NSA Obfuscated to Congress about Back Door Searches in 2009

/5 Comments/in , /by

The NSA got a lot of criticism for releasing its IOB reports on December 23, just as everyone was preparing for vacation. But there were three reports that — at least when I accessed the interface — weren’t originally posted: Q3 and Q4 2009 and Q3 2010 — all conveniently important dates for the Internet dragnet (I’ll have more on what they didn’t disclose soon).

Apparently those reports were added on New Year’s Eve Eve Eve, an even bigger wasteland for document dumps than Christmas Eve.

Screen Shot 2014-12-31 at 4.24.31 PM

In addition to details about what NSA did and didn’t reveal about the Internet and (to a lesser degree) phone dragnet, the Q3 report also claimed to rebut this June 16, 2009 Risen and Lichtblau article.

Screen Shot 2014-12-31 at 4.30.33 PM

The article pretty clearly reveals the outlines of what we’ve since learned to be big privacy problems behind NSA’s programs — definitely back door searches, and probably upstream collection.

Since April, when it was disclosed that the intercepts of some private communications of Americans went beyond legal limits in late 2008 and early 2009, several Congressional committees have been investigating. Those inquiries have led to concerns in Congress about the agency’s ability to collect and read domestic e-mail messages of Americans on a widespread basis, officials said. Supporting that conclusion is the account of a former N.S.A. analyst who, in a series of interviews, described being trained in 2005 for a program in which the agency routinely examined large volumes of Americans’ e-mail messages without court warrants. Two intelligence officials confirmed that the program was still in operation.

[snip]

A new law enacted by Congress last year gave the N.S.A. greater legal leeway to collect the private communications of Americans so long as it was done only as the incidental byproduct of investigating individuals “reasonably believed” to be overseas.

But after closed-door hearings by three Congressional panels, some lawmakers are asking what the tolerable limits are for such incidental collection and whether the privacy of Americans is being adequately protected.

“For the Hill, the issue is a sense of scale, about how much domestic e-mail collection is acceptable,” a former intelligence official said, speaking on condition of anonymity because N.S.A. operations are classified. “It’s a question of how many mistakes they can allow.”

[snip]

The N.S.A. is believed to have gone beyond legal boundaries designed to protect Americans in about 8 to 10 separate court orders issued by the Foreign Intelligence Surveillance Court, according to three intelligence officials who spoke anonymously because disclosing such information is illegal. Because each court order could single out hundreds or even thousands of phone numbers or e-mail addresses, the number of individual communications that were improperly collected could number in the millions, officials said.

[snip]

But even before that, the agency appears to have tolerated significant collection and examination of domestic e-mail messages without warrants, according to the former analyst, who spoke only on condition of anonymity.

He said he and other analysts were trained to use a secret database, code-named Pinwale, in 2005 that archived foreign and domestic e-mail messages. He said Pinwale allowed N.S.A. analysts to read large volumes of e-mail messages to and from Americans as long as they fell within certain limits — no more than 30 percent of any database search, he recalled being told — and Americans were not explicitly singled out in the searches.

Over and over, this report clearly describes the accessing of US person data, without warrants, that has been incidentally collected. Rush Holt — then leading an oversight investigation into the NSA — even goes on the record in the article.

The report helpfully includes the rebuttal NSA sent to Congress (starting at PDF 18). The rebuttal goes like this:

  • The NYT story made “it seem as if NSA is broadly irresponsible in executing its mission” under EO 12333 or FISA “The opposite is true.”
  • NSA recently identified compliance issues but these “accusations are far afield of the compliance matters” related to the metadata dragnets and other recent violations. [The NYT had never said they were related, and there’s no evidence Risen and Lichtblau knew of them, except insofar as they also finally confirmed that the hospital confrontation pertained to the Internet dragnet in this article.]
  • It is difficult to know what the NYT’s anonymous sources mean. [The rebuttal makes no mention of Holt’s on the record comments, or the obvious references to back door searches.]
  • Maybe the reference to the examination of US person content is a reference to David Faulk but those allegations are false as the NSA IG will soon report.
  • A largely redacted bullet seems to admit they suck in related emails, as alleged in the article.
  • “The article also identifies a 30% threshold for inclusion of U.S. person information within NSA databases. There is no truth to this statement.”  [Of course, that’s not what the article says, as the red text above makes clear — it talks about how much US person content a search may pull up, not how much is in the databases.]
  • The access of Bill Clinton’s email was in 1992 and it is used as an example in oversight training [which is what the article described — though the rebuttal makes it far more clear that this is an “about” search on what other people are saying about Clinton].

Read more

Barb Mikulski Still Thinks You’re Stupid about “Target” and “Content”

/4 Comments/in /by

In the CRomnibus legislation — the appropriations bill that will pass Congress in the next few days — the powers that be (largely Barb Mikulski and AlabamaKentucky’s Harold Rogers) stripped out the Massie-Lofgren Amendment that would have prohibited back door searches of Section 702 information and required back doors on software, and replaced it with this language.

