Unit 8200 Refuseniks Make Visible for Israel What Remains Invisible in the US

/15 Comments/in , /by

Last week, 43 reserve members of Israel’s equivalent to the NSA, Unit 8200, released a letter announcing they would refuse to take actions against Palestinians because the spying done on them amounts to persecution of innocent people. The IDF has responded the same way government agencies here would — scolding the whistleblowers for not raising concerns in official channels. But the letter has elicited rare public discussion about the ethics and morality of spying.

One of the allegations made by the refuseniks highlighted in the English press is that Israel used SIGINT to recruit collaborators, which in turn divides the Palestinian community.

The Palestinian population under military rule is completely exposed to espionage and surveillance by Israeli intelligence. While there are severe limitations on the surveillance of Israeli citizens, the Palestinians are not afforded this protection. There’s no distinction between Palestinians who are, and are not, involved in violence. Information that is collected and stored harms innocent people. It is used for political persecution and to create divisions within Palestinian society by recruiting collaborators and driving parts of Palestinian society against itself. In many cases, intelligence prevents defendants from receiving a fair trial in military courts, as the evidence against them is not revealed. Intelligence allows for the continued control over millions of people through thorough and intrusive supervision and invasion of most areas of life. This does not allow for people to lead normal lives, and fuels more violence further distancing us from the end of the conflict. [my emphasis]

These refuseniks, apparently, have access both to the intelligence they collect and how it is used. That means they’re in a position to talk about the effects of Unit 8200’s spying. And press coverage has made it sound like something that would uniquely happen to occupied Palestinians.

It’s not.

We know of one way that the NSA’s dragnet is definitely being used to recruit informants (aka collaborators), and another whether it it permissible to use.

The first way is via the phone dragnet. As I have noted, the government has twice told the FISA Court — once in 2006 and once in 2009 — that FBI uses dragnet derived information to identify people who might cooperate (aka inform or collaborate) in investigations. Once people come up on a 2-degree search, they are dumped into the corporate store indefinitely, data mined with sufficient information to find embarrassing and illegal things. Apparently, FBI uses such data to coerce cooperation, though we have no details on the process.

All the revealing things metadata shows? The government uses that information to obtain informants.

One way the government probably does this is by using the connections identified by metadata analysis (remember, this is not just phone and Internet data, but also includes financial and travel data, at a minimum) to put people on the No Fly list, regardless of whether they are a real threat to this country. Then, No Fly listees have alleged, FBI promises help getting them off that life-altering status if they inform on their community.

More troubling still is FBI’s uncounted use of warrantless back door searches of US person content when conducting assessments. As I noted, in addition to doing assessments in response to “tips,” the FBI will use them to profile communities or identify potential informants.

As the FBI’s Domestic Investigations and Operations Guide describes, assessments are used for “prompt and extremely limited checking out of initial leads.” No factual predicate (that is, no real evidence of wrong-doing) is required before the FBI starts an assessment. While FBI cannot use First Amendment activities as the sole reason for assessments, they can be considered. In addition to looking into leads about individual people, FBI uses assessments as part of the process for Domain Assessments (what FBI calls their profiling of Muslim communities) and the selection of informants to try to recruit. In some cases, an Agent doesn’t need prior approval to open an assessment; in others, they may get oral approval (though for several kinds, an Agent must get a formal memo approved before opening an assessment). And while Agents are supposed to record all assessments, for some assessments, they’re very cursory reports — basically complaint forms. That is, for certain types of assessments, FBI is not generating its most formal paperwork to track the process.

So while I can’t point to a DOJ claim to FISC that these back door searches are useful because they help find informants, it appears to be possible. Plus, as early as 2002, Ted Olson said they would use evidence of rape collected using traditional FISA to talk someone into cooperating (aka inform or collaborate); that was the reason he gave for blowing the wall between intelligence and criminal investigations to smithereens.

Indeed, knowing the way the government uses phone dragnet information as an index to collected content, the government may well use phone dragnet metadata to pick which Americans to subject to warrantless back door searches.

It sounds really awful when we hear about Israel using SIGINT — including information we provide without minimizing it — to spy on Palestinians.

But we have a good deal of reason to believe the US intelligence community — in collaboration — does similar things, spying on Muslim communities and using SIGINT to recruit collaborators that end up sowing paranoia and distrust in the communities.

Not only don’t we have a group of refuseniks who, among themselves, can explain how all of this works. But how the FBI uses all this data is precisely what the government intends to keep secret under the so-called “transparency” provisions of USA Freedom Act. While I will provide more detail in a follow-up post, remember that the FBI refuses to count its back door searches, which means it would be almost impossible for anyone to get a real sense of how these warrantless back door searches on US persons are used. It also has asserted it does not need to disclose evidence derived from Section 215 to criminal defendants, which is another way the evidence against defendants gets hidden.

