Did ACLU and EFF Just Help the NSA Get Inside Your Smart Phone?
The ACLU and EFF normally do great work defending the Fourth Amendment. Both have fought the government’s expansive spying for years. Both have fought hard to require the government obtain a warrant before accessing your computer, cell phone, and location data.
But earlier this week, they may have taken action that directly undermines that good work.
On Wednesday, both civil liberties organizations joined in a letter supporting Patrick Leahy’s version of USA Freedom Act, calling it a necessary first step.
We support S. 2685 as an important first step toward necessary comprehensive surveillance reform. We urge the Senate and the House to pass it quickly, and without
making any amendments that would weaken the important changes described above.
ACLU’s Laura Murphy explained why ACLU signed onto the bill in a column at Politico, analogizing it to when, in 2010, ACLU signed onto a bill that lowered, but did not eliminate, disparities in crack sentencing.
Reform advocates were at a crossroads. Maximalists urged opposition despite the fact the bill would, in a very real way, make life better for thousands of people and begin to reduce the severe racial and ethnic inequality in our prison system. Pragmatists, fearing that opposition to the bill would preclude any reform at all, urged support.
It was a painful compromise, but the ACLU ultimately supported the bill. It passed, astoundingly, with overwhelming support in both chambers.
And then something amazing happened. Conservative lawmakers, concerned about government waste, increasingly came to the table to support criminal justice reform. Liberals realized they could vote their conscience on criminal justice without accusations of being “soft on crime.” It has not been easy and there have been many steps backward, but in recent years, we’ve seen greater public opposition to mandatory minimum sentences and real movement on things like reducing penalties for low-level drug offenses.
The analogy is inapt. You don’t end crack disparities by increasing the number of coke dealers in jail. But Leahy’s USA Freedom Act almost certainly will increase the number of totally innocent Americans who will be subjected to the full brunt of NSA’s analytical authorities indefinitely.
That’s because by outsourcing to telecoms, NSA will actually increase the total percentage of Americans’ telephone records that get chained on; sources say it will be more “comprehensive” than the current dragnet and Deputy NSA Director Richard Ledgett agrees the “the actual universe of potential calls that could be queried against is [potentially] dramatically larger.” In addition, the telecoms are unlikely to be able to remove all the noisy numbers like pizza joints — as NSA currently claims to — meaning more people with completely accidental phone ties to suspects will get sucked in. And USA Freedom adopts a standard for data retention — foreign intelligence purpose — that has proven meaningless in the past, so once a person’s phone number gets turned over to the NSA, they’ll be fair game for further NSA spying, the really invasive stuff, indefinitely.
But that’s not the reason I find ACLU and EFF’s early support for USA Freedom so astounding.
I’m shocked ACLU and EFF are supporting this bill because they don’t know what the NSA will be permitted to do at the immunized telecoms. They have blindly signed onto a bill permitting “connection chaining” without first understanding what connection chaining entails.
As I have reported extensively, while every witness who has talked about the phone dragnet has talked about chaining on phone calls made — all the calls Anwar al-Awlaki made, all the calls those people made — the language describing this chaining process has actually been evolving. Dianne Feinstein’s Fake FISA Fix last fall allowed the NSA to chain on actual calls — as witnesses had described — but also on communications (not just calls) “to or from any selector reasonably linked to the selector.” A February modification and the last two dragnet orders permitted NSA to chain on identifiers “with a contact and/or connection” with the seed, making it clear that a “connection” is something different than a “contact.” The House bill USA Freedumber adopted the same language in a legislative report. Leahy’s bill adopts largely the same language for chaining.
(iii) provide that the Government may require the prompt production of call detail records—
(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and
(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;
Now, it’s possible that this language does nothing more than what NSA illegally did until 2009: chain on both the identifier itself, but also on identifiers it has determined to be the same person. Back in 2009, NSA referred to a separate database to determine these other identifiers. Though that’s unlikely, because the bill language suggests the telecoms will be identifying these direct connections.
It’s possible, too, that this language only permits the telecoms to find “burner” phones — a new phone someone adopts after having disposed of an earlier one — and chain on that too.
But it’s also possible that this language would permit precisely what AT&T does for DEA in its directly analogous Hemisphere program: conduct analysis using cell site data. The bill does not permit NSA to receive cell site data, but it does nothing to prohibit NSA from receiving phone numbers identified using cell site data. When Mark Warner asked about this, Ledgett did not answer, and James Cole admitted they could use these orders (with FISC approval) to get access to cell location.
It’s possible, too, that the telecoms will identify direct connections using other data we know NSA uses to identify connections in EO 12333 data, including phone book and calendar data.
The point is, nobody in the public knows what “connections” NSA will be asking its immunized telecom partners to make. And nothing in the bill or even the public record prohibits NSA from asking telecoms to use a range of smart phone information to conduct their analysis, so long as they only give NSA phone identifiers as a result.
