If Section 215 Lapsed, Would the Government Finally Accede to ECPA Reform?

/1 Comment/in , /by

Now that the Section 215 Sunset draws nearer, the debate over what reformers should do has shifted away from whether USA Freedom Act is adequate reform to whether it is wise to push for Section 215 to sunset.

That debate, repeatedly, has focused almost entirely on the phone dragnet that Section 215 authorizes. It seems most of the people engaging in this debate or reporting on it are unaware or uninterested in what the other roughly 175 Section 215 orders authorized last year did (just 5 orders authorized the phone dragnet).

But if Section 215 sunsets in June, those other 175 orders will be affected too (though thus far it looks like FISC is approving fewer 215 orders than they did last year). Yet the government won’t tell us what those 175 orders do.

We know — or suspect — some of what these other orders do. NYT and WSJ reported on a Western Union dragnet that would probably amount to 4-5 orders a year (and would have been unaffected and hidden in transparency reporting under USA Freedom Act).

The FBI has previously confirmed that it used Section 215 to collect records of explosives precursors — things like large quantities of acetone, hydrogen peroxide, fertilizer, and (probably now) pressure cookers; given that the Presidential Review Group consulted with ATF on its review of Section 215, it’s likely these are programmatic collection. (If the government told us it was, we might then be able to ask why these materials couldn’t be handled the same way Sudafed is handled, too, which might force the government to tie it more closely to actual threats.) This too would have been unaffected by USAF.

The government also probably uses Section 215 to collect hotel records (which is what it was originally designed for, though not in the bulk it is probably accomplished). This use of Section 215 will likely be reinforced if and when SCOTUS affirms the collection of hotel records in Los Angeles v. Patel.

But the majority of those 175 Section 215 orders, we now know, are for some kind of Internet records that may or may not relate to cyber investigations, depending on whether you think FBI talks out of its arse when trying to keep authorities, but which they almost certainly collect in sufficient bulk that FISC imposed minimization procedures on FBI.

Which brings me to my argument that reauthorizing Section 215 will forestall any ECPA reform.

We know most Section 215 orders are for Internet records because someone reliable — DOJ’s Inspector General in last year’s report on National Security Letters — told us that a collection of Internet companies successfully challenged FBI’s use of NSLs to collect this stuff after DOJ published an opinion on ECPA in 2008.

The decision of these [redacted] Internet companies to discontinue producing electronic communication transactional records in response to NSLs followed public release of a legal opinion issued by the Department’s Office of Legal Counsel (OLC) regarding the application of ECPA Section 2709 to various types of information. The FBI General Counsel sought guidance from the OLC on, among other things, whether the four types of information listed in subsection (b) of Section 2709 — the subscriber’s name, address, length of service, and local and long distance toll billing records — are exhaustive or merely illustrative of the information that the FBI may request in an NSL. In a November 2008 opinion, the OLC concluded that the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL.

Although the OLC opinion did not focus on electronic communication transaction records specifically, according to the FBI, [redacted] took a legal position based on the opinion that if the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL, then the FBI does not have the authority to compel the production of electronic communication transactional records because that term does not appear in subsection (b).

That report went on to explain that FBI considered fixing this problem by amending the definition for toll records in Section 2709, but then bagged that plan and just moved all this collection to Section 215, which takes longer.

In the absence of a legislative amendment to Section 2709, [2.5 lines redacted]. [Deputy General Counsel of FBI’s National Security Law Branch] Siegel told us that the process of generating and approving a Section 215 application is similar to the NSL process for the agents and supervisors in the field, but then the applications undergo a review process in NSLB and the Department’s National Security Division, which submits the application to the Foreign Intelligence Surveillance Court (FISA Court). According to Siegel, a request that at one time could be accomplished with an NSL in a matter of hours if necessary, now takes about 30-40 days to accomplish with a standard Section 215 application.

In addition to increasing the time it takes to obtain transactional records, Section 215 requests, unlike NSL requests, require the involvement of FBI Headquarters, NSD, and the FISA Court. Supervisors in the Operations Section of NSD, which submits Section 215 applications to the FISA Court, told us that the majority of Section 215 applications submitted to the FISA Court [redacted] in 2010 and [redacted] in 2011 — concerned requests for electronic communication transaction records.

The NSD supervisors told us that at first they intended the [3.5 lines redacted] They told us that when a legislative change no longer appeared imminent and [3 lines redacted] and by taking steps to better streamline the application process.

The government is, according to the report, going through all sorts of hoop-jumping on these records rather than working with Congress to pass ECPA reform.

Why?

That’s not all the Report told us. Even earlier than that problem, in 2007, the IG identified other uncertainties about what the FBI should be obtaining with an NSL, and FBI actually put together a proposal to Congress. The proposed definition included both financial information and what could be construed as location data in toll records. That bill has never been passed.

But while Internet companies have shown reluctance to let the FBI secretly expand the meaning of toll record, two telecoms have not (a third, which I suspect is Verizon, backed out of closer cooperation on NSLs in 2009, and presumably a fourth, which probably is T-Mobile, was never a part of it).

And here’s what happened to the kinds of records FBI has been obtaining (almost certainly from AT&T) in the interim:

Screen Shot 2015-03-19 at 5.15.23 PM

 

FBI is collecting 7 kinds of things from (probably) AT&T that the Inspector General doesn’t think fits under ECPA.

Now, I’m not sure precisely why ECPA reform has gone nowhere in the last 8 years, but all this redaction suggests one reason is the government doesn’t want to be bound by a traditional definition of toll record, so much so it’s willing to put up with the aggravation of getting Section 215 orders for (what may be the same kind of) information from Internet companies in order to not be bound by limits on its telecom (or at least AT&T) NSLs.