It’s awful that Israel is doing it. But it’s even worse that we’re almost certainly doing the same, but that we can only find hints of how it is being done.

Why USAF’s “Transparency” Provisions Will Make Ongoing Organizing Difficult

/2 Comments/in /by

I’ve had some discussions of late about whether the flawed transparency provisions in the USA Freedom Act are a net good. Until I read them closely, I believed they couldn’t hurt. Now I believe they do.

That’s because the transparency provisions are designed to withhold data on all the collection programs to which privacy activists would like to make further changes — or would, if we knew about them. And while bill supporters note we don’t receive the information that would be withheld under the bill now, I believe the selective way the transparency provisions work, however, will make it harder to oppose these programs.

To explain what I mean, let me first separate programs into three categories:

Confirmed programs

USAF withholds information on two of the most abusive practices: FBI’s back door searches, including on people against whom it has no concrete evidence of wrong-doing, and illegal domestic wiretapping under the upstream program. USAF hides FBI’s back door searches under the FBI exemptions. It hides illegal domestic wiretapping by permitting the DNI to get a certificate saying he can’t count people in the US collected under upstream collection, and also (probably) by treating only US-based phone numbers as proof of US location.

I agree that passing USAF won’t set back mobilization on these two. We’ve got documented acknowledgment of both, so it will be easy to insist on the continued existence of the practice, even while transparency reports come out showing no FBI back door searches (as compared to 100 NSA ones and 1,300 CIA ones), and a certificate asserting the NSA can’t count illegal domestic wiretapping.

So while the Intelligence Community’s refusal to count these things helps them by not making it easier to organize against them, keeping the scope of these programs hidden won’t make it any harder (I believe the secrecy on these programs serves more nefarious discovery purposes).

Known but not confirmed programs

I do, however, fear the transparency provisions will make it harder to organize to fix two other programs: Non-communications Section 215 programs and FBI’s apparent PRTT program, and will invite abuse in a third, the Internet Section 215 orders.

USAF not only permits the use of corporate persons as selectors for non-communications Section 215 programs, but it also requires no individualized reporting. So bulk collection of international Western Union transfers would be unaffected by this bill; Section 215 has also been confirmed for use collecting purchase records of TATP precursors — large volumes of acetone and hydrogen peroxide — and probably is also used to track fertilizer and pressure cooker purchases. Travel records are another likely use. Thus, even ignoring the likelihood the government will roll out new collection programs in the future, these programs will all likely remain unchanged.

But, in spite of the probability these programs collect the records of hundreds of thousands or millions of Americans, they will each show up in reporting as something like 4 orders affecting 4 or so targets. Worse, NGOs and Senate bull supporters have been telling the public for months, wrongly, that the bill would end bulk collection. So even if they later wanted to insist that such collection still went on, who would believe them, after they boasted that the bill would end precisely this kind of bulk collection? So by permitting this ongoing collection and excluding it from transparency reporting, USAF would make these — and (just as importantly) any new non-communications bulk Section 215 programs invisible –and that invisibility would be reinforced by the public comments of people who overstated the bill’s effects.

FBI’s PRTT program (or rather bulk PRTT programs generally) is similarly something that bill supporters have claimed would be eliminated by the program. As a reminder, we know the existence of this — at least as recently as February 2012 — from Snowden’s leaks. A classification guide from that month made it clear that the actual numbers relating to the “FBI Pen Register Trap Trace program were among the most sensitive FISA secrets.

PRTT3

 

But that’s about it. We don’t know anything more about this program (or whether, as is possible, it got shut down for some reason).  That said, unless it exactly replicates the defunct NSA PRTT program (collecting on most switches in the US), there’s no reason to believe USAF would shut it down. My guess — backed both by the structure of the transparency procedures and by other details (we’ve recently learned, for example, that FBI uses criminal PRTTs for location data, including stingrays) — is that it is a program to collect location data on some subset of targets. And if that’s the case, I believe it would be entirely hidden under USAF, because — as with traditional Section 215s — PRTT reporting only requires individualized reports for communications, using a definition of communications that would exclude phones pinging providers.

If this program is closer to the old NSA PRTT program — collecting Internet metadata — it will show up as a huge number, but one affecting only foreigners, because the US persons affected can be hidden in two ways: both because only phone numbers are used to track US location under this bill, and because DNI can certify that he can’t count the US persons collected under this.

Whichever it is, it thwarts key legal battles civil libertarians are increasingly winning. And does so without any hint of doing so.

In any case, both of these are known programs that bill supporters claim will not exist after passage of the bill. Yet they do and, according to a close reading of the bill, will exist. Which sort of makes it impossible to oppose them.

I would add that the Internet Section 215 orders — which make up a majority of current Section 215 orders — pose a unique problem. We learned in a recent NSL IG report that starting in 2009, some Internet companies refused certain production under NSLs, and since then the government has used 215 orders to get the data. Given that the companies successfully refused that production as NSLs, they are likely exotic collections — possibly up to and including content — protected by FISC imposed minimization procedures (which may get weaker with the passage of USAF). My wildarseguess is that they are targets’ URL searches. Since these make up a majority of current 215 orders, they are probably 110 to 180 of these a year.