SEC. 8128. None of the funds made available by this Act may be used by the National Security Agency to—

(1) conduct an acquisition pursuant to section 702 of the Foreign Intelligence Surveillance Act of 1978 for the purpose of targeting a United States person; or

(2) acquire, monitor, or store the contents (as such term is defined in section 2510(8) of title 18, United States Code) of any electronic communication of a United States person from a provider of electronic communication services to the public pursuant to section 501 of the Foreign Intelligence Surveillance Act of 1978.

The language is ridiculous on three counts.

First, it defunds only the NSA. The original might have defunded anything that involved DOD, including FBI and CIA.

Clause 1 does nothing but say that NSA has to follow the law, by prohibiting Section 702 from being used to target Americans (but not including penalties or legal recourse).

Clause 2 does nothing but say that NSA has to follow the law, by prohibiting the government from using Section 215 to get content (this clause might be more interesting if it applied to FBI, too, because I’m fairly certain some of what they get is arguably content).

That is, this replaces real legislation, supported by a huge majority in the House, with the same word games NSA has been hiding behind for over 18 months.

 

Some Torture Facts

/3 Comments/in , /by

At the request of some on Twitter, I’m bringing together a Twitter rant of some facts on torture here.

1) Contrary to popular belief, torture was not authorized primarily by the OLC memos John Yoo wrote. It was first authorized by the September 17, 2001 Memorandum of Notification (that is, a Presidential Finding) crafted by Cofer Black. See details on the structure and intent of that Finding here. While the Intelligence Committees were briefed on that Finding, even Gang of Four members were not told that the Finding authorized torture or that the torture had been authorized by that Finding until 2004.

2) That means torture was authorized by the same Finding that authorized drone killing, heavily subsidizing the intelligence services of countries like Jordan and Egypt, cooperating with Syria and Libya, and the training of Afghan special forces (the last detail is part of why David Passaro wanted the Finding for his defense against abuse charges — because he had been directly authorized to kill terror suspects by the President as part of his role in training Afghan special forces).

3) Torture started by proxy (though with Americans present) at least as early as February 2002 and first-hand by April 2002, months before the August 2002 memos. During this period, the torturers were operating with close White House involvement.

4) Something happened — probably Ali Soufan’s concerns about seeing a coffin to be used with Abu Zubaydah — that led CIA to ask for more formal legal protection, which is why they got the OLC memos. CIA asked for, but never got approved, the mock burial that may have elicited their concern.

5) According to the OPR report, when CIA wrote up its own internal guidance, it did not rely on the August 1, 2002 techniques memo, but rather a July 13, 2002 fax that John Yoo had written that was more vague, which also happened to be written on the day Michael Chertoff refused to give advance declination on torture prosecutions.

6) Even after CIA got the August 1, 2002 memo, they did not adhere to it. When they got into trouble — such as when they froze Gul Rahman to death after hosing him down — they went to John Yoo and had him freelance another document, the Legal Principles, which pretend-authorized these techniques. Jack Goldsmith would later deem those Principles not an OLC product.

7) During both the August 1, 2002 and May 2005 OLC memo writing processes, CIA lied to DOJ (or provided false documentation) about what they had done and when they had done it. This was done, in part, to authorize the things Yoo had pretend-authorized in the Legal Principles.

8) In late 2002, then SSCI Chair Bob Graham made initial efforts to conduct oversight over torture (asking, for example, to send a staffer to observe interrogations). CIA got Pat Roberts, who became Chair in 2003, to quash these efforts, though even he claims CIA lied about how he did so.

9) CIA also lied, for years, to Congress. Here are some details of the lies told before 2004. Even after CIA briefed Congress in 2006, they kept lying. Here is Michael Hayden lying to Congress in 2007

10) We do know that some people in the White House were not fully briefed (and probably provided misleading information, particularly as to what CIA got from torture). But we also know that CIA withheld and/or stole back documents implicating the White House. So while it is true that CIA lied to the White House, it is also true that SSCI will not present the full extent of White House (read, David Addington’s) personal, sometimes daily, involvement in the torture.

11) The torturers are absolutely right to be pissed that these documents were withheld, basically hanging them out to dry while protecting Bush, Cheney, and Addington (and people like Tim Flanigan).

12) Obama’s role in covering up the Bush White House’s role in torture has received far too little attention. But Obama’s White House actually successfully intervened to reverse Judge Alvin Hellerstein’s attempt to release to ACLU a short phrase making it clear torture was done pursuant to a Presidential Finding. So while Obama was happy to have CIA’s role in torture exposed, he went to great lengths, both with that FOIA, with criminal discovery, and with the Torture Report, to hide how deeply implicated the Office of the President was in torture.

Bonus 13) John Brennan has admitted to using information from the torture program in declarations he wrote for the FISA Court. This means that information derived from torture was used to scare Colleen Kollar-Kotelly into approving the Internet dragnet in 2004.

