NSA Refused to Confirm Authenticity of Foreign Power Certification

/in /by

There’s an odd detail in yesterday’s WaPo confirmation that the US may target every country in the world that’s not a part of the Five Eyes partnership. After having suggested publicly and repeatedly that it has certifications for counterterrorism, counterproliferation and cyber, it refused to confirm that the certification for foreign powers was authentic.

NSA officials, who declined to comment on the certification or acknowledge its authenticity, stressed the constraints placed on foreign intelligence-gathering.

So it’s willing to confirm all those other uses, but not this one?

The section immediately reminded me of these two sections of Judge Garr King’s opinion refusing Mohamed Osman Mohuamud’s challenge to the use of Section 702 against him.

If I use defendant’s proffered standard in a facial challenge, that there would be a substantial risk the statute would be applied unconstitutionally, rather than the government’s proffered standard, that the statute would survive a facial challenge if there is any set of circumstances in which it could be constitutionally applied,2 I would be required to speculate about the other applications. Under the government’s standard, if the statute survives an as-applied challenge, it automatically survives a facial challenge because there is at least one constitutional application. I am unwilling to speculate on other applications with a statute this complex.

[snip]

Defendant is concerned the government could interpret the “conduct of the foreign affairs of the United States” broadly enough to cover such items as international trade, rather than just threats to national security.

I note the discovery in this case all concerned protecting the country from a terrorist threat and did not stray into the broader category of the conduct of foreign affairs.

The government has just survived a constitutional challenge to Section 702 by refusing to speculate that the government might do something like spy for advantage in international trade.

Which, we now have proof, it does.

Spying for advantage in international trade is a much higher reach for the special needs analysis King and the FISCR have used to deem Section 702 reasonable.

Given the government’s extensive efforts to hide this application of Section 702, you might even think they don’t believe it’s reasonable!

 

Were DiFi’s Aides Who Claimed “Only a Small Number” of Back Door Searches Ignorant or Lying?

/11 Comments/in /by

Yesterday, we learned:

  • NSA conducted unwarranted back door searches on 198 US persons’ content last year and 9,500 back door searches on US person metadata
  • CIA conducted around 1,900 unwarranted back door searches on US person content, and an uncounted number of back door searches on US person metadata
  • FBI conducted a substantial number of unwarranted back door searches on US person content and metadata — so much so it doesn’t count it

Back in November, when Dianne Feinstein was trying to codify these unwarranted back door searches explicitly into law, here’s what anonymous sources described as Senate Intelligence Committee aides told the WaPo:

They say that there have been only a “small number” of such queries each year. Such searches are useful, for instance, if a tip arises that a terrorist group is plotting to kill or kidnap an American, officials have said.

“Only a small number.”

Over 2,000 counted searches between the CIA and NSA. Uncounted, but substantial, number of searches by FBI. “Only a small number.”

Were these anonymous sources ignorant — relying on false information from the Agencies? The actual number of unwarranted back door searches doesn’t appear in the unredacted portions of the one Semiannual Section 702 Compliance report we’ve seen (see page 13); there doesn’t appear to be a redacted section where they would end up.

So have the Agencies (CIA and NSA in this case; FBI’s back door searches get audited in a different way) simply hidden from their Congressional overseers how frequently they were doing these searches?

Or were these aides trying, once again, to pass legislation permitting the nation’s spy agencies to conduct intrusive searches on Americans by lying?

One way or another, it’s a damn good thing Ron Wyden asked for and insisted on getting an answer to his question of how common these back door searches are (even if the FBI still refuses to count them). Because the key people who are supposed to oversee them are either ignorant or lying about them.

In Advance of PCLOB, WaPo Busts ODNI’s Limited Hang Out on Certifications

/3 Comments/in , , /by

Earlier today, I got to tell the journalists who have long ignored that the FBI does back door searches — or even suggested I was guessing that they do, when it appeared in multiple public documents — that I had been telling them so for a long time.