Don’t get me wrong. I’d rather have the Internet stuff be under Section 215 orders, where it will be treated with some kind of minimization (the FBI is still completely ignoring the 2006 language in Section 215 requiring it to adopt minimization procedures for that section, but FISC has stepped into the void and imposed some itself).

But ultimately what’s going on — in addition to the adoption of a dragnet approach for phone records (that might have been deemed a violation of 18 USC 2302-3 if litigated with an adversary) and financial records (that might have been deemed a violation of 12 USC 3401-3422 if litigated with an adversary), is that the government is also, apparently, far exceeding the common understanding of NSLs without going back to Congress to get them to amend the law (and this goes well beyond communities of interest — two or maybe three hop collection under an NSL — which isn’t entirely redacted in this report).

It may be moot anyway. I actually wonder whether Internet companies will use the immunity of CISA, if and when it passes, to turn whatever they’re turning over without a Section 215 order.

And it’s not like Pat Leahy and Mike Lee have been successful in their efforts to get ECPA reform that protects electronic communications passed. ECPA isn’t happening anyway.

But maybe it might, if Section 215 were to lapse and the government were forced to stop kluging all the programs that have never really been approved by Congress in the first place into Section 215.

Hint: USA Freedom Act Would Have Ratified FISC’s “Relevant To” Interpretation, Too

/in /by

Steve Vladeck has an uncharacteristically silly post at Just Security, warning that, because Congress has not moved to reform Section 215, making it more likely Congress will pass a straight reauthorization of Section 215, that will amount to an endorsement of FISC’s ridiculous definition of “relevant to.”

As Congressman Schiff suggested, among other things, the absence of significant advance debate dramatically increases the likelihood that there will simply be a last-minute push to reauthorize section 215 in its current form (since there wouldn’t be time for meaningful debate over reforms/alterations to the existing language and statutory authorities).

Even though such a result would vindicate a post I wrote after USA FREEDOM died last November, it would be more than just a missed opportunity on Congress’s part. Far more importantly, although many might argue that it would simply shift the onus for resolving the legality of the telephone metadata program to the courts, it seems likely that, given what we now know about the government’s interpretation of section 215, there’d be no way to view such a “clean” reauthorization as anything other than congressional ratification of that (dubious) reading of the statute — which would leave the Fourth Amendment challenge as the only remaining issue to be resolved by the Second, Ninth, and D.C. Circuits (and, perhaps, the Supreme Court). In other words, the closer we get to June 1 without meaningful discussion in Congress about section 215 reform, the more likely it is that we’ll get a result that’s worse than no reform–unqualified congressional validation of the government’s deeply contested interpretation. That’s not reform; that’s entrenchment.

While I agree with his contention that a straight reauthorization is bad for reform, I’m gobsmacked by his claim that the biggest problem with that is that a straight reauthorization would be an endorsement of FISC’s “relevant to” interpretation.

Because so would have passage of USA Freedom Act.

Indeed, that’s one reason it was important not to pass it as it was — because it would have accelerated the trumping of legal challenges by ratifying FISC’s perverse interpretation before any of the circuits could rule.

USAF did nothing to the “relevant to” language in Section 215 (or PRTT). Indeed, it adopted that interpretation, unchallenged, even in the new section permitting the prospective call record collection:

‘(i) there are reasonable grounds to believe that the call detail records sought to be produced based on the specific selection term required under subparagraph (A) are relevant to such investigation;

What it did, instead, was limit the application of that interpretation from “all” to “very very many” by use of discriminators that — for actual tangible things — probably doesn’t require any change from the status quo. The bill would still have permitted the government to use “MasterCard” or “Caesars Palace” or “Western Union” as their discriminator, as it currently permits the use of “Verizon” as a discriminator. The bill would still permit the collection of all MasterCard records of all Americans — if the government can prove it were necessary for part of its investigation (more likely, however, it would permit the collection of all MasterCard records of pressure cooker and acetone and fertilizer purchases).  And in the process, the bill would have still permitted the records of millions of innocent Americans to be collected in the name of terrorist (or intelligence) investigations; it would only — for just communications records — require more tailoring before those millions of records were collected.

Plus, if we’re worried about ratification, USAF would also have ratified the notion that wide swaths of government surveillance can be deemed too difficult to count, including back door searches of US person content off Section 702 data. Effectively, USAF would have endorsed the principle that FBI’s spying — the spying that can send you directly to prison — doesn’t need the same kind of transparency as purportedly more sensitive intelligence activities.

Again, none of this is to say that straight reauthorization would be good (I think many reform advocates have completely forgotten how obstruction in 2005 on the PATRIOT Act and 2008 on FAA actually did bring more reforms).

But both USAF and a straight reauthorization would trump a statutory challenge to Section 215.

In February, the Government Turned in Its Dragnet Homework Late

/3 Comments/in /by

Last Wednesday, I Con the Record released the latest dragnet order, signed on February 26.

This order actually has several changes of note.

As I predicted, yet another new FISC judge signed the order, James Boasberg, who only joined the court last May. I suspect they’ve been ensuring that every new approval is approved by a different FISC judge, so they can boast to other courts about how many judges have approved the dragnet.

In what may be related detail, the application for this was late, having been submitted just 3 days before the renewal request was due (and therefore 4 days late). FISC judges have one week terms, so they may have stalled until Boasberg, as a new judge, was presiding.

Whatever the reason, Boasberg scolded DOJ for turning in their homework late, and warned them not to do it again for the next renewal, if there is one.

