InsideSources

Lawmakers went after intelligence community leaders in the Senate Wednesday for again failing to provide Congress with an estimate of the number of Americans incidentally caught up in broad National Security Agency foreign spying powers set to expire later this year.

Senators on the Intelligence Committee were frustrated by NSA, FBI, and ODNI leaders’ continued inability to estimate how many Americans are incidentally swept up in surveillance conducted under Section 702 of the 2008 FISA Amendments Act, set to expire in December.

Section 702 authorizes NSA to tap the physical infrastructure of internet service providers, like fiber connections, to surveil the content of foreign emails, instant messages, and other communications as they exit and enter the U.S. Privacy advocates say such collection facilitates a loophole for NSA to incidentally collect data belonging to American citizens, and likely amounts to millions of warrantless interceptions.

Lawmakers must decide whether to reauthorize the law by the end of December. Many, including Oregon Democrat Sen. Ron Wyden, don’t want to do that until they know how many Americans are affected. The most heated portion of Wednesday’s hearing related to 702 came when Wyden blasted Director of National Intelligence Dan Coats for failing to provide that estimate, despite pledging to do so during his confirmation hearing earlier this year.

“As recently as April you promised Americans that you would provide what you called a relevant metric for the number of law-abiding Americans who are swept up in the FISA 702 searches,” Wyden told Coats. “This morning you went back on that promise, and you said that even putting together a sampling — a statistical estimate — would jeopardize national security.”

Wyden said that was a “very, very damaging position to stake out,” adding he would continue to “battle it out” with the intelligence community for an answer.

Coats countered that he pledged to “make every effort to try to find out why we were not able to come to a specific number on the collection of U.S. persons,” and that he personally visited NSA and met with Director Mike Rogers to get the answer.

“They went through the technical details,” Coats explained. “There were extensive efforts on the part of NSA to try to get you an appropriate answer. We were not able to do that.”

Coats said that in his conversation with Rogers, the NSA director stated “if someone out there knows how to get to it, he’s welcome to have them come out and tell NSA how to do it.”

Coats added the technical complications of coming up with a number would be explained to senators in a closed session later Wednesday.

Rogers, during his testimony, said Section 702’s collection and value grows every year, and that it was 702 authority that allowed the signals intelligence agency to intercept intelligence on Russian efforts to interfere with the 2016 presidential election.

The NSA director said “about 90 percent of the time” incidental collection of data on Americans occurs when two foreign targets of the agency discuss an American in an intercepted communication. Intercepted communications of Americans “happens about 10 percent of the time” when NSA is surveilling a foreign target and that target communicates with a U.S. citizen.

But Maine Independent Sen. Angus King noted there’s a difference between the collection of data and the querying of that data once it’s stored in an NSA database

Former NSA contractor Edward Snowden, who leaked the existence of widespread upstream surveillance programs like PRISM, noted the same difference during a March interview, during which he disputed intel chiefs’ description of how Section 702 is used and subsequently abused to spy on Americans.

“The main thing that this boils down to are word games,” Snowden said on an Intercept podcast. “These intelligence agencies…they’re saying to them, collect doesn’t mean that we copied your communications, that we put it in the bucket, that we saved it in case we want to look at it.” Those things, he added, are happening to virtually everyone.

“To them, collect means that they take it out of the bucket, and actually look at it and read it,” Snowden said.

In theory, surveilling an American requires a warrant. But according to the former NSA contractor, the agency can circumvent that.

“They can’t target you directly, but if they look at the other side of that communication — the communication that went overseas or involved a non-U.S. person in any way — that’s entirely legal,” he said.

In the 10 years since Congress enacted the FISA Amendments Act, Coats said “there have been no violations of Section 702,” but Rogers admitted there have been compliance issues.

“Have we had compliance incidents? Yes,” Rogers said. “Have we reported every one of those to the court? Yes. Have we reported those to our congressional oversight in Congress? Yes. Have we reported those to the Department of Justice and Director of National Intelligence? Yes.”

