9th Circuit Rules that Mohamed Osman Mohamud Might Have Killed Like a Bunch of White Mass Killers Had the FBI Not Intervened

/4 Comments/in /by

The last paragraph of a 9th Circuit Judge John Owens opinion rejecting Mohamed Osman Mohamud’s appeal reads,

Many young people think and say alarming things that they later disavow, and we will never know if Mohamud—a young man with promise—would have carried out a mass attack absent the FBI’s involvement. But some “promising” young people—Charles Whitman, Timothy McVeigh, and James Holmes, to name a few from a tragically long list—take the next step, leading to horrific consequences. While technology makes it easier to capture the thoughts of these individuals, it also makes it easier for them to commit terrible crimes. Here, the evidence supported the jury’s verdict, and the government’s surveillance, investigation, and prosecution of Mohamud were consistent with constitutional and statutory requirements.

Mohamud had appealed on several grounds. Generally, he argued that he had been entrapped, that Section 702 was unconstitutional, and that that evidence should be thrown out because he was not informed in timely fashion.

The court was (as they had been in the hearing) most sympathetic to Mohamud’s entrapment case, but found that even though he was first approached before he turned 18 (Mohamud was 19 when he pressed a button believing it would set off a bomb at Portland’s Pioneer Square), the entrapment was less than what happened with James Cromitie, a case the 2nd Circuit upheld.

Nevertheless, the court found that a jury might reasonably find that Mohamud was predisposed to commit a bombing, even before government incitement.

In sum, viewing the evidence in the light most favorable to the government, we cannot say that “no reasonable jury could have concluded that [Mohamud was] predisposed to commit the charged offense[].” Davis, 36 F.3d at 1430. We therefore conclude that the district court properly rejected his defense of entrapment as a matter of law.

The court was less sympathetic to Mohamud’s FISA challenge.

But their argument on this front is pretty weird. The court dodges any ruling on a foreign intelligence exception that the government claimed.

Because the incidental collection excepts this search from the Fourth Amendment’s warrant requirement, we need not address any “foreign intelligence exception.”

Instead, it invokes the Third Party doctrine, suggesting that because Mohamud wrote to someone — anyone! —  to suggest he had a diminished expectation of privacy in his side of emails.

It is true that prior case law contemplates a diminished expectation of privacy due to the risk that the recipient will reveal the communication, not that the government will be monitoring the communication unbeknownst to the third party. See, e.g., United States v. Miller, 425 U.S. 435, 443 (1976); United States v. White, 401 U.S. 745, 752 (1971); Hoffa v. United States, 385 U.S. 293, 302 (1966). While these cases do not address the question of government interception, the communications at issue here had been sent to a third party, which reduces Mohamud’s privacy interest at least somewhat, if perhaps not as much as if the foreign national had turned them over to the government voluntarily. See also Hasbajrami, 2016 WL 1029500 at *11 & n.18 (observing same distinction).

The court then admits that the sheer volume of incidental collection under Section 702 might be a problem, but suggests that minimization procedures thereby acquire more importance (while bracketing the problem of post-collection querying — also known as back door searches — the FBI conducts all the time).

Mohamud and Amici also contend that the “sheer amount of ‘incidental’ collection” separates § 702 from prior cases where courts have found such collection permissible. We agree with the district court’s observation that the most troubling aspect of this “incidental” collection is not whether such collection was anticipated, but rather its volume, which is vast, not de minimis. See PCLOB Report at 114 (“The term ‘incidental’ is appropriate because such collection is not accidental or inadvertent, but rather is an anticipated collateral result of monitoring an overseas target. But the term should not be understood to suggest that such collection is infrequent or that it is an inconsequential part of the Section 702 program.”). This quantity distinguishes § 702 collection from Title III and traditional FISA interceptions. However, the mere fact that more communications are being collected incidentally does not make it unconstitutional to apply the same approach to § 702 collection, though it does increase the importance of minimization procedures once the communications are collected.24

24 To the extent that Amici argue that the incidental overhear doctrine permits the unconstitutional and widespread retention and querying of the incidentally collected information, that issue is not before us.

Which brings us to this passage assessing the value of those minimization procedures with increased import.

While Executive Branch certification contributes some degree of further protection, it does not weigh heavily. Typically in the Fourth Amendment context, review from a neutral magistrate is considered the appropriate check on the Executive, which otherwise may be motivated by its interest in carrying out its duties. See, e.g., Leon, 468 U.S. at 913–14 (explaining that in obtaining a search warrant, a neutral magistrate is “a more reliable safeguard against improper searches than the hurried judgment of a law enforcement officer ‘engaged in the often competitive enterprise of ferreting out crime’” (citation omitted)). Under these circumstances, where the only judicial review comes in the form of the FISC reviewing the adequacy of procedures, this type of internal oversight does not provide a robust safeguard. The government notes that in In re Sealed Case, 310 F.3d 717, 739 (FISA Ct. Rev. 2002), the FISA Review Court observed that Congress recognized that certification by the AG in the traditional FISA context would “‘assure [ ] written accountability within the Executive Branch’ and provide ‘an internal check on Executive Branch arbitrariness.’” (citation omitted). However, as described above, § 702 differs in important ways from traditional FISA, and a mechanism that might provide additional protections above and beyond those already employed in a traditional FISA context provides far less assurance and accountability in the § 702 context, which lacks those baseline protections. See also Clapper, 133 S. Ct. at 1144–45.

Accordingly, although we do not place great weight on the oversight procedures, under the totality of the circumstnces, we conclude that the applied targeting and minimization procedures adequately protected Mohamud’s diminished privacy interest, in light of the government’s compelling interest in national security,

In other words, in the section assessing incidental collection, the court points to the import of minimization procedures. But when it comes to minimization procedures, it does “not place great weight” on them, because of the government’s compelling interest in national security. It is ultimately an argument about necessity based on national security.

Ultimately, then, the court argues that it was okay for the government to read Mohamud’s emails without a warrant, in spite of its admission of weaknesses in the government’s argument about a diminished expectation of privacy and minimization procedures. It does so by invoking three older (though still young) white mass killers, all of whom worked domestically.

While the court definitely relies on targeting rules limiting 702 to someone overseas, with its seeming admission that both its Third Party and its minimization procedure arguments are inadequate (as well as its decision that none of this has to do with a foreign intelligence exception), it gets frightfully close to making an argument that doesn’t distinguish foreign communications from domestic.

Perhaps Owens invokes those three white men to emphasize, unconvincingly, that that doesn’t mean Mohamud was targeted in a way a white non-Muslim wouldn’t be, but given the legal argument that’s left, the opinion is all the more troubling.

