Politics and Law

The U.S. House of Representatives on Friday narrowly approved an electronic surveillance expansion without immunization for any telecommunications companies that illegally opened their networks to intelligence agencies.

The 213-197 split, with most Democrats voting in favor of the bill (PDF) and most Republicans opposing it, hardly means that the political tussle over retroactive immunity is over. It now shifts to the Senate, where Majority Leader Harry Reid, a Democrat, said he was "encouraged" to see the House vote.

But the primary obstacle remains President Bush, who has threatened a veto. The White House circulated a statement after the vote calling it a "a significant step backward in defending our country against terrorism" that was "not a serious effort to move the legislative process forward."

Another section that the Republicans dislike is this, which I'll excerpt:

ESTABLISHMENT OF COMMISSION.--There is established in the legislative branch a commission to be known as the "Commission on Warrantless Electronic Surveillance Activities"

The Commission shall ascertain, evaluate, and report upon the facts and circumstances relating to electronic surveillance activities conducted without a warrant between September 11, 2001 and January 17, 2007 (and shall) evaluate the lawfulness of such activities

Especially because the commission would be organized under the legislative branch, and would have subpoena power with the authority to enforce its subpoenas in court, it could result in some embarrassing disclosures about the National Security Agency's surveillance program.

Friday's vote also signals that the political climate has changed since last August, when Republicans outmaneuvered their opponents into voting for surveillance legislation with scant debate or hearings. Democrats acquiesced for fear of being perceived as soft on terror, with House Speaker Nancy Pelosi saying the bill did violence to the U.S. Constitution.

But now, with Hillary Clinton and Barack Obama both opposing retroactive immunity, with a new Justice Department report critical of FBI surveillance abuses, and with a stronger public perception of the Bush administration as having gone too far, the Democrats are more willing to fight back. Nineteen Democrats released a statement this week saying that they've seen classified documents and no immunity was necessary; an unusual closed session on Thursday was intended to make the same point.

Before the vote, House Intelligence Committee Chairman Sylvestre Reyes (D-Texas), said the measure gives telephone companies the ability to present otherwise-classified evidence, one-on-one with a judge, that could show they deserve such immunity. "If they did nothing wrong, as they have said, then they will be immune from any lawsuit," he said before the vote.

The debate before the vote was contentious, with more hoots and catcalls than usual. The lack of retroactive legal immunity for telephone companies also drew accusations from several Republicans that Democrats were handing out favors to lawyers who would ostensibly profit from the court proceedings moving forward. The bill is "nothing more than an earmark for the trial bar," charged Rep. Marsha Blackburn (R-Tenn.)

Republicans also assailed the Democratic leadership for failing to permit an up-or-down vote on the Senate version. They attempted, but failed to push through, a procedural move that would have allowed the House to consider the Senate version of the bill automatically if the House version didn't pass.

Republican leader John Boehner accused Democrats of failing to bring up the Senate bill "because it would pass."

Democrats repeatedly accused the Republicans and the Bush administration of engaging in a smear campaign designed to undermine their bill's passage. "The president has said our legislation will not make Americans safe," House Speaker Nancy Pelosi said. "The president is wrong, and I think he knows it."

Some pointed out that telephone companies and other corporations who open their networks lawfully to the government already have "immunity" under law. Rep. Zoe Lofgren (D-Calif.) read from that passage of existing law and then proclaimed, "I think the administration is more concerned about their liability than the phone companies."

News.com's Anne Broache contributed to this report.

This is an actual, completely redacted page from the inspector general's report on Section 215.

The FBI has wielded the Patriot Act's extraordinary surveillance powers to unlawfully collect information about American citizens and has resisted some efforts to impose additional privacy safeguards, according to the U.S. Department of Justice's inspector general.

Inspector General Glenn Fine, in a pair of reports released on Thursday reviewing the 2006 calendar year, acknowledged the FBI's top management has been receptive to the points he raised in his first report a year earlier. But he indicated that there was nevertheless resistance to increased oversight and better record-keeping, which would help to prevent further abuses.