Read more

About Apple’s Dead Warrant Canary

/3 Comments/in /by

There were two significant pieces of Apple security news yesterday.

In laudable news, Apple’s new privacy policy makes clear that it will be unable to unlock locally stored content for law enforcement.

On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

I find the comment as interesting for the list of things Apple envisions potentially having to hand over as I do for the security claim (though the security claim is admirable).

  • Photos
  • Messages, including attachments
  • Email
  • Contacts
  • Call history
  • iTunes content
  • Notes
  • Reminders

Though Apple’s promise to protect this kind of data only goes so far; as the NYT makes clear, that doesn’t extend to data stored on Apple’s cloud.

The new security in iOS 8 protects information stored on the device itself, but not data stored on Apple’s cloud service. So Apple will still be able to hand over some customer information stored on iCloud in response to government requests.

Which brings us to the second piece of news. As GigaOm notes, Apple’s warrant canary indicating that it has never received a Section 215 order has disappeared.

When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated:

“Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.”

Writer and cyber-activist Cory Doctorow at the time recognized that language as a so-called “warrant canary,” which Apple was using to thwart the secrecy imposed by the Patriot Act.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request.

Now, Apple’s warrant canary has disappeared. A review of the company’s last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the “canary” language is no longer there.

Note, GigaOm goes on to mistakenly state that Section 215 is the basis for PRISM, which doesn’t detract from the importance of noting the dead warrant canary. The original PRISM slides indicate that Apple started complying with Section 702 (PRISM) in October 2012, and the ranges in Apple’s government request data probably reflect at least some of its Section 702 compliance to provide content.

So Apple receiving its first Section 215 order sometime last year would reflect either a different kind of request — one not available by targeting someone overseas, as required under Section 702 — or a request for the kind of information it has already provided via a new authority, Section 215.

Many of the things listed above — at a minimum, call history, but potentially things like contacts and the titles of iTunes content (remember, James Cole has confirmed the government could use Section 215 to get URL searches, and we know they get purchase records) — can be obtained under Section 215.

I find Apple’s dead warrant canary of particular interest given the revelation in the recent DOJ IG Report on National Security Letters that some “Internet companies” started refusing NSLs for certain kinds of content starting in 2009; that collection has moved to Section 215 authority, and it now constitutes a majority of the 200-some Section 215 orders a year.

The decision of these [redacted] Internet companies to discontinue producing electronic communication transactional records in response to NSLs followed public release of a legal opinion issued by the Department’s Office of Legal Counsel (OLC) regarding the application of ECPA Section 2709 to various types of information. The FBI General Counsel sought guidance from the OLC on, among other things, whether the four types of information listed in subsection (b) of Section 2709 — the subscriber’s name, address, length of service, and local and long distance toll billing records — are exhaustive or merely illustrative of the information that the FBI may request in an NSL. In a November 2008 opinion, the OLC concluded that the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL.

Although the OLC opinion did not focus on electronic communication transaction records specifically, according to the FBI, [redacted] took a legal position based on the opinion that if the records identified in Section 2709(b) constitute the exclusive list of records that may be obtained through an ECPA NSL, then the FBI does not have the authority to compel the production of electronic communication transactional records because that term does not appear in subsection (b).

[snip]

We asked whether the disagreement and uncertainty over electronic communication transactional records has negatively affected national security investigations. An Assistant General Counsel in NSLB told us that the additional time it takes to obtain transactional records through a Section 215 application slows down national security investigations, all of which he said are time-sensitive. He said that an investigative subject can cease activities or move out of the country within the time-frame now necessary to obtain a FISA order. [my emphasis]

These Internet company refusals must pertain to somewhat exotic requests, otherwise the government would simply take the companies to court one time apiece and win that authority. So we should assume the government was making somewhat audacious requests using NSLs, some companies refused, and it now uses Section 215 to do the collection. Another signal that these requests are fairly audacious is that the FISA Court appears to have imposed minimization procedures, which for individualized content must reflect a good deal of irrelevant content that would be suppressed.

While my wildarse guess is that this production pertains to URL searches, everything cloud providers like Apple store arguably falls under the Third Party doctrine and may be obtained using Section 215.

That’s not to say Apple’s dead canary pertains to this kind of refusal. But it ought to raise new questions about how the government has been using Section 215.

This production will likely be increasingly obtained using USA Freedom Act’s emergency provisions, which permit the government to retain data even if it is not legal, if the bill passes. And the bill’s “transparency” provisions hide how many Americans would be affected.

