FISA Archives - Page 67 of 179

Wyden and Udall Accuse DOJ of Misleading SCOTUS about Upstream Even as NSA Misleads NDCA about Upstream

May 14, 2014/13 Comments/in FISA /by emptywheel

As Charlie Savage reported this morning, Senators Ron Wyden and Mark Udall continue their ceaseless efforts to get NSA and DOJ to tell the truth. They (along with Martin Heinrich) wrote a letter to DOJ in November complaining about representations made in the Amnesty v. Clapper case. DOJ responded. And now Wyden and Udall have just written another response.

In addition to complaining about the government’s notice to defendants, Wyden and Udall claim DOJ improperly hid Section 702 upstream collection from SCOTUS by claiming the Amnesty plaintiffs could only be swept up in the dragnet if they communicated with a target.

These statements — if taken at face value — appear to foreclose the possibility of collection under section 702 intercepting any communications that are not to or from particular targets. In other words, the Justice Department indicated that communications that are merely “about” a target would not be collected. But recently declassified court opinions make it clear that legitimate communications about particular targets can also be intercepted under this authority. Since this fact was classified at the time, the plaintiffs did not raise it, but in our view this does not make these misleading statements acceptable.

The Justice Department’s reply also states that the “about” collection “did not bear upon the legal issues in the case.” But in fact, these misleading statements about the limits of section 702 surveillance appear to have informed the Supreme Court’s analysis. In writing for the majority, Justice Alito echoed your statements by the Court by stating that the “respondents’ theory necessarily rests on their assertion that the Government will target other individuals — namely their foreign contacts.” This statement, like your statements, appears to foreclose the possibility of “about” collection.

[snip]

[W]hile the Justice Department may claim that the Amnesty plaintiffs’ arguments would have been “equally speculative” if they had referenced the “about” collection, that should be a determination for the courts, and not the Justice Department, to make.

After laying this out, they conclude by accusing the Executive of making “misleading statements to the public, Congress and the courts.”

They don’t name all the Courts, though.

They might want to start collecting a list of all the courts DOJ and NSA have lied to, though. Because even as the Senators and DOJ were having this squabble in DC, NSA was continuing to misinform courts on the other side of the country.

Consider how then Acting NSA Deputy Director Frances Fleisch described upstream collection — and the collection of entirely domestic communications that FISC deemed illegal — in a then-sealed declaration in the EFF Jewel case submitted 4 days before DOJ responded to the Senators.

Once a target has been approved, the NSA uses two means to acquire the target’s electronic communications. First, it acquires such communications directly from compelled U.S.-based providers. This has been publicly referred to as the NSA’s PRISM collection. Second, in addition to collection directly from providers, the NSA collects electronic communications with the compelled assistance of electronic communications service providers as they transit Internet “backbone” facilities within the United States.

[snip]

In an opinion issued on October 3, 2001, the FISC found the NSA’s proposed minimization procedures as applied to the NSA’s upstream collection of Internet transactions containing multiple communications, or “MCTs,” deficient. In response, the NSA modified its proposed procedures and the FISC subsequently determined that the NSA adequately remedied the deficiencies such that the procedures met the applicable statutory and constitutional requirements, and allowed the collection to continue.

That is, Fleisch doesn’t even hint that the problem on which Bates ruled — the MCTs — consisted of entirely domestic communications unrelated to those mentioning the “about” selector. She doesn’t even hint that in addition to those MCTs, upstream collection also includes over 4 times as many completely domestic communications — SCTs — as well. She doesn’t reveal that John Bates threatened NSA with sanctions over distributing illegally collected domestic person content. And all of these issues are central to the Jewel complaint, which has always focused on telecoms collecting US person content at circuits. (I believe earlier declarations to NDCA were even more incomplete or downright dishonest on this issue, though will need to show that in a later post.)

