The Civ Lib Community Gets Cold Feet

/7 Comments/in /by

Civil liberties groups are — according to the Hill — getting cold feet on the USA Freedom (aka Freedumb) bill. The claim is that the Administration and “members of the House” are working to gut the bill.

“Last stage negotiations” between members of the House and the Obama administration could significantly weaken provisions in the NSA bill, people familiar with the discussions say.

“Behind the scenes, there’s some nervousness,” one House aide said.

But this makes limited sense: a bill, virtually identical in wording, was passed by two committees, the House Judiciary and House Intelligence Committee. So in principle, the bill should come to the floor with that same identical wording.

Except, as I noted, Mike Rogers said he had some “technical changes” to put into place. And unlike the technical changes Zoe Lofgren tried to put into place at HJC (to make clear that Section 215 can’t be used to collect content), Rogers got a vote of the committee to support making those technical changes without further review of the committee. So Mike Rogers has carte blanche to change this bill. Now wonder Jan Schakowsky is worried.

As I suggested, there are two things I think Rogers might want to fix: tweaking the definition of “specific selection term” (or eliminating it altogether) or changing the language on bulk collection to protect some programs that are bulk but thus far unknown.

Which is another way of saying that HJC got screwed in this deal. (Told them!)

We shall see: I’m of the opinion that if Rogers fucks with this the bill must be killed, otherwise Rogers will ruin it in conference.

Two History Lessons in the Fourth Amendment

/15 Comments/in /by

I’ve known the story of James Otis’ fight against Writs of Assistance and its role in the establishment of our Fourth Amendment. But I really liked this telling of the story in the BoGlo.

[T]he Fourth Amendment can be traced to a neighborhood that has long regarded outsiders with skepticism. It was in the North End that simmering public resentment against searches found a test case in 1766, when an imperious British official squared off against a proud homeowner who insisted that his modest dwelling was, indeed, his castle.

[snip]

Those with long memories remembered that the original Puritans had fled England at a time when royal officers searched their dwellings for Puritan Bibles and other signs of independent thinking. They knew the phrase “a man’s home is his castle,” linked to an English lawyer, Sir Edward Coke, who had inspired the first generation of New Englanders—and whose own home had been ransacked by English authorities near the end of his life.

The English, tightening the clamps on their vast empire, were stepping up their systems of enforcement in the 1750s and 1760s. The British were certain that they had the right to enter houses to enforce the law— how else could they run an empire? All known governments asserted this power, and much precedent supported it.

In a celebrated court case in 1761, an up-and-coming lawyer, James Otis, attacked the Writs of Assistance in a speech that soon became famous. In a small chamber inside the Old State House, he held his audience spellbound, speaking for hours as he drew on ancient English law to skewer the English. In insisting on “the freedom of one’s house,” he was inventing an argument as much as he was citing precedent—the Magna Carta, designed by 13th-century barons, was a long way from the problems of a Boston homeowner in 1761, and the law was vaguer on these points that Otis cared to admit. But as he hammered away at British arrogance, he expressed an idea about the importance of privacy with deep roots in New England’s rocky soil.

The story’s useful not just for the way the arguments attributed to the British at the time — all governments assert the power to enter homes at will, and how could you run an empire without that authority? — resonate with the arguments made about surveillance now.

But because of the stark contrast it offers with a different story of our founding, one told by John Yoo in an October 2001 OLC memo authorizing the government to use military force in times of emergency within the US. The whole memo is worth reading, but Yoo situated an undefinable authority to respond to exigencies in the Executive, pointing to things like the Shay’s Rebellion and this language from an Alexander Hamilton Federalist paper.

