniform Code of Military Justice [ UCMJ ] and NSA. UCMJ is a federal statute. The issue before us is false claims to Congress, and failure of the NSA conduct to meet the statutory requirements.

    DoJ needs to show the Congress – once they received information related to these problems – their plans to locate inside NSA informants and DoJ-loyal personnel. The Committee needs to assess whether the oversight of NSA-placed informants was a bonafide investigation, or whether they were there to suppress discussion of the FISA violations. We judge there was insufficient DoJ effort to ensure the NSA operations were consistent with legal requirements; and DoJ management has failed to ensure that needed DoJ criminal investigations occurred.

    * * *


    Committee Follow-up

    NSA and DoJ need to discuss the JTTF targeting using NSA data and the relationship between investigative leads and the TSA watch lists. How was information gleaned from NSA domestic spying provided to DHS and TSA to prevent US citizens from traveling and engaging in lawful commerce:

  • Notice the entry and access gaps in the NSA data files;

  • Check the FBI I-drive on reports related to the NSA. Notice anecdotes that reports related to NSA have been rebuffed, or that Brady requirements have not been met; and

  • Review how NSA determined the NSA provided complete information to Congress related to Iraq WMD. To what extent has the NSA been unwilling to provide data related to Americans who have been rendered to Eastern Europe.

    * * *


    Conclusions: Executive Summary

    The known NSA activities violate the law. The NSA programs as planned and approved was known to have not met the FISA requirements. The NSA failed to ensure the initial program specifications – and subsequent changes to FISA – were wholly integrated into NSA programs and management reviews.

  • The NSA programs and technology do not adequately prevent violations of the law;

  • There was no sufficient NSA program feature that would properly terminate monitoring and destroy evidence once the warrant was rejected;

  • The currently used illegal features were well entrenched prior to 9-11, and it was well known in NSA that these illegal features were in use, operating, and collecting information;

  • The NSA legal reviews during the software specification reviews remain inadequate. These defects should have been known to NSA senior management and SETA; and

  • DoD criminal investigators have known about the program problems, and they have failed to adequately manage staff to mitigate this well known problem inside DoD and the NSA.

    NSA has a legal liability issue. Current case law prohibiting DEA from using technology to scan through walls has not been adequately incorporated into NSA. The same restrictions against the NSA foreseeably applied to the NSA, but have not been incorporated into their risk mitigation plans.

    Contracts

    NSA management is defective in contract requirements tracing. They show poor ability in mitigating risks, identifying requirements, organizing, and conducting subsequent test analysis to confirm the final product meets statutory requirements.

    NSA shows it has a hard time in translating indicators into credible program reviews, not simply raising doubts about their contract efforts, but about their ability to do their jobs.

    SIGINT

    Of concern is the apparent NSA’s inability to detect emerging technologies that the NSA is unable to decrypt. We judge Q2’s aggressive discussions – putting it mildly – is related to NSA’s known inability to successfully mitigate against new technologies that can [a] penetrate NSA without NSA’s knowledge; and [b] communicate without NSA interception.

    The White House needs to provide to Congress the range of known technical challenges NSA believes exists and a credible plan for NSA management to mitigate these ever-emerging SIGINT challenges.

    Litigation: Discovery

    NSA employees involved in this alleged conspiracy do not have any expectation of privacy, and all NSA-related intercepts of their work-related discussions are admissible.

    It remains to be understood what information NSA has that it has not provided to the 9-11 Commission over issues related to the NSA domestic monitoring program, and the connection between NSA and the NRO in domestic satellite operations.

    Committee Hearing: DoJ Arguments are without merit

    It is without merit for anyone in DoJ to represent to the House Judiciary Committee that the NSA technical capabilities do something that exceeds the FISA standards.

    To the contrary, the NSA has known – and should have known – that the program as it operations fails to meet the FISA requirements. There is no bonafide warrantless surveillance exception.

    There remain issues with Congressional oversight

    The fifty one questions from the House Judiciary Committee are meaningless diversions. As evidenced by the non-sense 51-questions from Congressman Sensenbrenner, the House Judiciary Committee is not serious about finding details about the NSA program.

    The States should immediately ramp up debates to prepare for an impeachment proclamation and begin organizing for a Constitutional Convention. This Congress has failed.



    Understanding the White House Strategy


    Here's a sample of how this magic show is done: Divert your attention from the FISA violations, and focus on the complexities of technology. Click. The information below will help you see through this White House ruse.

    The White House has one goal: To convince the important people in the DNC to embrace absurdity; then hopefully others will follow. Here are four examples:

    1. Get the opposition to forget history and focus on your version of events.

    The leadership in the intelligence community. It's time to call the leadership on the carpet and explain why they are being inconsistent. They have no credibility. Click;

    2. Get the opposition to support your version by getting them to emotionally link a person with a desired outcome.

    The issues over Iran: The alternative media and the opposition -- time to break ranks and call it what it is: Disinformation, irrelevant, and not a reason to switch sides and support the White House. Interesting trivia, even if true doesn't mean that all other concerns are dismissed; nor is the lack of information supporting unlawful action made wholesome. [ Click ];

    3. Confuse your opposition by introducing irrelevancies

    This blog on technology and the NSA; Just because something is confusing doesn't mean it’s relevant. Stick to your position, and compel the White House to assent to the rule of law. Let others know you have spotted their ruse. Click; and

    4. Subdue your opposition by limiting their options and support.

    This blog on the hidden conference meetings, where officials are denied access to needed information. You need to ask for help, and tell the White House to quit their non-sense. It's time for open hearings on the President's unlawful rebellion against the Constitution. Click