Update: Orin Kerr — who knows a lot more about law than I do — doesn’t like this opinion either. Among other common impressions, he’s not happy that Owens borrowed from a not really well written District opinion.

Two Lessons of the Robin Raphel Case

/1 Comment/in /by

If you haven’t already, you should read this long story on how longtime US diplomat Robin Raphel came to have her life turned upside down based on a frivolous espionage investigation. The piece has earned a lot of praise both for the reporting that went into it and the writing.

I want to point to a few lessons from the piece.

The “Tip”

As the piece explains, Raphel served for decades in Pakistan and South Asia generally, developing a lot of close ties there (she also did a stint in Iraq at the beginning of the war).

Over the years, she was one of the few remaining people who would get out of US compounds to go meet with Pakistanis directly. Precisely because she was engaging directly (or collecting human intelligence, in the view of the spooks), she would be captured in a great deal of intercepts targeting her interlocutors, meaning anything that appeared amiss would elicit attention from the NSA analysts reviewing the intercepts.

The NSA regularly swept up Pakistani communications “to, from or about” senior U.S. officials working in the country. Some American officials would appear in Pakistani intercepts as often as once a week. What Raphel didn’t realize was that her desire to engage with foreign officials, the very skill set her supervisors encouraged, had put a target on her back.

By the time Raphel returned to Pakistan under the Obama Administration, the NSA included Pakistan’s ruling party by name in the Section 702 foreign government certificate, which provides some indication of how much NSA was vacuuming up.

As far back as the 1990s, intelligence agencies deemed Raphel to be too sympathetic to Pakistani views, a view which continued when she returned to Pakistan under Obama.

In 2013, FBI received a “tip” purportedly implicating Raphel based off intercepts targeted at Pakistanis.

In February 2013, according to law-enforcement officials, the FBI received information that made its agents think Raphel might be a Pakistani mole.

The tip came in the form of intercepted communications that suggested Raphel had shared sensitive inside information without authorization. Two officials said this included information collected on wiretaps of Pakistani officials in the U.S.

The description of this tip suggests Raphel was talking with Pakistanis located in the US. Even there, there is room for ambiguity; it could also suggest (but probably doesn’t) that the wiretaps, not the Pakistani officials, were in the US.

 

The article also suggests Raphel’s conversations with a Pakistani woman named Maleeha Lodhi were among the most interesting to spies. When Raphel was Assistant Secretary of South Asian Affairs in the mid-1990s, Lodhi was Ambassador to the US, but she had been a journalist before and returned to journalism after that post; she is now Pakistan’s representative to the UN.

[Lodhi] had returned to the news business, writing a regular column and appearing as a commentator on Pakistani television. American officials said they had no doubt that Lodhi was more than an ordinary journalist, however.

In her six years in Washington as Pakistan’s ambassador, Lodhi had earned a reputation as a reliable source for what Pakistani officials were thinking, and in particular, as a trusted conduit for relaying messages to Pakistan’s senior military leadership in Rawalpindi, U.S. officials said. She was, in State Department parlance, an “influencer.” One reason U.S. officials trusted her: The NSA had long been monitoring her communications.

In other words, the NSA was targeting a journalist’s communications. The story presents conflicting viewpoints about how much of Lodhi’s information got back to the Pakistani government, with US sources insinuating that because she shared a lot of information with the Pakistani government, she wasn’t really a journalist. To a great degree that’s just a rationalization.Not only does the same kind of information sharing between journalists and government officials happen here. But the US targeted Lodhi not because she was deemed a threat, but because she was a good source of information. I suspect WSJ’s sources shared those competing claims in an attempt to obscure, from both Congress and FISA Court observers, how broadly the NSA targets off foreign government 702 certificates, such that it can include journalists with close ties but no formal relationship with a foreign government.

Moreover, the two versions of the basis of the tip on Raphel — Pakistani officials in the US versus Lodhi — may also serve to obscure what authority she first got targeted under. That is, if she was targeted under Section 702 but the government didn’t tell her that, then WSJ’s sources would have reason to invent a traditional FISA source of her targeting.

WSJ’s sources are probably also engaging in misdirection with the details offered in this passage.

Investigators began what they call “circling the target,” which means examining the parts of Raphel’s life they could explore without subpoenas or warrants. Sitting in their cubicles on the fourth floor of the FBI’s Washington Field Office, a modern sandstone-colored building on the edge of Chinatown, the agents began to map her network of contacts and search for signs of disloyalty.

One of the first things they looked at was her “metadata”—the electronic traces of who she called or emailed, and also when and for how long. Her metadata showed she was in frequent contact with a host of Pakistan officials that didn’t seem to match what the FBI believed was her rank and role.

After all, the NSA would have already had every bit of metadata reflecting a conversation between Raphel and a targeted official, and the story makes it clear elsewhere a great many of Raphel’s interlocutors were targeted. Indeed, in court filings, the NSA has made it clear that it prioritizes intercepts that reflect a conversation with an American. So the NSA analysts who first alerted the FBI to Raphel’s conversations would have based that alert, in significant part, on precisely that kind of metadata analysis. Sure, the FBI would recollect that metadata, laundering the original source, but the government would have already have analyzed a great deal of it before tipping Raphel to FBI.

Spooks making claims about classified information

Across decades, because NSA and then FBI were collecting intercepts of Raphel’s conversations, she fell afoul of spooks who claimed information she learned on her own could only have come from intelligence agencies and therefore must be classified.

This actually happened twice, with the first time happening almost two decades before she was targeted personally. The first time came in the mid-1990s.

Not long after the amendment passed, Deputy Secretary of State Strobe Talbott sent an aide to Raphel’s office with a disturbing message.

According to officials, the aide told Raphel U.S. spy agencies had intercepted communications in which Pakistani officials suggested that Raphel had revealed sensitive information to them about what the U.S. knew about Pakistan’s nuclear work. U.S. intelligence officials said the information was classified and the disclosure wasn’t authorized.

Raphel denied disclosing too much. She consulted with top officials at the State Department’s internal intelligence branch, who recommended she ask Diplomatic Security—the security and law enforcement arm of the State Department—to investigate the matter.

Diplomatic Security agents interviewed Raphel about the alleged disclosures. They found no evidence of wrongdoing and took no disciplinary action against her.

The story suggests this 1990s incident arose, at least in part, out of animus on the part of spooks over her close ties and seeming empathy with the Pakistanis. The inquiry into her communications led her to keep records of her conversations, which she then took home with her when she first retired from State in 2004. When the FBI did a sneak and peek warrant on her home, they found these records and considered them mishandled classified information.