In fact, EFF complained about this omission its response to the government’s declarations, noting that upstream about collection is precisely what whistleblower Mark Klein revealed back in 2006.

Public disclosures over the past six months, however, provide substantially more information about these collection practices than the government’s passing references. In particular, the government has publicly released an opinion of the FISC confirming that “‘upstream collection’ refers to the acquisition of Internet communications as they transit the ‘internal backbone’ facilities” of telecommunications firms, such as AT&T. Mem. Op. at 26, Redacted, No. [Redacted] (FISC Sep. 25, 2012) (emphasis added) (Ex. 1).

[snip]

These descriptions of upstream Internet surveillance are functionally identical to the surveillance configuration described by the [Mark] Klein evidence: a system designed to acquire Internet communications as they flow between AT&T’s Common Backbone Internet network to the networks of other providers.

The FISA Court ruled that NSA had been breaking the law and violating the Constitution for at least 3 years leading up to the 2011 decision. And neither DOJ nor NSA have bothered telling courts ruling on the legality of the program about that fact.

It’s pretty impressive that the Executive can mislead courts about the same subject in so many places at once.

But I guess that’s just the flip side of an omnipresent spying agency, that it can also serve as an omnipresent lying agency.

The Phone Dragnet Adopted “Selection Term” by 2013

May 14, 2014/3 Comments/in FISA /by emptywheel

As I laid out last week, I’m not convinced the term “specific selection term” is sufficiently narrowly defined to impose adequate limits to the “reformed” Section 215 (and NSL and PRTT) programs. Here’s how the House defined it:

SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

That said, as I also noted, the motion to amend January’s primary order used the term to refer to the query term, which may suggest my concerns are unfounded.

I’ve looked further, and the amendment’s use of the term was not new in the phone dragnet.

In fact, the phrase used to refer to the query subject changed over the course of the dragnet. The first Primary Order authorized the search on “particular known phone numbers.” That usage continued until 2008, when Primary Order BR 08-08 introduced the term “particular known identifier.” A completely redacted footnote seems to have defined the term (and always has). Significantly, that was the first Primary Order after an August 20, 2008 opinion authorized some “specific intelligence method in the conduct of queries (term “searches”) of telephony metadata or call detail records obtained pursuant to the FISC’s orders under the BR FISA program.” I think it highly likely that opinion authorized the use of correlations between different identifiers believed to be associated with the same person.

The September 3, 2009 Primary Order — the first one resuming some normality after the problems identified in 2009 — references a description of identifier in a declaration. And the redaction provides hints that the footnote describing the term lists several things that are included (though the footnote appears to be roughly the same size as others describing identifier).

The Primary Orders revert back to the same footnote in all the orders that have been released (the government is still withholding 3 known Primary Orders from 2009). And that continued until at least June 22, 2011, the last Primary Order covered by the ACLU and EFF FOIAs.

But then in the first Primary Order after the 2011-2012 break (and all Primary Orders since), the language changes to “selection term,” which like its predecessor has a footnote apparently explaining the term — though the footnote is twice as long. Here’s what it looks like in the April 25, 2013 Primary Order:

The change in language is made not just to the subject of queries. There’s a paragraph in Primary Orders approving the use of individual FISA warrant targets for querying (see this post for an explanation) that reads,

[Identifiers/selection terms] that are currently the subject of electronic surveillance authorized by the Foreign Intelligence Surveillance Court (FISC) based on the FISC’s finding of probable cause to believe that they are used by agents of [redacted] including those used by U.S. persons, may be deemed approved for querying for the period of FISC-authorized electronic surveillance without review and approval by a designated approving official.

The change appears there too. That’s significant because it suggests a use that would be tied to targets about whom much more would be known, and in usages that would be primarily email addresses or other Internet identifiers, rather than just phone-based ones. I think that reflects a broader notion of correlation (and undermines the claim that a selection term is “unique,” as it would tie the use of an identity authorized for Internet surveillance to a telephone metadata identifier used to query the dragnet).