The longer of the two reports (PDF) dealt with national security letters, or secret FBI requests -- done without court oversight or approval -- for administrative information that communication providers, credit agencies, or banks might store. The second report (PDF) discusses broader "Section 215" requests for information that can be sent to any individual or company under the Foreign Intelligence Surveillance Act; these, however, must be approved by a judge. (The second report was heavily redacted, with some key pages blacked out.)

Some highlights:

* The FBI tried to whitewash illegal uses of Patriot Act surveillance authority that was intended to be used against terrorists and spies but ended up being used against Americans. FBI officials characterized these unlawful acts as "administrative errors," which Fine said "diminishes their seriousness and fosters a perception that compliance with FBI policies... is annoying paperwork."

* An FBI working group created by the attorney general recommended against the privacy-protective step of "tagging" information obtained through national security letters on grounds it would place "an undue burden on the operation" of the bureau.

* The same working group downplayed the severity of the FBI's surveillance abuses, saying agents have a highly regulated system for approving national security letters and for identifying violations. Fine's response: "Contrary to the NSL Working Group's conclusions, we do not believe that existing controls are a sufficient basis on which to rely in evaluating the need for additional privacy protections."

* The Justice Department inaccurately reported the number of national security letters. Eleven of the letters sought billing records on a total of 3,860 phone numbers -- a whopping amount. That figure was not disclosed to Congress.

* Even though national security letters are not supposed to be used to obtain the contents of communications -- they only can obtain billing records and so on -- some e-mail providers handed over full message bodies or Subject: lines anyway. In these cases, however, the FBI's general counsel directed that the records be sealed and a second request sent.

* No information from a Section 215 order was actually used in a criminal proceeding in 2006. In addition, "the evidence showed no instance where the information obtained from a Section 215 order... resulted in a major investigative development." Nevertheless, Director of National Intelligence Mike McConnell responded by calling them "an invaluable tool."

* Companies served with Section 215 orders in two known instances in 2006, either by accident or because they're overeager, turned over more information than they're authorized to divulge. In one case, a company handed over data "that was not requested in the Section 215 application or authorized by the FISA court."

* In those cases, the FBI's adherence to the law is spotty. A situation involved the FBI receiving information about a U.S. person for two months after the surveillance order expired -- without objecting. In fact, the FBI argued that the information should be treated as an "voluntary production." Fine's report: "We disagree and believe that the production of these additional records should not be considered as voluntary..."

* The FISA court twice rejected the FBI's request for Section 215 orders because the police were investigating lawful conduct protected by the First Amendment. But after the FBI was rejected, it sent national security letters instead. Fine said the FBI should have re-evaluated the investigation instead.

The Justice Department said in a statement: "The Inspector General correctly emphasizes the need for sustained oversight of the FBI's use of NSLs and concludes that the senior leadership of the Justice Department and the FBI are committed to addressing these issues and continue to devote significant energy, time, and resources to this effort."

What does all this mean? For starters, it puts the FBI and the Bush administration slightly on the defensive; it's not convenient to have intelligence-related abuses and overzealous conduct by e-mail providers in the news at the same time you're calling for retroactive immunity for them and other companies.

Democratic Sen. Patrick Leahy of Vermont said in response: "The FBI mirrors the rest of the Bush administration in seeking to avoid accountability by providing itself blanket authority. When the Senate returns after the March recess, I intend to follow up with another oversight hearing. Legislative action may be necessary to correct these abuses."

I wrote earlier this week of the politics of wiretapping and eavesdropping, which are playing out in a new Democrat-backed bill that does not immunize telecommunications providers from lawsuits saying they opened their networks to the National Security Agency in violation of privacy laws. Republicans oppose it.

The Senate has already approved retroactive immunity by a 68-29 margin. A few weeks ago, if an up-or-down House of Representatives vote on retroactive immunity had been held, it probably would have passed. Now, with Thursday's pair of reports and other recent disclosures, it may be significantly less likely.