With two exceptions, neither of which applies here, Rule 9 of this Court’s Rules of Procedure requires the government to submit a proposed application no later than seven days before it seeks to have a matter entertained by the Court. The Court notes that the government filed its proposed application in this matter four days late. If the government seeks to renew the authorities approved herein prior to their expiration on June 1, 2015, the government is directed to file the proposed renewal application no later than Friday, May 22, 2015.

Curiously, Boasberg doesn’t discuss the five-day longer period of collection under this order, he just sets it.

Boasberg also laid out how the government must proceed under each of three scenarios.

First, if any of the 3 Appellate Courts reviewing the dragnet issue an opinion, “the government is directed to inform the Court promptly if the government’s implementation of this Order has changed as a result.”

Equally important, if Congress does pass some kind of new law, it must tell the court about anything the Court hasn’t already considered.

If Congress has enacted legislation amending 50 U.S.C. § 1861 prior to a request for renewed authorities, the government is directed to provide, along with its request, a legal memorandum pursuant to Rule 11(d) of this Court’s Rules of Procedure addressing any issues of law raised by the legislation and not previously considered by the Court.

This last bit is important. Some things — connection rather than contact chaining — would be codified if USA Freedom Act were to pass. But the Court has already considered it; it has been part of dragnet orders for over a year. Some USAF supporters had assumed new definitions in the bill would elicit new opinions that would be treated under the bill’s transparency provisions, but that’s only if the government believes the FISC has never reviewed it. So (for example) we might never know how the FISC has permitted the government to interpret selection term if it deems that the same as selection term it is using.

Finally, in language that might address the possibility Charlie Savage raised in November — that the government would continue doing what it is doing, because the underlying “investigation” remains the same, and therefore no extension is required — if nothing happens, the Court requires a memo of law explaining that.

If Congress, conversely, has not enacted legislation amending § 1861 or extending its sunset date, established by Section 102(b) of Public Law 109-177, 120 Stat. 195, as most recently amended by Section 2(a) of Public Law 112-14, 125 Stat. 216, the government is directed to provide a legal memorandum pursuant to Rule 11(d) addressing the power of the Court to grant such authority beyond June 1, 2015.

Section 102(b) of Public Law 109-177 is the section Savage pointed to that might permit the dragnet to continue.

(2) Exception.–With respect to any particular foreign intelligence investigation that began before the date on which the provisions referred to in paragraph (1) cease to have effect, or with respect to any particular offense or potential offense that began or occurred before the date on which such provisions cease to have effect, such provisions shall continue in effect.

That basically says the Court is aware of this discussion, either because it reads the NYT or because the government has mentioned it. This order doesn’t tip a hand on how FISC would regard this claim, but it does make clear it considers it a distinct possibility.

Note, unless I’m missing something, no language like this appears in any of the unredacted sections of previous dragnet orders, not even when Congress was giving the government straight renewals. We can’t be sure, but that certainly seems to suggest the Court has been having conversations — either by itself or with the government — about alternatives in a way Bob Litt and others are not having publicly.

Which brings me back to the government’s late homework again. There are other possibilities to explain the delayed submission. For example, it’s possible they delayed to make the extension of the 90-day period less odd (though I’m not sure why). It’s possible they honestly considered not renewing the order, already putting into place whatever they’re going to unilaterally do once Congress does nothing. Or perhaps they were still debating how to proceed with the Court.

When I used to turn in homework late (okay — it probably only happened once), I had to have a good excuse. What was the government’s?

There’s one more tiny change of note. This order moves its definition for connection chaining to footnote 7 (and the order consolidated some other footnotes). That’s likely just cosmetic, unless the FISC had some concern that the government was using a flexible definition of “connection chaining” for its emergency approvals.

Is There a Programmatic Stingray?

/9 Comments/in , /by

The NYT yesterday had a story on the secrecy surrounding Stingrays including these admissions from an FBI affidavit to explain the secrecy.

A fuller explanation of the F.B.I.’s position is provided in two publicly sworn affidavits about StingRay, including one filed in 2014 in Virginia. In the affidavit, a supervisory special agent, Bradley S. Morrison, said disclosure of the technology’s specifications would let criminals, including terrorists, “thwart the use of this technology.”

“Disclosure of even minor details” could harm law enforcement, he said, by letting “adversaries” put together the pieces of the technology like assembling a “jigsaw puzzle.” He said the F.B.I. had entered into the nondisclosure agreements with local authorities for those reasons. In addition, he said, the technology is related to homeland security and is therefore subject to federal control.

In a second affidavit, given in 2011, the same special agent acknowledged that the device could gather identifying information from phones of bystanders. Such data “from all wireless devices in the immediate area of the F.B.I. device that subscribe to a particular provider may be incidentally recorded, including those of innocent, nontarget devices.”

But, he added, that information is purged to ensure privacy rights.

In response, a bunch of smart people had an interesting conversation today about why the government is so secretive about them (start at this tweet).

My wildarseguess is that they’re hiding some kind of programmatic Stingray program. I think so for three reasons:

  • Any programmatic Stingray program would (have) been hidden by carve-outs in USA Freedom Act’s transparency provisions
  • At least one of the liberated non-disclosure agreements suggests ongoing obligations between localities and the FBI
  • FISC appears to have permitted more expansive versions of criminal PRTT programs

In past legislative debates the Intelligence Community revealed secret programs by defending them

I believe one of the best ways to see vague outlines of undisclosed domestic surveillance is to watch where the Intelligence Community is most intransigent on legislation.

