Why Doesn’t FISCR Have a Public Docket?

/7 Comments/in /by

In the government’s arguments justifying the constitutionality of Section 702 the government has made fairly breathtaking claims that there is a foreign intelligence to the Constitution’s warrant requirement.

Which has gotten me wondering about the status of the FISA Court of Review ruling that Yahoo had to comply with Protect America Act orders. Back in July, we were promised a newly declassified review of that order, which makes a fairy sustained argument that PAA was legal under a special needs exception to the Fourth Amendment. But we haven’t gotten that order.

Which made me realize something: Although, months ago, the FISA Court established a public docket and even recently gave it a snazzy face lift, the FISA Court of Review does not yet have a docket.

So that Yahoo order declassification could be bubbling along and we’d never know about it, even in spite of the government’s claimed commitment to declassify the order.

If FISC can have a docket, why can’t FISCR?

Verizon Counsel Speaks Out Against “Outsourcing” Intelligence

/14 Comments/in /by

One of the concerns I’ve raised about HR 3361 — AKA USA Freedumber — regards who will do some of the data analysis that the NSA “data integrity analysts” currently do before the contact-chaining stage. As I’ve noted, the most privacy protective thing would be to have the telecoms do it, but that would put them in an inappropriate role of performing analysis for the intelligence community.

Apparently, Verizon agrees with that. As part of Verizon Associate General Counsel Michael Woods’ testimony to the Senate Intelligence Committee the other day, he emphasized how inappropriate it would be for the telecoms to serve as surrogates for the intelligence community. (He emphasized this in his answers as well.)

Included in the reform discussions has been the idea that the collection, searching, and perhaps even analysis, of potentially relevant data is best done not by the government, but by the private holders of that data. One recommendation that garnered particular attention was that bulk collection of telephony metadata might be replaced by a system in which such metadata is held instead either by private providers or by a private third party.

This proposal opens a very complex debate, even when that debate is restricted to just traditional telephony, but the bottom line is this: national security is a fundamental government function that should not be outsourced to private companies.

Verizon is in the business of providing communications and other services to our customers. Data generated by that process is held only if, and only for long as, there is a business purpose in doing so. Outside of internal business operations, there typically is no need for companies to retain data for extended periods of time.

If a company is required to retain data for the use of intelligence agencies, it is no longer acting pursuant to a business purpose. Rather, it is serving the government’s purpose. In this context, the company has become an agent or surrogate of the government. Any Constitutional benefit of having the data held by private entities is lost when, by compelling retention of that data for non-business purposes, the private entity becomes a functional surrogate of the government. Public trust would exist to the extent that companies are believed to be truly independent of the government. When the companies are seen as surrogates for intelligence agencies, such trust will dissipate.

Nor would outsourcing offer any promise of efficiency. Technology is changing too rapidly — telecommunications networks are evolving beyond traditional switched telephony. Voice over Internet Protocol (VoIP) technologies handle voice traffic over the Internet (as opposed to the public switched telephone networks) and already account for a substantial portion of voice traffic. Even more dramatic has been the rise of “over-the-top” applications that use peer to peer or other technologies to establish direct connections between users over the Internet. In 2012, one such application accounted for 34% of all international voice calling minutes. VoIP and over-the-top applications traverse IP networks as Internet traffic and thus do not generate CDRs or similar telephony business records. U.S. intelligence agencies would need to approach application owners to establish access equivalent to the CDRs they obtain under the existing program. The technical difficulties multiply if the intelligence agencies were to eventually seek the same sort of access to IP metadata from Internet Service Providers.

Finally, the commercial effect on U.S. companies of outsourcing collection ought to be considered. No company will be eager to undertake the increased responsibility, scrutiny, and liability entailed by having its employees become surrogates for the government in the collection of intelligence. More troubling for large companies is the negative effect in the international market of overt association with a U.S. intelligence agency.

H.R. 3361 does not include any provisions which would require data retention by telecommunications companies. For all the foregoing reasons, that is a good thing. A framework under which intelligence agencies retain and analyze data that has been obtained from telecommunications companies in a “arms length” transaction compelled by a FISA order should continue. [my emphasis]

I quote this in full not to make you laugh at the prospect of Verizon balking at “becoming” a surrogate of the government.

