Fazliddin Kurbanov is a barrel-chested man from Uzbekistan who came to the United States in 2009, when he was in his late 20s. A Christian who had converted from Islam, Kurbanov arrived as a refugee and spoke little English. Resettled in Boise, Idaho, he rented an apartment, worked odd jobs, and was studying to be a truck driver.
But about three years after entering the U.S., around the time he converted back to Islam, Kurbanov was placed under FBI surveillance. According to emails and internet chat logs obtained by the government, Kurbanov was disgusted by having seen Americans burn the Quran and by reports that an American soldier had tried to rape a Muslim girl. “My entire life, everything, changed,” Kurbanov wrote in a July 31, 2012 email.
After the FBI assigned one informant to live with him and another informant to attend his truck-driving school, Kurbanov was arrested in May 2013. Prosecutors accused him of providing material support to the Islamic Movement of Uzbekistan and possessing bomb-making materials.
During Kurbanov’s trial, the government notified him that his conversations with an alleged Islamic Movement of Uzbekistan associate based in Pakistan had been intercepted. The spying, federal prosecutors said, had been authorized under the Foreign Intelligence Surveillance Act of 1978, which regulates the monitoring of agents of foreign governments and terrorist organizations. Kurbanov was convicted at trial and sentenced to 25 years in prison, after which he’ll be deported to Uzbekistan. He is an apparent success story for U.S. counterterrorism officials. If there was any doubt about Kurbanov’s propensity for violence, he eliminated it by stabbing a prison warden in California, an act for which he is now facing additional charges.
But Justice Department lawyers gained their conviction against Kurbanov after failing to disclose a legally significant fact: Kurbanov’s conversations with his alleged terrorist associate had been captured through PRISM, a National Security Agency mass surveillance program whose existence was revealed in documents provided by whistleblower Edward Snowden. Under PRISM, the government obtains communications directly from at least eight large technology companies without the need for warrants, a type of practice authorized in 2008, when Congress provided new surveillance powers under FISA.
The government must disclose when information against defendants originates from warrantless surveillance — but prosecutors did not do so to Kurbanov.
While traditional FISA authority permits spying on a particular person or group through warrants issued by the secret Foreign Intelligence Surveillance Court, under the new powers, codified in FISA Section 702, monitoring is approved in bulk by the court through what is essentially a recipe for mass surveillance. Once approved, such a recipe can be used against thousands of targets. Under Section 702 authority, the NSA is currently monitoring digital communications of more than 100,000 people; it swept up an estimated 250 million internet communications each year as of a 2011 Foreign Intelligence Surveillance Court opinion. The FBI frequently searches Section 702 databases when it opens national security and domestic criminal “assessments,” precursors to full investigations.
According to a slide in an NSA presentation, provided by Snowden and published for the first time today by The Intercept, the interception of Kurbanov’s conversations was a “Reporting Highlight” for PRISM. The document indicates that the NSA captured Kurbanov’s Skype conversations from October 2012 through April 2013, roughly the same period the FBI was investigating him with undercover informants. It further details how an NSA unit in April 2013 issued a report describing “how Kurbanov believed he was under surveillance (which he is by the FBI) but was cautiously continuing his work, which was not specified — could be raising money for the IMU or explosive testing.” The alleged terrorist associate with whom Kurbanov was communicating “wanted Kurbanov to set this work in motion, probably related to sending money back to the IMU,” the document added.
The government is obligated to disclose to criminal defendants when information against them originates from Section 702 reporting, but federal prosecutors did not do so in Kurbanov’s case. In fact, when Kurbanov’s lawyers demanded disclosure of FISA-related evidence and the suppression of that evidence, Attorney General Eric Holder asserted national security privilege, claiming in a declaration that disclosure of FISA information would “harm the national security of the United States.” Kurbanov’s lawyer, Chuck Peterson, declined to comment about the government’s use of Section 702 surveillance against his client.