John Bates Gets Slapped Down for Speaking Out of Turn, Again

/2 Comments/in /by

A few weeks back, I pointed to 9th Circuit Chief Judge Alex Kozinski’s criticism of John Bates’ presumption to speak for the judiciary in his August 5 letter complaining about some aspects of USA Freedom Act. Kozinski was pretty obviously pissed.

But compared to the op-ed from retired District Court Judge Nancy Gertner — who effectively scolds Bates, as the Administrative staff, speaking out of turn — Kozinski was reserved.

[W]hatever the merits of Bates’ concerns—and other judges have dissented from it—he most assuredly does not speak for the Third Branch.

[snip]

Bates has been appointed by Chief Justice John Roberts to serve as director of the Administrative Office of the U.S. Courts, the body that administers the federal courts. It was created in 1939 to take the administration of the judiciary out of the Department of Justice. Its principal tasks were data collection and the creation of budgets and, while its duties have grown over the years, they remain administrative (dealing with such things as court reporters, interpreters, judicial pay, maintenance of judicial buildings, staffing etc.).

When members of Congress solicit the “judiciary’s” opinion they may write to the office’s director, but he has no authority to make policy for the federal judiciary. It is the Judicial Conference of the United States Courts, to which the AO director is only the “secretary,” that has that responsibility.

I’m very supportive of Gertner’s defense of judicial independence and her concern about the operation of the FISA Court.

But her critique goes off the rails when she points to DOJ’s purported support of USA Freedom Act as a better indication of the Executive’s views than Bates’ comments.

Moreover, a great deal of Bates’ letter focuses on the Senate proposals’ impact on the executive branch and the intelligence community. The Senate bill would burden the executive with more work and even delay the FISA court’s proceedings, he suggests. Worse yet, the executive may be reluctant to share information with an independent advocate—a troubling claim.

Bates’ concerns are belied by the support voiced by the Department of Justice and the president for the Senate proposal. Surely, the executive branch understands its own needs better than does Bates. Surely, the executive branch has confidence in the procedures that the FISA court would have in place for dealing with classified information, just as the courts that have dealt with other national security issues have had.

And surely, the executive would abide by what the law requires, notwithstanding Bates’ predictions about its “reluctance” to share information with a special advocate.

DOJ’s “support” of the bill was expressed when Eric Holder co-signed a letter (which Gertner tellingly doesn’t mention, much less link) from James Clapper which, when read with attention, clearly indicated the Executive would interpret the bill to be fairly permissive on most of the issues on which the Senate bill would otherwise improve on the House one. Holder’s “support” of the bill strongly indicates that DOJ, with ODNI, plans to use the classification and privilege “protections” in the bill to refuse to share information with the special advocate.

And that’s precisely the part of the letter where Holder and Clapper invoke Bates.

Read more

A Yahoo! Lesson for USA Freedom Act: Mission Creep

/2 Comments/in /by

I’m still wading through the Yahoo documents released last week.

But there is a lesson in them that — given the debate over USA Freedom Act — deserves immediate attention: mission creep.

At least in this case, the actual implementation of the Protect America Act appears to have quickly and secretly outstripped the public understanding surrounding of the scope of the law.

In response to an order from Reggie Walton to provide precise details about what the government was asking for provide hints of this, the FBI and Yahoo submitted a series of declarations. In January 2008, an FBI engineer submitted a declaration detailing what the government demanded (though it is almost entirely redacted).

In response, Yahoo’s VP and Associate General Counsel submitted a declaration covering his (or her) involvement; he was the only one who attended all the meetings with the government. Interestingly the first meeting was in August, but before the law was passed. That’s interesting because it was slammed through in a rush on August 4, 2007, meaning, Yahoo must have first met with the government about a bill making dramatic demands on it just days before it passed.

The AGC ends his declaration by laying out what data had been discussed while he was involved, but then saying the discussions about a particular issue had not ended when he exited the discussions, so he could not agree with or disagree with some part of the FBI declaration.

In a declaration dated the next day, the Manager of Yahoo’s Legal Compliance team (the declaration describes that he or she had the lead on FISA response) submitted her declaration. It says she will be listing the kinds of data Yahoo provides to the government.

But before she can do that, she has to lay out that Yahoo offers email and IMs, information services (like Yahoo finance), cloud storage, as well as facilitating all that with communications between the various components. That suggests the government was — already — asking for more than just emails and IMs and, possibly, data storage contents (which would be unsurprising). This seems to be the stuff the AGC couldn’t speak to.

The final FISCR opinion listed 9 things the government had demanded, as compared to the one-line long description that Yahoo originally believed — and had been told — it would have to turn over.

Screen Shot 2014-09-15 at 4.35.32 PM

 

I followed the PAA debate closely (though not as closely as I’ve followed the USAF debate — I learned you have to watch these things like a hawk!). And I understood the chief goal of the bill was to access the email of the largest free providers, Yahoo, Microsoft, and Google, which all happened to be in the US. I wouldn’t have imagined that the government would also be obtaining the info services habits of targets, though now that idea also seems obvious.