On Tuesday, Republican Sens. Tom Cotton of Arkansas, Richard Burr of North Carolina, Marco Rubio of Florida, Lindsey Graham of South Carolina, and others introduced a bill to make Section 702 permanent and without expiration.

However Graham went on the record Tuesday saying, “As big a fan as I am of incidental collection, I’m not going to reauthorize a program that could be politically manipulated,” noting Section 702 was the authority used to intercept communications between former National Security Advisor Michael Flynn and the Russian ambassador during last year’s presidential transition.

The Obama administration unmasked Flynn’s name from an intelligence report detailing the interception, which was later leaked to the press.

President Donald Trump’s homeland security and counterterrorism advisor Tom Bussert wrote in a New York Times op-ed Wednesday the president supports the Cotton bill “without condition.”

Follow Giuseppe on Twitter

Subscribe for the Latest From InsideSources Every Morning

The new acting director of the FBI Andrew McCabe will inherit more from predecessor James Comey than an investigation into Russian ties to the campaign of President Donald Trump, who fired Comey Tuesday. Depending on how long he runs the agency before a Trump successor is approved — something Senate Democrats upset over Comey’s firing will likely draw out — McCabe may have to take up Comey’s other political battles, including encryption.

Almost since the beginning of his tenure as head of the FBI in 2013, Comey engaged in a crusade against criminals and terrorists evading law enforcement and intelligence surveillance online, or “going dark,” via default encryption platforms like Apple’s iPhone and Android OS.

Comey has spent the last several years repeatedly testifying before Congress that letting companies like Apple refuse law enforcement requests for user data puts lives at risk and grants bad actors more leverage when communicating online.

“We all care about safety and security on the Internet — and I’m a big fan of strong encryption — we all care about public safety, and the problem we have here is those are in tension in a whole lot of our work,” the former FBI director told Congress in 2015. “We work for the American people. We work with the tools that they give us through Congress. And so our job is to say, ‘Hey look, our tools are being eroded, and we’re not making it up.'”

Comey at first sought legislation from Congress mandating companies like Apple build “back doors” into their products through which law enforcement and intelligence agencies could access and decrypt communications. Comey later backed down in favor of a more nuanced and less specific approach, calling on lawmakers, agencies, and companies to sit down and work out a solution.

The debate came to a head last year when the FBI sued Apple to unlock the iPhone of one of the attackers in the December 2015 shooting in San Bernardino, California that left 14 dead. The agency eventually abandoned the case in favor of letting an outside firm crack the phone’s encryption. Congress convened a working group to examine the issue that largely fell between the cracks during the 2016 election season.

Now a rising number of ISIS-inspired terrorist attacks in Europe and growing concerns of cybersecurity and election hacking in the U.S. and abroad are churning up the issue again, with Trump himself taking a stand against Apple during the campaign.

Even if McCabe is replaced, he’s likely to have an influence on the agency’s encryption stance going forward as the deputy under Comey. During an interview with McCabe in October, the then-deputy director appeared to defer more to the American public than his boss at the time when deciding how to strike the right “balance” between privacy and national security.

“It’s a great question and it’s one you probably don’t want me to answer, or [National Security Agency Director] Mike Rogers to answer or the private sector to answer,” McCabe told CNBC. “How do we have a conversation in this country about how do we feel about the cost of privacy versus national security?”

McCabe said there’s “no world of absolute” privacy or security, and that neither side has made progress by “throwing absolute positions at each other.”

During a panel discussion on cybersecurity at the Cambridge Cyber Summit, co-sponsored by CNBC, MIT, and the Aspen Institute, McCabe said of the Apple case it should be an issue Congress decides, not law enforcement.

The then-deputy director echoed one of Comey’s arguments against tech community claims that to create access to any encrypted platforms means compromising the whole system.

“We were innovative enough, we were smart enough to create the very technology that’s given us these opportunities,” McCabe said. “I believe that we are also smart enough and innovative enough to come up with a solution that meets a reasonable privacy concern but also meets a reasonable national security concern.”

Follow Giuseppe on Twitter

Subscribe for the Latest From InsideSources Every Morning