Today Obama Will Get His Fifth New Dragnet Order Since “Reform” Started

/5 Comments/in /by

On December 12, 2013, almost one year ago, President Obama’s handpicked NSA Review Group made the following two recommendations.

Recommendation 1: We recommend that section 215 should be amended to authorize the Foreign Intelligence Surveillance Court to issue a section 215 order compelling a third party to disclose otherwise private information about particular individuals only if:
(1) it finds that the government has reasonable grounds to believe that the particular information sought is relevant to an authorized investigation intended to protect “against international terrorism or clandestine intelligence activities” and
(2) like a subpoena, the order is reasonable in focus, scope, and breadth.

Recommendation 5: We recommend that legislation should be enacted that terminates the storage of bulk telephony meta-data by the government under section 215, and transitions as soon as reasonably possible to a system in which such meta-data is held instead either by private providers or by a private third party. Access to such data should be permitted only with a section 215 order from the Foreign Intelligence Surveillance Court that meets the requirements set forth in Recommendation 1.

Since that time, Obama has applied for and will, today, receive authorization for 5 extensions of the phone dragnet:

BR 14-01, signed by Thomas Hogan on January 3, 2014

BR 14-67, signed by Rosemary Collyer on March 28, 2014

BR 14-96, signed by James Zagel on June 19, 2014

BR 14-125, signed by Raymond Dearie on September 11, 2014

Along the way, Obama has instituted prior FISC review, added an emergency provision, given up on an automated query NSA had never been able to implement technically, even while standardizing “connection chaining.” The FISC also had to remind the government it must still abide by the legal requirement for prior First Amendment review, even when obtaining emergency orders.

By my count, the government has made 5 changes (or institutionalized prior changes) since the time Obama’s hand-picked review group recommended he give up the dragnet. As I noted yesterday, over the last year, 5 different Democrats have called on Obama to end the dragnet without waiting for legislation.

And yet, sometime today, the dragnet will be extended for another 3 months.

5 Democrats Have Called on Obama Not to Reauthorize the Dragnet Tomorrow

/in /by

Tomorrow is dragnet day, the next 90-day reauthorization for the dragnet.

In advance of that date, Pat Leahy just called on President Obama to simply let the dragnet end.

The President can end the NSA’s dragnet collection of Americans’ phone records once and for all by not seeking reauthorization of this program by the FISA Court, and once again, I urge him to do just that.  Doing so would not be a substitute for comprehensive surveillance reform legislation – but it would be an important first step.

Leahy joins 4 other Democrats who have already called for the President to unilaterally stop the dragnet.

At a hearing last month, Adam Schiff suggested to DIRNSA Mike Rogers that they move forward without waiting for a new law.

“There’s nothing in statute that requires the government to gather bulk data, so you could move forward on your own with making the technological changes,” Schiff said. “You don’t have to wait for the USA Freedom Act.”

There’s no reason for the NSA to wait for congressional approval to put additional limits on the program “if you think this is the correct policy,” Schiff added. “Why continue to gather the bulk metadata if [Obama administration officials] don’t think this is the best approach?”

And back in June, Senators Wyden, Udall, and Heinrich not only made a similar suggestion in a letter to the President, but laid out how Obama could achieve what he says he wants to without waiting for legislation.

But the President is not going to end the dragnet. Heck, for all we know, FISC has already signed the reauthorization.

Mind you, it may be that President Obama can’t start the new-and-improved dragnet without offering providers immunity and compensation. But if Obama can’t simply end the dragnet without offering telecoms and second level contractors broad immunity, then he’s obviously planning on something more exotic than just regular phone contact chaining.

The FBI PRTT Documents: The Paragraph 31 PCTDD Technique

/3 Comments/in /by

I’ve been working my way through a series of documents in EPIC’s FOIA for FISA PRTT documentsThis is the last of a series of posts where I unpack the Internet dragnet documents. This post tracks what the reports to Congress reveal (largely about the language the government used to hide programs). And this post shows that the government probably used combined PRTT and Section 215 orders to get real-time cell location. The last chunk of documents withheld pertain to what I’ll call “the Paragraph 31” technique, after the entirely redacted paragraph in the first David Hardy declaration describing it. The technique is some application of what gets treated as Post Cut-Through Dialed Digits (PCTDD), those digits a person enters after being connected to a phone number, which might include phone tree responses, credit card information, or password information.

The PCTDD DIOG section withheld

We know Paragraph 31 pertains to PCTDD because one of the documents withheld — described as document 1 in the first Hardy declaration — is a section of the Domestic Investigations and Operations Guide that pertains to PCTDD.