And that appears to have happened in less than a year.

It just appears that once the government got what they needed, they then started looking around for other ways they could use their new toy. And so kept grabbing more data.

This is among the concerns I have about the ambiguous language in USA Freedom Act’s “connection chaining” language — that once they get to the telecoms without a limit to stick to call chaining (they must return a CDR at each stage, but the bill doesn’t say how they get there), they’ll just grab what they can get.

Transpartisan Coalition Calls on Senate for More NSA Reform

/1 Comment/in /by

Apparently, I’m not the only one who thinks USA Freedom Act does not do enough to reform the dragnet.

A transpartisan coalition of people and organizations — including whistleblowers Bill Binney, Thomas Drake, Dan Ellsberg, Mark Klein, Ed Loomis and Kirk Wiebe — just released a letter calling out the problems with the bill. The letter starts,

We, the undersigned civil liberties advocates, organizations, and whistleblowers, are alarmed that Senator Leahy’s recently introduced bill, the USA FREEDOM Act (S. 2685), legalizes currently illegal surveillance activities, grants immunity to corporations that collaborate to violate privacy rights, reauthorizes the PATRIOT Act for an additional 2.5 years, and fails to reform EO 12333 or Section 702, other authorities used to collect large amounts of information on Americans. For these reasons, we encourage both the House and the Senate to oppose this legislation in its current form.

I hope reform supporters in Congress take this call for more meaningful reform seriously!

The Curious Timing of FBI’s Back Door Searches

/in /by

The very first thing I remarked on when I read the Yahoo FISCR opinion when it was first released in 2009 was this passage.

The petitioner’s concern with incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions do not render those acquisitions unlawful.9 See, e.g., United States v. Kahn, 415 U.S. 143, 157-58 (1974); United States v. Schwartz, 535 F.2d 160, 164 (2d Cir. 1976). The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.(26 in original release; 30 in current release)

The government claimed to FISCR that it did not maintain a database of incidentally collected information from non-targeted US persons.

Barring some kind of neat parse, I didn’t buy the claim, not even in 2009.

Since then, we’ve found out that — barring some kind of neat parse — I was absolutely right. In fact, they are doing back door searches on this data, especially at FBI.

What I’m particularly intrigued by, now, is the timing.

FISCR said that in an opinion dated August 22, 2008 — over a month after the July 10, 2008 passage of the FISA Amendments Act. I have not yet found evidence of when the government said that to FISCR. It doesn’t appear in the unredacted part of their Jun 5, 2008 Merits brief (which cites Kahn but not Schwartz; see 49-50), though it might appear behind the redaction on 41. Of note, the April 25, 2008 FISC opinion doesn’t even mention the issue in its incidental collection discussion (starting at 95), though it does discuss amended certifications filed in February 2008.

So I’m guessing the government made that representation at the hearing in June, 2008.

We know, from John Bates’ rationale for authorizing NSA and CIA back door searches, such back door searches were first added to FBI minimization procedures in 2008.

When Bates approved back door searches in his October 3, 2011 opinion, he pointed to FBI’s earlier (and broader) authorities to justify approving it for NSA and CIA. While the mention of FBI is redacted here, at that point it was the only other agency whose minimization procedures had to be approved by FISC, and FBI is the agency that applies for traditional FISA warrants.

[redacted] contain an analogous provision allowing queries of unminimized FISA-acquired information using identifiers — including United States-person identifiers — when such queries are designed to yield foreign intelligence information. See [redacted]. In granting [redacted] applications for electronic surveillance or physical search since 2008, including applications targeting United States persons and persons in the United States, the Court has found that the [redacted] meet the definitions of minimization procedures at 50 U.S.C. §§ 1801(h) and 1821(4). It follows that the substantially-similar querying provision found at Section 3(b)(5) of the amended NSA minimization procedures should not be problematic in a collection that is focused on non-United States persons located outside the United States and that, in aggregate, is less likely to result in the acquisition of nonpublic information regarding non-consenting United States persons.

So since 2008, FBI has had the ability to do back door searches on all the FISA-authorized data they get, including taps targeting US persons.

The FBI Minimization procedures submitted with the case all date to the 1990s, though a 2006 amendment changing how they logged the identities of US persons collected (note, in 2011, John Bates was bitching at FBI for having ignored an order to reissue all its minimization procedures with updates; I can see why he complained).

As described in the Government’s response of June 16, 2006, identities of U.S. persons that have not been logged are often maintained in FBI databases that contain unminimized information. The procedures now simply refer to “the identities” of U.S. persons, acknowledging that the FBI may not have previously logged such identities.

But there’s reason to believe the FBI minimization procedures — and this logging process — was changed in 2008, because a government document submitted in the Basaaly Moalin case — we know Moalin was wiretapped from December 2007 to April 2008, so during precisely the period of the Yahoo challenge, though he was not indicted until much later — referenced two sets of minimization procedures, seeming to reflect a change in minimization during the period of his surveillance (or perhaps during the period of surveillance of Aden Ayro, which is how Moalin is believed to have been identified).