The CIA increasingly claimed readily available information belonged exclusively to them after Cameron Munter started objecting to drone strikes.

After Cameron Munter took over as the U.S. ambassador to Pakistan in 2010, the competing forces of intelligence and diplomacy began to collide. When Munter pushed the CIA to be more “judicious” in its drone strikes in the tribal areas, the CIA’s station chief responded by telling diplomats not to discuss the drone program even in private meetings with senior Pakistani officials. If asked, he told them, they should change the subject.

Senior diplomats in Islamabad knew this was impossible. The drone program came up all the time. There was no way to avoid the topic.

Raphel didn’t know the key details because her Top Secret clearance didn’t include access to the “compartment” that covered the covert program. When her Pakistani contacts complained about the strikes, Raphel told them what other diplomats would say—that the U.S. wouldn’t need to do so many if the Pakistani army did more to rein in militants in the tribal areas, according to people she spoke with.

Unsurprisingly, drone strikes were one of the topics that the FBI latched onto in her conversations with Lodhi, along with rumors of a coup and discussions of negotiations with the Taliban. Raphel was learning of such information independent of spy sources, yet because it replicated the information learned via spy sources, they claimed it was highly classified.

As the agents listened to the back-and-forth, they would check with U.S. intelligence officials to see if the topics which Raphel discussed with Lodhi— drones, coups and reconciliation talks with the Taliban—were classified. They were repeatedly told that yes, they were.

[snip]

During her visit, Raphel was in regular phone contact with Lodhi, who invited her to come to her home library to talk privately over tea. Officials briefed on the investigation said the information they exchanged during the trip about the prospects of a coup was similar to what U.S. spy agencies were picking up—the same kind of information that intelligence officials were putting in the President’s Daily Brief.

This is, of course, the same thing that happened with some, though not all, of Hillary’s emails (and unsurprisingly, some of Raphel’s communications were shared via aides with Hillary): the CIA claimed that they owned such information, and as such, any discussion outside of secure channels must be evidence of sharing classified information. In both cases, the information was readily available elsewhere.

Particularly when exacerbated by turf sensitivities and jealousy over Raphel’s access to top Pakistani officials, however, this can be a lethal combination. The CIA gets to criminalize officials for sharing information it deems its exclusive purview, even if those officials discovered the information independently.

The WSJ tells a story about the double edged sword of America’s dragnet: the degree to which it can implicate honest people because it captures so much, as well as the gaps in knowledge that result from overdependence on SIGINT.

The Sessions Nomination and the “Emergency Exception”

/12 Comments/in /by

Donald Trump will nominate Jefferson Beauregard Sessions III to be Attorney General.

Most of the uproar over the appointment has, justifiably, focused on the fact that Sessions is such a racist he was denied confirmation to be a District Court Judge in the 1980s. We will also learn, going forward, about how deeply embedded in Alabama’s unique kind of corruption Sessions is.

But something more recent is as alarming, albeit for different reasons.

In June, Sessions proposed an amendment to ECPA reform that would mandate providers turn over communications content if a government official declared that it was an emergency.

(1) IN GENERAL.—A provider of electronic communication service or remote computing service shall disclose to a governmental entity a wire or electronic communication (including the contents of the communication) and a record or other information pertaining to a subscriber or customer if a representative of the governmental entity reasonably certifies under penalty of perjury that an emergency involving the danger of death or serious physical injury requires disclosure without delay.

As Al Gidari explained in a post on this provision, providers already can, at their discretion, turn over such communications in case of an emergency.

For the last 15 years, providers have routinely assisted law enforcement in emergency cases by voluntarily disclosing stored content and transactional information as permitted by section 2702 (b)(8) and (c)(4) of Title 18. Providers recently began including data about emergency disclosures in their transparency reports and the data is illuminating. For example, for the period January to June 2015, Google reports that it received 236 requests affecting 351 user accounts and that it produced data in 69% of the cases. For July to December 2015, Microsoft reports that it received 146 requests affecting 226 users and that it produced content in 8% of the cases, transactional information in 54% of the cases and that it rejected about 20% of the requests. For the same period, Facebook reports that it received 855 requests affecting 1223 users and that it produced some data in response in 74% of the cases. Traditional residential and wireless phone companies receive orders of magnitude more emergency requests. AT&T, for example, reports receiving 56,359 requests affecting 62,829 users. Verizon reports getting approximately 50,000 requests from law enforcement each year.

This amendment would have eliminated that discretionary review, which — as Gidari went on to explain — often serves to weed out requests for which there isn’t really an emergency or in which authorities are just fishing to further an investigation.

Remember, in an emergency, there is no court oversight or legal process in advance of the disclosure. For over 15 years, Congress correctly has relied on providers to make a good faith determination that there is an emergency that requires disclosure before legal process can be obtained. Providers have procedures and trained personnel to winnow out the non-emergency cases and to deal with some law enforcement agencies for whom the term “emergency” is an elastic concept and its definition expansive.

Part of the problem, and the temptation, is that there is no nunc pro tunc court order or oversight for emergency requests or disclosures. Law enforcement does not have to show a court after the fact that the disclosure was warranted at the time; indeed, no one may ever know about the request or disclosure at all if it doesn’t result in a criminal proceeding where the evidence is introduced at trial. In wiretaps and pen register emergencies, the law requires providers to cut off continued disclosure if law enforcement hasn’t applied for an order within 48 hours.  But if disclosure were mandatory for stored content, all of a user’s content would be out the door and no court would ever be the wiser. At least today, under the voluntary disclosure rules, providers stand in the way of excessive or non-emergency disclosures.

A very common experience among providers when the factual basis of an emergency request is questioned is that the requesting agency simply withdraws the request, never to be heard from again. This suggests that to some, emergency requests are viewed as shortcuts or pretexts for expediting an investigation. In other cases when questioned, agents withdraw the emergency request and return with proper legal process in hand shortly thereafter, which suggests it was no emergency at all but rather an inconvenience to procure process. In still other cases, some agents refuse to reveal the circumstances giving rise to the putative emergency.

In other words, if this amendment had passed, it would have created a black hole of surveillance, in which authorities could obtain content simply by declaring an emergency (remember, from 2002 until 2006, there was a highly abusive FBI phone metadata program that worked by invoking an emergency).

I raise this not to minimize the biggest reason Sessions is unsuitable to be AG: his racism and his regressive ideas on immigration.

Rather, I raise it to point out that in addition to selectively pursuing people of color (and delegitmizing those who defend their due process), Sessions would undoubtedly seek tools that would make it easier to do so without any oversight.