Rebuffing a series of incendiary statements from President Bush, House Democrats left town for a week without granting telecommunications firms immunity from violating federal privacy laws.

In a speech on Thursday, Bush accused Democrats of endangering "the lives of countless Americans" by not enacting the legislation he and fellow Republicans had proposed, which includes retroactive immunity for telecommunications companies that illegally opened their networks to the National Security Agency.

The White House subsequently circulated a statement saying: "This risks creating new intelligence gaps, which damages our national security and makes no sense if the first priority is making sure our citizens are safe."

There is a sharp political irony here. The irony is that nearly all House Democrats actually had voted a day earlier to extend the controversial wiretapping law for three weeks--but that bill didn't include telecom immunity.

That wasn't good enough for Republicans, who wanted both the extension and retroactive immunity. Bush even threatened a veto of a bill without retroactive immunity. Portions of the so-called Protect America Act are scheduled to expire on Saturday.

What makes this situation rather bizarre is that retroactive immunity (for alleged illegal activities by AT&T and other telecommunications companies years ago) is unrelated to extending the Protect America Act (which deals with future surveillance authorization). That makes this situation a little like Bush threatening to veto, say, a defense spending bill if it doesn't include authorization for an invasion of Iran.

For their part, Democrats are dismissing Bush's claims as unnecessary fear-mongering. House Majority Leader Steny Hoyer of Maryland said:

The president asserts that the expiration of the Protect America Act will pose a danger to our country. The former national security council advisor on terrorism says that's not true. Former assistant attorney general says that's not true. Numerous others, and the chairman, has asserted that's not true. Why is that not true? Because FISA will remain in effect. The authority given under the Protect America Act remains in effect. And if there are new targets, the FISA court has full authority to give every authority to the administration to act.

Hoyer is, of course, talking about the secret court created by the Foreign Intelligence Surveillance Act. That court has existed since 1978, and has the power to grant wiretapping orders upon request (remember that the Protect America Act has only been around since last August). FISA even permits the attorney general to conduct wiretaps without court approval in an "emergency situation."

Rep. John Conyers, the Democratic chairman of the House Judiciary Committee, added:

From what I have seen from the Justice Department documents so far, there is no need to provide amnesty to telecommunication companies who are protected under current law, as long as they and the government are acting accordingly. I have not seen anything that leads me to believe, as the president seems to believe, that providing amnesty to these companies is a more compelling public interest than our constitutionally-protected right to privacy. We must maintain our civil liberties and give the government the tools it needs to collect intelligence information, but I do not believe telecom amnesty is necessary in order to accomplish that goal.

So what happens next? Not much, until Congress gets back from its recess. Then we'll see if the president is willing to negotiate with House Democrats over the scope of federal wiretapping law and retroactive immunity--or whether he'll go back to violating McCullagh's First Law of Politics.

Republicans in the U.S. House of Representatives have scuttled an attempt to grant a temporary extension to a controversial wiretap law--that did not include retroactive immunity for telecommunications companies.

By a 191-229 vote on Wednesday afternoon, the House failed to approve a bill to extend the Protect America Act for 21 days in its current form. The law--which Republicans say is necessary to allow interception of communications that transit the United States--is scheduled to expire on Saturday.

The vote, in which 34 Democrats joined the Republicans, comes hours after President Bush called for including retroactive immunity for any companies that may have violated federal privacy laws by opening their networks to the National Security Agency. Lawsuits against companies including AT&T are currently pending in federal court.

If the companies violated no laws, of course, they have nothing to worry about (even without retroactive immunity).

This leads to an unusual situation in which the House Democratic leadership, which has objected to retroactive immunity without learning more about what kinds of activities it would shield, has a few options:

1. Give Bush what he wants. This would mean admitting defeat and approving the immunity shield that the Senate already did on Tuesday.

2. Wait and try again. If the Republicans insist that this bill is necessary (which is hardly clear--we've survived for decades without it), the Democrats could hold another temporary renewal vote on Friday at 11 p.m. and dare the GOP to block this supposedly vital legislation a second time.