When Michaels Mukasey and McConnell wrote a transparently bullshit response to a Russ Feingold effort to segregate incidentally collected  US person data under FISA Amendments Act in early 2008, I guessed they were doing back door searches of that data. 4 and 5 years later (with the report on the reauthorization and Snowden disclosures, respectively), that was proven correct.

When the IC repeatedly and successfully defeated efforts to require some real connection between a target and the records collected using Section 215 in 2009 all while boasting they had used it in the Najibullah Zazi investigation, I guessed they were using Section 215 to collect bulky data. I even guessed that they had migrated Bush’s illegal wiretap program to Section 215 and PRTT (though a former prosecutor friend soon dissuaded me from pushing my PRTT analysis because, she pointed out, there was no way in hell PRTT could authorize a dragnet).

There were 3 parts of the USA Freedom Act which struck me as particularly notable in the same way. First, the government’s insistence on expanding the chaining process to include “connections” in addition to contacts; I strongly believe that indicates they ask cell companies to match up the various identities with a particular handset.

Then there were two kinds of programmatic collection that would not only not be shut down by the prohibition on bulk collection in the bill, but which were specifically excluded from individualized transparency reporting (in addition to back door searches and upstream domestic collection, but we already knew about both of those), because transparency in the bill only covered “communications.” The first is any kind of dragnet tied to a non-communication corporate name, such as a financial dragnet or hotel records. See this post for an explanation. USAF would not require individualized reporting on this collection at all. Particularly given that the bill would permit using corporate names as identifiers and would exclude that from transparency, I think reasonable people should assume that kind of bulky collection would continue unabated.

More interesting, though, the transparency provisions also appear to exempt tracking device collection from individualized reporting, because those aren’t considered “communications” from individualized transparency reporting (I believe it would also exempt cloud data but I don’t understand what this is yet). I don’t think the government could use “Harris Corporation” as a identifier (they wouldn’t need to anyway, because the FBI would be using the tool not collecting all of Harris’ data). But they could collect the tracking data on 310 million people and only need to report targets (which currently number in the hundreds, though there already is some gaming of the required US person target reporting).

Like a Stingray, which looks for one phone, but obtains the records of everyone in a cell area.

Which is why I love this quote from the NYT article:

Christopher Allen, an F.B.I. spokesman, said “location information is a vital component” of law enforcement. The agency, he said, “does not keep repositories of cell tower data for any purpose other than in connection with a specific investigation.”

The government currently collects phone records of some significant subset of 310 million Americans for the purposes of “specific investigations.” It’s just that they consider enterprise investigations to be “specific” and therefore every American to be “relevant.” The same may well apply to location data.

FBI’s non-disclosure agreement(s) suggests ongoing cooperation between local and federal law enforcement

We’ve already seen plenty of evidence that local law enforcement retain their ties and obligations to federal law enforcement, largely in the demands the Marshal service puts on secrecy.

But as I lay out in this post, that seems to involve ongoing cooperation using the Stingray. An NDA liberated in MN specifically requires deconfliction of missions, indicating that multiple entities would use one Stingray at once.

That all seems to suggest a key part of this top-down hierarchical non-disclosure requirement involves that kind of mission-sharing.

Which is another way of saying that FBI probably relies on these local Stingrays.

FISC appears to permit more expansive PRTT programs than in criminal context

In this post and this one, I showed that the FISC-authorized use of PRTT relates the criminal context but may not be bound by it. That’s significant, because we know where the government has obtained permission for Stingray use in the criminal context, they’ve often relied on PRTT.

In both the use of combined PRTT/215 orders to get location data and in the collection of Post-Cut Through Dialed Digits, FISC has reconsidered PRTT orders after magistrates challenged similar criminal uses. At least in the latter example, FISC permitted FBI to continue a more expansive collection even after it was prohibited in the criminal context, requiring only that FBI comply with Fourth Amendment protections using minimization (as I’ll show when I finally write up the remainder of the FISC opinions, this practice has early foundation in other FISC applications).

What becomes clear reviewing the public records (these reports say this explicitly) is that the 2002 DOJ directive against retaining PCTDD applies to the criminal context, not the FISA context. When judges started challenging FBI’s authority to retain PCTDD that might include content under criminal authorities, FBI fought for and won the authority to continue to treat PCTDD using minimization procedures, not deletion. And even the standard for retention of PCTDD that counts as content permits the affirmative investigative use of incidentally collected PCTDD that constitutes content in cases of “harm to the national security.”

Whateverthefuck that is.

Which is, I guess, how FBI still has 7 uses of PCTDD, including one new one since 2008.

In other words, the Stingray use we see glimpses of in the criminal and fugitive context may be far short of what FISC has permitted in the national security context, if it tracks other practice. And accused terrorists (or spies) would not get notice of any such PRTT use so long as it wasn’t entered into a criminal proceeding (there have been several instances where the government has seemed to suggest PRTT was used, but evidence from it not entered into evidence).

All of this, of course, is speculative.

But there’s some reason the government is insisting on its expansive NDAs even while more and more people are discussing them. Hiding a more comprehensive program targeted at national security targets (terrorists and spies) might explain why the government is increasingly willing to forgo prosecutions of alleged criminals to keep what they’re doing with dragnets secret.

Update: Meanwhile, in NY, a judge has ordered the Erie County Sheriff to come clean on its Stingray use.

The 4-Year Old Pizza Conversations

/18 Comments/in /by

Because I harp endlessly about the need to defeat pizza joints in the NSA’s contact chaining, which might affect the process’ utility for the Tsarnaev brothers, both of whom worked at pizza joints who had weird ties to another pizza joint, I wanted to point to this piece describing the deportation proceedings of Mustafa Ozseferoglu.