But today I also have to admit I got suckered by a year-long Director of National Intelligence effort at a limited hangout. That effort was, I’m convinced, designed to hide that the Section 702 program is far broader than government witnesses wanted to publicly admit it was. Nevertheless, I was wrong about a supposition I had believed until about 2 months ago.

Since the first days after the Snowden leaks, the government has suggested it had 3 certificates under Section 702, covering counterterrorism, counterproliferation, and cybersecurity.  But — as the WaPo reports (as with the ODNI back door search numbers, in convenient timing that conveniently preempts the PCLOB report) — that’ s not the case. The NSA has a certificate that covers every foreign government except the other 4 members of the 5 Eyes (UK, Canada, New Zealand, and Australia), as well as various foreign organizations like OPEC, the European Central Bank, and various Bolivarist groups.

For an entire year, the government has been suggesting that is not the case. I even believed them, the one thing I know of where I got utterly suckered. I was wrong.

Frankly, this certification should not be a surprise. It is solidly within the letter of the law, which permits collection on any agent of a foreign power. From the very first PRISM revelations, which showed collection on Venezuela, it was clear NSA collected broadly, including on Bolivarist governments and energy organizations.

But consistently over the last year, the NSA has suggested it only had certifications for CT, CP, and cyber.

On June 8 of last year, for example, ODNI listed 3 Section 702 successes.

  • Communications collected under Section 702 have provided the Intelligence Community insight into terrorist networks and plans. For example, the Intelligence Community acquired information on a terrorist organization’s strategic planning efforts.
  • Communications collected under Section 702 have yielded intelligence regarding proliferation networks and have directly and significantly contributed to successful operations to impede the proliferation of weapons of mass destruction and related technologies.
  • Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks. This insight has led to successful efforts to mitigate these threats

The October 3, 2011 John Bates opinion, released in October, made it clear there were just 3 certificates at that point.

3 certificates

 

 

(Though note the Semiannual Compliance Review released last year looked to be consistent with at least one more certificate.)

The President’s Review Group emphasized the categorical nature of certificates, and in its second discussion thereof named those same three categories.

[S]ection 702 authorized the FISC to approve annual certifications submitted by the Attorney General and the Director of National Intelligence (DNI) that identify certain categories of foreign intelligence targets whose communications may be collected, subject to FISC-approved targeting and minimization procedures. The categories of targets specified by these certifications typically consist of, for example, international terrorists and individuals involved in the proliferation of weapons of mass destruction.

[snip]

Section 702 requires that NSA’s certifications attest that a “significant purpose” of any acquisition is to obtain foreign intelligence information (i.e. directed at international terrorism, nuclear proliferation, or hostile cyber activities), that it does not intentionally target a United States person, that it does not intentionally target any person known at the time of acquisition to be in the United States, that it does not target any person outside the United States for the purpose of targeting a person inside the United States, and that it meets the requirements of the Fourth Amendment.

And in March testimony before PCLOB, NSA General Counsel Raj De suggested those same three topics.

But beyond that there has to be a valid foreign intelligence reason within the ambit of one of those certifications that the FISC approves annually. Those are certifications on things like counterterrorism, encountering WMDs, for example, weapons of mass destruction.

Most recently, former DOJ official Carrie Cordero — who has been involved in this whole certification process — claimed in the CATO debate we’ve been engaged in “they are not so broad that they cover any and everything that might be foreign intelligence information.”

And yet, there’s a foreign intelligence certificate that covers any and everything that might be foreign intelligence information, a certificate that destroys the whole point of having certificates (though if there’s a cyber one, I suspect it has its own problems, in that it permits domestic collection).

Lots of people are claiming WaPo’s latest is no big deal, because of course the NSA spies on foreign government’s. They’re right, to a point. Except that the government has been strongly implying, since day one, that Section 702 was narrowly deployed, not available to use against all but our 4 closest spying allies.

PCLOB is surely about to make it clear that’s not the case. And voila! All of a sudden it becomes clear the government has been misleading when it claimed this was narrowly deployed.