I think this statement was clearly meant to lay out some clear principles going forward (and I suspect Verizon is by far the most important player in USA Freedumber, so Congress may well listen). Whatever Verizon has done in the past — before Edward Snowden and after him, ODNI exposed it, alone among the telecom companies, as turning over all our phone records to the government — it has made several efforts, some half-hearted and some potentially more significant to establish some space between it and the government. If Verizon has decided it’s time to set real boundaries in its cooperation with the government I’m all in favor of that going forward.

Much of this statement is just a clear warning that Verizon won’t abide by requests to extend their data retention practices, which it terms acting as an agent of the government. That will, by itself, limit the program. As Woods explained, they don’t really need Call Detail Records that long (and I assume they need smart phone data even less). What they keep the required 18 months is just billing records, which doesn’t provide the granular data the government would want. So if Verizon refuses to change its data retention approach, it will put a limit on what the government can access.

That said, that’s clearly what a number of Senators would like to do — mandate the retention of CDRs 18 months, which would in turn significantly raise the cost of this (about which more in a later post). So this could actually become a quite heated battle, aside from what privacy activists do.

There are a few more details of this I’m particularly intrigued by (aside from Woods’ warning that the records of interest will all be Internet-based calls within very short order).

Note that Woods admits there has been some discussion of having telecoms do “analysis” (and I assume he’s not talking just about me). Given his statements, it seems Verizon would refuse that too (good!). But remember: the last round of USA Freedumbing included compensation and immunity for Booz-type contractors in addition to the telecoms, so NSA may still be outsourcing this analysis, just to other contractors (and given that this was a late add, it may have come in response to Verizon’s reluctance to do NSA’s analysis for it).

When Woods claims this is difficult, “even when that debate is restricted to just traditional telephony,” he suggests the debate may not be restricted to traditional telephony. Obviously, Verizon must still be involved in upstream production. And it either is or may well be asked to resume its involvement in Internet metadata collection, because USA Freedumber doesn’t hide the intent to return to Internet dragnet collection. Then there’s the possibility Mark Warner’s questions elicited, that the telecoms will be getting hybrid orders asking for telephony metadata as well as other things, not limited to location.

When we talk about the various ways the NSA may try to deputize the telecoms, the possibilities are very broad — and alarming. So I’m happy to hear that Verizon, at least, is claiming to be unwilling to play that role.

Mark Warner Lays Out How USA Freedumber Will Put the NSA in Your Smartphone

/23 Comments/in /by

I noted this yesterday in a quick post, but I wanted to post the video and my transcription of Mark Warner’s efforts to lay out some of the privacy problems with HR 3361, which I call USA Freedumber.

Warner, who made his fortune as a telecom mogul, points out that USA Freedumber will be able to access calls from smaller cell companies that are currently not included as primary providers to NSA (he doesn’t mention it, but USA Freedumber will also be able to access VOIP).

Warner: It was reported when we think about 215 in the previous program that that collected metadata that was with those entities — those companies — that entered into some relationship with the IC, and I believe there was a February WSJ article that reported — and I don’t want to get into percentages here — that while the large entities, large companies were involved, that in many cases, the fastest growing set of telephone calls, wireless calls, were actually a relatively small percentage. Is that an accurate description of how the press has presented the 215 program prior — previously?

Ledgett: Yes, that’s how the press represented it.

Warner: And if that was an accurate presentation, wouldn’t the universe of calls that are now potentially exposed to these kind of inquiries be actually dramatically larger since any telco, regardless of whether they had a relationship with the IC or not, and any type of call, whether it is wire or wireless, be subject to the inquiries that could be now made through this new process.

Ledgett: Uh Yes, Senator, that’s accurate.

Warner: So, again, with the notion here that under the guise of further protecting privacy, I think on a factual basis, of the number of calls potentially scrutinized, the universe will be exponentially larger than what the prior system was. Is that an accurate statement.

Ledgett: No, Senator, I don’t believe so, because the only calls that the government will see are those that are directly responsive to to the predicate information that we have.

Warner: No, In terms of actual inquiries, correct, but the the universe of potential calls that you could query, when prior to the calls were only queried out of the 215 database that was held at the NSA, which as press reports said did not include — in many cases — the fastest growing number of new calls, wireless calls, now the universe of — even though the number of queries may be the same, because the protections are still the same, the actual universe of potential calls that could be queried against is dramatically larger than what 215 has right now.