Kurbanov does not appear to be the only defendant kept in the dark about how warrantless surveillance was used against him. A nationwide review of federal court records by The Intercept found that of 75 terrorism defendants notified of some type of FISA spying since Section 702 became law, just 10 received notice of Section 702 surveillance. And yet Section 702 was credited with “well over 100 arrests on terrorism-related offenses” in a July 2014 report from the Privacy and Civil Liberties Oversight Board, the federal entity created to oversee intelligence authorities granted in the wake of the 9/11 attacks. Additional documents from Snowden, previously unpublished and dated before the Kurbanov case, provide further examples of how NSA intelligence repeatedly played an undisclosed role in bringing accused terrorists to trial in U.S. courts over the past decade and a half. They also reveal an instance in which the NSA incorrectly identified a U.S. citizen as a foreign target of a FISA warrant.
Civil liberties advocates have long suspected that the Justice Department is underreporting Section 702 cases in order to limit court challenges to the controversial law. Some theorize that the government conceals Section 702 use through a process known as “parallel construction,” in which evidence obtained from the warrantless surveillance authority is reobtained through traditional FISA authorization, and the government only discloses the latter authority in U.S. District Court. One defense lawyer referred to this practice in a court filing as “laundering” Section 702 evidence. Beyond the Kurbanov case, circumstantial evidence in other prosecutions suggests that this type of parallel construction could be widespread.
“The government intercepts Americans’ emails and phone calls in vast quantities. … Yet only a handful of individuals have ever received notice.”
“The government intercepts Americans’ emails and phone calls in vast quantities using this spying law and stores them in databases for years,” said Patrick Toomey, staff attorney for the American Civil Liberties Union’s National Security Project. “FBI agents around the country then go searching through that trove of data as a matter of course, including in domestic criminal investigations. Yet, over almost a decade, only a handful of individuals have ever received notice.”
The Justice Department, FBI, and NSA declined to comment for this article. The New York Times in 2013 reported that lawyers in the Justice Department’s National Security Division had believed they did not need to disclose in court whether evidence obtained through FISA specifically originated with Section 702 unless they were presenting material received directly from a Section 702 sweep. The U.S. solicitor general then successfully pushed for a change in policy, bolstered by fallout from the Snowden disclosures; this was followed by a review of past cases by the National Security Division, after which prosecutors filed supplemental Section 702 notices in a handful of cases around the country. In four such cases, the defendants had already been convicted by the time of the disclosure. And whatever changes occurred in 2013 were clearly limited, given that fewer than a dozen such notices have ever been given in court cases, and none at all has been filed in the last year and a half. Kurbanov, meanwhile, was convicted in 2015, well after the purported change in policy.
The government’s handling of its Section 702 authority is particularly important at the moment because the powers are scheduled to expire at the end of the year unless Congress reauthorizes them. Three reauthorization bills are winding through Congress. The Senate Intelligence Committee and the House Judiciary Committee have each produced one, while a third has been sponsored by U.S. senators and longtime intelligence community critics Ron Wyden, an Oregon Democrat, and Rand Paul, a Republican from Kentucky. As currently written, the Wyden-Paul bill would strengthen notification requirements and curb the Justice Department’s ability to launder Section 702 evidence through traditional FISA. The bill would require notification of Section 702 surveillance even when evidence derived from that surveillance “was subsequently reobtained through other means.” Meanwhile, the bill that emerged from the Senate Intelligence Committee appears to expand Section 702 without providing additional safeguards.
The undisclosed use of warrantless surveillance to win prosecutions is also troubling from a constitutional standpoint, foreclosing a rare opportunity to discover Section 702 abuses and challenge the law, which civil liberties advocates have argued is unconstitutional. Although FISA stipulates that targets of surveillance may challenge the order that led to spying against them, and although Section 702 is clearly used on a massive scale, courts have been strict in deciding who is a “target” of the surveillance authority, and of similar mass spying programs, and thus has standing to challenge the monitoring. For example, the Supreme Court in 2013 ruled, in a 5-4 decision, that Amnesty International and other plaintiffs could not bring a Section 702-related lawsuit because their claim that they would be targeted or harmed by such eavesdropping was too speculative. During arguments prior to the ruling, the U.S. solicitor general specifically told the justices that more suitable plaintiffs would likely emerge because people charged due to Section 702 surveillance would be notified by prosecutors and could then challenge the use of the surveillance in court.
