James Clapper Claims Publicly Acknowledged Details Are State Secrets While Boasting of Transparency
Between documents leaked by Edward Snowden, official court submissions, and official public statements, we know at least the following about the surveillance system set up after 9/11 and maintained virtually intact to this day:
- Around of 8-14% of the content collected under Bush’s illegal program was domestic content (page 15 of the NSA IG Report says this constituted 8% of all the illegal wiretap targets but the percentage works out to be higher)
- Some of the content collected via ongoing upstream collection currently includes intentionally-collected domestic content (NSA refuses to count this, even for the FISA Court)
- Bush’s illegal wiretap program targeted Iraqi Intelligence Service targets, as well as targets affiliated with al Qaeda and its associates (see page 8)
- NSA uses the phone metadata program with Iranian targets, as well as targets affiliated with al Qaeda and its associates
- Both the illegal wiretap program and the Internet dragnet authorized under Pen Register/Trap and Trace in 2004 collected information that (because of the way TCP/IP works) would be legally content if treated as electronic surveillance
- The NSA still conducts an Internet dragnet via collection overseas, which not only would permit the metadata-as-content collection, but would permit far more collection on US persons; that collection is seamlessly linked to the domestic dragnet collection
- NSA uses the dragnets to decide which of content the telecoms have briefly indiscriminately collected to read
That is, the surveillance system is not so much discrete metadata programs and content programs directed overseas, directed exclusively against al Qaeda or even terrorists. Rather, it is a system in which network analysis plays a central role in selecting which collected content to read. That content includes entirely domestic communication. And targets of the system have not always been — and were not as recently as June — limited to terrorists.
These details of the surveillance system — along with the fact that AT&T and Verizon played the crucial role of collecting content and “metadata” off domestic switches — are among the details James “Least Untruthful” Clapper, with backup from acting Deputy Director of NSA Frances Fleisch, declared to still be state secrets on Friday, in spite of their public (and in many cases, official) acknowledgement.
In doing so, they are attempting to end the last remaining lawsuits for illegal wiretapping dating to 2006 by prohibiting discussion of the central issue at hand: the government has repeatedly and fairly consistently collected the content of US persons from within the US, at times without even the justification of terrorism. (For more background on Jewel v. AT&T, see here.)
Here’s how Clapper, with a nod to Fleisch, lays out the rebuttal of the Jewel plaintiffs.
the NSA’s collection of the content of communications under the TSP was directed at international communications in which a participant was reasonably believed to be associated with al-Qa’ida or an affiliated organization. Thus, as the U.S. Government has previously stated, plaintiff’s allegation that the NSA has indiscriminately collected the content of millions of communications sent or received by people inside the United States after September 11, 2001, under the TSP is false.
There are several weasel parts of this claim.
The “Terrorist Surveillance Program” and the “Other Target Surveillance Program”
First, to make this claim, Clapper (and Fleisch) revert to use of “Terrorist Surveillance Program,” a term invented to segment off the part of the larger illegal wiretap program that George Bush was willing to confess to in December 2005, that involving international communications with a suspected al Qaeda figure. But as Fleisch admits — but doesn’t explain — at ¶20, the TSP is just a subset of the larger Presidential Surveillance Program. As I’ve noted above, we know the system was used and is currently used to target entities that are agents of states, not terrorist organizations. And Clapper’s language suggests it is used with both “other foreign terrorist organizations” and to identify “many other threats.”
…and other foreign terrorist organizations to the United States
[snip]
to the extent classified information about the al-Qa’ida threat, from September 11, 2001 to the present, or the many other threats facing the United States,
Given the evidence that the program may (or may have) extend beyond even the Iranian and Iraqi targets the government has deemed “terrorists” so as to include them in this program, Jewel’s plaintiffs might be able to argue it could include normal dissent.
The Internet metadata that is really content
Then the government hides details that would make it clear that both under Bush and Obama, NSA illegally collected US person content in the name of collecting “metadata.”
The first tell here is how Clapper refers to the “metadata” collected under Bush (this carries over into the I Con’s announcement of this declassification).
President Bush authorized the NSA to collect (1) the contents of certain international communications, a program that was later referred to and publicly acknowledged by President Bush as the Terrorist Surveillance Program (TSP), and (2) telephony and Internet non-content information (referred to as “metadata”) in bulk, subject to various conditions. [my emphasis]
While his reference varies, the emphasis on “non-content information (referred to as ‘metadata’)” suggests they’re using a potentially uncertain definition of metadata.