Told You So, FBI Back Door Search Edition

/9 Comments/in /by

For a long time, I’ve been noting that the October 3, 2011 John Bates Opinion and last August’s Semiannual Report on FISA make it clear that the FBI, like the CIA and NSA, conducts back door searches off Section 702 collected data.

ODNI’s response to Ron Wyden’s request for actual numbers of how many back door searches the government conducts makes it clear that I was correct.

The report is even worse than I imagined. It shows the following:

FBI 

FBI does back door searches for both foreign intelligence and criminal purposes. This means NSA’s language about keeping data for evidence of a crime is fairly meaningless, because they’re handing chunks of data off to FBI that it can troll for evidence of crime.

And the FBI doesn’t count these queries. In fact, FBI doesn’t even distinguish between when it is searching foreign and US person identifiers.They say only that “the number of queries is substantial.”

CIA 

I expected all that from the FBI. What amazes me is that the CIA — an Agency that is not supposed to conduct domestic intelligence collection — does not count how many metadata-only queries of US person data it does. So all those fears of NSA identifying whether you’re visiting an AIDS clinic or a pregnancy counseling center? The NSA may not do that kind of analysis, but the CIA might be checking what foreigners you’re talking to.

The CIA also conducts a bunch of content queries — “fewer than 1900” — of which 40% are counterterrorism-related queries for other agencies. (Which leads me to wonder why neither NSA nor FBI are doing these queries, which would make more sense.) But that leaves 60% of 1900 — or around 1,100 queries a year of US person content that are for CIA’s own purposes and may not even be terrorism related.

NSA

The NSA conducts the fewest. It conducts 198 US person content queries (that is, not all that much fewer than the 248 US persons queried in the phone dragnet or collected on using another Section 215 order). It conducts 9,500 queries of metadata only queries, of which some are duplicative.

Compared to CIA’s uncountable number, that may not sound like a lot. But compare that to the phone dragnet, which also queried on fewer than 248 US person identifiers last year. That is, it is doing an order of magnitude more Internet metadata queries than it is phone queries.

One more thing: Last year’s FAA report revealed that CIA and NSA also sometimes accidentally query US person data. So the numbers of Americans sucked in via FAA may be significantly larger.

PCLOB

One more note about this report. PCLOB is due to release their Section 702 report on Wednesday. That is sure to have recommendations about how to protect US person privacy; Patricia Wald was quite clear in the most recent PCLOB hearing she believes the government should use a warrant to access this data. So Ron Wyden finally got a response, but it almost certain is only because PCLOB was about to make much of this public on their own.

(KS linked to this version of the Doors, thanks!)

Sadness in the NSA-Telecom Bromance

/in , /by

In his report on an interview with the new Director of NSA, Admiral Mike Rogers, David Sanger gets some operational details wrong, starting with his claim that the new phone dragnet would require an “individual warrant.”

The new phone dragnet neither requires “warrants” (the standard for an order is reasonable suspicion, not probable cause), nor does it require its orders to be tied to “individuals,” but instead requires “specific selection terms” that may target facilities or devices, which in the past have been very very broadly interpreted.

All that said, I am interested in Rogers’ claims Sanger repeats about NSA’s changing relationship with telecoms.

He also acknowledged that the quiet working relationships between the security agency and the nation’s telecommunications and high technology firms had been sharply changed by the Snowden disclosures — and might never return to what they once were in an era when the relationships were enveloped in secrecy.

Oh darn!

Sadly, here’s where Sanger’s unfamiliarity with the details makes the story less useful. Publicly, at least, AT&T and Verizon have had significantly different responses to the exposure of the dragnet (though that may only be because Verizon’s name has twice been made public in conjunction with NSA’s dragnet, whereas AT&T’s has not been), and it’d be nice if this passage probed some of those details.