The first document is comprised of pages 186-189 of the DIOG. The DIOG is a manual used by FBI Special Agents in conducting and carrying out investigations. This particular excerpt of the DIOG provides a step-by-step guide in assisting Special Agents in determining whether to utilize a specific method in collecting information such as (1) when to use the method and technique; (2) factors to consider when making this determination; (3) how to go about using the specific method and technique; and (4) the type of information that can be gleaned from it

The paragraph cites paragraph 31, so we know it’s the same method. As reflected by the Vaughn Index, the pages in question appear to be from the 2008 DIOG, not the 2011 one. The pagination of the two documents reinforces that. There’s no way to work the pagination of the 2011 DIOG to land in the PRTT section, whereas those page numbers do point to the PRTT section in the 2008 DIOG. The section in question starts at PDF 79. The key unredacted part reads,

The definition of both a pen register device and a trap and trace device provides that the information collected by these devices “shall not include the contents of any communication.” See 18 U.S.C. § 3127(3) and (4). In addition, 18 U.S.C. § 3121(c) makes explicit the requirement to “use technology reasonably available” that restricts the collection of information “so as not to include the contents of any wire or electronic communications.” “Content” includes any information concerning the substance, purport, or meaning of a communication. See 18 U.S.C. §2510(8). When the pen register definition is read in conjunction with the limitation provision, however, it suggests that although a PR/TT device may not be used for the express purpose of collecting content, the incidental collection of content may occur despite the use of “reasonably available” technology to minimize, to the extent feasible, any possible over collection while still allowing the device to collect all of the dialing and signaling information authorized.

In addition to this statutory obligation, DOJ has issued a directive in [redacted half line in 2011 DIOG] to all DOJ agencies requiring that no affirmative investigative use may be made of PCTDD incidentally collected that constitutes content, except in cases of emergency–to prevent an immediate danger of death, serious physical injury, or harm to the national security.

The criminal context of FBI’s PCTDD FISA usage

As with the “hybrid” use of PRTT and toll record orders, the concern about PCTDD may have had some tie to criminal proceedings.

On May 24, 2002, Deputy Attorney General Larry Thompson issued a directive on “avoiding collection and investigative use of content in the operation of Pen Registers.” It explicitly said that FISA was “outside the scope of this Memorandum.”

In 2006 and 2007, the government applied for Pen Registers in EDNY, including PCTDD. The magistrate judge denied the request for PCTDD as content, which led to a process of reconsideration and further briefing, including amicus briefs from EFF and Federal Defenders of NY. [Update: I’ve been reliably informed that Kollar-Kotelly’s request was a response to a MJ Stephen Smith ruling issued in Texas in July 2006.]

During this period, on August 7, 2006, Colleen Kollar-Kotelly ordered briefing in docket PRTT 06-102 on how FBI was fulfilling its obligation, apparently under the 2002 DOJ directive FBI maintained did not apply to FISA, not to affirmatively use PCTDD for any investigative purpose.  PDF 39-40

Judge Kotelly has ordered the FBI to submit a report no later than September 25 (2006). This report must contain:

(1) an explanation of how the FBI is implementing its obligation to make no affirmative investigative use, through pen register authorization, of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information, except in a rare case in order to prevent an immediate danger of death, serious physical injury or harm to the National Security, addressing in particular: a) whether post-cut-through digits obtained via FISA pen register surveillance are uploaded into TA, Proton, IDW, EDMS, TED, or any other FBI system; and b) if so what procedures are in place to ensure that no affirmative investigative use is made of postcut-through digits that do not constitute call dialing, routing, addressing or signaling information, including whether such procedures mandate that this information be deleted from the relevant system.

(2) an explanation of what procedures are in place to ensure that the Court is notified, as required pursuant to the Courts Order in the above captioned matter, whenever the government decides to make affirmative investigative use of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information in order to prevent an immediate danger of death, serious physical injury, or harm to the national security.

At the time, at least some of FBI’s lawyers believed that for FISA Pen Registers, FBI retained all the PCTDD. PDF 38

When DSC 3000 is used for a FISA collection, doesn’t the DCS 3000 pass all to the [redacted](DSC 5000) including the PCTDD–in other words for FISAs the DCS3000 does NOT use the default of not recoding [sic] the PCTTD???? [sic]

This report — dated September 25, 2006 — appears to be the report Kollar-Kotelly requested. It implores her not to follow [redacted], which appears to is a reference the EDNY court Texas decision.

That report is followed by this one — which was submitted on November 1, 2006 — which appears to propose new procedures to convince her to permit the FBI to continue to collect and retain PCTDD.

In other words, during the early part of the period when the FBI was bumping up against a criminal standard prohibiting the retention of PCTDD under protection of minimization procedures, Judge Kollar-Kotelly required FBI to prove its existing (and new) minimization procedures to ensure they were strong enough to comport with the law.

The original PCTDD question was still burbling away in EDNY, however, and in November 2008 Judge Nicholas Garaufis mooted the question of PCTDD based on the government’s representation that it would delete the information when it received it.