As they understood it, the Constitution amply provided the federal Government with the authority to respond to such exigencies. “There are certain emergencies of nations in which expedients that in the ordinary state of things ought to be forborne become essential to the public weal. And the government, from the possibility of such emergencies, ought ever to have the option of making use of them.” The Federalist No. 36, at 191 (Alexander Hamilton). Because “the circumstances which may affect the public safety are [not] reducible within certain determinate limits, .. . it must be admitted, as a necessary consequence that there can be no limitation of that authority which is to provide for the defense and protection of the community in any matter essential to its efficacy.” Id. No. 23, at 122 (Alexander Hamilton). As the nature and frequency of these emergencies could not be predicted, so too the Framers did not try to enumerate all of the powers necessary in response. Rather, they assumed that the national government would possess a broad authority to take action to meet any emergency. The federal Government is to possess “an indefinite power of providing for emergencies as they might arise.” Id. No. 34, at 175 (Alexander Hamilton). Events leading up to the Federal Convention, such as Shay’s Rebellion, clearly demonstrated the need for a central government that could use military force domestically.

I’m most interested in what Yoo did with this argument. Having decided the President had the authority to use the military within the US, Yoo argued that military operations included searches.

Our forces must be free to “seize” enemy personnel or “search” enemy quarters, papers and messages without having to show “probable cause” before a neutral magistrate, and even without having to demonstrate that their actions were constitutionally “reasonable.” They must be free to use any means necessary to defeat the enemy’s forces, even if their efforts might cause collateral damage to United States persons.

[snip]

The view that the Fourth Amendment does not apply to domestic military operations against terrorists makes eminent sense. Consider, for example, a case in which a military commander, authorized to use force domestically, received information that, although credible, did not amount to probable cause, that a terrorist group had concealed a weapon of mass destruction in an apartment building. In order to prevent a disaster in which hundreds or thousands of lives would be lost, the commander should be able to immediately seize and secure the entire building, evacuate and search the premises, and detain, search, and interrogate everyone found inside. If done by the police for ordinary law enforcement purposes, such actions most likely would be held to violate the Fourth Amendment. See Ybarra v. Illinois, 444 U.S. 85 (1979) (Fourth Amendment violated by evidence search of all persons who are found on compact premises subject to search warrant, even when police have a reasonable belief that such persons are connected with drug trafficking and may be concealing contraband). To subject the military to the warrant and probable cause requirement that the courts impose on the police would make essential military operations such as this utterly impossible.

Cheney’s people did try, unsuccessfully, to use this memo to justify using force in Lackawanna, NY to search for suspected terrorists.

But it was actually used: as foundation for the illegal wiretap program (which, given that it amounted to the NSA invading the stored communications of Americans without a warrant, fundamentally amounted to the deployment of the military domestically). The memo was not withdrawn until after the FISA Amendments Act established a different basis for the dragnet.

The BoGlo tribute to James Otis only underscored how much we’ve colonized our own country, insisting on the authority to conduct such searches because how else can you run an empire!

The “Automated Query” at the Telecoms Will Include “Correlations”

/14 Comments/in /by

In addition to Mike Rogers’ confirmation that HPSCI does not intend HR 3361 to change any of the voluminous collection programs the intelligence community does aside from the phone dragnet, his report on the bill also drew my attention to this previously public detail I had overlooked.

3 The Committee understands that ‘‘[t]he first ‘hop’ from a seed returns results including all identifiers (and their associated metadata) with a contact and/or connection with the seed. The second ‘‘hop’’ returns results that include all identifiers (and their associated metadata) with a contact and/or connection with an identifier revealed by the first ‘hop.’’ ’ In re Application of the FBI for an Order Requiring the Production of Tangible Things, BR 14–01, at 1–2 n.1 (FISC Feb. 5, 2014). [my emphasis]

This is a description of the currently desired “hop” system (though not, I don’t think, what is fully in place) connecting people through their phone — and likely, other communications — habits.

Before I get into what it says, let’s look at where it points. The language here is from a footnote on page 14 of the bill report–suggesting it’s something Mike Rogers wanted to make sure got in the Legislative Record. It cites back to the February 5, 2014 order amending the January 3 order to include the Administration’s request to have FISC review all the query terms.

