The first thing Russ Feingold said in last week’s hearing on the PATRIOT Act renewal is that there’s something about the way the PATRIOT Act works that has not been made public.

Mr. Kris, let me start by reiterating something you and I have talked about previously. And that’s my concern that a critical information about the implementation of the PATRIOT Act has not been made public, information that I believe would have a significant impact on the debate. I urge you to move expeditiously on the request that I and others on this Committee have made before the legislative process is over.

In his statement, Feingold reiterates that concern, comparing the current debate with the earlier debates on FISA and PATRIOT reauthorization.

I welcome the administration’s openness to potential reforms of the Patriot Act and look forward to working together as the reauthorization process moves forward this fall.

But I remain concerned that critical information about the implementation of the Patriot Act has not been made public – information that I believe would have a significant impact on the debate.

[snip]

This time around, we must find a way to have an open and honest debate about the nature of these government powers, while protecting national security secrets.

As a first step, the Justice Department’s letter made public for the first time that the so-called "lone wolf" authority – one of the three expiring provisions – has never been used. That was a good start, since this is a key fact as we consider whether to extend that power. But there also is information about the use of Section 215 orders that I believe Congress and the American people deserve to know. I do not underestimate the importance of protecting our national security secrets. But before we decide whether and in what form to extend these authorities, Congress and the American people deserve to know at least basic information about how they have been used. So I hope that the administration will consider seriously making public some additional basic information, particularly with respect to the use of Section 215 orders.

You get the feeling that Feingold wants to draw attention to this aspect of the Section 215 of the PATRIOT Act that hasn’t been made public, huh?

Before we look at what that might be, let me attend to the earlier references Feingold makes. He references the debates on FISA in 2007 and 2008.

During the debate on the Protect America Act and the FISA Amendments Acts in 2007 and 2008, critical legal and factual information remained unknown to the public and to most members of Congress – information that was certainly relevant to the debate and might even have made a difference in votes. 

We probably know what this is: the bulk collection and data mining of information to select targets under FISA. Feingold introduced a bajillion amendments that would have made data mining impossible, and each time Mike McConnell and Michael Mukasey would invent reasons why Feingold’s amendments would have dire consequences if they passed. And the legal information Feingold refers to is probably the way in which the Administration used EO 12333 and redacted procedures to authorize the use of data mining to select FISA targets.

Then there’s Feingold’s reference to information not disclosed during the last reauthorization of PATRIOT.

And during the last Patriot Act reauthorization debate in 2005, a great deal of implementation information remained classified. 

Lisa Graves addressed that issue in her testimony before SJC.

But, in November 2005 as the Patriot Act was being delayed by a mounting filibuster in the Senate, an investigative piece by the Washington Post’s Bart Gellman quoted government sources reporting that the number of NSL requests had exploded to over 30,000 per year.4 The Justice Department harshly attacked the article in a letter to then-Chairman Specter signed by William Moschella, and calling the 30,000 figure “inaccurate.” I myself heard from a number of staff and reporters that the administration had absolutely denied that anywhere near this number of demands had been made, just as the NSL powers were being debated on the Hill and in public. Congress responded to the controversy by requiring an audit of the number of times the power was being used.

That is how in 2007 we learned that the true number of NSL requests issued in 2004, the year before the article was published, was over 56,000. 5 The number reported in the press was not too big; it was too small! The administration attempted to sidestep this dispute by asserting that its statements were based on counting only the number of letters and not the number of requests. Yet, administration officials had to know that individual letters often had multiple requests. To this day, there has been no real accountability for the way the public was misled by DOJ at the crucial moment in this debate.

In another instance of deliberately distorting the public debate in 2005, while the prior administration was asserting that the government was not interested in library records it was simultaneously seeking records from the Library Connection in Connecticut and gagging those librarians from telling Congress
and rebutting the misleading assertions of the government.

So the Administration was lying, blatantly, both about what they were collecting and how much they were collecting.

Now go back to Feingold’s reference on Section 215. csoghoian notes the following in my last thread:

The public statistics on the use of pure Section 215 orders likely exclude those associated with classified programs

On September 22, 2009, Todd Hinnen, the Deputy Assistant Attorney General for law and policy in DOJ’s National Security Division testified before the House Judiciary Subcommittee on the Constitution, Civil Rights, and Civil Liberties in support of the reauthorization of key provisions of the USA PATRIOT Act.