3. Let the Protect America Act expire. This is politically risky in an election year, of course, but the Bush administration's arguments for passing the law in the first place were based on partial, calculated leaks of secret court rulings. If the Republicans want the Protect America Act so badly, force them to negotiate on that separately from retroactive immunity--the issues really aren't linked.

And there are probably others that I haven't thought of.

It's a little unclear what's going to happen next; as I write this, the House has moved on to a not-exactly-controversial measure congratulating the New York Giants for winning the Super Bowl. We have a call into the House Majority Leader's office and will update you when we hear back.

A high-stakes political debate over wiretapping and immunity for telecommunications companies has been pushed back by at least one day.

In two votes on Monday, senators failed to reach the 60-vote supermajority required to curb debate and force a vote on either of two wiretapping-related proposals, one favored by Republicans and the other backed by Democrats. Each vote was 48 yea to 45 no.

That means the debate on how to rework the 1978 Foreign Intelligence Surveillance Act will continue later this week. In his State of the Union address Monday evening, President Bush is expected to press Congress to grant retroactive legal protections for telecommunications companies that allegedly opened their networks to the Feds in violation of privacy laws.

What's making this week's votes more pressing than usual is that a temporary law amending FISA expires on Friday.

That leaves Congress with three major options:

#1. Renew last August's law, called the Protect America Act, for 30 days. Both sides would get more time to maneuver. This is what the Democrats want, but Bush has threatened a veto of a temporary extension.

#2. Renew a modified version of the Protect America Act permanently, and immunize telecom companies from the legal consequences of any illegal activities they committed. This is what Bush dearly wants, and what a minority of Democrats are prepared to give him. If the president gets his way, the retroactive immunization would derail a slew of lawsuits pending against telecommunications companies, most notably the one against AT&T that's currently before the 9th Circuit Court of Appeals.

#3. Let the Protect America Act (also known as the pro-privacy option backed by the ACLU and others), expire.The argument goes as follows: The Patriot Act dramatically expanded police eavesdropping powers in 2001, and there's no pressing need to go further. FISA has worked for decades, and has long included emergency no-court-order-required wiretaps as long as proper procedures are followed.

Even though House Speaker Nancy Pelosi said last year that the Protect America Act "does violence to the Constitution," there seems to be little official interest in option #3. Senate Majority Leader Harry Reid, who voted against the measure on August 3, did something of a flip-flop on Monday, saying "none of us want the current law to expire."

Reid added, "In my 20 years in Congress, I have not seen anything quite as cynical and counterproductive as the Republican approach to FISA. The American people deserve to know that when President Bush talks about the foreign-intelligence bill tonight, he's doing little more than shooting for cheap political points--and we should reject his efforts."

So that leaves Reid and most other Democrats to rally around #1. Republicans want #2, and are being especially forceful. Bush said in last week's radio address, which he's likely to repeat in his State of the Union speech:

"Congress is now considering a bipartisan bill that will allow our professionals to maintain the vital flow of intelligence on terrorist threats. It would protect the freedoms of Americans, while making sure we do not extend those same protections to terrorists overseas. It would provide liability protection to companies now facing billion-dollar lawsuits because they are believed to have assisted in efforts to defend our Nation following the 9/11 attacks. I call on Congress to pass this legislation quickly. We need to know who our enemies are and what they are plotting. And we cannot afford to wait until after an attack to put the pieces together."

Senate Republican Leader Mitch McConnell elaborated on Bush's statement on Monday, saying Republicans will not allow the Judiciary Committee version of the legislation (which has no retroactive immunity) to become law. They want the Intelligence Committee version (which does). He said of the Judiciary version: "That bill will not, I repeat, will not become law. Reconstructing the judiciary committee bill is a pointless exercise. It's an exercise we do not have the luxury to engage in. We can get serious and pass the bipartisan Intelligence Committee product."

Note that the Intelligence Committee version goes further than merely immunizing telecommunications companies. As I wrote in October, it also would retroactively immunize e-mail providers, search engines, Internet service providers and instant-messaging services. It may cover black bag jobs too.