On June 11, 2008, the Government applied to Judge Orenstein for authorization to install and use a pen register and trap and trace device on two wireless telephones (the “SUBJECT WIRELESS TELEPHONES”). (Gov. Br. at 5.) The Government requested, inter alia, an Order authorizing the recording of post-cut-through dialed digits (“PCTDD”) via pen register. PCTDD are digits dialed from a telephone after a call is connected or “cut through.” In the Matter of Applications, 515 F.Supp.2d 325515F.Supp.2d325, 328 (E.D.N.Y.2007) *204 (“Azrack Opinion”). Because PCTDD sometimes transmit information such as bank account numbers and Social Security numbers which constitutes “contents of communications,” and because the Pen Register Statute defines a pen register as “a device or process which records or decodes dialing … or signaling information… provided, however, that such information shall not include the contents of any communication,” 18 U.S.C. § 3127(3) (emphasis added), Judge Orenstein denied the Government’s request for authorization to record PCTDD. The Government subsequently appealed Judge Orenstein’s denial of its request to this court, asking this court to authorize it to record PCTDD.

On September 23, 2008, in response to the court’s request for clarification of the specifics of its request for pen register data, the Government informed the court that the law enforcement agency involved in the investigation of the SUBJECT WIRELESS TELEPHONES will configure its computers so as to immediately delete all PCTDD received from the provider. (Government’s September 23, 2008 letter to the court.) Therefore, as the pen registers sought by the Government in this application will not “record” or “decode” content within the meaning of the Pen Register Statute, the legal question presented by the Government in its appeal is moot.[3] As the Government is entitled to the information it now seeks, the court directs the Magistrate Judge to issue, if still necessary, an order authorizing the installation of the pen registers on the SUBJECT WIRELESS TELEPHONES that is consistent with the representations in the Government’s letter of September 23, 2008.

Note that Garaufis also embraced the hybrid theory other judges had started rejecting in 2005, which I believe lies behind the BRPR orders.

Behind the scenes, there appear to have been changes to the way the government dealt with PCTDD information under FISA collection. This August 17, 2009 Memo of Law appears to revisit the issue (perhaps in light of the final ruling in EDNY in 2008 and/or as part of the PRTT review of that year). It argues over some of the same Pat Leahy language as the other documents do. It appears to refer to the November 2006 document. It discusses the May 24, 2002 over-collection directive as applying only to the criminal context.

But it also describes some changes implemented in July and December 2008 (it’s possible there are references to revisions to the DIOG in this section).

That’s one reason why several changes between the 2008 and 2011 DIOG are of interest. In addition to the redacted passage on DOJ’s 2002 directive (above) probably affirmatively asserting now that the directive does not apply to FISA, there are two other changes in the Pen Register that are unclassified between the two DIOGs. First, the 2011 one reflects a 2010 change in FISC procedure (see Procedure 15 and Section 18 .6.9.5.1.4), no longer permitting (or requiring) the sequestration of over-collected information at FISC. In addition, the 2011 DIOG appears to show an extra use of PCTDD collection (showing 7 total across subsections A and B, as compared to 6).

What becomes clear reviewing the public records (these reports say this explicitly) is that the 2002 DOJ directive against retaining PCTDD applies to the criminal context, not the FISA context. When judges started challenging FBI’s authority to retain PCTDD that might include content under criminal authorities, FBI fought for and won the authority to continue to treat PCTDD using minimization procedures, not deletion. And even the standard for retention of PCTDD that counts as content permits the affirmative investigative use of incidentally collected PCTDD that constitutes content in cases of “harm to the national security.”

Whateverthefuck that is.

Which is, I guess, how FBI still has 7 uses of PCTDD, including one new one since 2008.

The details on the withheld documents

Which brings us to the remaining documents on Paragraph 31 the FBI is withholding. In addition to the DIOG and a Westlaw print out (which I would guess is the opinion in the criminal case), there are 4 memoranda and one report described in the first Hardy Declaration, as well as a PRBR motion to retain data that I wouldn’t be surprised if FBI used to request the authority to retain, under FISA authority, the materials it said it wouldn’t obtain in the EDNY case (in any case, it requested approval to retain some data collected under a hybrid PRBR order). One of the documents in that bunch includes both electronic surveillance (the collection of content) and the use of a pen register (ostensibly non-content).  The second Hardy declaration includes 9 FISC orders pertaining to the method, along with a District Court order pertaining to it (which might be that 2008 opinion).

Significantly, 4 of those orders are Primary Orders, suggesting multiple Secondary Orders to providers of some sort, and a program of some bulk. And those documents are only the ones that got shared with Congress, so only the ones that reflected some significant decision.

The declarations don’t tell us much about how they’re using this PCTDD information. Here are the most informative passages (some of which show up in both).

The ability to conduct electronic surveillance through the installation and use of pen registers and trap and trace devices has proven to be an indispensable investigative tool and continues to serve as a building block in many of the FBI’s counterterrorism and counterintelligence investigations. The specific type of electronic surveillance has resulted in numerous benefits by providing the FBI valuable substantive information in connection with national security investigations. The information gathered has either confirmed prior investigative information or has contributed to the development of additional investigative information, and has been invaluable in providing investigative leads.