During his oral testimony, Mr. Hinnen stated that:

“The business records provision [Section 215] allows the government to obtain any tangible thing it demonstrates to the FISA court is relevant to a counterterrorism or counterintelligence investigation.

This provision is used to obtain critical information from the businesses unwittingly used by terrorists in their travel, plotting, preparation for, communication regarding, and execution of attacks.

It also supports an important, sensitive collection program about which many members of the subcommittee or their staffs have been briefed.” (testimony between 24:50 and 25:30)

The redacted copy of the 2008 OIG report on the use of Section does not reveal any direct information about such an important, sensitive collection program. There are, however, a few heavily redacted breadcrumbs that support Mr Hinnen’s testimony.

First, the report notes that “Two Classified Appendices describe other uses of Section 215 orders to collect [redacted]” (page 3). This sentence provides a hint that Section 215 is being used in ways not known to the public.

Second, according to the report, the number of pure Section 215 applications submitted and approved by the FISA court was 7 in 2004, 14 in 2005, and 15 in 2006 (Table 3.2, Page 16). While the total number of US and Non-US persons identified as subjects in these Section 215 orders is redacted, the shape of the black redaction boxes implies a two digit number for each (Table 3.3, Page 16).

A footnote on page 16 states that “Table 3.3 includes the four Section 215 orders processed in 2006 and signed in 2007 and excludes [one line of redacted text].”

The report also notes that “Table 3.3 does not reflect the number of U.S. persons and non U.S persons about whom information was collected as a result of [one line of redacted text].” This exclusion of certain Section 215 orders from the statistics is mentioned (and redacted) again on page 17 and 18.

These redacted sections, and Mr. Hinnen’s testimony before the House Judiciary subcommittee suggests the existence of at least one classified intelligence program which makes use of Section 215 orders to collect information on U.S. and non U.S. persons. The 2008 report thus paints a deceptively false picture regarding the frequency of the government’s use of Section 215 orders, as the published statistics do not include those orders associated with the classified program.

Now, csoghoian suggests the collection might relate to geographic location. Lisa Graves offers some other, more generalized suggestions about what this Section 215 collection might be.

One way to think of the scope of the power covered by Section 215 of the Patriot Act is to think of a giant file into which literally “any tangible thing” held by a third party about you can be put, that is, can be secretly obtained by government agents. Any tangible thing. It could be your DNA, your genetic code, from tests taken by your doctor for your health. It could be records about the books you buy or read. It could be information about websites you have visited. To search your home for these types of personal records, the government would have to have a warrant based on probable cause of wrongdoing, but to obtain them from your doctor or others you do business with, such as your internet service provider or your employer, no such probable cause is required under the statute since 2001.

In fact, any tangible thing about you can be secretly obtained without any evidence that you are a suspected terrorist. Virtually everything about you can be seized through secret 215 orders if you have any contact with a suspect. On the surface that might sound reasonable, but when you think it through you can see that every day through work or business you come into contact with dozens of people, at work, at schools, at conferences, in the cafeteria, at sporting events, at the mall, and if any one of them is the subject of an investigation your sensitive, personal private information might get swept up and kept in government files for decades. That amounts to hundreds of people a year and mere contact, however brief, can trigger this law, which requires the secret Foreign Intelligence Surveillance Court to presume your sensitive personal records are relevant to an investigation and grant a secret access.

And, under the law as amended in 2006, your employer, doctor, or librarian, for example, who may have known you since childhood, cannot ever tell you your privacy has been breached without going to court, even if you are never charged with any wrongdoing. And, it bars them from even challenging such orders for your personal, private information for a year.

This suggests a database of information collected on simple association. Several people in the hearing made it clear that it’s not just the collection of this information, but also its retention, that is a problem. 

Now that doesn’t make it clear how they’re using Section 215. But it suggests the collection and retention of a lot of information on people, including information on innocent people who have had the misfortune of contacting a suspect.

Sort of like their electronic communications are being collected under the FISA programs we haven’t been told about.

So as we discuss renewing and fixing JUSTICE, keep in mind that Feingold is also trying to rein in a practice that implicates the "tangible data" of a lot of people who have had potentially insignificant contacts with terrorist suspects.