Expect the Senate to resume debating options #1 and #2 on Tuesday. So will the House of Representatives, where Democratic leaders have scheduled an afternoon vote. The House vote, especially, could call Bush's bluff--by putting him in a position to veto a law that he claims is necessary to thwart a terrorist "attack."

A few decades ago, the FBI regularly conducted "black-bag jobs" that involved sneaking into homes, hotel rooms and offices with the cooperation of the building's owner or even a neighbor with a spare key. Locks were picked otherwise.

Because no judge had authorized the FBI's black-bag job, they were incredibly illegal. In the mid-1970s, the Church Committee famously disclosed the bureau's clandestine operations.

(Credit: Declan McCullagh/mccullagh.org)

Now President Bush is backing a bill that seems to encourage the FBI to revert to some of its old habits.

The FISA Amendments Act, approved by a Senate committee last week, seems to immunize people who cooperated with the FBI, the CIA, the National Security Agency--and other even more shadowy agencies--that conduct black-bag jobs.

Although most of the attention has focused on how the Senate bill might offer telecommunications service providers retroactive immunity (and derail the lawsuits against AT&T), the actual language appears to cover physical intrusions too:

ASSISTANCE--The term 'assistance' means the provision of, or the provision of access to, information... facilities, or another form of assistance

PERSON--The term 'person' means...a landlord, custodian, or other person who may be authorized and required to furnish assistance...

IN GENERAL--Notwithstanding any other provision of law, no civil action may lie or be maintained in a Federal or State court against any person for providing assistance to an element of the intelligence community, and shall be promptly dismissed, if the Attorney General certifies to the court that...any assistance by that person was provided pursuant to a directive under sections 102(a)(4), 105B(e)...

ELEMENT OF THE INTELLIGENCE COMMUNITY--The term 'element of the intelligence community' means an element of the intelligence community as specified or designated under section 3(4) of the National Security Act... [Ed. Note: That includes the FBI, CIA, NSA, Homeland Security, the Defense Department, the Office of the Director of National Intelligence, the State Department, the Treasury Department, and any other agency the president chooses.]

Let's translate that. A hotel manager who lets FBI agents into a guest's room to copy a laptop's hard drive in secret would not be liable. An apartment manager who gives Homeland Security the key to a tenant's unit to place a key logger in a PC would not be liable. A private security firm that divulges a customer's alarm code would not be liable. A university that agrees to forward a student's e-mail messages to the Defense Department would not be liable. An antivirus company that helps the NSA implant spyware in an unsuspecting customer's computer would not be liable.

No court order is required. And if an eventual lawsuit accuses the hotel manager or antivirus firm of unlawful activities, it'll be thrown out of court as long as the attorney general or the director of national intelligence can provide a "certification." The "certification" is, of course, secret--all a judge may say publicly is that the rules were followed, and then dismiss the case.

The wording of 105B does seem to narrow this substantially. Enacted in August as part of the Protect Act, 105B says that non-judicial orders by the attorney general or director of national intelligence are limited to "information concerning persons reasonably believed to be outside the United States."

105B does require "minimization procedures," which would mean that any key loggers or spyware inserted in a black-bag job would supposedly be programmed to discard information about domestic-to-domestic communications.

Now, perhaps I've misread portions of the bill, but the Senate Intelligence Committee wasn't in the mood to answer questions about it on Monday, so we don't know its reasoning or explanation. There are other implications that are too far afield to get into now, such as whether FBI contractors breaking into telecommunications or software companies' offices (or computers) for surveillance-related purposes would be immunized as well.

One thing we do know, given the White House's flexible definition of "torture" and its legal legerdemain when it comes to NSA surveillance, is that this administration will find creative ways to stretch the law. If politicians are intent on enacting this law, one fix would be to narrow the bill's immunity to "telecommunications companies offering telephone or Internet service to the public." If providing legal cover for black-bag jobs isn't the goal, why not say so explicitly?

Republicans are so eager to sink a wiretapping bill that includes some privacy safeguards that they're invoking what amounts to a do-this-or-Americans-will-die argument.