Ledgett: Potentially yes, that’s right Senator.

From there, Warner focuses on a more troubling issue: the likelihood that NSA could get cell location data and call detail records with the same request. Read more

If George Bush Can Close NSA’s Back Door Loophole, Why Can’t Barack Obama?

/5 Comments/in /by

As per usual, there was a tidbit of news in Ron Wyden’s questions at yesterday’s hearing on the USA Freedumber.

He revealed that the back door loophole was closed during the Bush Administration.

Let me start by talking about the fact that the House bill does not ban warrantless searches for Americans’ emails. And here, particularly, I want to get into this with you, Mr. Ledgett if I might. We’re talking of course about the backdoor search loophole, section 702 of the FISA statute. This allows NSA in effect to look through this giant pile of communications that are collected under 702 and deliberately conduct warrantless searches for the communications of individual Americans.  This loophole was closed during the Bush Administration, but it was reopened in 2011, and a few months ago the Director of National Intelligence acknowledged in a letter to me that the searches are ongoing today. [my emphasis]

I’m not sure precisely what he’s talking about, though I assume either the transition from the illegal program to Protect America Act, or the transition from PAA to FISA Amendments Act, removed NSA’s ability to conduct back door searches. Reading between the redactions in John Bates’ October 3, 2011 opinion, FBI apparently has had the authority to do back door searches on both traditional FISA and warrantless collection from 2008, so from the beginning of FAA.

But from what Wyden said, the NSA had the ability to do back door searches, lost it, and now has it again.

I’d sure like to know more about what happened to lead people to believe NSA should have that authority taken away from it.

Dianne Feinstein: I Believe Specific Selection Term Is Confusing

/3 Comments/in /by

In the Senate Intelligence Committee hearing on HR 3361 — which I call the USA Freedumber Act because it makes the dragnet worse in several ways — Dianne Feinstein used her opening statement to talk about the role of “specific selection term” in the bill.

She says, in part,

The problem comes with the definition of a “specific selection term,” which is not clear on its face and I believe it’s confusing.

I’m glad that Feinstein is concerned about the same thing I’ve been focusing on for a month.

The problem with trying to prevent “bulk collection” using the definition of selection term — even aside from the fact that the Intelligence Community understands “bulk collection” to mean something entirely different from what normal people understand it to mean — is that it will be abused.

We didn’t even get out of the hearing without such cynicism. At the hearing, Deputy Attorney General James Cole assured Martin Heinrich and Mark Udall that statements in the legislative record indicating a desire to limit such collection would prevent any abuse. This is the same DAG whose DOJ argued — just the day before!!! — that the legislative record of FISA, which clearly indicates the congressional intent that some defendants will get to review their FISA applications, should be ignored in favor of the 36 year history during which no defendants got such review.

Cole’s comments are all the proof we need that the Executive cannot be trusted to cede to Congress’ wishes (not to mention that the legislative record is far more ambivalent than Cole pretended).

So I’m grateful Feinstein is trying to tighten the definition (though I don’t think that is the workable way to improve the bill).

But I’m a bit confused by Feinstein’s confusion.

You see, as I noted some weeks ago, the term “selection term” is already used for Section 215, and has been for at least a year. And at least in phone dragnet Primary Order standard references to FISA content orders (that is, to traditional FISA warrants and the like), they’re using “selection term” as well.

The intelligence community and the FISA Court already have some common understanding of what “selection term” means — and Primary Orders appear to define the term in a classified-to-us-but-not-Feinstein footnote — and yet Feinstein is confused about what “specific selection term” might mean?

Granted, “selection term” is slightly different than “specific selection term.” Still, given that the “selection term” appears to be defined — and used — in the existing program, I would hope that Senator Feinstein would have some clarity about what it means.

Perhaps the way to start this discussion is to publicly explain how the IC is currently using “selection term”?

DOJ’s Idea of an Appropriate Passive-Aggressive Response to Accusations They Destroyed Evidence: Destroy More Evidence

/7 Comments/in , /by

On Friday May 30, as I reported, EFF filed a motion accusing the government of destroying evidence it was obligated to keep in EFF’s NSA lawsuits.