This likely derives from the government’s definition of content here. Both Clapper (footnote 1) and Fleisch (footnotes 4 and 11) note their discussion of the Internet “metadata” program defines content as defined under the pen register part of FISA. Here’s Fleisch:
The term “content” is used herein to refer to the substance, meaning, or purport of a communication, as defined in 18 U.S.C. § 2510(8), as distinguished from the type of addressing or routing information referred to herein as “metadata.”
While they claim to be using “meaning” to distinguish from “metadata,” both are also implicitly distinguishing this definition of content used in the pen register statute from that used for electronic surveillance, which is,
“Contents”, when used with respect to a communication, includes any information concerning the identity of the parties to such communication or the existence, substance, purport, or meaning of that communication.
At one level, this is just tautological game-playing. The method the NSA used to collect the domestic Internet dragnet until December 2011 was exactly the same as it used for the Section 702 upstream collection, collection, with some filtering, directly from AT&T and Verizon’s switches; there is nothing in the method that distinguishes the Internet dragnet from what NSA treats as electronic surveillance of Internet content. So to define one object of collection as metadata and the other as content, they simply apply different definitions of content to them.
Moreover, there is long-standing legal awareness of this problem. Colleen Kollar-Kotelly relied on the pen register definition on page 6 of the original dragnet opinion. But with it, she required that collection be limited to certain kinds of metadata, a requirement that we know NSA violated from the very start.
John Bates laid out the problems with adopting the pen register definition generally and therefore its definition of content specifically on pages 26 and following of his opinion authorizing the resumption of the Internet dragnet. That problem appears to pertain to the fact that the NSA was claiming that PR/TT allowed it to collect “dialing, routing, addressing, or signaling information” (DRAS), whether or not it was content, and data that was not content as defined under the pen register statute. Bates judged (see page 30 and following) that Congress intended to authorize DRAS collection only if it was not content. Since the Internet uses nested addressing, and subordinate addresses would be treated as content to the higher level routing entities, the government was effectively collecting metadata that was content (again, see Julian Sanchez’ explanation of why this is significant from a legal standpoint).
But here we are, just 3 years after Bates described all this in a court ruling (and 2 years after he repeated some of the same analysis in another court ruling), and the government is making the argument that metadata collected using the same method as content is not content because it doesn’t meet the “content” definition of the statute that doesn’t allow you to collect content, even while it does meet the “content” definition of the statute that allows you to collect content.
Oh, and by the way, the collection of US person Internet metadata-that-is-also-content still goes on overseas; the government’s assertion that that collection doesn’t go on anymore makes it clear it doesn’t go on under the FISA pen register statute, without ruling out such collection under other authorities.
In December 2011 , the U.S. Government decided not to seek re-authorization of the bulk collection of lnternet metadata under section 402.
Which is quite different from saying — as they have in unsworn statements — that they’ve shut down the program entirely.
The metadata that leads to the content
Finally, Clapper and Fleisch impose silence over the relationship between this metadata and content, declaring state secrets over both the scope of the TSP (and therefore implicitly, the PSP) and 702 collection, as well as,
any other information related to demonstrating that the NSA has not otherwise engaged in the content-surveillance dragnet that the plaintiffs allege
Nowhere in their declarations is there any language akin to the language Teresa Shea, NSA Director of Signals Intelligence Directorate, used just a month ago in the Larry Klayman suit.
Section 215 bulk telephony metadata complements other counterterrorist-related collection sources by serving as a significant enabler for NSA intelligence analysis. It assists the NSA in applying limited linguistic resources available to the counterterrorism mission against links that have the highest probability of connection to terrorist targets. Put another way, while Section 215 does not contain content, analysis of the Section 215 metadata can help the NSA prioritize for content analysis communications of non-U.S. persons which it acquires under other authorities. Such persons are of heightened interest if they are in a communication network with persons located in the U.S. Thus, Section 215 metadata can provide the means for steering and applying content analysis so that the U.S. Government gains the best possible understanding of terrorist target actions and intentions. [my emphasis]
To be fair, both of these passages use wonderfully vague language. “Content-surveillance dragnet” is something distinct from “content dragnet,” the latter of which might refer to the collection but not review of content. And “content analysis” likewise assumes the content already got collected.
So both the effort to avoid describing and the effort to describe how the metadata ties directly into selecting which already-collected content to read gloss over that “already-collected” assumption (page 16 and following of the NSA IG Report describes some of this, and makes it clear the telecoms are using the metadata to pull the content for further analysis).
The thing is, the government likely has reason to be mighty uncertain about the legal status of this (or, even more likely, mighty certain but unhappy). While it is likely that the US person content systematically read using this system does not include the plaintiffs, the reason it doesn’t is because the telecoms have already collected the plaintiffs’ metadata (which, in the case of their Internet data, is also legally content) and because they’ve briefly held their content while they scan it against selected metadata identifiers selected by analyzing all metadata identifiers, including their own.