That is, it all seems to have been happening in 2008.

The most charitable guess would be that explicit authorization for back door searches happened with the FAA, so before the FISCR ruling, but after the briefing.

Except in a letter to Russ Feingold during early debates  on the FAA, Mike Mukasey and Mike McConnell (the latter of whom was involved in this Yahoo fight) strongly shot down a Feingold amendment that would have required the government to segregate all communications not related to terrorism (and a few other things), and requiring a FISA warrant to access them.

The Mukasey-McConnell attack on segregation is most telling. They complain that the amendment makes a distinction between different kinds of foreign intelligence (one exception to the segregation requirement in the amendment is for “concerns international terrorist activities directed against the United States, or activities in preparation therefor”), even while they claim it would “diminish our ability swiftly to monitor a communication from a foreign terrorist overseas to a person in the United States.” In other words, the complain that one of the only exceptions is for communications relating terrorism, but then say this will prevent them from getting communications pertaining to terrorism.

Then it launches into a tirade that lacks any specifics:

It would have a devastating impact on foreign intelligence surveillance operations; it is unsound as a matter of policy; its provisions would be inordinately difficult to implement; and thus it is unacceptable.

As Feingold already pointed out, the government has segregated the information they collected under PAA–they’re already doing this. But to justify keeping US person information lumped in with foreign person information, they offer no affirmative reason to do so, but only say it’s too difficult and so they refuse to do it.

Even 5 years ago, the language about the “devastating impact” segregating non-terrorism data might have strongly suggested the entire point of this collection was to provide for back door searches.

But that letter was dated February 5, 2008, before the FISCR challenge had even begun. While not definitive, this seems to strongly suggest, at least, that the government planned — even if it hadn’t amended the FBI minimization procedures yet — to retain a database of incidentally data to search on, before the government told FISCR they did not.

Update: I forgot a very important detail. In a hearing this year, Ron Wyden revealed that NSA’s authority to do back door searches had been closed some time during the Bush Administration, before it was reopened by John “Bates stamp” Bates.

Let me start by talking about the fact that the House bill does not ban warrantless searches for Americans’ emails. And here, particularly, I want to get into this with you, Mr. Ledgett if I might. We’re talking of course about the backdoor search loophole, section 702 of the FISA statute. This allows NSA in effect to look through this giant pile of communications that are collected under 702 and deliberately conduct warrantless searches for the communications of individual Americans.  This loophole was closed during the Bush Administration, but it was reopened in 2011, and a few months ago the Director of National Intelligence acknowledged in a letter to me that the searches are ongoing today. [my emphasis]

When I noted that Wyden had said this, I guessed that the government had shut down back door searches in the transition from PAA to FAA, but that seems less likely, having begun to review these Yahoo documents, then that it got shut down in response to the hospital confrontation.

But it shows that more extensive back door searches had been in place before the government implied to the FISCR that they weren’t doing back door searches that they clearly were at least contemplating at that point. I’d really like to understand how the government believes they didn’t lie to the FISCR in that comment (though it wouldn’t be the last time they lied to courts about their databases of Americans).

If Patrick Leahy Wants to End Bulk Collection, He Needs to Amend His USA Freedom Act

/3 Comments/in /by

The other day, the government obtained another Primary Order to collect all our phone records.

In response, Senator Patrick Leahy released this statement:

Congress must ensure that this is the last time the government requests and the court approves the bulk collection of Americans’ records.  We can make this a reality in the Senate if we act swiftly to pass the bipartisan USA FREEDOM Act.  Stakeholders from across the political and ideological spectrum have urged us for months to do just that.  We cannot wait any longer, and we cannot defer action on this important issue until the next Congress.  This announcement underscores, once again, that it is time for Congress to enact meaningful reforms to protect individual privacy.

I heartily agree with Leahy that the government has to stop obtaining authorization to collect Americans’ records in bulk.

But I think Leahy is misleading when he says we can “make this a reality” by passing USA FREEDOM Act — at least as currently written. While USA Freedom Act prohibits the government from collecting Americans’ phone records in bulk, it doesn’t prevent the government from collection Americans’ records from non-communications companies in what normal people would call bulk.

The language in the bill prohibiting the use of a company name as a selector only applies to electronic communication service providers.

(II) a term identifying an electronic communication service provider (as that term is defined in section 701) or a provider of remote computing service (as that term is defined in section 2711 of title 18, United States Code), when not used as part of a specific identifier as described in clause (i), unless the provider is itself a subject of an authorized investigation for which the specific selection term is used as the basis of production.