Finally, the timing. While the big gap in released Primary Orders prevents us from figuring out when the NSA changed from “identifier” to “selection term,” it happened during the same time period when the automated query process was approved.

This may all seem like a really minor nit to pick.

But even after the language was changed to “selection term” on Primary Orders, top intelligence officials continued to use the term “identifier” to describe the process (see the PCLOB hearing on Section 215, for example). The common usage, it seems, remains “identifier,” though there must be some legal reason the NSA and DOJ use “selection term” with the FISC.

It also means there’s some meaning for selection term the FISA Court has already bought off on. It’s a description that takes 15 lines to explain, one the government maintains is still classified.

And we’re building an entire bill off a vague 17-word definition without first learning what that 15-line description entails.

Verizon Loves Dragnet Reform

May 13, 2014/2 Comments/in FISA /by emptywheel

If there was any doubt that Verizon was the source of some of the difficulties behind the phone dragnet, this may address them.

Verizon supports the bipartisan USA Freedom Act because it will achieve the important goals of ending Section 215 bulk collection of communications data, heightening privacy protections and increasing transparency. We thank the House Intelligence and Judiciary Committees for taking this bipartisan approach and look forward to working with the House and Senate leadership, along with the White House, to address remaining issues and enact the USA Freedom Act into law this year.

I’m curious what transparency Verizon thinks this adds — unless it means it can start reporting its real numbers?

Jim Sensenbrenner Seems to Endorse Two Times Two Hops

May 12, 2014/2 Comments/in FISA /by emptywheel

I’m working on a larger post about a theory I have about the Internet dragnet. But while working on that, I noticed that in 2009 the government admitted that it had used the Internet dragnet, like the phone dragnet, to contact chain on US emails that were connected with suspect emails, but which had not themselves found to be suspicious (or tied to a foreign power).

This practice involved an analyst running query using as a seed “a U.S.-based e-mail account” thta had been in direct contact with a properly validated seed account, but had not itself been properly validated under the RAS approval process. [redacted] Response at 2-3. When he granted renewed authorization for bulk PR/TT surveillance on [redacted], Judge Walton ordered the government not to resume this practice without proper Court approval. See Docket No. PR/TT [redacted] Primary Order issued [redacted] at 10.

In its response, the government also described an automated means of querying, which it regarded as consistent with the applicable PR/TT orders. This form of querying involved the determination that an e-mail address satisfied the RAS standard, but for the lack of a connection to one of the Foreign Powers (e.g., there were sufficient indicia that the user of the e-mail address was involved in terrorist activities, but the user’s affiliation with a particular group was unknown).

[snip]

In the event that such an e-mail address was in contact with a RAS-approved seed-account on an NSA “Alert List,” that e-mail address would itself be used as a seed for automatic querying, on the theory that the requisite nexus to one of the Foreign Powers had been established.

Up until 2009, the government was blithely extending the chaining process by declaring US person targets new seeds and chaining from there.

I raise this because the NSA has been struggling, unsuccessfully, since 2009 to resume it’s alert function(s). It may be that’s one reason why NSA embraced outsourcing data retention to the telecoms.

And because, in effort to defeat a Zoe Lofgren amendment at least Wednesday’s markup of the Jim Sensenbrenner seemed to endorse this derivative hop process.

Lofgren’s amendment would have added language limiting upstream collection to that which involved the target of the acquisition.

Lofgren. Mr. Chairman, I believe that this amendment fixes a loophole that was created by the FISA court in its November 2011 decision that is now in the public arena. The amendment clarifies that the government can only use selectors to collect information to or from the target of an authorized investigation. Under the current law, as blessed by the FISA court, NSA is using 702 authority to collect communications that are to, from, or even about a foreign intelligence target so long as these communications are believed not to be wholly between U.S. persons. Now, the USA Freedom Act did not address this loophole, and actually the original PATRIOT Act did not either, this is a court-constructed document, but it allows false positives, and intentional use of vague about criteria could be used to lead to massive collection of U.S. persons’ communication. This amendment would prevent that adverse outcome by limiting the selectors to target and collect communications only when one of the parties to that communication is the target of an authorized investigation.