Later that day, EFF Legal Director Cindy Cohn emailed her contact at DOJ, Marcia (Marcy) Berman, saying,

Jewel plaintiffs are okay with [a deadline extension] if the government can assure us that no additional information will be destroyed in the meantime.

As you can see, we went ahead and filed [the motion on spoliation].

The following Monday, after Cohn asked Berman, “Does that mean no additional information will be destroyed in the meantime?” Berman answered,

What it means is that we have already explained in our opening brief that we are in compliance with our preservation obligations and do not feel that we should have to make any further assurances or undertakings to accommodate plaintiffs’ need for additional time.

Later that day, Cohn reminded Berman that the Temporary Restraining Order covering destruction of information “including but not limited to … telephone metadata” remained in place. Cohn continued,

You appear to be saying that routine destruction of post-FISC material is continuing to occur regardless of the TRO; please confirm whether this is correct.

Berman responded, obliquely, yes.

The Court is presently considering whether the Government must preserve material obtained under Section 702 of FISA in the context of the Jewel/Shubert litigation. In the meantime, pending resolution of the preservation issues in this case, we have been examining with our clients how to address the preservation of data acquired under the Section 702 program in light of FISC imposed data retention limits (even though we disagree that the program is at issue in Jewel and Shubert).

Hoffman wrote a bunch more about “technical” “classified” blah blah blah, which I’ll return to, because I think it’s probably significant.

But for now, EFF filed for an emergency order to enforce the TRO issued back in March. Judge Jeffrey White has demanded a response from the government by noon tomorrow (they had wanted a week).

I can’t think of a more relevant NSA practice to a suit that relies significantly on Mark Klein’s whistle-blowing about the room where AT&T diverted and copied large amounts of telecom traffic than upstream 702 collection, in which AT&T and other telecom providers divert and copy large amounts of telecom traffic. While I’m not certain this evidence pertains to upstream — and not PRISM — EFF suggests that is included.

In communications with the government this week, plaintiffs learned to their surprise that the government is continuing to destroy evidence relating to the mass interception of Internet communications it is conducting under section 702 of the Foreign Intelligence Surveillance Act. This would include evidence relating to its use of “splitters” to conduct bulk interceptions of the content of Internet communications from the Internet “backbone” network of AT&T, as described in multiple FISC opinions and in the evidence of Mark Klein and J. Scott Marcus, ECF Nos. 84, 85, 89, 174 at Ex. 1

If it is, then it seems all the more damning, given that upstream collection is the practice that most obviously violates the ban on wiretapping Americans in the US.

EFF filed a motion accusing the government of illegally destroying evidence. And the government’s response was to destroy more evidence.

Update: The government has asked for an emergency stay of the Court’s June 5 order (which is actually a March 10 order, but the government doesn’t admit that) because NSA says so.

Undersigned counsel have been advised by the National Security Agency that compliance with the June 5, 2014 Order would cause severe operational consequences for the National Security Agency (NSA’s) national security mission, including the possible suspension of the Section 702 program and potential loss of access to lawfully collected signals intelligence information on foreign intelligence targets that is vital to NSA’s foreign intelligence mission

There’s something funky here — perhaps that some of this actually belongs to GCHQ? I dunno — which is leading the government to be so obstinate. Let’s hope we learn what it is.

Update: And EFF objected to DOJ’s request for a stay, pointing out what I did: that what they’re really asking for is blessing for ignoring the March 10 order.

Mark Warner Confirms USA Freedumber Expands Surveillance

/6 Comments/in /by

The Senate Intelligence Committee is in the middle of its Snowden Day hearing on the USA Freedumber Act. I’ll have more to say about it later (spoiler alert: the hearing has proven that the overseers don’t understand the program they’re currently overseeing).

The highlight was, surprisingly, when Mark Warner questioned the government witnesses.

Warner (who used to be a telecom mogul) got the government witnesses to concede to two key points.

First, Warner noted that under the new scheme, every telecom would be subject to government requests. As a result, he said, “On factual basis, the number of calls scrutinized universe will be exponentially larger.” Deputy Attorney General James Cole at first tried to prevaricate. But then admitted that more records would be exposed.

Then, Warner noted that telecoms have to keep cell location, and that the current Section 215 program does not obtain cell location. He asked if the NSA could use or obtain cell location going forward. Cole did not deny that; he admitted that sometimes it is very helpful.