Ozseferoglu came to the US from Turkey illegally in 2000 when he was 16, across the Mexican border. He was married to an American and has a son born in this country, Osman, whose health concerns Ozseferoglu has cited in his bid to stay in the country.

Ozseferoglu was interviewed by the FBI in July 2013 and then arrested on immigration charges in September 2013 (at the same time the FBI was going after a bunch of other immigrants with ties to the Tsarnaevs).

Ozseferoglu met Tamerlan through his father, but then worked with him briefly in 2009, during which point they exchanged some number of phone calls — for work purposes, according to Ozseferoglu.

Ozseferoglu came to Anzor for repairs regularly. When Anzor asked him why his cars were so rundown, he told him that he delivers pizza for Boston Pizza Express. Pretty soon after that, Tamerlan applied for the job too.

Boston Pizza Express, has since gone out of business, but in 2009 it was located at 1026 Commonwealth Avenue, near Boston University. Ozseferoglu and Tamerlan worked together for between three weeks and three months, a rough estimate that was scrutinized heavily by the prosecution.

[snip]

In Ozseferoglu’s immigration hearing, the number of phone calls between him and Tamerlan during this period of time were called into question. Kelly says the two contacted each other about 100 times. Ozseferoglu says these calls weren’t illicit, or even personal. The two, he says, were just coordinating pizza deliveries.

“When we’re going on delivery, we take some of the deliveries and we call the other driver,” he explains.

Read more

NSA Probably Doesn’t Have ALL of Hillary’s Emails … But Maybe Someone Should

/16 Comments/in , /by

I’m among those who believes Hillary Clinton’s use of a privately run email server is an abuse of power. Doing so appears to have skirted laws ensuring good governance and it may well have exposed her communications to adversaries (including some who would have reason to use the contents of her email to help Republicans win the White House), even if her email would have been just as targeted at State, per reports about persistent hacking of it. While I don’t buy — in the absence of evidence — she did so to hide ties with the Clinton Foundation, I do think she did so not just for convenience, but for control, as I laid out last week.

In response to the scandal, some people are calling on NSA to turn over Hillary’s emails (as they earlier did with former IRS official Lois Lerner).

For some Americans, the NSA isn’t an agency that protects them from terrorist threats or keeps this country safe from another catastrophic event. For many people, the NSA represents an intrusion of privacy. However, ‘Emailgate’ is an opportunity for the NSA to show Americans that it can protect the nation from possible security breaches, even when powerful members of government have made these errors of judgment. Nobody is accusing Hillary Clinton of anything treasonous or malicious, after all, Powell and Rice also used private emails at times. The primary concern with this scandal rests in the fact that private email servers were stored in a private residence, with their contents possibly being “sensitive” or “classified.”

If anyone in the country engaged in such behavior, the NSA would have likely had information on all of this citizen’s communication and activities. If  Clinton compromised national security in any way, the most renowned record-keeping agency in the U.S. government should help answer some questions. If the NSA has the full record of Clinton’s emails, it should hand them over to Congress.

There’s little reason to believe that NSA has all of Hillary’s emails — or even metadata on them — though it may well have (had) some.

We’re talking about emails from a non-PRISM US based server that are two to six years old.

Until December 2011, the NSA would have been capturing the metadata from all of Hillary’s email. But according to multiple documents (including sworn documents), NSA destroyed this data in 2011. NSA currently appears to collect US person Internet metadata from two other sources: from PRISM collection, and under SPCMA on data obtained overseas.

According to the 9-page explanation on the emails Hillary sent, “During her time at State, she communicated with foreign officials in person, through correspondence, and by telephone. The review of all of her emails revealed only one email with a foreign (UK) official.” Thus, while many of the people the Secretary of State would interact with could easily be targeted under Section 702, she claims she had email communication with only one of those legitimate targets, and that potentially legitimate target is from the UK, the least likely country to be targeted. This would mean that Hillary’s emails (and therefore metadata) would be unlikely to have been captured under PRISM collection. [Update: I realize now that any private conversations she had with foreigners could have been targeted and would not be among those she kept as official business.]

If she had used a targeted person’s identifier (email or phone number, for example), that might come up under upstream collection, particularly if she sent the email while overseas. The NSA has focused more since 2011 on sorting out the all US person communications captured in that way. But they also appear to go very far out of their way to avoid learning that communications are domestic, because that causes legal problems for them. So that would make it less likely they would ID these emails.

In other words, if NSA had collected Hillary’s emails using upstream collection, they should have destroyed them, and if they didn’t, they would now want to pretend they hadn’t collected them.

That leaves one other way the NSA might have some of Hillary’s emails (if they haven’t hurriedly destroyed them to avoid being caught having collected what would be considered domestic communications): via bulk collection overseas, which is quite possible, given how frequently Hillary would have been overseas, even in countries where the Five Eyes presumably pulls and keeps full take most of the time (though some of her emails sent both sides domestically might well have transited overseas and gotten collected).

By all means, let’s ask the NSA to search on her email identifiers to see what they’ve collected and retained for the 2-6 years in question! It would be a good test of how much “innocent” US person communications are collected incidentally, especially if that person travels frequently to targeted countries. (Though, again, I would imagine NSA has already done a purge to make sure they don’t have this, because if they got caught doing so, it would be … awkward.)

Finally, there’s one more reason to think NSA would not have Hillary’s email. As James Risen and Eric Lichtblau reported on June, 16, 2009 — just 3 months after Hillary started using this email — an analyst once got investigated for targeting Bill Clinton.