“The failure to provide notice not only prevents defendants from challenging surveillance programs in court, but also stymies the public’s interest in understanding how and when its vast authorities are used,” said Faiza Patel, co-director of the Brennan Center’s Liberty and National Security Program. “We know that the FBI has a practice of trawling through the vast databases of information captured under Section 702 for information about Americans, but it has only acknowledged relying on such surveillance in a handful of cases and then only when its failure to provide the legally required notice generated public pressure to do so.”
Classified documents provided by Snowden expose the questionable use of NSA surveillance to spy on a U.S. citizen and the covert role NSA played in several investigations that resulted in criminal convictions. More broadly, the documents offer a view into how the relationship between the NSA and the FBI has evolved over more than a decade into a de facto partnership for investigating alleged terrorists who ultimately wind up in U.S. courts.
In the immediate years after the 9/11 attacks, as the FBI and NSA refocused on counterterrorism as their top priority, the NSA was acutely reliant on the FBI for its relationships with the Foreign Intelligence Surveillance Court, a secret judicial body that provides oversight of surveillance authorization requests, and with U.S. internet and telecommunications companies. In large measure, in these early years the NSA needed the FBI to function effectively as a signals intelligence agency for counterterrorism purposes. For example, when the NSA required authority to target for surveillance a specific phone number or email address — even when the NSA did not know the identity of the person behind that phone number or email address — the FBI went before the Foreign Intelligence Surveillance Court to obtain authorization on the NSA’s behalf. In turn, once that authorization was granted, the NSA needed the FBI to contact the internet or telecommunications company to obtain the data.
The NSA defined a U.S. citizen’s email address as not being related to a U.S. person when the NSA and FBI should have known this was incorrect — Tarik Shah had played at Bill Clinton’s inauguration.
An August 17, 2005, edition of SIDtoday, the internal newsletter of the NSA’s Signals Intelligence Directorate, disclosed that at the time 40 percent of all NSA counterterrorism reporting was derived from FISA collection. The newsletter added: “NSA gets most of its (counterterrorism)-related FISA collection from the FBI. The FBI collects, formats, and disseminates international terrorism-related FISA intercept to NSA, CIA, and internally to FBI agents and analysts.” In 2004, the NSA began to embed employees in the FBI’s Data Intercept Technology Unit, in Quantico, Virginia, so that NSA employees could speak more directly with U.S. data providers, such as internet companies, about formatting data to NSA specifications. “This is the first time that the NSA FISA team has had direct access to the providers, which has proven to be extremely useful to NSA,” the newsletter stated.
According to internal NSA documents, FISA data obtained by the FBI is funneled into a special partition in PINWALE , the NSA’s massive database of digital communications that can be queried by email address, internet protocol address, and other parameters. From 2002 through 2008, according to internal files, the NSA kept a spreadsheet titled “FISA recap” of 7,485 FISA surveillance targets consisting of email addresses or phone numbers, with columns indicating the start and end dates of the authorized surveillance and whether the target was associated with a U.S. person, defined by law as a citizen or lawful resident.
A decade later, most of these email addresses and phone numbers can’t be traced to anyone; many belonged at the time to foreigners the government suspected were involved with terrorist organizations. Others were used by civil rights activists, lawyers, and academics in the United States who were never charged with federal crimes, such as Nihad Awad of the Council on American-Islamic Relations and Rutgers University professor Hooshang Amirahmadi. To have obtained FISA surveillance authority for those U.S. persons, the government had to have demonstrated to the Foreign Intelligence Surveillance Court that they were acting as agents of a foreign power. It’s unknown how the government demonstrates this, since individual FISA applications are secret, even when evidence derived from FISA surveillance is introduced against criminal defendants.