In response to questions from Senators about what this means, Leahy’s office promised a letter from James Clapper’s office clarifying what “connections” means (No, I don’t remember the part of Schoolhouse Rock where those regulated by laws get to provide “clarifications” that don’t make it into the laws themselves). That letter was reported to be due on Tuesday, by close of business — several days ago. It hasn’t appeared yet.
I asked people at both EFF and ACLU about this problem. EFF admitted they don’t know what this language means. ACLU calls the language “ambiguous,” but based on nothing they were able to convey to me, insists getting smart phone data under the guise of connection chaining would be an abuse. ACLU also pointed to transparency provisions in the bill, claiming that would alert us if the NSA starting doing something funky with its connection language; that of course ignores that “connection chaining” is an already-approved process, meaning that existing processes won’t ever be need to be released. It also ignores that the Administration has withheld what is probably a directly relevant phone dragnet opinion from both ACLU and EFF in their dragnet FOIA.
I get Laura Murphy’s point about using USA Freedom to start the process of reform. But what I don’t understand is why you’d do that having absolutely no idea whether that “reform” codifies the kind of warrantless probable cause-free access to device data that ACLU and EFF have fought so hard to prevent elsewhere.
ACLU and EFF are supposed to be leaders in protecting the privacy of our devices, including smart phones. I worry with their embrace of this bill, they’re leading NSA right into our smart phones.
“IT’S MY DATA … GET A WARRANT”? So, the ACLU is now making stickers for Capt Picard to put on his Chief Operations Officer?
I think they may be basing their position on what they’ve been told by Leahy (and other senators) and what they get from the MSM.
Otherwise, I don’t understand why they think that this is an improvement.
I wonder – for the editor also – what are the alternatives to this bill? Is it the case that if this bill fails, then no ‘reform bill’ will be passed? Or is it the case that if this bill fails, then a ‘worse’ bill will pass? And, in the timeline of ‘introduced/amended’ bills so far, is this the worst, or the best? Please do give us more information. Else, how can we be expected to decide? Thank you.
aclu and eff are throwing in the towel.
time is up for any but radical public opposition to the nsa legalization and expansion bills before congress.
aclu and eff are overmatched and without sufficient resources to fight either this or the even worse bills up for a vote.
what is going to happen, though, is the the worst of the “dumber” billis will pass easily.
the moral is never count on polite, lawyerly, fund-raising organizations to fight successfully before the congress unless there is strong public support they can ride. without such support the best they ever get are greasy crumbs.
on the bright side, the fund raising opportunities should be great.
what was missing in the government spying fight from the beginning was any sort of public organization to educate the public about what their government is doing to them, how dangerous the nsa/fbi/dhs spying can be, and about the complicity of the president and the congress in expanding this secret program.
what has happened here is an excellent demonstration of how distant the public is from congress (and vice versa) and how little impact the public have when not educated and organized.
Are you saying that no organization with limited resources is immune from being maneuvered into being a veal pen for supporters? That says that we cannot expect NGOs to come to our rescue, no matter how smart and well-meaning.
The money is moving to try to clog up all the exits it seems. As a Bush would say, “We are in deep doo-doo.”
With all due respect to the ACLU and the EFF . . . the time for passive resistance has run out. We are living in a domestic police state that conducts foreign wars of aggression, and there will be no reform. The military/intelligence/corporate coup that began in 1947 is now complete. We must now turn to direct action: economic and data resistance against US, EU and NATO, and preparation for guerilla warfare. If the ACLU and the EFF want to play a role in the new reality, they will start organizing strikes and boycotts.
Well, nice conveniences that they are, you got to know, and tell you another thing, if you don’t have ’em, you can’t ‘keep up’, with the ‘Joneses’ too good.
Telephones were nice, remember ‘ole’ ‘what’s her face’ on the partyline thing… (Lilly Tomlin/types), well they were listening in too, right?…
Back in ‘prehistory of the 1920’s they had it in your house!
Ole J. Ednar even got a picture taken when he didn’t expect it… haha!
Did you ever (fuck) in a motel room, well guess what not only was “Norman” peeping in, but that eye in the sky/wall, was too… Haha.
Since the business records FISC warrants included everybody’s (long distance and local)
calls, this only requires the telecoms to keep call records for a longer period. Plus any
query that NSA would need to make would be a distributed query to all telecoms. So, I
don’t see a major change here. Also, when it comes to the “two hops,” if they don’t
restrict doing a second hope through business or local/state/federal government offices,
then the two hop method allows them to contact chain everyone in the US and probably the world. For example, if I call the Maryland DMV, then I am two hops from everyone that
does the same. Meaning, I am two hops from everyone in Maryland. Etc. with other companies/government departments around the world.
For a quick look at connection chaining watch this:
Analyse high volumes of all-source data – i2 Analysis Solution (YouTube)
popehat has a pessimistic take
http://www.popehat.com/2014/07/15/warrants-bulwark-of-liberty-or-paper-shield/#more-21957