[snip]

[T]he release of such information would reveal actual intelligence activities and methods used by the FBI against specific targets who are the subject of foreign counterintelligence investigations or operations; identify a target of a foreign counterintelligence investigation; or disclose the intelligence gathering capabilities of the activities or methods directed at specific targets.

[snip]

The information protected under this [7(E)] exemption contain details about sensitive law enforcement techniques used by the FBI in gathering valuable intelligence information in current and prospective criminal, counterintelligence, and national security investigations.

What I find most interesting about these declarations, however, is the near total (maybe even total) silence about terrorism. These are used for “national security” and “counterintelligence” investigations, but nothing explicitly described as a counterterrorism investigation.

While I can see some especially useful applications of PCTDD information in the CI context — imagine how valuable it would be to know the voicemail passwords of Chinese targets, for example — I also wonder whether the FBI is using this stuff primarily for cyber targets. Whatever it is, the government has apparently argued for and maintained the authority to retain PCTDD data in the FISA context, with the ability to use actual content in the event of possible harm to national security.

The Government’s Unexplained Iran Dragnet

/3 Comments/in , /by

Just the other day, I observed that the government likely has a problem with the authorities it has used to police its sanction regime against Iran. First, the government appears to have had a counterproliferation certification under Protect America Act that may have had legal issues; with FISA Amendments Act, Congress authorized such a certification as foreign intelligence. Then, at some point over the course of the phone dragnet, FISC approved the use of the dragnet with Iran under an alleged terrorism purpose. But the primary claimed Iranian terrorism in this country was propagated by DEA; clearly the NSA was using the dragnet for an inherently counterproliferation purpose.

A judge in DC just ruled for the government in a case against an Iranian American, Shantia Hassanshahi, that implicates many of these problems, and broader problems with the dragnet, though he did so by largely sidestepping the underlying issue.

Basically, the case that Hassanshahi violated sanctions stems from the following evidentiary steps:

  1. An unsolicited tip from an (apparently) paid informant
  2. A query request submitted to some unnamed database on a suspect number, which returned a single call with a number associated with Hassanshahi
  3. Based on that and 1 other call to Iran, the government stopped Hassanshahi as he returned from a trip to Iran and seized his devices in CA
  4. A forensic search of his laptop resulted in incriminating documents showing the sale of non-military energy-related goods to Iran

Hassanshahi argued that the query of the database — which he argued was either the phone dragnet database or something nearly identical and therefore just as unconstitutional — was illegal, citing Richard Leon’s Larry Klayman ruling. And he argued that everything else not only followed as fruit of the poison tree from there, but that the device search violated the 9th Circuit’s precedent requiring probable cause to conduct a forensic border search (his devices were seized in CA, not in DC). Judge Rudolph Contreras rejected Hassanshahi’s bid to have the evidence suppressed by dodging the question of the legality of the database query, treating it as unconstitutional (I think this overstates what the government was saying here).

In response, the Government sidesteps Hassanshahi’s argument by taking the position that although the NSA telephony database was not used, the Court nevertheless should assume arguendo that the law enforcement database HSI did use was unconstitutional. See Gov’t’s  Mem. Opp’n Mot. Suppress 12. Consistent with this position, the Government refuses to provide details about its law enforcement database on the basis that such information is irrelevant once the Court accepts the facial illegality of the database. See id. at 11-12. Regrettably, the Court therefore starts its analysis from the posture that HSI’s initial search of the mysterious law enforcement database, which uncovered one call between Sheikhi’s business telephone number and the 818 number linked to Hassanshahi, was unconstitutional

But based on the time that elapsed between the query he treated as unconstitutional and the border search, and based on Hassanshahi’s voluntary arrival in LAX (where a 9th Circuit ruling would require reasonable suspicion) and some really crazy details even the government didn’t argue that strongly constituted reasonable suspicion, he ruled the forensic search in LA legal.

This is where things get bizarre. Having already ruled that this was not flagrant enough to make the subsequent search improper, Contreras then throws up his hands, notes that if the government did use the NSA phone dragnet  (which is supposed to be limited to counterterrorism purposes and therefore should be inapplicable in this case) or if the dragnet it used doesn’t have the controls that the NSA dragnet does it might be a problem, he says he will require the government to submit an ex parte filing explaining the database.