All Trump’s named nominees thus far save Reince Preibus couch their racism in terms of claims of “emergency.” Those claims, tied to Sessions’ views on legal process, would make for an unchecked executive.

One Thing Edward Snowden Is Not a Fucking Idiot About

/5 Comments/in , /by

Gizmodo’s Matt Novak is outraged that fucking idiot Edward Snowden told a conference some stupid things. I agree that this was a pretty stupid comment.

Snowden also addressed his tweet from October 21st in which he said that, “There may never be a safer election in which to vote for a third option.” Snowden told us that he more or less stands by his tweet and that anything else “freezes us into a dynamic of ‘you must always choose between two bad options’” which is a “fundamentally un-American idea.”

The thing that really outraged Novak, however, is that Snowden said technical means are more important than policy as a way to protect liberty.

What got me so riled up about Snowden’s talk? He firmly believes that technology is more important than policy as a way to protect our liberties. Snowden contends that he held this belief when Obama was in office and he still believes this today, as Donald Trump is just two months away from entering the White House. But it doesn’t make him right, no matter who’s in office.

“If you want to build a better future, you’re going to have to do it yourself. Politics will take us only so far. And if history is any guide, they are the least effective means of seeing change we want to see,” Snowden said on stage in Oakland from Russia, completely oblivious to how history might actually be used as a guide.

Snowden spoke about how important it is for individuals to act in the name of liberty. He continually downplayed the role of policy in enacting change and trotted out some libertarian garbage about laws being far less important than the encryption of electronic devices for the protection of freedoms around the world.

“Law is simply letters on a page,” Snowden said. It’s a phrase that’s still ringing in my ears, as a shockingly obtuse rejection of civilized society and how real change happens in the world.

How do we advance the cause of liberty around the world? Encrypt your devices, according to Snowden. Okay, now what? Well, Snowden’s tapped out of ideas if you get beyond “use Signal.”

Novak went on to recite big legislation — notably, the Civil Rights and Voting Rights Acts — that has been critical to advancing the cause of liberty with the boundaries of the US. I agree that they have.

That said, I’m all but certain I spend more time working on surveillance policy than Novak. I’m no shrug in the work to improve surveillance policy.

But there are several things about surveillance that are different. First (as Snowden pointed out), “Technology knows no jurisdiction.” One aspect of the government’s dragnet is that it spies on Americans with data collected overseas under EO 12333. And Congress has been very reluctant to — and frankly pretty ineffective at — legislating surveillance that takes place outside the relatively narrow (geographic and legal) boundaries of FISA. Without at least reinterpretation of Supreme Court precedent, it’s not clear how much Congress can legislate the spying currently conducted under EO 12333.

Either we need to come up with a way to leverage other jurisdictions so as to limit surveillance overseas (which will require technology in any case, because the NSA is better at spying than any other jurisdiction out there), or we need to find some way to make it harder for the government to spy on us by doing it overseas. The latter approach involves leveraging technology.

And all that assumes the Trump Administration won’t use the very same approach the Bush Administration did: to simply blow off the clear letter of the law and conduct the spying domestically anyway. At least now, it would be somewhat harder to do because Google has adopted end-to-end encryption and Signal exists (we’re still fighting policy battles over terms under which Google can be coerced into turning over our data, but Signal has limited the amount to which it can be coerced in the same way because of its technological choices).

The other important point is, especially going forward, it will be difficult to work on policy without using those technological tools. “Use Signal” may not be sufficient to protecting liberties. But it is increasingly necessary to it.

It may be that Novak is aware of all that. Nothing in his article, however, reflects any such awareness.

Edward Snowden may be a fucking idiot about some things. But anyone who imagines we can protect liberties by focusing exclusively on policy is definitely a fucking idiot.

NSA Conducts FISA Section 704 Collection Using Transit Collection

/5 Comments/in /by

Please consider donating to support this work. It’s going to be a long four years. 

The Intercept has a fascinating new story confirming what many people already intuited: AT&T’s spooky building at 33 Thomas Street is a key NSA collection point, and the NSA has equipment inside the building (it’s almost certainly not just NSA; this is probably also where AT&T collects much of their Hemisphere database and it likely includes AT&T’s special service center for FBI NSLs).

The Intercept released a bunch of documents with the story, including this one on FAIRVIEW.

It shows that FISA Section 704/705a are among the authorities used with FAIRVIEW, ostensibly collected under “Transit” authority, but with the collection done at TITANPOINT (which is the code name for 33 Thomas Street).

screen-shot-2016-11-16-at-3-05-47-pm

As I explain in this post, there are three authorities in the FISA Amendments Act that are supposed to cover US persons: 703 (spying with the help of domestic partners on Americans who are overseas), 704 (spying on Americans who are overseas, using methods for which they would have an expectation of privacy), and 705, which is a hybrid.

But Snowden documents — and this IG Report — make it clear only 704 and 705b are used.

Screen Shot 2016-05-13 at 3.38.08 AM

Unsurprisingly, the disclosure standards are higher for 703 — the authority they don’t use — than they are for 704. In other words, they’re using the authority to spy on Americans overseas that is weaker. Go figure.

But here’s the other problem. 704/705b are two different authorities and — as reflected in Intelligence Oversight Board reports — they are treated as such. Which means they are using 704 to spy on targets that are overseas, not just defaulting to 705b hybrid orders (which would require the person to be in the US some of the time).

But they are doing it within the US, using the fiction that the collection is only “transiting” the US (that is, transiting from one foreign country to another). This seems to indicate the NSA is conducting electronic surveillance on US persons located overseas — which seems clearly to fall under 703 — but doing it under 704 by claiming traffic transiting the US isn’t really collection in the US. Correction: Because the person is located overseas, it doesn’t count as electronic surveillance. In any case, this seems to be effectively a way around the intent of 703.

Europe Gets Impatient for Yahoo Answers

/8 Comments/in /by

As I’ve noted, James Clapper’s office has been irresponsibly silent about what kind of scan FBI asked Yahoo to subject all of its email users to in 2015. And those in Congress who haven’t been briefed on it are demanding information.

But they’re not the only ones. Europe is too (as Yahoo seemed all too aware when it wrote Clapper asking him to clarify the scan).

And they’ve got a bit more leverage over the Intelligence Community than non-intelligence committee members of Congress do, because the EU prohibits data collected in Europe from being used for mass surveillance.

Dutch MEP Sophia In t’Veld asked the European Commission questions but has thus far gotten no answer.