In the case of at least one FISA target, the NSA defined a U.S. citizen’s email address as not being related to a U.S. person when the NSA and FBI should have known this was incorrect, suggesting the government did not have to prove the target was a foreign agent. Tarik Shah, a jazz bassist who had played at Bill Clinton’s inauguration, was arrested in 2005 following an informant-led FBI sting, in which Shah pledged allegiance to Al Qaeda before an undercover agent. Shah’s FISA-authorized surveillance from October 2004 through June 2005 occurred concurrently with the FBI’s sting. Shah had a friend, Mahmud Faruq Brent, who had attended a Lashkar-e-Taiba training camp in Pakistan and complained about how “difficult it was to be back in the United States.” But the primary link between Shah and overseas terrorists was the undercover FBI agent who pretended to be from Al Qaeda. And there was no reasonable reason for ambiguity about whether the email address belonged to Tarik Shah, the U.S. citizen, as opposed to another Tarik Shah somewhere else in the world. The email address was email@example.com, the username a reference to Shah’s music profession. In a September 2006 filing, Attorney General Alberto Gonzales asserted national security privilege to prevent disclosure of Shah’s FISA application. Shah pleaded guilty to a material support charge; he is scheduled to be released from prison next year. It’s impossible to know from available NSA records whether the classification of Shah’s email address as a non-U.S. person was an anomaly or part of a broader NSA practice of targeting U.S. persons without having to provide probable cause to the FISA court that they were agents of foreign powers — a requirement intended protect U.S. citizens and legal residents from unreasonable search and seizure.
Because the FBI stood between the NSA and FISA data collection, NSA analysts encountered bottlenecks that frustrated counterterrorism and intelligence operations, internal NSA communication show. In April 2006, for example, the NSA was monitoring Ehsanul Islam Sadequee through a FISA authorization the FBI had obtained. A Bangladeshi-American who was born in the United States and grew up in the Atlanta suburbs, Sadequee came to the attention of U.S. authorities after he and a friend, Syed Haris Ahmed, traveled to Toronto to meet with several young men who were being investigated for terrorism in Canada. After that meeting in Toronto, Sadequee traveled to Bangladesh. He told U.S. counterterrorism agents prior to leaving that he was going to Bangladesh to be married. On April 5, 2006, as the FBI was closing in to arrest Sadequee, an NSA analyst urgently emailed the agency’s FBI liaison asking for the bureau’s help documenting their FISA authorization on Sadequee’s email address. “The reason we are pursing (sic) this is because we would like to retrieve a file that was passed between him and an associate about three weeks ago,” the NSA employee wrote. Sadequee was found guilty at trial of terrorism-related offenses, including material support for terrorists, and sentenced to 17 years in prison. His friend, Ahmed, was also found guilty at trial and received 13 years in prison; he was released in August.
As the NSA was experiencing some gridlock in its FBI-enabled FISA collection, the agency was developing new programs that sidestepped the Foreign Intelligence Surveillance Court — programs that would later be exposed as warrantless wiretapping and would evolve into the programs codified into law by FISA’s Section 702. Internal NSA documents written before the warrantless wiretapping program was exposed to the public reveal that the information flow slowly began to transform from the FBI to the NSA to a more bidirectional stream between both agencies. And in those early days of mass surveillance, NSA information secretly helped investigate accused terrorists who would be prosecuted in U.S. courts, Snowden documents show, although it’s not clear if the intelligence originated with warrantless eavesdropping or other sources.
In 2003, following a sting operation involving two informants and a meeting in Germany, Yemeni cleric Mohammed Ali Hassan al-Moayad was arrested in Frankfurt and extradited to the United States, where he was charged with raising money for Hamas and Al Qaeda. Moayad was convicted at trial in 2005. In an August 3, 2005, edition of SIDtoday, an NSA employee gave the agency credit for Moayad’s conviction. “Although this fact is unknown to the general public, and to the vast majority of the law enforcement community, NSA reporting played a key role in bringing the sheikh to trial,” the NSA employee wrote. It’s not clear what role NSA played in Moayad’s investigation. Moayad, who was not a U.S. person during the investigation, was not notified of FISA surveillance, court records show; nonetheless, his verdict was overturned after an appeals court ruled that testimony about unrelated terrorist activity had been allowed to prejudice the jury. Moayad was deported to Yemen in 2009 as part of a deal in which he pleaded guilty to conspiring to raise money for Hamas.
