“John Carlin was an Assistant Attorney General – and Head of the Department of Justice’s National Security Division (NSD).
On September 27, 2016, Carlin announced his resignation. He formally left the NSD on October 15, 2016. Carlin had been named Acting Assistant Attorney General in March 2013 and was confirmed in the spring of 2014.
Carlin had previously served as chief of staff to then-FBI Director Robert S. Mueller.
Carlin announced his resignation exactly one day after he filed the Government’s proposed 2016 Section 702 certifications. His signature can be found on page 31.
(…) At the time Carlin’s sudden resignation went mostly unnoticed.
But there was more to the story.
Here is the official explanation as provided by the Office of the Director of National Intelligence:
After submitting its 2016 Certifications in September 2016, the Department of Justice and ODNI learned, in October 2016, about additional information related to previously reported compliance incidents and reported that additional information to the FISC. The NSA also self-reported the information to oversight bodies, as required by law. These compliance incidents related to the NSA’s inadvertent use of U.S. person identifiers to query NSA’s “upstream” Internet collection acquired pursuant to Section 702.
The FISA Court was more direct in a 99-page April 26, 2017 unsealed FISA Court Ruling.
On October 24, 2016, the government orally apprised the Court of significant non-compliance with the NSA’s minimization procedures involving queries of data acquired under Section 702 using U.S. person identifiers. The full scope of non-compliant querying practices had not been previously disclosed to the Court. Two days later, on the day the Court otherwise would have had to complete its review of the certifications and procedures, the government made a written submission regarding those compliance problems…and the Court held a hearing to address them.
The government reported that it was working to ascertain the cause(s) of those compliance problems and develop a remedial plan to address them. Without further information about the compliance problems and the government’s remedial efforts, the Court was not in a position to assess whether the minimization procedures would comply with the statutory standards and were consistent with the requirements of the Fourth Amendment.
But that still doesn’t begin to describe the breadth and scope of what occurred.
It wasn’t the Obama Administration that self-disclosed before the FISA Court on October 24 and 26, 2016.
It was National Security Agency Director Admiral Mike Rogers. And he deserves a medal for his efforts.
Here’s what actually happened:
On January 7, 2016, the NSA Inspector General, George Ellard, released a report on NSA Controls & FISA compliance. Starting on page ii:
Agency controls for monitoring query compliance have not been completely developed.
The Agency has no process to reliably identify queries performed using selectors associated with 704 and 705(b) targets.
The rest of the highlights are fully redacted. But more information lay within the report (pages 6-7):
We identified another [redacted] queries that were performed outside the targeting authorization periods in E.O. 12333 data, which is prohibited by the E.O. 12333 minimization procedures. We also identified queries performed using USP selectors in FAA §702 upstream data, which is prohibited by the FAA §702 minimization procedures.
Downstream collection involves the government acquiring data from the companies providing service to the user – like Google or Facebook.
However, some Section 702 collection is obtained via “upstream” collection.
In simple parlance, upstream collection means the NSA accesses the high capacity fiber optic cables that carry Internet traffic and copies all the data flowing through those cables.
The agency is then supposed to filter out any “wholly domestic” communications that are between Americans located in the U.S.
Data collected “incidentally” on U.S. Citizens is generally not destroyed. It is minimized. As we will see later, this became a problem.
Intelligence Agencies can then search the data using “To”, “From” or “About” queries on a target of Section 702 collection.
“About” queries are particularly worrisome.
They occur when the target is neither the sender nor the recipient of the collected communication – but the target’s selector, such as an email address, is being passed between two other communicants.
For more information see FISA Surveillance – Title I & III and Section 702.
“About” queries were abruptly halted by NSA Director Mike Rogers on October 20, 2016. This was formally announced by the NSA on April 28, 2017.
The events leading to this decision are described in this post.
This brings us to a table from the Inspector General’s Report.
Table 3 (page 7) shows four types of violations. The most frequent violation – 5.2% of the total – came from Section 702 upstream “About” queries.”
The Inspector General’s Report is heavily redacted – but even a casual reading indicates there were significant compliance and control issues within the NSA regarding the use of Section 702 data.
It’s unclear if NSA Director Rogers discovered the 702 violations and reported them in early 2015, or if it was the Inspector General who found them. Either way, Rogers became aware of Section 702 violations sometime in 2015.
Following NSA Inspector General Ellard’s report, Rogers implemented a tightening of internal rules at the NSA.
However, the NSA Inspector General’s report and Roger’s tightening of internal rules did not halt the Query Compliance Problems.
Outside Agencies – specifically the DOJ’s National Security Division and the FBI’s Counterintelligence Division – were still routinely violating Section 702 procedures.
In 2015, DOJ Inspector General Michael Horowitz (not to be confused with NSA IG Ellard) specifically requested oversight of the National Security Division. Deputy Attorney General Sally Yates responded with a 58-page Memorandum, that effectively told the Inspector General to go pound sand.
As noted earlier, John Carlin was the Head of the DOJ’s National Security Division and was responsible for filing the Government’s proposed 2016 Section 702 certifications.
This filing would be subject to intense criticism from the FISA Court following disclosures made by NSA Director Rogers. Significant changes to the handling of raw FISA data would result.
Bill Priestap remains the Head of the FBI’s Counterintelligence Division – appointed by FBI Director Comey in December 2015. See FBI Counterintelligence Head Bill Priestap – A Cooperating Witness.
(Republished in part with permission)