Yahoo has allegedly scanned customer emails for US intelligence purposes at the request of US intelligence agencies. According to reports, in 2015 Yahoo secretly built a custom software program allowing it to search all of its customers’ incoming emails for specific information requested by US intelligence officials. In the Schrems judgment, the Safe Harbour programme allowing EU personal data to be transferred to the US was declared invalid, among other reasons because of the mass surveillance protocols used by US intelligence services.

Will the Commission investigate these reports and ask clarification from the US administration?

Was the Commission aware of these alleged activities by Yahoo at the time it adopted the Privacy Shield decision? If not, do these revelations prompt the Commission to reconsider its decision on Privacy Shield?

Does the Commission consider Yahoo to have violated the terms of Safe Harbour, does the Commission consider that these practices would be allowed under Privacy Shield, and how will the Commission verify that violations in this regard do not take place?

And the Article 29 Working Party — the data protection authorities — last week asked Yahoo directly.

In addition, the WP29 was also informed that Yahoo has scanned customer emails for US
intelligence purposes at the request of US intelligence agencies. According to reports, in
2015 Yahoo searched all of its customers’ incoming emails for specific information
requested by US intelligence officials.

The reports are concerning to WP29 and it will be important to understand the legal
basis and justification for any such surveillance activity, including an explanation of how
this is compatible with EU law and protection for EU citizens.

 

The Story About Judicial Dysfunction Behind the Comey Whiplash

/58 Comments/in , , /by

I’ve been home from Europe for less than a day and already I’m thinking of sporting a neck collar for the whiplash I’ve gotten watching the wildly varying Jim Comey opinions.

I’m speaking, of course, of the response to Jim Comey’s highly unusual announcement to sixteen Chairs and Ranking Members of congressional committees (at least some of which Comey did not testify to) that the investigative team — presumably on the Clinton case — briefed him Thursday that FBI discovered additional emails in an unrelated case — now known to be the investigation into Anthony Weiner allegedly sexting a 15 year old — and he approved their request to take the steps necessary to be able to review those emails.

Effectively, the Weiner investigators, in reviewing the content from devices seized in that investigation, found emails from Huma Abedin, told the Hillary investigative team, and they’re now obtaining a warrant to be able to review those emails.

So of course the Republicans that had been claiming Comey had corruptly fixed the investigation for Hillary immediately started proclaiming his valor and Democrats that had been pointing confidently to his exoneration of Hillary immediately resumed their criticism of his highly unusual statements on this investigation. Make up your minds, people!

For the record, I think his initial, completely inappropriate statements made this inevitable. He excuses Friday’s statement as formally correcting the record of his testimony. The claim is undermined by the fact that not all recipients of the letter had him testify. But I think once you start the process of blabbing about investigations, more blabbing likely follows. I don’t mean to excuse this disclosure, but the real sin comes in the first one, which was totally inappropriate by any measure. I’m also very unsympathetic with the claim —  persistently offered by people who otherwise cheer Comey — that he released his initial statement to help Loretta Lynch out of the jam created by her inappropriate meeting with Bill Clinton; I think those explanations stem from a willful blindness about what a self-righteous moralist Comey is.

Of course I’ve been critical of Comey since long before it was cool (and our late great commenter Mary Perdue was critical years before that).

But I’d like to take a step back and talk about what this says about our judicial system.

Jim Comey doesn’t play by the rules

Jamie Gorelick (who worked with Comey when she was in DOJ) and Larry Thompson (who worked with Comey when Comey was US Attorney and he was Deputy Attorney General, until Comey replaced him) wrote a scathing piece attacking Comey for violating the long-standing prohibition on doing anything in an investigation pertaining to a political candidate in the 60 days leading up to an election. The op-ed insinuates that Comey is a “self-aggrandizing crusader[] on [a] high horse” before it goes on to slam him for making himself the judge on both the case and Hillary’s actions.

James B. Comey, put himself enthusiastically forward as the arbiter of not only whether to prosecute a criminal case — which is not the job of the FBI — but also best practices in the handling of email and other matters. Now, he has chosen personally to restrike the balance between transparency and fairness, departing from the department’s traditions. As former deputy attorney general George Terwilliger aptly put it, “There’s a difference between being independent and flying solo.”

But the real meat is that there’s a rule against statements like the one Comey made, and Comey broke it.

Decades ago, the department decided that in the 60-day period before an election, the balance should be struck against even returning indictments involving individuals running for office, as well as against the disclosure of any investigative steps. The reasoning was that, however important it might be for Justice to do its job, and however important it might be for the public to know what Justice knows, because such allegations could not be adjudicated, such actions or disclosures risked undermining the political process. A memorandum reflecting this choice has been issued every four years by multiple attorneys general for a very long time, including in 2016.

If Comey is willing to break this rule in such a high profile case, then what other rules is he breaking? What other judgements has Comey made himself arbiter of? Particularly given Comey’s persistent discussion of FBI’s work in terms of “good guys” and “bad guys” — as opposed to criminal behavior — that seems a really pertinent question.

As with James Clapper, Loretta Lynch can’t control Comey

Gorelick (who has been suggested among potential Clinton appointees) and Thompson go easier on Lynch, however, noting that she didn’t order him to stand down here, but ultimately blaming Comey for needing to be ordered.

Attorney General Loretta E. Lynch — nominally Comey’s boss — has apparently been satisfied with advising Comey but not ordering him to abide by the rules. She, no doubt, did not want to override the FBI director in such a highly political matter, but she should not have needed to. He should have abided by the policy on his own.

But since John Cornyn confronted Lynch in March about who would make decisions in this case — “Everyone in the Department of Justice works for me, including the FBI, sir,” Lynch forcefully reminded Cornyn — it has been clear that there’s a lot more tension than the org chart would suggest there should be.

The NYT provides more details on how much tension there is.

The day before the F.B.I. director, James B. Comey, sent a letter to Congress announcing that new evidence had been discovered that might be related to the completed Hillary Clinton email investigation, the Justice Department strongly discouraged the step and told him that he would be breaking with longstanding policy, three law enforcement officials said on Saturday.

Senior Justice Department officials did not move to stop him from sending the letter, officials said, but they did everything short of it, pointing to policies against talking about current criminal investigations or being seen as meddling in elections.

And it’s not just Lynch that has problems managing FBI.

In a response to a question from me in 2014 (after 56:00), Bob Litt explained that FBI’s dual role creates “a whole lot of complications” and went on to admit that the office of Director of National Intelligence — which is supposed to oversee the intelligence community — doesn’t oversee the FBI as directly.

Because FBI is part of the Department of Justice, I don’t have the same visibility into oversight there than I do with respect to the NSA, but the problems are much more complicated because of the dual functions of the FBI.

Litt said something similar to me in May when we discussed why FBI can continue to present bogus numbers in its legally mandated NSL reporting.