But, at the same time, the Court does not know with certainty whether the HSI database actually involves the same public interests, characteristics, and limitations as the NSA program such that both databases should be regarded similarly under the Fourth Amendment. In particular, the NSA program was specifically limited to being used for counterterrorism purposes, see Klayman, 957 F. Supp. 2d at 15-16, and it remains unclear if the database that HSI searched imposed a similar counterterrorism requirement. If the HSI database did have such a limitation, that might suggest some level of flagrancy by HSI because it was clear that neither Sheikhi nor Hassanshahi was involved in terrorism activities. With so many caveats, the Government’s litigation posture leaves the Court in a difficult, and frustrating, situation. Yet, even assuming that the HSI database was misused to develop the lead into Hassanshahi, HSI’s conduct appears no more flagrant than law enforcement conduct in other “unlawful lead” cases,which still held that the attenuation exception applied nonetheless.6

66 The Government’s silence regarding the nature of the law enforcement database has made the Court’s analysis more complex than it should be. Although the Court still concludes that the attenuation exception applies in large part based on the “unlawful lead” line of cases, the Court will order that the Government provide the Court with an ex parte declaration summarizing the contours of the mysterious law enforcement database used by HSI, including any limitations on how and when the database may be used.

Of course he only requires this after ruling that the evidence can come in!

Now, I can think of four possibilities to explain the search:

  • The government searched the dragnet under its “Iranian” allowance (which only Josh Gerstein and I have ever reported), exposing what I noted above — that they’re using a CT tool for a fundamentally CP function
  • The government searched Hemisphere
  • The government searched SPMCA, the authority permitting it to contact-chain on US person data collected under EO 12333 or it originally searched on the Section 215 phone dragnet then re-ran the search under EO 12333 so it could share the link
  • There’s yet another dragnet

Something’s definitely fishy about the government’s claims, because the Homeland Security investigator in the case, Joshua Akronowitz changed his story twice in meaningful ways.

For example, the affidavit the government used to justify his arrest said he personally searched “HSI accessible law enforcement databases.” Read more

No One Benefits from a One (Wo)Man FISC Court

/2 Comments/in /by

Over at Just Security, Steve Vladeck takes issue with yet another proposal for a Drone Court.

A new chapter by Professors Amos Guiora and Jeffrey Brand–“Establishment of a Drone Court: A Necessary Restraint on Executive Power“–has been receiving a fair amount ofmedia and blog attention. The chapter differs from some prior calls for a “drone court” in seeing the Foreign Intelligence Surveillance Court (FISC) not as a model, but rather as a lesson in what not to do–a “non-starter,” in the authors’ words. Nevertheless, the chapter argues, we need a special “Operational Security Court” (OSC) comprised of already sitting Article III district and circuit judges (selected through a far different process from FISC judges) to strike the right balance between the government’s need to protect operational (and national) security and the rights of those targeted for drone operations to contest their targeting (through security cleared lawyers) ex ante.

My take on the proposal is slightly different from Vladeck’s. I take it as a proposal for a Sparkle Pony. The proper response to such a proposal is to point out all the reasons why we can’t have Sparkle Ponies. But I would end up largely where Valdeck is, looking at all the reasons FISC is failing its task, especially now that it has been blown up beyond proportion in the wake of President Bush’s illegal spy program. And Vladeck’s solution — to ensure people can sue after the fact — is a reasonable start.

That said, Vladeck asks an important question.

Finally, there’s the question of why an entire new court(the “OSC”) is needed at all. What’s wrong with giving the U.S. District Court for the District of Columbia exclusive original jurisdiction over these proceedings–as the Supreme Court has effectively provided in the secrecy-laden Guantánamo habeas cases? Even if one believes that ex ante judicial review of drone strikes is constitutionally and pragmatically feasible, why reinvent the wheel when there are perfectly good judges sitting in a perfectly good courthouse replete with experience in highly classified proceedings? 

In my insistence it’s time to get rid of FISC, I’ve been thinking the same thing: why can’t we just have all the DC District judges rule on these cases?

The biggest drawback I see in this is that it would mean the judges presiding over national security criminal cases — not even Espionage cases, which are more likely to be charged in EDVA — are not the same who preside over the National Security Court decisions. Just as an example, I think it important that a bunch of judges in Portland, OR are presiding over some of the more interesting national security cases. And for that reason I’m fascinated that Michael Mosman, who is presiding over the case of Reaz Qadir Khan, is also a FISC judge. While I don’t think Mosman brings a neutral approach to the Khan case, I do think he may be learning things about how the FISC programs work in practice.

But both sides of this debate, both the government and reformers, could point to Vladeck’s proposal as a vast improvement. That’s because it gets us out of what has become a series of one person courts.

Partly for logistical reasons (and potentially even for security reasons), rather than a court of 11 judges presiding over these expanding counterterrorism programs, we’ve actually had a series of single judges: Colleen Kollar-Kotelly, who presided over at least the Internet dragnet, some other important Pen Register rulings, and several initial Protect America Act reviews, then mostly Reggie Walton presiding over the Yahoo challenge and then the phone and Internet dragnet fixes, then John Bates presiding over the upstream fix (as well as reauthorizing and expanding the Internet dragnet). Presumably, presiding judge Thomas Hogan has assumed the role of one person court (though I suspect Rosemary Collyer, who is next in line to be presiding in any case, takes on some of this work).