He said he and other analysts were trained to use a secret database, code-named Pinwale, in 2005 that archived foreign and domestic e-mail messages. He said Pinwale allowed N.S.A. analysts to read large volumes of e-mail messages to and from Americans as long as they fell within certain limits — no more than 30 percent of any database search, he recalled being told — and Americans were not explicitly singled out in the searches.

The former analyst added that his instructors had warned against committing any abuses, telling his class that another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton.

As NSA explained to Congress the day after the report (this notice was attached to the Q3 2009 IOB report), this incident actually dated to 1992.

On November 3, 1992, an analyst wondering how foreign targets were reacting to Bill Clinton’s election typed in a query [redacted]. The query was made against the [redacted]. There were probably very few emails of any kind in there at that time, and there would not [sic] about Bill Clinton. Immediately after the query was entered, the co-worker sitting next to the analyst identified that this was a query on a U.S. person. The analyst immediately realized that the query was wrong and contrary to authorities.

[snip]

Although this activity occurred 17 years ago, we have used it in our oversight training, even in the last several years, as an illustrative example of queries that are inappropriate and must be reported and investigated. This type of query remains as inappropriate today as it was then and will not be tolerated under any circumstances.

In other words, up until no more than a few years before Hillary became Secretary of State, NSA used illegally querying on her husband as a training example. The server Hillary was using was (as far as I understand it) a Clinton Foundation server — a corporate entity tied to the man used as a training case on illegal targeting.

I’d say the centrality of Bill in NSA training would emphasize the importance of not targeting Bill, his property, and thereby his wife’s undisclosed email. Certainly from buffered collections (which is how NSA sorts full take collection overseas), it’d be less likely anyone would query anything that looked remotely like a Clinton email, even though almost all of Clinton’s foreign donors are likely targets.

Admittedly, a lot of Clinton Foundation emails might be kept for other reasons (and would be legitimately targeted based off their foreign interlocutor). But I would imagine NSA is particularly careful with anything that bears the name Clinton, because of this history.

In other words, while NSA almost certainly doesn’t have all Hillary emails, it might have some — but would have very very big incentives to be able to tell Congress it doesn’t if and when they ask.

Which is not to say someone shouldn’t have these emails.

One thing the recent 702 Minimization Procedures reveal are that all three agencies — NSA, FBI, and CIA — keep some data for a year to conduct security assessments. For example, FBI’s reads:

Similarly, and notwithstanding any other section in these procedures, the FBI may use information acquired pursuant to section 702 of the Act to conduct security assessments of its systems in order to ensure that FBI systems have not been compromised. These security assessments may include, but will not be limited to, the temporary storage of section 702-acquired information in a separate system for a period not to exceed one year. While retained in such a storage system for security assessments, such section 702-acquired information may not be accessed for any other purpose.

To be honest, I don’t understand this provision (as FBI.gov shouldn’t be collected under 702), though the provision may exist more broadly in SIGINT collection procedures, in which case it would seem utterly parallel to the CSEC practice of storing emails sent to the government.

But it seems if the government is retaining emails in the name of security of its own systems, it could also retain emails in the name of ensuring government abides by Federal Records rules. For top officials, who appear to keep changing their identifiers to prevent average citizens from being able to contact them (both Hillary and Eric Holder did this), identifying, retaining, and storing emails seems to have few privacy implications. So maybe NSA should have Hillary’s emails?

The Marathon Trial: An Assessment of FBI and NSA’s Online Investigations

/18 Comments/in /by

There are a number of journalists doing a superb job of live-tweeting the Boston Marathon trial (I’m following @JimArmstrongWBZ, @susanzalkind, and @GlobeCullen, among others).

On top of gruesome details from survivors about the injuries they suffered, FBI witnesses have provided some interesting details on the investigation. For example, we’ve learned that Dzhokhar Tsarnaev and his brother used TMobile phones the day of the attack, though Dzhokhar’s handset had been set up just days earlier.

That the brothers used TMobile is significant because the NSA boasted it had used the phone dragnet to contact chain the brothers after the attack. But anonymous sources claiming the dragnet is not comprehensive have claimed the dragnet doesn’t pull in TMobile records. Given that Basaaly Moalin is the only other person with whom the phone dragnet was deemed a success, and he also had a TMobile phone, the claim that NSA is not getting TMobile calls (which is distinct from whether they’re getting call records from TMobile) is likely bullshit.

Dzhokhar had two Twitter accounts. Both of them — @j_tsar and @Al_firdausiA — link up to his Gmail account. And he also had a Yahoo account.

FBI Agent Steven Kimball, who introduced all this evidence, doesn’t appear to have explained how he connected all these together, which is significant because they likely could have done it via NSA databases before criminally subpoenaing Twitter and Google.

Anyway, those data points are ones we can return to as we get more information. The truly appalling revelation, however, came when Dzhokhar attorney Miriam Conrad cross-examined Kimball after he had introduced a bunch of tweets claiming they were evidence of the defendant’s jihadist intent.

Turns out they were less evidence of jihadist intent than that Dzhokhar consumes the same pop culture many other Americans his age consume (along with a Russian rap artist). Conrad not only showed that the Kimball had no idea what he had been looking at, but hadn’t even clicked through the links Dzhokhar had included to figure out what they meant.

She asked Kimball if he knew the tweet “I Shall Die Young” was from a Russian rap song.

He did not.

Were you aware, she continued, that Dzhokhar Tsarnaev posted a link to that song?

“No.”

The day before, the prosecution had gone to great lengths to point out one of Tsarnaev’s tweets that said, “September 10th baby, you know what tomorrow is. Party at my house!” It suggested someone tasteless if not cruel, someone who celebrated 9/11.