Now these are separate issues (though the Clinton investigation is, after all, a national security investigation into whether she or her aides mishandled classified information). But if neither the DNI nor the AG really has control over the FBI Director, it creates a real void of accountability that has repercussions for a whole lot of issues and, more importantly, people who don’t have the visibility or power of Hillary Clinton.

The FBI breaks the rules all the time by leaking like a sieve

Underlying this entire controversy is another rule that DOJ and FBI claim to abide by but don’t, at all: FBI is not supposed to reveal details of ongoing investigations.

Indeed, according to the NYT, Comey pointed to the certainty that this would leak to justify his Friday letter.

But although Mr. Comey told Congress this summer that the Clinton investigation was complete, he believed that if word of the new emails leaked out — and it was sure to leak out, he concluded — he risked being accused of misleading Congress and the public ahead of an election, colleagues said.

Yet the US Attorney’s Manual, starting with this language on prejudicial information and continuing into several more clauses, makes it clear that these kinds of leaks are impermissible.

At no time shall any component or personnel of the Department of Justice furnish any statement or information that he or she knows or reasonably should know will have a substantial likelihood of materially prejudicing an adjudicative proceeding.

Comey, the boss of all the FBI Agents investigating this case, had another alternative, one he should have exercised months ago when it was clear those investigating this case were leaking promiscuously: demand that they shut up, conduct investigations of who was leaking, and discipline those who were doing so. Those leaks were already affecting election year concerns, but there has been little commentary about how they, too, break DOJ rules.

But instead of trying to get FBI Agents to follow DOJ guidelines, Comey instead decided to violate them himself.

Again, that’s absolutely toxic when discussing an investigation that might affect the presidential election, but FBI’s habitual blabbing is equally toxic for a bunch of less powerful people whose investigative details get leaked by the FBI all the time.

[Update: Jeffrey Toobin addresses the role of leaks more generally here, though he seems to forget that the Hillary investigation is technically a national security investigation. I think it’s important to remember that, especially given Hillary’s campaign focus on why FBI isn’t leaking about the investigation into Trump’s ties to Russia, which would also be a national security investigation.]

Warrantless back door searches do tremendous amounts of damage

Finally, think about the circumstances of the emails behind this latest disclosure.

Reports are currently unclear how much the FBI knows about these emails. The NYT describes that the FBI seized multiple devices in conjunction with the Weiner investigation, including the laptop on which they found these emails.

On Oct. 3, F.B.I. agents seized several electronic devices from Mr. Weiner: a laptop, his iPhone and an iPad that was in large measure used by his 4-year-old son to watch cartoons, a person with knowledge of the matter said. Days later, F.B.I. agents also confiscated a Wi-Fi router that could identify any other devices that had been used, the person said.

While searching the laptop, the agents discovered the existence of tens of thousands of emails, some of them sent between Ms. Abedin and other Clinton aides, according to senior law enforcement officials. It is not clear if Ms. Abedin downloaded the emails to the laptop or if they were automatically backed up there. The emails dated back years, the officials said. Ms. Abedin has testified that she did not routinely delete her emails.

Presumably, the warrant to seize those devices permits the FBI agents to go find any evidence of Weiner sexting women (or perhaps just the young woman in question).

And admittedly, the details NYT’s sources describe involve just metadata: addressing information and dates.

But then, Comey told Congress these emails were “pertinent” to the Clinton investigation, and other details in reports, such as they might be duplicates of emails already reviewed by the FBI, suggest the Weiner investigators may have seen enough to believe they might pertain to the inquiry into whether Clinton and her aides (including Huma) mishandled classified information. Moreover, the FBI at least thinks they will be able to prove there is probable cause to believe these emails may show the mishandling of classified information.

Similarly, there are conflicting stories about whether the Hillary investigation was ever closed, which may arise from the fact that if it were (as Comey had suggested in his first blabby statements), seeking these emails would require further approval to continue the investigation.

The point, though, is that FBI would have had no idea these emails existed were it not for FBI investigators who were aware of the other investigation alerting their colleagues to these emails. This has been an issue of intense litigation in recent years, and I’d love for Huma, after the election, to submit a serious legal challenge if any warrant is issued.

But then, in this case, Huma is being provided far more protection than people swept up in FISA searches, where any content with a target can be searched years into the future without any probable cause or even evidence of wrong-doing. Here, Huma’s emails won’t be accessible for investigative purpose without a warrant (in part because of recent prior litigation in the 2nd Circuit), whereas in the case of emails acquired via FISA, FBI can access the information — pulling it up not just by metadata but by content — with no warrant at all.

[Update: Orin Kerr shares my concerns on this point — with the added benefit that he discusses all the recent legal precedents that may prohibit accessing these emails.]

This is a good example of the cost of such investigations. Because the FBI can and does sweep so widely in searches of electronic communications, evidence from one set of data collection can be used to taint others unrelated to the crime under investigation.

All the people writing scathing emails about Comey’s behavior in this particular matter would like you to believe that this issue doesn’t reflect on larger issues at DOJ. They would like you to believe that DOJ was all pure and good and FBI was well-controlled except for this particular investigation. But that’s simply not the case, and some of these issues go well beyond Comey.

Update: Minor changes were made to this post after it was initially posted.

In Spying, “Things like phone numbers or emails” Turn Out to Be Far More

/2 Comments/in /by

According to Reuters, the Intelligence Community doesn’t intend to share any details of the Yahoo scan revealed several weeks back with anyone outside of the FISA oversight committees — the House and Senate Intelligence and Judiciary Committees.

Executive branch officials spoke to staff for members of the Senate and House of Representatives committees overseeing intelligence operations and the judiciary, according to people briefed on the events, which followed Reuters’ disclosure of the massive search.

But attempts by other members of Congress and civil society groups to learn more about the Yahoo order are unlikely to meet with success anytime soon, because its details remain a sensitive national security matter, U.S. officials told Reuters. Release of any declassified version of the order is unlikely in the foreseeable future, the officials said.

On its face, it’s a stupid stance, as I think the scan probably fits within existing legal precedents that have already been made public, even if it stretches those precedents from “packet content as content” to “email content as content” (and it may not even do that).

In addition, given that the scan was approved by a judge (albeit one working within the secret FISA court and relying on prior decisions that were issued in secrecy), by releasing more details about the scan the government could at least claim that a judge had determined the scan was necessary and proportionate to obtain details about the (as described to NYT) state-sponsored terrorist group targeted by the scan. This decision presumably relies on a long line of decisions finding warrantless surveillance justified by special needs precedents, which began to be laid out for FISC in In Re Sealed Case in 2002.