I don’t believe (but could be wrong — the new FISC docket is far less usable) that we ever got the revised order. But in the order to amend the order also dated February 5, that language appears in footnote 3. The footnote itself cites to the original application for the order dated January 3. But the reference footnoted cites the January 3 order, page 11-12. The footnoted discussion is a part (or summary) of the entirely redacted description of the automated query starting on page 11 and taking up all of page 12 of the order.

That is, this language on hops provides an unclassified version of the classified description of the automated query process (the one they haven’t gotten running yet).

So this is (part of) what the government has been trying — but failing, since November 2012 — to get up and running.

Which is reportedly one of the reasons the Intelligence Community has decided it may be in their best interest to outsource this to the telecoms.

In other words this language provides clues about why the IC was willing to outsource the dragnet.

The description of the hops reveals two things that got added to the 3- or 2-hop process the government once described.

First, they’re including “associated metadata” among the things that can be further chained. Even assuming we’re only talking voice telecom information, this would include cell site location on top of the other metadata (and, in the era of smart phones, potentially far, far more).

But in addition, they’re including “connections,” in addition to contacts, with the seed.

That is, you don’t have to ever call a target to be sucked up in the phone dragnet. You can be simply “connected” to that target. The kinds of connections in question surely include dropped burner phones (that is, a matching of phones that call the same pattern of phones as an inactive phone, and therefore are really targeting the same person). They may include common geolocation. But — again, given the advent of smart phones — they could include far, far more.

So what this little footnote calls to my attention (thanks, Mike Rogers!) is that they’ve gotten approval for different kinds of chaining, beyond actual phone contacts (remember, this could include Internet contacts over a smart phone). And they’ve included metadata generally, not just phone call records, surely including geolocation, among the things they might chain on.

Which explains one incentive for outsourcing this. They can’t use geolocation for chaining in government hands. They can in private hands. There’s likely far more information for which that is true when you consider smart phones.

They can’t access that information now. They will be able to once HR 3361 outsources everything to the telecoms.

But really, this is about reform.

Update: This post was tweaked on 5/18 for clarity.

Mike Rogers: Still Working on His Technical Changes

/6 Comments/in /by

According to the HPSCI Report on HR 3361 — which reformers refer to as the USA Freedom Act — Mike Rogers is still changing the fine print.

Members of the Committee will continue to work to make a number of important technical changes to ensure the preservation of operational equities before the full House considers the bill. These technical changes will ensure that the bill does not inadvertently disrupt important intelligence operations.

[snip]

Chairman Rogers offered an amendment to revise the emergency authority of Section 102, add Section 604, and make other technical changes. The amendment was agreed to by a voice vote.

Given Rogers’ assurances that the bill before us changes no other programs, I’m going to guess that there are actually a few other bulk collection programs that would, under the plain meaning of the bill, be prohibited (bulk collection, even as the Intelligence Community defines it, which means there are no discriminators). Given that Rogers was trying to remove the definition of selection term, I suspect that’s the rub: they think they can still do these bulk collections under the law, but need to tweak the definition of specific selection term (remember, the HPSCI bill originally used “specific identifiers or selection terms”). 

Ah well, I’m sure we should all trust Mike Rogers. What could go wrong?

Mike Rogers: USA Freedom Act Only Changes Phone Dragnet

/5 Comments/in /by

In my analysis of the HR 3361 — hailed by reformers as the USA Freedom Act — I have posited the possibility that the claim to forbid “bulk collection” across a number of authorities actually changes almost nothing. I based that on a two-part argument.

First, the bill only promises to eliminate bulk collection as the intelligence committee defines it — that is, it only eliminates collection that has no discriminator, and therefore collects all of a certain kind of record (so, all phone records). It does not promise to eliminate what you and I might consider bulk collection — the collection of very untargeted information (say, all phone records in the 202 Area Code).