Rep. Pete Hoekstra, R-Mich., said after an Intelligence Committee vote on the Restore Act on Wednesday that the bill "puts our nation and troops at risk." A few minutes earlier, responding to a Judiciary Committee vote, Lamar Smith, R-Texas, said the bill protects "terrorists, spies and other enemies."

Politicians of both major parties wield this as the ultimate political threat. Its invocation typically predicts that if a certain piece of legislation is passed (or not passed) Americans will die. Variations may warn that children will die or troops will die. Any version is difficult for the target to combat.

This leads me to propose McCullagh's Law of Politics:

As the certainty that legislation violates the U.S. Constitution increases, so does the probability of predictions that severe harm or death will come to Americans if the proposal is not swiftly enacted.

McCullagh's Law describes a promise of political violence. It goes like this: "If you, my esteemed political adversary, are insufficiently wise as to heed my advice, I will direct my staff and members of my political apparatus to unearth examples of dead {Americans|women|children|troops} so I can later accuse you of responsibility for their deaths."

Rep. Lamar Smith, who only invoked some of the Four Horsemen of the Infocalypse

This threat is perpetual, meaning it may last the duration of the targeted politicians' career. Adversarial television advertisements may appear during the targeted politician's next campaign for re-election. They may display images of corpses if available, or stock photography if they're not, and blame the target for their deaths. It's a more serious example of the soft-on-terror accusation, which is behind the Democrats' unseemly haste in August to approve a wiretapping bill that even House Speaker Nancy Pelosi believed "does violence to the Constitution of the United States."

A variant of McCullagh's Law was demonstrated, as I wrote about in August, by National Intelligence Director Mike McConnell. He agreed that "Americans are going to die" because of disclosure of President Bush's secret and probably unconstitutional surveillance program and the ensuing congressional debate.

While Republicans are more likely to invoke the threat, Democrats are not immune from the temptation. When he was justifying an attempt to expand the War On Some Politically Incorrect Drugs, President Clinton claimed that over "100,000 Americans will die."

Former FBI Director Louis Freeh, who invoked Four Horsemen of the Infocalypse: Terrorists, drug cartels, kidnappers and child pornographers

One of the better examples of McCullagh's Law in action was former FBI Director Louis Freeh during the encryption wars of the Clinton administration a decade ago. He told Congress that unless backdoors are mandated in encryption products, "the effect will be so profound that I believe law enforcement will be unable to recover."

In 1995, Freeh warned that drug cartels, terrorists and kidnappers would run amok unless programs like PGP were banned. Two years later, the categories of child pornographers, spies and violent gangs had supplanted kidnappers in the FBI's list of horrors: "Uncrackable encryption will allow drug lords, spies, terrorists and even violent gangs to communicate about their crimes and their conspiracies with impunity...A subject in a child pornography case used encryption in transmitting obscene and pornographic images of children over the Internet."

I should point out that McCullagh's Law is not, of course, triggered by all "Americans will die" warnings. This is a logical fallacy known as affirming the consequent (if A then B does not mean that B implies A). The U.S. Department of Veterans Affairs' warning, which as far as I know is accurate, that "more than 10,000 Americans will die of skin cancer" in one year falls into that category.

Paul Wolfowitz, who assured the public that "Americans will die" unless Iraq is invaded

There are probably many examples of McCullagh's Law, but I'll leave you with one more, this time from the Bush administration. It came from Deputy U.S. Defense Secretary Paul Wolfowitz in October 2002, about half a year before the United States' invasion of Iraq.

Wolfowitz claimed--he was was entirely wrong, we know now--that Saddam Hussein had weapons of mass destruction that could be used to kill Americans.

An attack by Saddam Hussein, Wolfowitz predicted, would mean that "tens of thousands, or even hundreds of thousands, of Americans will die in some catastrophic attack with a biological weapon, or if we wait long enough, a nuclear weapon." Of course, no such weapons were found in Iraq and at least 3,816 Americans actually have died as a result.