Nevertheless, even given the toll the government’s secrecy is having on Yahoo (and presumably on other providers’ willingness to cooperate with the IC), the government thus far has remained intransigent in its secrecy.

Which suggests that the IC believes it would risk more by releasing more data than by its continued, damaging silence.

I’ve already explained one of the risks they might face: that their quick anonymous description of this as a “state-sponsored terrorist group” might (this is admittedly a wildarsed guess) really mean they hacked all of Yahoo’s users to get to Iranian targets, something that wouldn’t have the same scare power as terrorists like ISIS, especially in Europe, which has a markedly different relationship with Iran than the US has.

But I also think ODNI risks losing credibility because it appears to conflict with what ODNI specifically and other spook officials generally have said in the past, both to the US public and to the international community. As I note here, the definition of “facility” has been evolving at FISC since at least 2004. But the privacy community just released a letter and a quote to Reuters that seems unaware of the change. The letter asserts,

According to reports, the order was issued under Title I of FISA, which requires the government to demonstrate probable cause that its target is a foreign power or an agent of a foreign power (such as a spy or a terrorist), and probable cause that the “facility” at which the surveillance is conducted will carry the target’s communications. If reports are true, this authority to conduct a particularized search has apparently been secretly construed to authorize a mass scan.

Traditional FISA orders haven’t been limited to particularized targets since 2007, when an order targeting Al Qaeda was used to temporarily give Stellar Wind legal sanction. If one order requiring a scan of traffic at  telecom switches could target Al Qaeda in 2007, then surely one order can target Iran’s Revolutionary Guard or a similar organization in 2016. The problem is in the execution of the order, requiring Yahoo to scan all its incoming email, but it’s not clear the legal issues are much worse than in the 2007 execution.

A Reuters source goes even further, suggesting that all of Yahoo is the facility, rather than the specific code tied to the targeted group.

The groups say that Title I of the Foreign Intelligence Surveillance Act, under which sources said the order was issued, requires a finding that the target of such a wiretap is probably an agent of a foreign power and that the facility to be tapped is probably going to be used for a transmission. An entire service, such as Yahoo, has never publicly been considered to be a “facility” in such a case: instead, the word usually refers to a phone number or an email account.

Never mind that under the phone dragnet, Verizon was counted as the targeted selector (which was used by terrorists and everyone else), though admittedly that was just for metadata. Had Yahoo been designed the “place” at which a physical search were conducted this usage might be correct (that said, we know very little about how physical searches, including for stored communication, work in practice), but as Semiannual reports have made clear (admittedly in the Section 702 context), facility has come to be synonymous with selector.

[T]argeting is effectuated by tasking communication facilities (also referred to as “selectors”), including but not limited to telephone numbers and electronic communications accounts, to Section 702 electronic communication service providers.

Facilities are selectors, and here FBI got a selector tied to a kind of usage of email — perhaps an encryption signature — approved as a selector/facility.

In spite of the fact that somewhere among 30 NGOs someone should have been able to make this argument (and ACLU’s litigation side surely could do so), there is good reason for them to believe this.

That’s because the IC has very deliberately avoided talking about how what are called “about” scans but really should be termed signature scans really work.

This is most striking in a March 19, 2014 Privacy and Civil Liberties Oversight Board hearing, which was one of the most extensive discussions of how Section 702 work. Shortly after this hearing, I contacted PCLOB to ask whether they were being fully briefed, including on the non-counterterrorism uses of 702, such as cyber, which use (or used) upstream selectors in a  different way.

Several different times in the hearing, IC witnesses described selectors as “selectors such as telephone numbers or email addresses” or “like telephone numbers or email addresses,” obscuring the full extent of what might be included (Snowden tweeted a list that I included here). Bob Litt did so while insisting that Section 702 (he was referring both to PRISM and upstream here) was not a bulk collection program:

I want to make a couple of important overview points about Section 702. First, there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.

I just want to repeat that Section 702 is not a bulk collection program.

Then-Deputy Assistant Attorney General Brad Weigmann said selectors were “really phone numbers, email addresses, things like that” when he defined selector.

A selector would typically be an email account or a phone number that you are targeting. So this is the, you get, you know, terrorists at Google.com, you know, whatever. That’s the address that you have information about that if you have reason to believe that that person is a terrorist and you would like to collect foreign intelligence information, I might be focusing on that person’s account.

[snip]

So that’s when we say selector it’s really an arcane term that people wouldn’t understand, but it’s really phone numbers, email addresses, things like that.

And when then-NSA General Counsel Raj De moved from describing Section 702 generally (“selectors are things like”), to discussing upstream, he mistakenly said collection was based on “particularly phone numbers or emails” then immediately corrected himself to say, “things like phone numbers or emails.”

So there’s two types of collection under Section 702. Both are targeted, as Bob was saying, which means they are both selector-based, and I’ll get into some more detail about what that means. Selectors are things like phone numbers and email addresses.

[snip]

It is also however selector-based, i.e. based on particular phone numbers or emails, things like phone numbers or emails. This is collection to, from, or about selectors, the same selectors that are used in PRISM selection. This is not collection based on key words, for example.

 

That language would — and apparently did — create the false impression that about collection really did just use emails and phone numbers (which is why I called PCLOB, because I knew they were or had also targeted cyber signatures).

Here’s how all that evasiveness appeared in the PCLOB 702 report:

Although we cannot discuss the details in an unclassified public report, the moniker “about” collection describes a number of distinct scenarios, which the government has in the past characterized as different “categories” of “about” collection. These categories are not predetermined limits that confine what the government acquires; rather, they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them.

That certainly goes beyond the linguistic game the IC witnesses were playing, but stops well short of explaining that this really isn’t all about emails and phone numbers.

Plus, there’s one exchange from that March 2014 hearing that might be taken to rule out about collection from a PRISM provider. In reply to specific prodding from Elisabeth Collins Cook, De said about collection cannot be made via PRISM.

MS. COLLINS COOK: I wanted to ask one additional question about abouts. Can you do about collection through PRISM?

MR. DE: No.

MS. COLLINS COOK: So it is limited to upstream collection?

MR. DE: Correct. PRISM is only collection to or from selectors.

Of course, De was referring to warrantless collection under Section 702. He wasn’t talking at all about what is possible under Title I. But it may have left the impression that one couldn’t order a PRISM provider to do an about scan, even though in 2007 FISA ordered telecoms to do about scans.

Ultimately, though, the IC is likely remaining mum about these details because revealing it would make clear what publicly released opinions do, but not in real detail: that these about scans have gotten far beyond a collection of content based off a scan of readily available metadata. These scans likely replicate the problem identified in 2004, in that the initial scan is not of things that count as metadata to the provider doing the scan.