Thanks to Mark Warner for getting these two details on the record, as I have been arguing both were true, but now can confirm they are.

 

Those Cable Landings Chelsea Manning Didn’t Leak

/1 Comment/in , /by

Oman Cable LandingsYesterday, The Register published what it claims is the story that led GCHQ to destroy the Guardian’s hard drives: the location of a key GCHQ base in the Middle East and its relationships with British Telecom and Vodaphone.

While the BT/Vodaphone details are worth clicking through to read, I’m particularly interested in the focus on the base in Oman. (See an interactive map of the cable landings here.)

The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen.

British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.

The Brits would have you believe — and I have no reason to doubt them — that this cable landing in Oman is one of the key points in their surveillance infrastructure.

I raise this because of a cable listing the globe’s critical infrastructure — and fearmongering surrounding it — that Chelsea Manning leaked to Wikileaks. As I noted at the time, while the cable lists a slew of cable landings as critical infrastructure sites — including the Hibernia Atlantic undersea cable landing in Dublin, which gets mentioned in the Register story — it does not list a single cable landing site in the Middle East.

NEAR/MIDDLE EAST

Djibouti:
Bab al-Mendeb: Shipping lane is a critical supply chain node

Egypt:
‘Ayn Sukhnah-SuMEd Receiving Import Terminal
‘Sidi Kurayr-SuMed Offloading Export Terminal
Suez Canal

Iran:
Strait of Hormuz
Khark (Kharg) Island Sea Island Export Terminal
Khark Island T-Jetty

Iraq:
Al-Basrah Oil Terminal

Israel:
Rafael Ordnance Systems Division, Haifa, Israel: Critical to Sensor Fused Weapons (SFW), Wind Corrected Munitions Dispensers (WCMD), Tail Kits, and batteries

Kuwait:
Mina’ al Ahmadi Export Terminal

Morocco:
Strait of Gibraltar
Maghreb-Europe (GME) gas pipeline, Morocco

Oman:
Strait of Hormuz

Qatar:
Ras Laffan Industrial Center: By 2012 Qatar will be the largest source of imported LNG to U.S.

Saudi Arabia:
Abqaiq Processing Center: Largest crude oil processing and stabilization plant in the world
Al Ju’aymah Export Terminal: Part of the Ras Tanura complex
As Saffaniyah Processing Center
Qatif Pipeline Junction
Ras at Tanaqib Processing Center
Ras Tanura Export Terminal
Shaybah Central Gas-oil Separation Plant

Tunisia:
Trans-Med Gas Pipeline

United Arab Emirates (UAE):
Das Island Export Terminal
Jabal Zannah Export Terminal
Strait of Hormuz

Yemen:
Bab al-Mendeb: Shipping lane is a critical supply chain node

Note, Bahamas’ telecom, which recent reporting has also noted is critical to NSA’s spying, also gets no mention.

That’s not surprising in the least. The cable (and the list) is classified Secret. NSA and GCHQ’s prime collection points are (as the Register notes) classified several levels above Top Secret.

And while the list provided some indication of what sites were significant by their absence, it’s likely that the sites that were listed were the relatively unimportant sites.

At trial, Manning’s lawyers repeatedly point out that she had chosen not to leak stuff from JWICS, which would be classified at a higher level. The stuff she leaked, which she got on SIPRNET, was by definition less sensitive stuff.

I don’t mean to suggest this reflects on the relative value of what either Edward Snowden or Chelsea Manning leaked. I think it is a good indication, though, of how unfounded a lot of the fear mongering surrounding this particular leaked cable was.

Predictably, Saxby Chambliss Makes a Bid for USA Freedumbest

/12 Comments/in /by

I’ve written several times about how HR 3361 — what others call USA Freedom Act and I dubbed the USA Freedumber Act when it was gutted in the House — is worse than the status quo in a number of ways.

But I’m also aware that the Senate could make it worse. I’m still waiting to see what kind of surprises Dianne Feinstein has in store for Thursday’s Senate Intelligence Committee hearing.

So I am thoroughly unsurprised that Ranking Republican Saxby Chambliss wants to make Freedumber worse.

Sen. Saxby Chambliss (R-Ga.) said the surveillance reform bill that passed the House last month goes too far in ending some of the National Security Agency’s (NSA) sweeping surveillance programs.