The limit of this language to communications companies makes it clear that the bill envisions the use of a corporate person (persons are permitted for traditional Section 215 orders) names — so long as they aren’t communications providers — as a selector. You can’t get all records from Verizon, as the government does, but you can get all one-side foreign records from Western Union, as the government also currently does.

In this case, the secret surveillance court has authorized the Federal Bureau of Investigation to work with the CIA to collect large amounts of data on international transactions, including those of Americans, as part of the agency’s terrorism investigations.

The data collected by the CIA doesn’t include any transactions that are solely domestic, and the majority of records collected are solely foreign, but they include those to and from the U.S., as well. In some cases, it does include data beyond basic financial records, such as U.S. Social Security numbers, which can be used to tie the financial activity to a specific person. That has raised concerns among some lawmakers who learned about the program this summer, according to officials briefed on the matter.

Former U.S. government officials familiar with the program said it has been useful in discovering terrorist relationships and financial patterns. If a CIA analyst searches the data and discovers possible suspicious terrorist activity in the U.S., the analyst provides that information to the FBI, a former official said.

[snip]

The data is obtained from companies in bulk, then placed in a dedicated database. Then, court-ordered rules are applied to “minimize,” or mask, the information about people in the U.S. unless that information is deemed to be of foreign-intelligence interest, a former U.S. official said.

Moreover, even if this is the only financial program that exists right now, the only limit on such programs would be the imagination of the Intelligence Community and the indulgence of the FISA Court. James Clapper and John Bates both objected to interpreting the transparency provisions of USAF to include similar applications to new targets. Particularly as the fearmongering surrounding ISIS increases, they’ll be ratcheting up the domestic spying again.

In any case, there is abundant reason to believe the government also collects the records of certain bomb precursors — fertilizer, acetone and hydrogen peroxide in large quantities, and pressure cookers — to cross-reference with suspect targets. And while the government collects flight information directly, there may well be bulk travel record collection as well.

The bill enables this kind of bulk collection in its “transparency” provisions as well. Those provisions only conduct individualized counts for communications related orders under traditional Section 215, not for non-communications related orders.

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders; and
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This is obviously all by design (otherwise these two passages wouldn’t have this symmetry). And perhaps all it does is serve to hide this one (probably two, maybe three) programs. But again, there’s no guarantee that won’t change in the future, and the transparency provisions don’t do enough to ensure  this would be properly briefed.

Of course the fix for this would be easy: extend the same prohibition against using a corporate person as a selector to all corporate persons, and extend the individualized reporting under traditional Section 215 to all Section 215 orders.

If Senator Leahy wants to prevent bulk collection, he needs to treat tangible things — the name of the provision at hand!!! — of all sorts, communications and non-communications — as the bill currently treats just communications-related orders.

Hate to Tell SSCI I Told Them So, John Brennan Lying and Spying Edition

/15 Comments/in /by

The morning of John Brennan’s confirmation hearing, I posted what I deemed the 5 most important questions to ask him. Three were: Will you stop lying, how much of Dick Cheney’s illegal wiretap program did you run, and will you permit CIA to spy on Americans.

1) Do you plan to continue lying to Americans?

You have made a number of demonstrable lies to the American people, particularly regarding the drone program and the Osama bin Laden raid. Most egregiously in 2011, you claimed “there hasn’t been a single collateral death” in almost a year from drone strikes; when challenged, you revised that by saying, “the U.S. government has not found credible evidence of collateral deaths,” even in spite of a particularly egregious case of civilian deaths just months earlier. On what basis did you make these assertions? What definition of civilian were you using in each assertion? (More background)

In addition, in a speech purportedly offering transparency on the drone program, you falsely suggested we know the identities of all people targeted by drones. Why did you choose to misrepresent the kind of intelligence we use in some strikes?

[snip]

4) What role did you have in Bush’s illegal wiretap program?The joint Inspector General report on the illegal wiretap program reported that entities you directed — the Terrorist Threat Integration Center in 2003 and 2004, and the National Counterterrorism Center in 2004 and 2005 — conducted the threat assessments for the program.

What role did you have, as the head of these entities, in the illegal wiretapping of Americans? To what extent did you know the program violated FISA? What role did you have in counseling Obama to give telecoms and other contractors immunity under the program? What influence did you have in DOJ decisions regarding suits about the illegal program, in particular the al-Haramain case that was thrown out even after the charity had proved it had been illegally wiretapped? Did you play any role in decisions to investigate and prosecute whistleblowers about this and other programs, notably Thomas Drake? (More background)

5) Did you help CIA bypass prohibitions on spying domestically with the NYPD intelligence (and other) programs?

In your additional prehearing questions, you admit to knowing about CIA’s role in setting up an intelligence program that profiled Muslims in New York City. What was your role in setting up the program? As someone with key oversight over personnel matters at the time, did you arrange Larry Sanchez’ temporary duty at the NYPD or CIA training for NYPD detectives?