Then I noted that we know of no other program that operates without discriminators. All NSL programs — save perhaps the financial records one and the subscriber records one — build in discriminators (and the financial records one is based on “entities,” which is what the bill’s definition of a discriminator uses anyway). And we don’t know enough about the other Section 215 programs to know if they use discriminators or not.

If this logic is correct, then the bill changes very little, in spite of the broad promises.

In his report on the bill, Mike Rogers confirms that I am right. (h/t Katherine Hawkins)

It notes that the prohibition on “bulk” collection only applies to indiscriminate collection, but not to the collection of “a large number of communications records or other tangible things.”

This bill first bans the bulk collection of tangible things under Section 215 of the USA PATRIOT Act. This ban is intended to stop the use of Section 215 to acquire bulk call detail records and to prohibit any future attempt to acquire bulk electronic communications records. The Committee recognizes that ‘‘bulk’’ collection means indiscriminate acquisition. It does not mean the acquisition of a large number of communications records or other tangible things—it would be nonsensical and dangerous for our intelligence agencies’ collection authorities to contract as the number of our adversaries expands.

The report then implicitly reveals (or at least claims as part of the legislative record) that no other collection program operates without discriminators, because the bill will not end any other current program.

The Committee’s decision to end the bulk collection of telephone metadata does not extend to any other intelligence programs currently conducted under FISA, including access to business records through Section 215 for foreign intelligence, counterterrorism, and counterintelligence purposes, and the targeting of persons outside the United States under Section 702.

The report also makes clear that any ban on bulk NSL collection is not meant to affect any ongoing NSL program.

Second, this bill contains amendments to other collection authorities, including Section 402 of FISA and National Security Letter authorities. These amendments respond to concerns that those existing authorities could somehow contain a ‘‘loophole’’ that would permit the reconstitution of a bulk telephone records program. The Committee does not intend these prophylactic amendments to affect any programs currently authorized by Section 402 or the use of National Security Letters.

So: no changes to any existing Section 215 collection programs, and no changes to any existing NSL programs (though the report also makes clear that the government should not try to use NSLs to replicate the existing phone dragnet).

One more thing: Rogers’ report makes it clear that the government can still use Section 215 to collect as much historical phone data as it wants.

The government can continue to obtain specified historical call detail records through the existing Section 215 authority.

This means the government has the ability to obtain far more than 5 years of call data on selected targets, and can do so by obtaining any records that transit AT&T backbones, because AT&T keeps records for years and years. While there is a 5 year age off requirement in the bill, that only applies to data that is not relevant to an investigation, and as we’ve learned, everything can be deemed relevant to an investigation.

So don’t take my word for it, take Mike Rogers’ (which will serve as the legislative record in any case). This bill only changes the phone dragnet’s prospective collection.

Update: Note that Rogers is still working on some “technical changes” to preserve operational equities, which may mean there are some programs that would be affected but he’s going to massage the bill to exempt them.

On USA Freedom: Heed Jan Schakowsky’s Warning

/3 Comments/in /by

There are two reviews of whether HR 3361 constitutes real reform today, one from McClatchy and one from National Journal, both written partly in response to privacy groups’ realization that Mike Rogers has been doing a circumspect victory lap over the shape of the bill.

While neither examines the flip side of the bill — what the intelligence community will gain from this — they both provide a useful caution about the potential pitfalls in the bill, many (but not all) I’ve examined at this site.

McClatchy is particularly useful, though, for the comments from Adam Schiff and Jan Schakowsky, two of the only people on the House Intelligence Committee who tend to balance the interests of civil liberties against the demands of the intelligence community. Here’s what they had to say about the legislative prospects.

Rep. Adam Schiff, D-Calif., an Intelligence Committee member who isn’t among the letter writers, said he hoped to offer an amendment that would seek to “introduce a greater adversarial process in the FISA court” by establishing a panel of attorneys from which counsel could be selected to participate in cases that involved novel legal and technical issues.

“I believe the civil liberties protections can be improved,” Schiff said.