A week after crowing about its secret role in Moayad’s trial, the NSA boasted internally through SIDtoday that the agency played a key role in investigating Abdurahman Muhammad al-Amoudi, a U.S. citizen who was involved in financial transactions with Libya and a plot to assassinate the Saudi crown prince. According to SIDtoday, Libyan President Moammar Gadhafi organized the failed assassination plot after a perceived insult and threat by the Saudi crown prince during an Arab League summit. In 2004, Amoudi pleaded guilty to terrorism-related charges and was sentenced to 23 years in prison. “NSA’s contributions were significant,” the agency’s newsletter reported.
“Although this fact is unknown to the general public, NSA reporting played a key role in bringing the sheikh to trial.” —Top-secret passage in internal NSA newsletter
The NSA also played a previously undisclosed role in the capture of Nancy Conde Rubio, who at the time of her arrest was the fourth-ranking member of Marxist guerrilla group FARC in Colombia. Rubio had joined the FARC when she was 16 years old, and U.S. intelligence indicated that she was the girlfriend of a FARC commander suspected of holding hostage three U.S. citizens. Through digital communications intercepts, the NSA discovered that Rubio was to travel from Venezuela to Colombia without valid paperwork, according to a 2008 SIDtoday article. U.S. government officials provided that information to Colombian law enforcement, whose agents arrested Rubio and extradited her to Washington, D.C., for federal prosecution. She pleaded guilty to material support charges and was sentenced to 11 years and six months in prison.
Following the exposure of the NSA’s warrantless wiretapping programs, and the legalization of mass surveillance programs through the FISA Amendments Acts of 2008, which added Section 702 and other new provisions, the NSA continued to play a large, and largely secret, role in terrorism prosecutions in the United States.
One of the most notable examples involves Najibullah Zazi, who was arrested before he could move forward in an Al Qaeda-backed plot to bomb the New York subway. Zazi, a legal permanent resident of the United States, pleaded guilty to terrorism-related offenses in February 2010. The next month, on March 11, 2010, SIDtoday celebrated “a watershed period in the fight against terrorism and radical extremist groups,” noting that the NSA first discovered Zazi’s email connections to Al Qaeda operatives in Pakistan.
“Without that SIGINT lead on Zazi, his activities might not have come to the attention of the US intelligence and law enforcement communities until he actually conducted a terrorist attack against the US homeland,” an NSA employee wrote, referring to signals intelligence.
In July 2015, five years after Zazi pleaded guilty, prosecutors in New York notified him that he had been subjected to Section 702 surveillance. Zazi has not yet been sentenced; he is now a cooperating witness, part of a larger effort to flip well-connected terrorists into government informants. His case has become the prime example for counterterrorism officials defending the utility of Section 702 in stopping attacks in the United States.
Zazi is one of 10 terrorism defendants who have been notified of Section 702 surveillance. Most of those notifications occurred in 2014 and 2015, as supplemental notices intended to correct the record after the Justice Department review of cases in which 702 notice was not provided.
According to a review of nationwide court records by The Intercept, the most recent Section 702 notification was delivered in April 2016, when prosecutors in Chicago informed Aws Mohammed Younis Al-Jayab, a Palestinian refugee who emigrated from Iraq. Jayab is awaiting trial on charges that he lied to federal agents about fighting with terrorist groups in Syria.
“Something is funky on one side of the ledger.”
To those who follow these notifications, the absence of any new Section 702 filings for more than 18 months — a period during which more than 50 terrorism defendants have been charged in U.S. courts and counterterrorism officials have trumpeted the critical need for Section 702 — is suspicious.
“Something is funky on one side of the ledger,” said Neema Singh Guliani, a legislative counsel at the ACLU in Washington, D.C.
If the FBI uses parallel construction to conceal intelligence community information, it would not be the only federal law enforcement agency doing so. In 2013, Reuters obtained documents from the U.S. Drug Enforcement Administration that showed how agents were trained to “recreate” investigative trails to conceal how intelligence intercepts helped to identify criminal targets. Separately, MuckRock obtained DEA documents that suggested FISA could be used by law enforcement agencies “for prosecutorial purposes in a manner that protects [intelligence community] sources and methods.”