And while I’d find great fault with some of Kollar-Kotelly and Bates’ rulings (and even some of Walton’s), I suspect the NatSec establishment was thrilled to see the end of  Walton on the court, because he dared to consider questions thoughtfully and occasionally impose limits on the intelligence programs.

No one benefits from having what works out to be primarily one judge review such massive programs. But that’s what we’ve effectively got now, and because it operates in secret, there’s no apparent check on really boneheaded decisions by these individual judges.

There are a lot of reasons to replace the FISC with review by normal judges, and one of them is that the current system tends to concentrate the review of massive spying programs in the hands of one or two judges alone.

Federal Prosecutors Encouraging Localities to “Cast a Bigger .Net”

/2 Comments/in /by

Screen Shot 2014-12-02 at 10.04.17 AM Last month, Ars Tecnica reported on the Federal role in encouraging a data sharing agreement among a number of Virginia localities called the Hampton Roads Telephone Analysis Sharing Network.

The idea behind the program was to help localities do more sophisticated data analysis, both by (apparently) bringing the overall cost paid — both to telecoms, but also for shared licenses for the analytical software — down, but also by training and providing them with more sophisticated analytical tools. The article relied on a presentation liberated under open records act showing that this sharing was proposed by an investigative analyst in the Eastern District of VA US Attorney’s office.

One thing the presentation emphasized was how the latest version of the Lincoln Pen-Link software would permit the police departments to “cast a bigger .net” than earlier versions. It pointed to the advent of smart phones and asked,

If law enforcement intercepted just the telephone aspect of your “communication device” what would we be missing?

The next slide answers that question: the cops would be missing “Internet intercepts.” That is, in addition to telephone calls and text messages (plus some things no one uses anymore), it would be missing:

  • VoIP
  • Email
  • Instant messaging
  • Chats/forums/blogs
  • File transfers/file sharing
  • Video conferencing
  • Web cam

Another slide boasts that Pen-Link 8 can conduct:

  • Mobile intelligence
  • GPS mapping
  • Internet investigations
  • Digital multimedia
  • Live electronic surveillance
  • Statistical and graphical analysis

I note this not just to raise concerns about the intrusive tools local cops are using to hunt drug dealers. But also to reiterate a point I made about USA Freedom Act.

We know, from documents like this and from Hemisphere, that federal law enforcement officials are using and encouraging localities to use CALEA equipment to obtain and analyze not just phone call metadata, but a whole slew of other things available via smart phones. Not just calls, but location and email and VOIP and phone cam information.

Call me crazy, but I think that suggests there is less than zero chance that they are also not also using these authorities under FISA to pursue terrorists and spies. And (as I’ll show later) because they claim (and FISC permits them to claim) the Fourth Amendment is weaker for national security investigations, they do it with a much weaker standard of suspicion.

When the government adopts — and Congress ratifies — the notion of “connection chaining” via smart phones, there is a very very high likelihood this is the kind of analysis they are engaging in.

DOJ Changed Its FISA Disclosure Policy on January 10, 2008

/1 Comment/in /by

While wandering through FBI’s Domestic Investigations and Operations Guide today, I realized that on January 10, 2008, DOJ changed its FISA use policy (at PDF 104) . In a memo announcing the new policy, Ken Wainstein explained that “this revised policy includes significant changes from current practice that will streamline the process for using FISA information in certain basic investigative processes, while still ensuring that important intelligence and law enforcement interests are protected.”

It then lists 4 (entirely redacted) investigative processes for which FISA information could be used.

While I’m sure this letter has been reported in the past, it has far greater significance given several newly disclosed facts.

First, just days earlier, Attorney General Michael Mukasey reversed existing policy by permitting NSA to contact chain on US person data in EO 12333-collected information. That decision would make it far easier to identify existing communications implicating Americans.

Even more importantly, this move took place just weeks before the government revamped the PRISM program, such that FBI had a much more central role in the process and obtained selected PRISM material directly. In effect, Mukasey made it easier to use FISA information just weeks before FBI started getting a lot more of it, and getting it directly.

This change adds to the already significant evidence that the FBI started back door searches on PRISM information with that change in January 2008.

It’s interesting, too, that FBI had already decided to make these changes before Colleen Kollar-Kotelly ruled the initial Protect America Act certifications met the statute on January 15, 2008. There’s growing evidence that DOJ long planned to involve FBI more centrally, but waited on her decision (and the day the PAA was originally scheduled to expire) to roll out the change formally.

One more critical detail: The letter indicated that the new policy would be tied to a new interpretation of information “derived from” FISA.

The revised policy requires that it be reviewed one year from its effective date and requires NSD to issue guidance on what constitutes information “derived from” FISA collections by March 31, 2008.

Note that that initial annual review date would mean Bush’s DOJ would conduct such a review in the last days before Obama came in.

In any case, the redacted parts of this letter are probably, arguably, unclassified and FOIAble at this point, since PCLOB has revealed that FBI uses its back door searches for assessments.