[snip]

Rep. Jan Schakowsky, D-Ill., an Intelligence Committee member, praised the House bill. “If we could improve it,” she said, “I would go back to the original bill’s provisions that would implement stronger reporting regulations and create an office of the special advocate.”

Schakowsky added, though, “ I am most concerned at this point about preventing any efforts to weaken this bipartisan compromise.”

Remember, HPSCI held its markup behind closed doors, and there has been little leaking about went on there, aside from Rogers’ crowing. So this offers a bit of a read of what might have gone on.

Schiff, if you recall, was one of the very first people to get Keith Alexander to admit the government could conduct its contact-chaining program with the telecoms retaining the data. He is generally a pretty good read on the art of the possible. If he thinks this bill can be improved, perhaps he’s got reason for optimism.

But I find Schakowsky’s warning potentially more realistic.

Remember, one thing HPSCI considered was removing all definition of “specific selection term” (or “identifier,” which HPSCI also included). Without a definition, the bill might only prevent bulk collection of phone records, if that; I believe the government could come up with “selection terms” for everything else that would permit systematic programs. And I suspect something like dropping the definition would — will — happen if this ever gets to a conference (indeed, as Jim Sensenbrenner knows better than anyone, that’s how some of the existing loopholes got retained in PATRIOT in 2005-6, at a time when there was also bipartisan uproar over illegal spying). I think Schakowsky is realistic in worrying that, with the momentum it has picked up with unanimous passage in HJC and a voice vote passage in HPSCI, it could get worse just as easily as it could get better.

As I’ve said, this bill defuses the digital equivalent of a nuclear bomb by taking the phone-based relationship database out of the hands of the government. That’s important.

But from there, it’s unclear what effect this bill will have in practice, and could become far less clear if things like that definition disappear. So we’d be well to take Schakowsky’s warning seriously.

NSA Collection: Show Me the $$

/27 Comments/in /by

As part of its superb piece on NSA spying on Tuesday, Frontline included interviews with key sources. In my opinion, the most enlightening was that with former HPSCI staffer Diane Roark, so you should read that entire interview (especially her comments on NSA at 9/11).

Both she and Tom Drake mention a part of the illegal NSA program that has been largely forgotten: the financial records. Here’s Roark’s non-denial.

And from what you knew at that point, what type of information was taken, and how pervasive was the collection?

It is now quite obvious, since the Snowden revelations, that the program grew progressively over time. Initially, I knew that it involved a lot of broad domestic surveillance, bulk collection, domestically. And I knew that it involved emails, landlines, regular house phones, cell phones. I also knew that they had branched out into non-communications data.

Which is what, bank records? 

I’m not really — they have not acknowledged that. All I can tell you is that when I met the second time with Gen. Hayden in July, I said to him that it appeared the program was expanding, not only in number of servers, but also that two new data categories had recently been added, and he nodded to confirm that. I knew that one of those data programs was not communications data. …

And other commentators have made allusions to other personal data that may be collected. Of course, we all know that transportation data, airline data is connected. We know that international banking data is collected; that has been acknowledged. But there have been allusions to other items, too, by people hypothetically, such as credit, medical, banking and so on.

And here’s Drake’s more explicit mention of it.

You watched the president [George W. Bush] come out and say this is a valuable program; one side of the communications has to be outside; we’re following terrorists; this has prevented attacks on our country. The vice president [Dick Cheney] attacks the Times for publishing. You’re watching this, and you know what’s going on inside. What are you thinking?

This actually was part of the triggering event for me in which increasingly I knew I was going to have to touch the third rail, back to your earlier question. I realized that they were lying, that they were desperate to protect the domestic surveillance program. And so they could use the excuse, although it was still in violation of FISA, that as long as one link somehow was tied to a suspected terrorist, that justified collecting or targeting the link that was in the United States proper.

That was just the tip of the iceberg. The far larger program was the dragnet surveillance, the vast bulk copy of millions and millions of phone records, email records, Internet usage and financial transactional and credit card information.