They might win an argument that this collection was not indiscriminate, but to win it, they’d have to reveal the many places in the process where they had violated wiretap laws.
Thus, Clapper is instead using Bush and Obama’s favorite strategy of declaring evidence of crime a state secret. All the while boasting of his own transparency in declassifying one more tiny chunk of Bush’s illegal program.
Sumimasen, this is (a very little bit) OTT:
http://www.math.columbia.edu/~woit/wordpress/?p=6522
on the matter of the NSA’s deliberate seeding of the NIST with a “defective” algorithm, to ease decryption of common carrier Internet messages.
This title is perfection! Gives all vital details in one snarky sentence.
I’ve mentioned before that I get served some of the oddest ads on this site :) Usually they are at least somewhat related to me and often they creep me out (e.g. related to medical things from two decades ago), but today I wonder if they’re getting members of this household mixed up somehow. There are five of us using the same internet connection today, same router, not counting the cats, who are female. The other four are male. The big ad at the top delivered to me is for men’s underwear.
Then again, I’ll probably buy some men’s underwear today or tomorrow, as every year they all get socks and underwear under the tree, carrying on my mother’s tradition. Hmm, are they that good? Do they know that there are only two times a year when I buy men’s or boy’s underwear?
P.S. Yes, they do get other things.
This is why I think they will never shut down the metadata programs. Plus, I think that fresh metadata content every day is such a key part of their data base and their system architecture, that at least some of their other systems would be crippled without it. Consider that they get pretty accurate names and identifying information, probably some credit card info from payment methods, and they are notified of address changes when people move, etc., straight from the telecoms. For people who receive bills by email, they get email addresses, plus the email addresses from telecom/cable email applications. And all of it is fresh, every day.
If they are court ordered to shut down the metadata program, I think the most likely outcome will be that they’ll create another organization, deeply covert, paid for by black budgets or god only knows what, and will continue. However, I don’t know how they would hide that from analysts and anyone who uses these systems. So the whistleblower risk would be higher, I’d think.
Otherwise, I think it’s likely that they’d need to rearchitect their whole surveillance system and procedures.
What scares me is the thing Hayden said when debating Gellman in NC recently. He talked about the “box” they have to operate in and he said if you make that box smaller, as soon as there is another terrorist attack, we’ll end up with a much larger box, as in, even more domestic surveillance. He seemed very confident of this. Others have hinted of things like this too. Most of all, the big defense contractors are all into the intelligence world now, and cybersecurity, and wouldn’t their massive plans for cybersecurity depend on the dragnets too? Since we don’t need as many ships, tanks, planes, etc. going forward with the transformation of the military, as Dana Priest has said, they’re all moving into the intelligence arena. Their revenue flow and existence depends on this shift. The military industrial complex has become the military intelligence complex. How far will they go to keep their power and revenue secure?
The government’s argument about metadata not only relies on Smith v. Maryland, but I believe it relies on two ideas, either unspoken or part of a secret ruling(s) that has yet to be revealed.
1) A search by a computer/robot does not really count as a search.
2) Electronic communication does not have the same protections as voice communication.
In other words, when the government uses a computer it does not really count as a search, and when a citizen uses a computer it does not really count as a communication.
Here is the easiest way (I hope) to understand what I am talking about.
In a traditional telephone call, everything that is communicated by voice between two or more people is considered content.
Let’s examine the following voice conversation between two people. One person is named Client and the other person is named Server.
Server: 220 smtp.example.com ESMTP Postfix
Client: HELO relay.example.org
Server: 250 Hello relay.example.org, I am glad to meet you
Client: MAIL FROM:
Server: 250 Ok
Client: RCPT TO:
Server: 250 Ok
Client: RCPT TO:
Server: 250 Ok
Client: DATA
Server: 354 End data with .
Client: From: “Bob Example”
Client: To: “Alice Example”
Client: Cc: [email protected]
Client: Date: Tue, 15 January 2008 16:02:43 -0500
Client: Subject: Test message
Client: Hello Alice.
Client: This is a test message with 5 header fields and 4 lines in the message body.
Client: Your friend,
Client: Bob
Client: .
Server: 250 Ok: queued as 12345
Client: QUIT
Server: 221 Bye
This conversation when transmitted by voice is all content, despite the fact that you may recognize what the government considers metadata embedded in this communication.
If I have this same conversation with someone electronically, suddenly the “From:” “To:”, “Cc:”, “Date:”, and “Subject:” portions of this communication is now considered metadata and does not have the same constitutional protections as the content portion of this message. We can also begin to understand the idea that metadata can be embedded or tunneled within content.