The IC may have FISC approval for that argument. But they also had FISC approval for the Section 215 dragnet. And that didn’t live up to public scrutiny either.

Yahoo to Clapper: Global, Global, Beyond our Borders, Global

/6 Comments/in /by

I joked when Yahoo first released its letter to James Clapper the other day, asking that he release details about the 2015 scan first revealed by Reuters. It has the tone of a young woman who is justifiably upset because, after sleeping with her, some jerk is pretending he doesn’t even know her.

But as it happens, I’m in Europe, trying to learn more about Privacy Shield and related issues. So I thought I would call attention to the emphasis Yahoo lawyer Ronald Bell (who was the guy who decided not to challenge this) puts on the international impact of Clapper’s decision, thus far, to remain silent.

As you know, Yahoo consistently campaigns for government transparency about national security requests and for the right to share the number and nature of the requests we receive from all governments. We apply a principled approach to handling government requests for user data, including in the national security context, articulated in our publicly-available Global Principles for Responding to Government Requests and regular transparency reports. Our company not only embraces its privacy and human rights responsibilities, we do so enthusiastically, passionately, and with a deep sense of global and moral responsibility. But transparency is not merely a Yahoo issue: Transparency underpins the ability of any company in the information and communications technology sector to earn and preserve the trust of its customers. Erosion of that trust online implicates the safety and security of people around the world and diminishes confidence and trust in U.S. businesses at home and beyond our borders.

Recent new stories have provoked broad speculation about Yahoo’s approach and about the activities and representations of the U.S. government, including those made by the Government in connection with negotiating Privacy Shield with the European Union. That speculation results in part from lack of transparency and because U.S. law significantly constrain–and severely punish–companies’ ability to speak for themselves about national security related orders even in ways that do not compromise U.S. government investigations.

We trust that the U.S. government recognizes the importance of clarifying the record in this case. On behalf of Yahoo and our global community of users, I respectfully request that the Office of the Director of National Intelligence expeditiously clarify this matter. [bold emphasis mine]

Folks here definitely followed the Yahoo story. Their understanding of what happened leads them to believe the scan violates European prohibitions on mass surveillance. Importantly, they’re not aware that this was done with an “individual” FISA order rather than under Section 702. As I’ve written, “individual” orders have been used for bulk scans since 2007, but in this case, an “individual” order would also mean that a judge had reviewed the scan and found it proportional, which would make a big difference here (at least to authorities; a number of other people are raring to challenge such judgements on whether it is an adequate court or not).

So yeah, by disclosing details of this scan, Yahoo may be in much better position vis a vis European authorities, if not consumers.

But there’s another reason why Clapper’s office — or rather ODNI General Counsel Bob Litt — may be so quiet.

Litt is the one who made many of the representations about US spying to authorities here. Someone — Litt, if he’s still around for a hearing that may take place under President Hillary — may also need to go testify under oath in an Irish court in conjunction with a lawsuit there. Whoever testifies will be asked about the kinds of surveillance implicating European users the government makes US companies do.

In other words, Bob Litt is the one who made certain representations to the European authorities. And now some of those same people are asking questions about how this scan complies with the terms Litt laid out.

Which makes his silence all the more instructive.

Can the Government Use FISA to Get Evidence of Past Criminal Activities?

/5 Comments/in , /by

A terror support case due to start in NYC in December seems to present some interesting questions about the use of EO 12333 and FISA evidence. Ahmed Mohammed El Gammal was arrested last year on charges he helped someone else — who apparently got killed in Syria — travel to and train for ISIL. After almost a year and several continuations, the government provided notice they intended to use material gathered under a FISA physical surveillance order (but not an electronic surveillance order). The case clearly involves a ton of Internet communications; the defense proposed voir dire questions ask if potential jurors are familiar with Twitter, Tango, Whatsapp, Cryptocat, Viber, Skype, Surespot or Snapchat, and asks how much potential jurors use Facebook.

After the government submitted the FISA notice, El Gammal’s lawyers submitted three filings: one seeking access to CIPA information, one seeking to suppress the FISA material, and one asking where all the other surveillance came from.

The FISA complaint, aside from the standard challenge, appears to stem from both the delay in notification and some concerns the government did not adhere to minimization procedures (in the defense reply, they noted that the government had already released minimization procedures but refused to do so here). In addition, the FISA challenge suggests the government used FISA to “was to gather evidence of his past criminal activity,” which it argues is unlawful. His lawyers also seem to question whether there was no other way to obtain the information (which is particularly interesting given the delayed notice).

In addition, the government’s response describes some of the reasons El Gammal’s lawyers suspect the government used some kind of exotic (probably 12333) surveillance against him (some of which are partly or entirely redacted in the defense filings).

The defendant’s motion speculates that the Government relied upon undisclosed techniques when it (1) “appears to have sought information about El Gammal from at least two entities—Verizon and Yahoo—before his identity seems to have become known through the criminal investigation,” (Def. Memo. 3) (2) “seems to have learned about El Gammal before receiving, in the criminal investigation, the first disclosure that would necessarily have identified him,” (Def. Memo. 5) and (3) appeared to have “reviewed the contents of [CC-1’s] [social media] account before [the social media provider] made its Rule 41 return” (Def. Memo. 5). This speculation is baseless. The Government has used a number of investigative techniques in this case. Not all of those techniques require notice or disclosure at this (or any) stage of the investigation.2 And the Government has complied with its notice and disclosure obligations to date.

2 Additional background regarding this investigation is provided in Section IV.A. of the Government’s September 23, 2016 Classified Memorandum in Opposition to the Defendant’s Pretrial Motion to Suppress, and for the Disclosure of the FISA Order, Application, and Related Materials.

It appears that the government had obtained Facebook material (the primary social media involved here) either under Section 702 or EO 12333, then parallel constructed it via warrant. And it appears to suggest the involvement of some kind  of programmatic Verizon and Yahoo collection that may not have been disclosed (El Gammal was in custody before the end of the old phone dragnet).

Particularly given the timing (in the wake of FBI obtaining a way to get into Syed Rezwan Farook’s phone), I had thought the physical search might have been to decrypt El Gammal’s iPhone, but it appears the government had no problems accessing the content of multiple Apple devices.

There’s no reason to think El Gammal will have any more luck obtaining this information than previous defendants seeking FISA and 12333 information have been.

But his lawyers (SDNY’s excellent public defenders office) do seem to think they’re looking at something more programmatic than they’ve seen before. And they do seem to believe those techniques are being parallel constructed.