“I actually think they went a little bit too far on the bulk collection side of it,” Chambliss — the top Republican on the Senate Intelligence Committee — said Tuesday while speaking a Bloomberg event on cybersecurity.

I actually think this is a calculated move to add various transparency measures that Pat Leahy will respond to, but open up the floodgates to a full Internet-and-smart-phone dragnet. It will allow those who’ve gotten badly played in this negotiation an opportunity to declare victory even as the dragnet gets even worse.

Add this to the evidence this  is all a big play:

Chambless said that he and Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) and House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.) will be able to reconcile any differences between the House bill and a reform bill that comes out of the Senate.

“I’m confident that Rogers, Ruppersberger, Dianne and I can bridge that gap quickly if we can get a bill out of the Senate,” he said.

The Gang of Four is just working to get to Conference, where they already seem to have in mind what they’ll produce.

Before we’re done, we’re sure to see USA Freedumbest.

As Snowden Leak Anniversary Approaches, Intelligence Community Prepares to Declare Victory

/21 Comments/in /by

As June 5 approaches — and with it the one year anniversary of the first reporting on Edward Snowden’s leaks — the privacy community is calling supporters to redouble efforts to improve the NSA “reform bill,” which I call the USA Freedumber Act, in the Senate.

I explained here why the Senate is unlikely to improve USA Freedumber in any meaningful way. The votes just aren’t there — not even in the Senate Judiciary Committee.

Ominously, Dianne Feinstein just scheduled an NSA hearing for Thursday afternoon, when most of the privacy community will be out rallying the troops.

Unless the surveillance community finds some way to defeat USA Freedumber, the intelligence community will soon be toasting themselves that they used the cover of Edward Snowden’s disclosures to expand surveillance. The “Edward Snowden Put the NSA in Your Smartphone Act,” they might call it.

To prevent that, the privacy community needs to find a way to defeat USA Freedumber. It’s not enough, in my opinion, to point to the judicial review codified by USA Freedumber to accede to letting this pass. Not only doesn’t USA Freedumber end what most normal people call, “bulk collection,” but it expands collection in a number of ways.

That’s true, in part, because of the way the bill defines “bulk collection.” USA Freedumber only considers something “bulk collection” if it collects all of some kind of data (so, all phone data in the US). If NSA limits collection at all — selecting to collect all the phone records from Area Code 202, for example — it no longer qualifies as bulk collection under the Intel Community definition used in the bill, no matter how broadly they’re collecting.

Here’s a post where I lay that out.

To make things worse, the last version of the House bill changed the term “selection term” to make it very broad: including “entities,” “addresses,” and “devices” among the things that count as a single target, all of which invite mass targeting. I was always skeptical about “specific selection term” serving as the limiting factor in the bill; key language about how the FISC currently understands “selection term” remains classified. But I do know that Zoe Lofgren and others in the House kept saying that under the current definition of the bill the government could collect all records in, say, my Area Code 202 example. And if that’s possible, it means the phone dragnet under this “reform” may be little more targeted than upstream Section 702 collection currently is, which has telecoms sniff through up to 75% of US Internet traffic.

But it’s not just that the bill doesn’t deliver what its boosters claim it does.

There are 4 other ways that the bill makes the status quo worse, as I show in this post:

  • The move to telecoms codifies changes in the chaining process that will almost certainly expand the universe of data being analyzed — potentially significantly
  • In three ways, the bill would permit the use of phone chaining for purposes beyond counterterrorism, which isn’t currently permitted
  • The bill weakens the minimization procedures on upstream Section 702 collection imposed by FISC Judge John Bates in 2011, making it easier for the government to collect and keep domestic content domestically
  • The bill moves the authority to set minimization procedures for Pen Registers from FISC to the Attorney General (and weakens them significantly), thus eliminating the tool John Bates used to shut down illegal content-as-metadata collection

In my opinion, these changes mean the NSA will be able to do much of what they were doing in 2009, before what were then called abuses — but under this bill would be legalized — were discovered. That, plus they’re likely to expand the dragnet beyond terrorism targets.

For a year, privacy advocates have believed we’d get reform in response to Snowden’s leaks. For too long, advocates treated HR 3361 as positive reform.

But unless we defeat USA Freedumber, the Intelligence Community will have used the event of Snowden’s leaks as an opportunity to expand the dragnet.