Telecommunications businesses like AT&T and Verizon, and social media companies, now insist that “you are going to have to compel us,” Admiral Rogers said, to turn over data so that they can demonstrate to foreign customers that they do not voluntarily cooperate. And some are far more reluctant to help when asked to provide information about foreigners who are communicating on their networks abroad. It is a gray area in the law in which American courts have no jurisdiction; instead, the agency relied on the cooperation of American-based companies.

Last week, Verizon lost a longstanding contract to run many of the telecommunications services for the German government. Germany declared that the revelations of “ties revealed between foreign intelligence agencies and firms” showed that it needed to rely on domestic providers.

After all, under Hemisphere, AT&T wasn’t requiring legal process even for domestic call records. I think it possible they’ve demanded the government move Hemisphere under the new phone dragnet, though if they have, we haven’t heard about it (it would only work if they defined domestic drug dealer suspects as associated with foreign powers who have some tie to terrorism). Otherwise, though, AT&T has not made a peep to suggest they’ll alter their decades-long overenthusiastic cooperation with the government.

Whereas Verizon has been making more audible complaints about their plight, long before the Germans started ending their contracts. And Sprint — unmentioned by Sanger — even demanded to see legal support for turning over phone data, including, apparently, turning over foreign phone data under ECPA;s exception in 18 U.S.C. § 2511(2)(f)‘s permitting telecoms to voluntarily provide foreign intelligence data. 

Given that background — and the fact ODNI released the opinions revealing Sprint’s effort, if not its name — I am curious whether the telecoms are really demanding process. If courts really had no jurisdiction then it is unclear how the government could obligate production

Though that may be what the Microsoft’s challenge to a government request for email held in Ireland is about, and that may explain why AT&T and Verizon, along with Cisco and Apple — for the most part, companies that have been more reticent about the government obtaining records in the US — joined that suit. (In related news, EU Vice President Viviane Reding says the US request for the data may be a violation of international law.)

Well, if the Microsoft challenge and telecom participation in the request for data overseas is actually an effort to convince the Europeans these corporations are demanding legal process, Admiral Rogers just blew their cover.

Admiral Rogers said the majority of corporations that had long given the agency its technological edge and global reach were still working with it, though they had no interest in advertising the fact.

Dear Ireland and the rest of Europe: Microsoft — which has long been rather cooperative with NSA, up to and including finding a way to obtain Skype data — may be fighting this data request just for show. Love, Microsoft’s BFF, Mike Rogers.

NSA’s New-and-Improved Call Chaining Process, Now with No Calls Required

/2 Comments/in /by

As I noted, last night I Con the Record released the phone dragnet orders from last week and from March.

There are two significant changes (which may well be related).

First, perhaps in anticipation of shifting to production from the providers, perhaps because the Court has rethought its authorization granted in November 2012, the government appears to have given up its effort to introduce an automated query.

Queries of the BR metadata using RAS-approved selection terms for purposes of obtaining foreign intelligence information may occur by manual analyst query only.

PCLOB provided the only unclassified description of what the government had been trying to do with its automated query.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. 

But, as I reported in February, NSA has never been able to pull off its automated alert, purportedly for technical reasons (which usually means it could not technically meet the requirements imposed by the court).

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

The government revealed NSA’s failure to implement its automatic alert in its motion to amend this year’s first dragnet order.

In that same motion it implemented the change in standard dragnet language that has been retained in these more recent dragnet orders: the NSA is chaining on “connections” as well as actual calls.

14 The first “hop” from a seed returns results including all identifiers (and their associated metadata) with a contact and/or connection with the seed. The second “hop” returns results that include all identifiers (and their associated metadata) with a contact and/or connection with an identifier revealed by the first “hop.”

Now, it may be that the entire time one after another government witness has testified to Congress that this phone dragnet only returns on calls, they’ve been doing this connection-based chaining as well. As I noted in this post, connection-based chaining has been in a redacted section of phone dragnet orders describing their automated query. (They seem to have ditched the automation but retained the connection based chaining.) And Dianne Feinstein’s Fake FISA Fix also would have permitted connection chaining.