Adding to the suspicion that FBI counterterrorism agents use parallel construction to conceal NSA cooperation is a growing number of filings in terrorism cases in which defense lawyers say circumstantial evidence suggestss some form of mass surveillance program was used against their clients.
In South Florida, the FBI nabbed two brothers, Sheheryar Alam Qazi and Raees Alam Qazi, in an informant-led sting, in which the brothers discussed and planned for a bomb plot in New York. Federal prosecutors notified the Qazis that evidence against them included surveillance authorized under traditional FISA authority. But Sheheryar Alam Qazi’s lawyer questioned whether that evidence might have been first obtained from Section 702 and then re-obtained through traditional FISA. “That argument was what was suspected but no hard evidence to support,” said Daniel L. Ecarius, an assistant federal public defender in Miami. The judge ruled that the government’s FISA notification was legally sufficient.
Across the country, in California, Adam Shafi was accused of providing material support to terrorist groups after the FBI discovered that Shafi had disappeared from his family for two days while they were in Egypt. Shafi later told his family and the FBI that he had traveled to Turkey to see the conditions of Syrian refugee camps, but in an affidavit to support a criminal charge, the FBI disclosed that intercepted communications revealed that Shafi had discussed traveling to Syria to join Nusra Front. Prosecutors in June told Shafi’s lawyer, Galia Amram, that they did not intend to file Section 702 notice in the case. Amram demanded that the judge determine whether Section 702 notice was required, as Qazi’s lawyer had. The judge in California also ruled that the government’s notification was legally sufficient.
The case of Khalid Ouazzani is even more perplexing. In May 2016 testimony before the Senate Judiciary Committee, Matthew G. Olsen, former director of the National Counterterrorism Center, specifically touted Ouazzani’s arrest as a success story for Section 702 surveillance.
“NSA conducted surveillance under Section 702 of an email address used by a suspected extremist in Yemen,” Olsen said. “This surveillance led NSA to discover a connection between the extremist and an unknown person in Kansas City, Missouri, who was then identified as Khalid Ouazzani. The follow-up investigation revealed that Ouazzani was connected to other Al Qaeda associates in the United States, who were part of an earlier plot to bomb the New York Stock Exchange.”
Ouazzani, a used car and auto parts dealer, pleaded guilty in 2010 to sending $23,500 to Al Qaeda. But court records in his case show that he was not notified of either traditional FISA or Section 702 surveillance.
Explaining why Ouazzani would not be notified of Section 702 surveillance while 10 other terrorism defendants were notified of such surveillance is impossible because the Justice Department has refused to release documents related to its notification policy. The ACLU sued the Justice Department in 2013 under the Freedom of Information Act to release documents related to the policy. The Justice Department still refused to comply, claiming none of its documents contained a “binding” interpretation of the obligation to provide Section 702 notice.
“Without knowing the government’s policy, it’s impossible to even begin to audit whether these notifications are taking place in all cases where they are legally required,” said Andrew Crocker, a staff attorney for the Electronic Frontier Foundation.
The notification concerns surrounding Section 702 do not affect only accused terrorists. While to date only terrorism defendants have received notification of Section 702 evidence, the FBI does not have a policy limiting the use of Section 702 searches to suspected terrorists. The searches are available for all domestic criminal investigations.
“The immense authorities given to security agencies for counterterrorism purposes should be of concern to every American,” said Patel of the Brennan Center. “The government is able to circumvent the Fourth Amendment’s warrant requirement to go poking around into private communications. This allows for targeting for reasons of politics and prejudice.”
- SSO Weekly Brief 25 April 2013: Excerpt
- SIDtoday: FISA: Teaming with the FBI in the Global War on Terrorism
- PINWALE: Transnational DNI Training
- Re: Ehsanul Sadequee FISA Request
- SIDtoday: Life as the SID Liaison to the Joint Terrorism Task Force in NYC
- SIDtoday: The Saudi Assassination Plot — How It Was Thwarted
- SIDtoday: 2009: A Watershed Year in the Fight Against Terrorism
- SIDtoday: Perseverance Pays Off: Eight-Year SIGINT Effort Culminates in the Arrest of Elusive Colombian Terrorist
- NSA Classification Guide for FISA