Have you been involved in any similar effort to use CIA resources to conduct domestic spying on communities of faith? You said the CIA provides (among other things) expertise to local groups spying on Americans. How is this not a violation of the prohibition on CIA spying on Americans?  (More background)

As it turns out, all three questions are directly pertinent for the latest dust-up between SSCI and the CIA Director.

Tensions between the CIA and its congressional overseers erupted anew this week when CIA Director John Brennan refused to tell lawmakers who authorized intrusions into computers used by the Senate Intelligence Committee to compile a damning report on the spy agency’s interrogation program.

The confrontation, which took place during a closed-door meeting on Tuesday, came as the sides continue to spar over the report’s public release, providing further proof of the unprecedented deterioration in relations between the CIA and Capitol Hill.

After the meeting, several senators were so incensed at Brennan that they confirmed the row and all but accused the nation’s top spy of defying Congress.

“I’m concerned there’s disrespect towards the Congress,” Sen. Carl Levin, D-Mich., who also serves as chairman of the Senate Armed Services Committee, told McClatchy. “I think it’s arrogant, I think it’s unacceptable.”

And you know what, Senator Levin? Brennan doesn’t actually care what you think. This Committee confirmed him last year, at a point where it was already clear he would lie and spy if he thought it would help the CIA. That was the moment to win respect from Brennan.

But at this point — especially because it seems Brennan has confidence his boss won’t fire him — he knows he can get away with this.

“Linking” Procedures in the Yahoo Opinion

/1 Comment/in /by

As I mentioned earlier, Yahoo is finally releasing the documents pertaining to its challenge of Protect America Act directives in 2008. The LAT has loaded the Yahoo documents in an easy to access page.

This post will look primarily at the FISCR opinion.

As you’ll recall, this opinion was previously released in 2009 (and in fact, the previous list has names of some of the DOJ people who are redacted with this release unredacted).

The four main new disclosures I noted are:

  • A discussion of differences between the definition of foreign power in EO 12333 and FISA
  • Concerns Yahoo raised about how inaccurate the first directives it had received (the Court appears to misunderstood the seriousness of the inaccuracies)
  • Discussion of a parting shot — this supplemental brief makes it clear the largely redacted discussion pertains to US person data collected overseas; I’ll probably return to this, but it appears Yahoo’s concerns were born out and led to the addition of Sections 703-5 in FISA Amendments Act.
  • Reference to “linking” procedures which were part of what FISCR used to deem the collection constitutional

That last item — the “linking” procedures — is what was redacted in this post I did when the memo was first released. As I noted then, the procedures were what the FISCR used to meet particularity requirements.

The following passage starts on page 23:

The linking procedures — procedures that show that the [redacted] designated for surveillance are linked to persons reasonably believed to be overseas and otherwise appropriate targets — involve the application of “foreign intelligence factors” These factors are delineated in an ex parte appendix filed by the government. They also are described, albeit with greater generality, in the government’s brief. As attested by affidavits  of the Director of the National Security Agency (NSA), the government identifies [redacted] surveillance for national security purposes on information indicating that, for instance, [big redaction] Although the FAA itself does not mandate a showing of particularity, see 50 U.S.C. § 1805(b). This pre-surveillance procedure strikes us as analogous to and in conformity with the particularly showing contemplated by Sealed Case.

I’ll need to look more closely to find this brief — if it was released. But I suspect that this shows more closely how the metadata dragnets and the content collection are linked. They collect the metadata to mine for “proof” of meaningful connection, then use that to unlock the content. That’s not surprising — it’s what I had been speculating since days after Risen first broke this — but it’s important to flesh out. Because, of course, all this not-a-search metadata really is, because it leads directly to the content.

As I noted in my post in 2009, Russ Feingold released a statement with the release of the opinion, basically arguing that Yahoo could have won this if they had had access to the procedures related to the program (Mark Zwillinger made the same point when he testified to PCLOB).

The decision placed the burden of proof on the company to identify problems related to the implementation of the law, information to which the company did not have access.  The courtupheld the constitutionality of the PAA, as applied, without the benefit of an effective adversarial process.  The court concluded that “[t]he record supports the government.  Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse in the circumstances of the instant case.”  However, the company did not have access to all relevant information, including problems related to the implementation of the PAA.  Senator Feingold, who has repeatedly raised concerns about the implementation of the PAA and its successor, the FISA Amendments Act (“FAA”), in classified communications with the Director of National Intelligence and the Attorney General, has stated that the court’s analysis would have been fundamentally altered had the company had access to this information and been able to bring it before the court.

There’s no reason to believe the “linking” procedures are what Feingold was referring to. After all, there still are details of the minimization and targeting procedures that raise big constitutional issues. Plus, we know foreign collection has always been a big concern of Feingold’s. But I am wondering whether part of the problem was that their contact chaining was not very good, and therefore they were collecting people who really weren’t linked to the targets in question.

Which might explain why Yahoo was experiencing so many dud directives in the first months of its operation.