Whether Administration witnesses were being deliberately deceitful when testifying about call-based chaining (“not wittingly!”) or the NSA only recently resumed doing connection based chaining manually, having given up on doing it automatically, one thing is clear. The NSA has been doing connection based chaining since at least February, and very few people in Congress know what that means. Nevertheless, they’re about to authorize that formally.

USA Freedumber Weakens FISC’s Authority Over Abuse of Emergency Queries

/in /by

I Con the Record just released the most recent dragnet orders — I’ll have more comment on them later.

But for now, I wanted to show how HR 3361 — AKA the USA Freedumber Act — weakened FISA Court authority in yet another way.

I have repeatedly pointed to how pathetic the “prohibition” against using information, obtained via an Attorney General emergency order, but then ruled by the FISA Court to be an improper use of the Section 215 authority. It reads:

(5) If such application for approval is denied, or in any other case where the production of tangible things is terminated and no order is issued approving the production, no information obtained or evidence derived from such production shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof, and no information concerning any United States person acquired from such production shall subsequently be used or disclosed in any other manner by Federal officers or employees without the consent of such person, except with the approval of the Attorney General if the information indicates a threat of death or serious bodily harm to any person.

‘(6) The Attorney General shall assess compliance with the requirements of paragraph (5).

The bill would prohibit the government from using the improperly obtained information in trials and other proceedings. And the information is not supposed to be used in any manner — except if the Attorney General deems the information tin indicate a threat of death or bodily harm (which we know the government has secretly redefined to include threat to property).

But it’s the Attorney General — the same guy who approved the illegal production — who ensures the government follows that role.

Moreover, the bill does not require the government to destroy this data. They get to keep it.

Compare that with the status quo (see footnote 8).

In the event the Court denies such motion [retroactively seeking approval for emergency production], the government shall take appropriate remedial steps, including any steps the Court may direct.

Call me crazy, but I think the FISA Court judge who deemed the collection to be improper is a better person to determine what the remedy is to fix that improper collection.

I guess even that basic concept of separation of powers was too burdensome for Bob Litt.

I Con the Record Strikes Again

/1 Comment/in /by

In a show of transparency, I Con the Record just released annual statistics for certain programs. Here are my thoughts, in rolling updates.

These arent’t the Certificates you’re looking for

Here’s what I Con the Record tells us about Section 702:

Screen Shot 2014-06-27 at 11.57.35 AM

Just one order!!

Of course, we know from the 2011 John Bates opinion that one order likely includes several certificates. For a long time I wrongly bought off on ONDI propaganda that there were 3 certificates, covering counterterrorism, counterproliferation, and cybersecurity. But it appears the 3rd certificate is instead an unbelievably broad “foreign intelligence” one, which pretty much swallows the idea of specific certification.

I Con the Record even admits the proper unit is certificate.

Under Section 702, the Foreign Intelligence Surveillance Court (FISC) approves Certifications as opposed to individualized orders. 

Yet I Con the Record won’t even tell us whether there are just 3 certificates still or more. Instead, it gives us how many orders there were.

Note, in internal reports, ODNI tracks average tasked selectors, which last year provided a number in the range of 65,000 selectors. So either their spying on a lot more 702 targets, or that number was artificially low.

I Con the Record finally admits “target” doesn’t mean what we think it means — or what they mean, sometimes

This might be regarded by some as “transparency.”

Targets:  Within the Intelligence Community, the term “target” has multiple meanings. For example, “target” could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws.

Some laws require that the government obtain a Court order specifying the communications facilities used by a “target” to be subject to intelligence collection. Although the government may have legal authority to conduct intelligence collection against multiple communications facilities used by the target, the user of the facilities – the “target” – is only counted once in the above figures.

Except that it doesn’t admit that, at least in the past, sometimes target means “the switch we know lots of al Qaeda calls to use.” Meaning the term “target” is a misnomer even within the context they lay out.