Since the Snowden leaks started we’ve heard almost nothing about this. There have been the two stories about the CIA collecting Western Union records with at least one end foreign. There is the 2010 Section 215 order tied to an allegedly specific investigation, which must long post-date the CIA-related orders.

What happened to this collection? Is it the April 2, 2004 modification we have never learned about? Is it the second secret Section 215 appendix included in Glenn Fine’s 2008 report? Have they been accomplishing this via NSLs, or perhaps only recently moved it to Section 215? I have suggested in the past that for domestic records, FBI would be the likely lead … is that right?

The financial records collection has, outside of Shane Harris’ book (on TIA), completely disappeared.

But it must be under a new shell somewhere.

Dzhokhar’s Four Phones

/4 Comments/in /by

A month ago, the government argued in Dzhokhar Tsarnaev’s case it had no discovery obligations under Section 215, which top government officials have said they used to achieve piece of mind.

Yesterday, Dzhokhar’s college buddies challenged their confession based on a claim the government didn’t have a warrant when it surrounded their apartment with 60 cops. The government’s excuse is that Tsarnaev received the bills for four AT&T phones at that address, and one of the phones had recently been used to call Russia.

Tsarnaev was receiving AT&T bills for four phones at that address. One of the phones had called Russia from near the UMass-Dartmouth campus, which led investigators to think he might be nearby – perhaps at his friends’ apartment.

“I proceeded with all haste and with blue lights flashing” to where the phones suggested Tsarnaev might be, Walker said.

Soon about 60 officers had the New Bedford home surrounded.
Tsarnaev wasn’t inside, but his two friends were, along with Kadyrbayev’s girlfriend.

What happened next could affect the outcome of the cases against Tsarnaev’s friends. Walker said the FBI had not obtained a search warrant. Agents took the two men from the apartment, handcuffed them and questioned them in unmarked cars, Walker said, before they agreed to go to the State Police barracks for further questioning.

Kadyrbayev’s attorney Robert Stahl said that amounted to “uncounseled, unwarranted seizures of these individuals.” If the FBI violated the defendants’ rights, then their statements, which prosecutors are calling “confessions,” could be excluded from their trials.

This all occurred while Dzhokhar was bleeding out in a boat in Watertown.

There are multiple ways the FBI could have gotten these phone records. They may well have a database of subscriber information for major providers, meaning they could learn which carrier he used quickly within FBI. The could have gotten the call records just with NSLs. (NSA’s phone dragnet wouldn’t be all that useful at that stage, though it might have provided interesting information on the Russia call.) The FBI might even have used Hemisphere, which provides geolocation. (Remember, though, that MA’s Supreme Court just ruled the police need a warrant for cell location.)

The defendants have already received some of Dzhokhar’s texts in discovery, so I assume there are no evidentiary problems with those.

In other words, we should assume this data came from normal FBI sources, not NSA ones. (If so, it’s another strike against the claim the NSA needs the phone dragnet for quickness, because this would have happened quickly if the FBI’s narrative is true.)

But it does raise interesting questions about dual sources for the data at hand.

Also remember, these are the same phones that the same buddies had limited discovery on texts from, because Dhokhar had destroyed the one he was using.

The “Other Authority” Footnote

/3 Comments/in /by

For a variety of reasons, I want to track backward what appears to happen to a footnote in the phone dragnet that currently addresses dragnet records from other authorities, as it appears here in the July 18, 2013 Primary Order.

The Court understands that NSA receives certain call detail records pursuant to other authority, in addition to call records produced in response to this Court’s Orders. NSA shall store, handle, and disseminate call detail records produced in response to this Court’s Orders pursuant to this Order [3 lines redacted].