Try and imagine how and when voice content becomes electronic metadata. There must be a point where this happens or else **any and all data transferred by a acoustic modem would be considered content because it is contained within the content portion of a voice telephone call.**
Now, let’s try and imagine a machine invented for the purposes of avoiding metadata collection. The obvious answer is to embed or tunnel all metadata into the content portion of a protocol. In the example above we are using the voice or content portion of a phone call to transmit an email message. If Smith v. Maryland stands for anything, then the email metadata embedded within a voice phone call should be out of reach from a metadata search.
So why can’t we avoid all of these metadata searches by using either acoustic modems or voice synthesis and recognition to connect to the internet? Sure it might be a lot slower, but that would be a small price to pay for the additional privacy it offered.
The answer to this question is dependent on the idea that the government believes voice content and electronic content are two different things and returns us to the two points that began this post.
1) A search by a computer/robot does not really count as a search.
Since metadata can be embedded or tunneled within the content portion of a communication, **the government recursively searches all content for metadata.** Somehow this does not count as a search. I suspect the government’s argument is that a search by a computer/robot does not count as a search.
2) Electronic communication does not have the same protections as voice communication.
If electronic communication has the same constitutional protections as voice communications then it should not be permissible to search content for metadata. If the government is relying only on the idea that a search by a computer/robot does not count as a search, then even traditional voice communications can be searched, which seems to be in direct opposition to Smith v. Maryland. This is why I believe that both ideas are necessary for the government’s metadata searches.
When we are finally able to see the judicial joke that passed for the legal justification for the government’s total surveillance programs it will become obvious why these decisions were kept secret.
They are an embarrassing mess that won’t stand up to the most basic scrutiny.
Great read, thanks.
I’m not going to worry about the HTML parsing issues with the SMTP example, but let me take a stab at fixing the HTML (holidays too much liquor) errors in the ninth (jesus) paragraph from the bottom.
Please replace with:
Now, let’s try and imagine a machine invented for the purposes of avoiding metadata collection. Our machine would use voice synthesis and voice recognition to tunnel all internet communication through the voice or content portion of a voice telephone call. Just as in the example above we are using the voice portion of a phone call to transmit an email message. If Smith v. Maryland stands for anything, then the email metadata embedded within a voice phone call should be out of reach from a metadata search.
Hmm, I bet they convert all audio into metadata….
I am surprised that the “metadata” issue has not been connected to other court rulings on government surveillance.
Namely, the ruling barring the government from conducting GPS surveillance (e.g. a hidden tracking device on a car) without a warrant for that subject.
What does a GPS tracking device reveal: it doesn’t reveal who you’re meeting, what you’re doing, etc. it just reveals where you’ve gone. i.e. METADATA about what you’re doing in your private life.
that is supposedly illegal, per the latest court ruling.
so why should collecting other metadata in a dragnet without a warrant targetted at a specific individual be legal?
otherwise, the government would like to conduct the total information awareness surveillance dragnet,
and they may wish to claim they will only access and/or use this information as properly authorized.
well, that’ kind of like the police saying they can strip search everybody for “efficiency”,
but they promise to only use that info when given proper approval thru a warrant, etc.
well, that’s kind of a joke, right?
Why is this bastard still allowed to prattle on? He committed bald-faced perjury to Congress, why isn’t he in an orange jumpsuit at Club Fed??
@Jim: Well, can’t speak to the why Clapper is not charged with something, but can pretty unequivocally say why he is not charged with perjury. Contrary to the popular meme, Clapper was not sworn and under oath in the March SSCI hearing, so “perjury” is not a possible charge. What he is guilty of is false statements under 18 USC §1001, which is also a serious crime.
Nice piece EW.
Remember Wiebe, Binney, Loomis & Drake with ThinThread. https://en.wikipedia.org/wiki/ThinThread It would not have resolved all the issues. But, think what a different place we would be in today if Hayden/Duhbya/Obama/Clapper/Alexander et al had not chosen to rape the 4th with TrailBlazer and its successors, and to go after responsible US spooks and whistleblowers with the Espionage Act.
@joanneleon: Think NSA is intrusive? The for profit web is as least as intrusive and is actively using, buying and selling your information.
You can do some simple things to moderate the amount of information you share. For example, dump IE as a browser if you have not done so long ago, turn off cookies and tracking in your browser.
One or more of these add-ons may be useful too:
AdblockPlus, Better Privacy, Ghostery. There are others that provide similar or better screening. The idea being to control how much information you share, and to limit how intrusive you will let web sites be.
Very well put together info. Thanks for it.