But Conrad asked Kimball if he knew that the line was from a sketch on a Comedy Central show? He didn’t.

While Conrad didn’t say, it was from a segment called “Things You Don’t Yell When Entering a Room” from the Tosh.O show, which is popular with college kids who like to sit around their dorm rooms getting high. Which is precisely the picture that the defense wants the jury to imagine. Not some jihadi wannabe kneeling on a prayer mat in front of a poster of Osama bin Laden, but some stoner down at UMass Dartmouth, watching Tosh with his buds and a bowl.

In fact, so the jury would get that picture, Conrad asked FBI Special Agent Steve Kimball if he knew what the word “cooked” meant in one of Tsarnaev’s tweets.

“I assume, like, crazy?” Kimball guessed.

He guessed wrong. It means the same as baked. High. Stoned.

About the only Twitter phrase Kimball correctly IDed was LOL.

Conrad also showed that Kimball misidentified the account photo on Dzhokhar’s twitter accounts as coming from Mecca, when it in fact came from Grozny.

“You said the picture [that forms the background of the second account] was a picture of Mecca,” said Conrad, towards the end of a lengthy and tense cross-examination.

“Yes, to the best of my knowledge,” answered Kimball.

“Did you bother to look at a picture of Mecca?” Conrad shot back.

“No.”

“Would it surprise you to learn that it is a picture of Grozny?”

The picture on the account is not of Mecca – the FBI had misidentified it. It is in fact a picture of the Akhmad Kadyrov Mosque in Grozny.

Let me be clear: While it was funny to see Conrad carve up the prosecution’s witness, that’s not, by itself, going to save Dzhokhar’s life (nor should it, if that’s what the jury decides is appropriate punishment).

But this does betray a real methodological problem with the FBI’s approach to interpreting Twitter content that goes well beyond this trial. If the FBI believes it doesn’t even have to click a link to understand a Tweet — a pretty egregious Twitter faux pas even for people just conversing — it suggests a lot of their profiling may be based off baseless overdetermined interpretations.

Better Put Tom Cotton and His 46 Co-Conspirators on the No-Fly List

/14 Comments/in , /by

Screen Shot 2015-03-09 at 2.46.18 PMAs Josh Rogin first reported, Tom Cotton and 46 other Senators have written a letter to the “leaders of the Islamic Republic of Iran.” They want to warn them that without Senate ratification, the agreement they’re working to sign with President Obama will just be an executive agreement that a future President could just revoke with the stroke of a pen.

Now, much as I’d like the Executive to be reined in in other areas, foreign affairs is the area where they’re supposed to act like an Executive. That was the whole point of moving from a confederation to a federation. So this intervention is improper in that sense, on top of serving the purported interests of Israeli right-wingers more than serving American interests.

The entire production ought to focus more attention on something I’ve been trying to get people to look at: the fundraiser held directly after Congress willingly acted like Bibi Netanyahu’s trained seal, also reported by Josh Rogin. Did Sheldon Adelson pay off all of  Bibi’s trained seals? On what scale?

Plus, Jack Goldsmith catches the Senators in an error about what the Constitution actually says (Tom Cotton as a JD from Harvard Law School, where Goldsmith teaches).

The letter states that “the Senate must ratify [a treaty] by a two-thirds vote.”  But as the Senate’s own web page makes clear: “The Senate does not ratify treaties. Instead, the Senate takes up a resolution of ratification, by which the Senate formally gives its advice and consent, empowering the president to proceed with ratification” (my emphasis).  Or, as this outstanding  2001 CRS Report on the Senate’s role in treaty-making states (at 117):  “It is the President who negotiates and ultimately ratifies treaties for the United States, but only if the Senate in the intervening period gives its advice and consent.”  Ratification is the formal act of the nation’s consent to be bound by the treaty on the international plane.  Senate consent is a necessary but not sufficient condition of treaty ratification for the United States.  As the CRS Report notes: “When a treaty to which the Senate has advised and consented … is returned to the President,” he may “simply decide not to ratify the treaty.”

This is a technical point that does not detract from the letter’s message that any administration deal with Iran might not last beyond this presidency.  (I analyzed this point here last year.)  But in a letter purporting to teach a constitutional lesson, the error is embarrassing.

Me, I’ve got another concern for these poor Senators.

Iran’s leaders are, according to the Senators’ own claims, evil terrorist-supporting murderers. Indeed, our own government considers them as such, not only imposing sanctions but — according to Dianne Feinstein and Keith Alexander — also treating Iran as one of the few “terrorist groups” association with which the NSA can use to contact chain on its dragnets of American communications.

In short, the government believes that anyone conducting communications with such people are terrorist suspects themselves, and should be dumped into a big database to have all their collected metadata analyzed for further signs of terrorism.

Tom Cotton and his 46 collaborators are now just 1-degree of separation from what they consider some badass terrorists. We’ve seen people be put on the No-Fly list for far less.

I don’t think that’s right, mind you. There’s a problem with metadata analysis.

That’s a problem the Senators might do better looking to correct, rather than working to keep the Middle East unstable for Israel’s interests.

Update: As the screen capture above makes clear, Tom Cotton has now placed himself at one degree of separation from the terrorist sponsor Ayatollah Khamenei via dead tree and Twitter.

FBI Is Not “Surveilling” WikiLeaks Supporters in Its Never-Ending Investigation; Is It “Collecting” on Them?

/8 Comments/in , , , , /by

The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)

In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.

2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.

I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.

In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.

First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.

Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.

I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.

Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.

All  of which brings me to the remaining interesting subtext of this ruling.

Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.

While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)

Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).

In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.

Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.

Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.

[snip]

In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.

I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.

James Clapper Admits Phone Dragnet Data Retention Is about Discerning Patterns

/3 Comments/in /by

In the Q&A portion of a James Clapper chat at Council on Foreign Relations yesterday, he was asked about the phone dragnet and Section 215 (this starts after 48:00).

He made news for the way he warned Congress that if they take away Section 215 (he didn’t specify whether he was talking about just the phone dragnet or Section 215 and the roughly 175 other orders authorized under it) and something untoward happens as a result, they better be prepared to take some of the blame.

Q: In recent days the government reauthorized the telephone metadata collection program through June 1st, when there’s the Sunset date, obviously, of Section 215 of the PATRIOT Act. What do you want to see happen after that?

Clapper: Well, what we have agreed to, Attorney General Eric Holder and I, last September, signed a letter saying that we supported the notion of moving the retention of the data to providers in a bill that was — actually came out of the Senate from Senator Leahy, so we signed up to that. I think that’s the only thing that’s realistic if we’re going to have this at all. In the end, the Congress giveth and the Congress taketh away. So if the Congress in its wisdom decides that the candle isn’t worth the flame, the juice isn’t worth the squeeze, whatever metaphor you want to use, that’s fine. And the Intelligence Community will do all we can within the law to do what we can to protect the country. But, I have to say that every time we lose another tool in our toolkit, you know? It raises the risk. And so if we have — if that tool is taken away from us, 215, and some untoward incident happens which could have been thwarted had we had it I just hope that everyone involved in that decision assumes responsibility. And it not be blamed if we have another failure exclusively on the intelligence community.

At one level, I’m absolutely sympathetic with Clapper’s worries about getting blamed if there’s another attack (or something else untoward). In some cases (particularly in the aftermath of the 2009 Nidal Hasan and Umar Farouk Abdulmutallab attacks), politicians have raised hell about the Intelligence Community missing a potential attack. But that really did not happen after the Boston Marathon; contemporaneous polls even said most people accepted that you couldn’t prevent every attack. Moreover, in that case, NSA — the entity running the phone dragnet — was excluded from more intensive Inspector General review, as NSA has repeatedly been in the past (including, to a significant extent, the 9/11 attack), even though it had collected data on one or both of the Tsarnaev brothers but not accessed it until after the attack. In other words, NSA tends not to be held responsible even when it is.

Clapper’s fear-mongering has gotten most of the attention from that Q&A, even more than Clapper’s admission elsewhere that “moderate” in Syria — he used scare quotes — means “anyone who’s not affiliated w/I-S-I-L.”

But on the phone dragnet, I found this a far more intriguing exchange.

Q: And just to be clear, with the private providers maintaining that data, do you feel you’ve lost an important tool?

Clapper: Not necessarily. It will depend though, for one, retention period. I think, given the attitude today of the providers, they will probably do all they can to minimize the retention period. Which of course, from our standpoint, lessens the utility of the data, because you do need some — and we can prove this statistically — you do need some historical data in order to, if you’re gonna discern a pattern. And again, 215 to me, is much like my fire insurance policy. You know, my house has never burned down but every year I buy fire insurance just in case.

In general, discussions about why the NSA needs 5 years of phone dragnet have used a sleeper argument: a suspect might have spoken to someone of interest 4 years ago, which would be an important connection to identify and pursue. But that’s not what Clapper says here. They need years and years of our phone records not to find calls we might have made 5 years ago, but to “discern patterns.”

Well, that changes things a bit, and may even suggest how they’re actually using the phone dragnet.

While we know they have, at times, imputed some kind of meaning to the lengths of calls — for a while they believed calls under 2 minutes were especially suspicious until they realized calls to the pizza joint also tend to be under 2 minutes — there’s another application where pattern analysis is even more important: matching burner phones. You need a certain volume of past calls to establish a pattern of a person’s calls so as to be able to identify another unrelated handset that makes the same pattern of calls as the same person.

Connection chaining, not contact chaining.

Clapper’s revelation that they need years of retention for pattern analysis, not for contact chaining, seems consistent with the language describing the chaining process under USA Freedom Act.

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;

That is, they’d be getting all the calls the target had made, as well as all the calls an identifiable target’s associate or additional phone had made.

And remember, one of the NSA’s two greatest “successes” with the phone dragnet — when they found that Adis Medunjanin, whom they already knew to be associated with Najibullah Zazi, had a phone they hadn’t known about — involves burner matching. That match took place at an important moment, too, when the NSA had turned off its automatic correlation process (which uses a dedicated database to identify the other known identities of a person in a chain), and when its queries were as closely controlled as they ever have been in the wake of the massive violations in 2009. At a time when they were running a bare bones phone dragnet, they were still doing burner matching, and considered that a success.

Now, let me be clear: matching the burner phones of real suspects is a reasonable use for a phone dragnet, though the government ought to provide more clarity about whether they’re matching solely on call patterns or on patterns of handset use, including on the Internet. It’d also be nice if anyone caught in this fashion had some access to the accuracy claims the government has made and the basis used to make those accuracy claims (for one incarnation of the Hemisphere dragnet, DEA was claiming 94% accuracy, based of 10 years of data and, apparently, multiple providers). And this points to the importance of retaining FISC review of the targets, because people for whom there is not reasonable articulable suspicion of ties to terrorism ought to be able to use burner phones.

James Clapper’s office has gone to great lengths to try to hide any mention of pattern analysis in declassified discussions of the phone dragnet. Apparently, Clapper doesn’t think that detail needs to be classified anymore.