The footnote is currently the second footnote off of paragraph 3(c)(iii) about the timeline on RAS authorizations. The footnote was entirely redacted, but still 7 lines, in BR 13-80. It appears to be longer — perhaps 11 lines — in BR 11-107. It appears the same size, but split from the first of two footnotes, in BR 11-57 and BR 11-07; it appears a line or two longer in BR 10-70. The typeface is different but it appears equivalent in BR 10-49, and  BR 10-17.

The footnote in that position — now numbered footnote 7 — appears largely unredacted in BR 10-10. It reads:

The Court understands that call detail records of foreign-to-foreign communications provided by [redacted] pursuant to this Order will not be used to make chain summary records. Further, such records will be used solely for technical purposes, including use by NSA’s data integrity analysts to correctly interpret and extract contact information in [redacted] international records. In the event that an NSA analyst performs an authorized query that includes a search of the BR metadata, and the results of that query include information from [redacted] foreign-to-foreign call detail records, NSA shall handle and minimize the information in those records in accordance with the minimization procedures in this Order, regardless of the authority pursuant to which NSA obtained the record. In contrast, if the analyst’s query does not include a search of the BR metadata, and the results of that query include information from [redacted] foreign-to-foreign call detail records, then the minimization procedures in this Order shall not be applied to the information in those records.

Primary Orders BR 09-19 and 09-15 are two of three the government is withholding from that year. The footnote is entirely redacted in BR 09-13. BR 09-09 is the third Primary Order withheld from that year (that is the order that shuts down one provider’s production — presumed to be Verizon — because of the foreign-to-foreign inclusion). BR 09-06 doesn’t split out the custodian of the third provider, though includes foreign-to-foreign language; because the structure of this Order is different, it is impossible to tell whether the equivalent footnote appears. BR 09-01 doesn’t even include the foreign-to-foreign language.

Which is an elaborate way of surmising (though we can’t be sure with the redactions) that the footnote retains a related function between the time it maps out what to do with foreign-to-foreign data and the time it currently appears to say that BR FISA data must be treated according to BR FISA rules.

As I laid out here, that appears to stem from an issue dating to 2009 when Verizon turned over all its call records, including its foreign-to-foreign ones, under BR FISA (though the redactions in the BR 10-10 footnote are shorter — maybe 4-5 characters, so it’s possible this happened with a second provider as well). What appears to have happened is FISC shut down their production for a period, resumed it, then tried to deal with the problem with minimization procedures. Over time, the footnote dealing with that evolved into a more general footnote requiring that BR FISA data be treated with BR FISA rules, no matter what ever else happened. This would mean that if Verizon or another telecom provider made the same mistake, NSA would have access to its foreign data for a shorter period of time and subject to much narrower dissemination rules.

Sometime between 2009 and 2011, NSA started putting XML tags on each new piece of data, so it could track where the data came from, presumably to make this process easier, but also so it could run queries under whatever authority provided it with easier minimization rules. That XML system would permit the NSA to comply with the footnote in BR 10-10 easily, by tracking precisely where the data came from.

January 8, 2010: A Remarkably Busy Day in Telecom Law

/8 Comments/in /by

I Con the Record has just released a bunch of new documents, showing how (according to Ellen Nakashima) Sprint challenged a dragnet order, and in response got to see the FISA Court opinions authorizing the program. (Well, not really the telecom opinion; rather they mostly authorize the PRTT program.)

The official story goes like this:

In early 2009, Sprint received an order saying that all customer call records had to be turned over to the government, current and former officials said. Over the summer and fall, the company’s executives met several times with Justice Department officials to understand how Section 215, which compelled companies to turn over records relevant to investigations, could be used to mandate the transfer of all call records.

Dissatisfied with their answers, Sussmann, the Sprint attorney, wrote a detailed petition to challenge the order. In late 2009, shortly before the petition was to be filed, Robert S. Litt, the top intelligence official for the U.S. intelligence community, pressed officials to provide the legal rationale to the company, according to a former administration official.

Intelligence officials then furnished several court rulings, in particular, a 2004 opinion written by Colleen Kollar-Kotelly, then chief judge of the surveillance court, according to the documents released Wednesday. While the opinion related to the collection of e-mail addressing information, the legal rationale was identical.