Hiding the “Government Agency Protocols” that the Founders did not start a Revolution for

For Section 215 (which, remember, includes the phone dragnet, more targeted 2 or 3-degree queries for communication records, and collections of things like acetone purchase records and URL searches), the government gives us this weird byzantine map.

Screen Shot 2014-06-27 at 12.34.41 PM

First, note that almost 150 more selectors were approved for querying the phone dragnet last year (423) than the year before (288). Plus, we can now put some of the queries in perspective. At the time of the Marathon attack, when the very wired Tsarnaev brothers (probably about 4 selectors between them) were queried, NSA permitted 3 hop chaining. That likely means just those 4 phone identifiers sucked in the better part of Cambridge, MA (if they went to that 3rd hop). All those people have had the NSA churning all their data (not just their phone number) for the last year.

Then there’s the general measure of how many “targets” of business records there are: 172. But note that some of these are “entities.” What if that includes anyone searching on a URL related to a particular entity, like AQAP or Wikileaks? That could suck in far more Americans. Note, the Tsarnaev brothers are probably one of those “entities” (or rather, two of the individuals) on whom there were multiple searches, potentially up to and including pressure cooker purchases or searches).

Finally, I Con the Record doesn’t talk about how many of 178 applications involved minimization procedures — what I shall now call “government agency protocols” after John Roberts’ observation that they don’t meet terms our Founders fought a Revolution for. The FISA report covering last year says they modified 141 applications. Most modified orders from the previous year involved government agency protocols, so last year’s probably were too (though there is still a February 2013 dragnet order they’re hiding). So that means about 137 of these orders were likely to be sufficiently large to require minimization, which means they likely implicate far more people, likely Americans, than the 137 reasons they were targeted.

I Con the Record’s National Security apples and oranges

I Con the Record did something rather … interesting with their NSL numbers.

To understand why, you need to understand that Congress only requires they report NSLs concerning US persons — except those asking for subscriber information. Presumably, that means there’s a whole bunch of bulky NSLs for subscriber information of Americans — basically FBI using NSLs to recreate phone books and email subscribers. Based on logic I lay out here, I think FBI issued about 5,500 of those phone book NSLs in 2012.

But today’s I Con the Record reports numbers somewhat differently. I Con the Record explains:

In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.”

We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL.

Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account.

Which gives us this:

Screen shot 2014-06-27 at 6.48.52 PM

So the FISA report says 14,219 requests total, which includes just domestic, but those requests are for 5,334 individual Americans.

This report says 38,832 requests total, including domestic, domestic subscriber (phone book), and foreign (assuming the phone book numbers are around 5,000 again, that works about to be half domestic, half foreign). But we don’t know — effectively the government has managed to bracket off bulky requests under both “transparency” measures.

Ultimately, though, they never ever tell how many American are affected by NSLs. It could be not much more than that 5,334. Or it could be far, far higher, because requests are not targets.

Garr King’s Mohamud Decision: Classifying the Unclassified Details of Section 215

/2 Comments/in /by

There are a lot of appalling things Garr King did in his opinion denying Mohamed Osman Mohamud any of a number of remedies for the government not having revealed he was caught using Section 702.

King gives far too much credence to the government’s farcical claims about why they didn’t disclose the 702 surveillance back when they disclosed the traditional FISA surveillance.  I think King’s portrayal of the FISA Court contradicts itself — and the public record — from paragraph to paragraph (see the last paragraph on 18 and the first on 19, especially). The Third Party argument used for content (see page 40) is pretty crazy, and the minimization procedures discussion (page 41) is ripe for challenge under Chief Justice John Roberts’ insistence that “protocols” are not the protection from General Warrants our Founders fought a Revolution for (and even King seems unpersuaded by the Government’s arguments about back door searches on page 43).

But King’s craziest move is to hide his argument for rejecting Mohamud’s challenge to Section 215 collection.