But there are a few more details I find exceedingly interesting.

First, here’s what the government declassified in response to Sprint’s challenge:

  • Colleen Kollar-Kotelly’s July 24 [14], 2004 opinion (the government is only now admitting the date)
  • Response to Orders for Additional Briefing (it’s unclear whether this is PRTT or phone dragnet, but given the order, I’m guessing PRTT)
  • Opinion (again, it’s unclear whether this is PRTT or phone dragnet)
  • The original application for the dragnet, including all exhibits, and the original dragnet order (note, we’ve not seen all the exhibits)
  • The application, including all exhibits, the Primary Order, and Reggie Walton’s supplemental order finding the phone dragnet did not violate ECPA

That is, not only the opinions authorizing the “relevant to” bullshit used to justify the program, but also the opinion stating that the dragnet did not violate ECPA.

And here’s the other thing I find so interesting. The motion to unseal the records is dated January 7, 2010. The motion for more time, the order granting it, and the order approving the unsealing of the records were all dated January 8, 2010.

January 8, 2010, January 8, 2010, January 8, 2010.

On January 8, 2010, DOJ’s OLC issued an order finding that ECPA permitted telecoms to hand over toll records to the government voluntarily for certain kinds of investigations. OLC wrote that opinion because DOJ Inspector General Glenn Fine had been investigating National Security Letters (and, oh by the way, Section 215) for years, and found big problems, at least, with the paperwork FBI handed 3 telecoms who were living onsite at FBI. We found out about the order almost immediately, when Fine issued his report later that month.

I’ve long suspected that Reggie Walton only considered the ECPA question both because of Fine’s ongoing NSL investigation but, probably, also because of whatever conclusions Fine drew in his examination of the illegal wiretap program (I suspect FISC only considered financial records for the same reason, Fine’s 215 investigation in 2010) and potentially his ongoing investigations of Section 215.

And now we know that just as Fine was raising real questions about the legality of the incestuous record-sharing the government and the telecoms had been engaged in for years (one that’s about to start again with the new “reformed” dragnet), Sprint not only demanded the underlying records authorizing the dragnet, but even the supplemental opinion finding the dragnet didn’t violate ECPA.

Here’s what I wrote 4 years ago about that OLC opinion.

  • As I will explain at length later, this OLC opinion may not relate exclusively to the use of exigent letters, not least because Inspector General Glenn Fine appears worried the FBI will use it prospectively, not just to retroactively rationalize abuses from the past.
  • Fine appears to disagree whether the FBI has represented what it was doing with exigent letters honestly in its request for an opinion to the OLC. This is at least the second time they have done so, Fine alleges, in their attempts to justify these practices. In this case, the dispute may pertain to whose phone records they were, what was included among them, and whether they pertained to an ongoing investigation.
  • My guess is that the OLC opinion addresses whether section 2701 of the Stored Communications Act allows electronic communication providers to voluntarily provide data to someone above and beyond the narrow statutory permission to do so in 2702 and 2709 of the Act.
  • Whatever the loophole FBI is exploiting, it appears to be a use that would have no protections for First Amendment activity, no requirement that the data relate to open investigations, and no minimization or reporting requirements. That is, through its acquisition of this OLC opinion, the FBI appears to have opened up a giant, completely unlimited loophole to access phone data that it could use prospectively (though the FBI claims it doesn’t intend to). Much of Fine’s language here is an attempt to close this loophole.

In January, EFF lost its bid to obtain that memo in the DC Circuit.

Now, what are the chances that Sprint also didn’t get a looksee at the OLC memo authorizing not just what the FISC had approved, but also the violative Section 215 collection that had been in place until early 2009?

What are the chances that that OLC opinion, dated January 8, 2010 and pertaining to ECPA, is unrelated to the decision to declassify the FISC opinion assessing whether the phone dragnet violated ECPA?