Defendant raises concerns about the collection of telephone metadata under § 215 of the Patriot Act, codified at 50 U.S.C. § 1861, and any other still-secret warrantless surveillance programs. He assumes there is a strong possibility that his telephone metadata has been collected, and he asks the court to address the lawfulness of these programs, conclude they violate the First and Fourth Amendments, and suppress all fruits of these other surveillance activities.

I deny defendant’s arguments concerning § 215 for the reasons stated in the classified opinion.

It seems to me the proper responses to this question should have been a standing argument (he has no proof he was surveilled, even though we all were) or an unclassified discussion, as Jeffery Miller managed in the Basaaly Moalin case. But to put this discussion of a program that the government claims it has substantially declassified in a classified opinion seems to confirm 215 was used, but deprives Mohamud of challenging the new details about its use the government likely provided.

I suspect it is likely that the government has used Moalin’s call records just like James Clapper admitted they do from the start, as a kind of index to find the content of interest. If I’m right, King’s discussion of it would pertain directly to his wobbly support for back door searches. And it would show just how outrageous the phone dragnet is — because it basically amounts to content “collection” without a warrant (which brings us back to King’s crazypants treatment of content as if it fell under the Third Party doctrine).

We have now had at least 4 cases assessing the constitutionality of the phone dragnet decided in largely unclassified fashion, including another criminal defendant.

And yet the first defendant who might challenge the way Section 215 is likely yoked to Section 702 somehow loses the right to have an adversarial discussion about it.

That seems to betray just how damaging such a discussion might be to the government’s claims.

Verizon in the Cloud

/4 Comments/in , /by

As a number of people have noted, Germany canceled its contract with Verizon for network services provided to the government.

The German government on Thursday said it would end a contract with Verizon Communications Inc. because of concerns about network security, one of the most concrete signs yet that disclosures about U.S. spying were hurting American technology companies overseas.

Germany will phase out Verizon’s existing business providing communications services to government agencies by 2015, the Interior Ministry said. The winner in the decision:Deutsche Telekom, Verizon rival and German phone giant, which will take on those services.

[snip]

The U.S. telecom giant has been trying to head off a Snowden backlash from overseas customers since at least last fall, when its U.S. staff created NSA talking points for its offshore sales team, two people familiar with the matter said. The talking points included assertions the U.S. government didn’t have direct access to Verizon’s offshore data centers, that Verizon obeys local laws in whatever country it operates and that NSA data requests go through American judicial review, the people said.

For it’s part, Verizon offered non-denial denials to questions about whether the US demanded foreign data from Verizon.

Detlef Eppig, head of Verizon’s German unit Verizon Germany said on Thursday: “Verizon Germany is a German company and we comply with German law.”

Verizon did not receive any demands from Washington in 2013 for data stored in other countries, the company said.

“The U.S. government cannot compel us to produce our customers’ data stored in data centres outside the U.S., and if it attempts to do so, we would challenge that attempt in a court,” it added.

The firm declined to comment on whether there had been requests in previous years.

Remember, starting in 2009, the phone dragnets specifically state that Verizon should not turn over foreign data under the phone dragnet (presumably in part, other details suggest, because obtaining the data under Section 215 would impose closer controls on the data).

This is interesting on its face.

But I’m most interested in how this is going to affect Verizon’s stance towards US dragnets going forward. Already, it has been probably the most reluctant of the telecoms since Snowden’s leaks started. I even suspect that may have been one reason to split with Vodaphone.

There’s reason to believe USA Freedumber primarily serves to obtain all of Verizon’s cell data, which is the most important cell provider. And in a recent hearing, Verizon pushed back hard against being asked to retain their data, even while Senators seemed inclined to require it.

The phone dragnet debate is, to a significant extent, a negotiation between Verizon and the government.

And it just got put into the same position as all the PRISM providers –the cloud providers — where it is losing international business because of US demands. Which means, for the first time (even since 2008, where Internet companies tried to deny the telecoms which had been stealing from them immunity), a telecom has increasing reason to push back against the inevitable momentum toward crappy legislation.