Sensenbrenner’s response was, at first, on point, claiming that the prohibition targeting that has reverse targeting as a purpose of the acquisition at all.

But then he went into this language about Section 215, a totally different part of FISA.

Sensenbrenner: Say there is a section 215 order that is aimed at a target, it goes two hops and on the second hop, there is a U.S. person who is not at the time of the second hop a target of an authorized investigation. What this amendment does is limits adding that person to a target of an authorized investigation and going the two hops from that. Now, a lot of these conspiracies are more than two hops. But I don’t think that if there is a reasonable suspicion that if it goes for more than two hops that we ought to preclude, finding out who those people are talking to in the furtherance of their plot.

In it, he seemed to say that NSA must be able to declare US person selection terms new RAS approved seeds without having enough evidence to declare them a target of an investigation. But in the process, he seemed to envision derivative seeds, the addition of new US person seeds off of existing contact chains.

Which sounds a lot like the old alert process that FISC ruled improper in 2009 (although this would presumably require a new FISC review).

My theory about the dragnet may explain a bit more about why Sensenbrenner seemed to offer such an inapt argument against Lofgren’s memo (and why Lofgren’s warnings that upstream collection can easily become the new dragnet).

But for the moment, note that Sensenbrenner at least seems to envision the 2 hops permitted by his bill could, in turn, become two more hops without any more reasonable basis for suspicion.

About HR 3361, the NSA Surveillance Efficiency Act, AKA USA Freedom Act

May 10, 2014/9 Comments/in FISA /by emptywheel

The House Intelligence Committee passed a bill out of its committee Thursday, HR 3361, that will reportedly solve a problem (or problems) the NSA has been struggling with since 2009. The bill will now move to the full House for a vote.

The public — and surely a great majority of members of Congress — have no idea precisely what problem this bill will solve is: planted leaks suggest it has to do with difficulties dealing with cell phone records, perhaps because they include location data. If that is part of the problem, then it’s a fairly recent development, perhaps arising after US v. Jones raised new concerns about the legality of collecting location data without a warrant. There’s also the presumably-related issue of an automated query function; NSA has been struggling to resume that function since its alert function got shut down as a legal violation in 2009. The ability to tie multiple identities from the same person together as NSA runs those alerts may be a related issue.

The bill has not been reported as a fix for NSA’s long-term legal and technical struggles (though LAT’s Ken Dilanian has asked why civil liberties groups are so happy about this given that it will expose more data to NSA collection). Rather, it has been called the USA Freedom Act and reported as a reform of the phone dragnet program, a successful effort to “end” “bulk collection.”

The bill does have the critically important effect of ending the government’s practice of collecting and storing some significant portion of all US call records, beyond whatever US person call records it collects overseas. That, by itself, is the equivalent of defusing a nuclear bomb. It is a very important improvement on the status quo.

It remains entirely unclear — and unexamined, as far as I can tell — whether the bill will increase or decrease the number of entirely innocent Americans who will be subjected to the full range of NSA’s analytical tradecraft because they got swept up based on the guilt by association principle behind contact-chaining, or whether the bill will actually expose more kinds of US person records to the scrutiny of the NSA.

The bill the press is calling USA Freedom Act may also — though we don’t know this either — have the salutary benefit of changing the way the NSA currently collects data under other Section 215, Pen Register, and NSL collection efforts. The bill requires that all Section 215 (both call record and otherwise), Pen Register, and NSL queries be based on a specific selection term that remains vaguely defined (a definition the House Intelligence Committee considered eliminating before Thursday’s hearing). But it remains unclear how much that rule — even ignoring questions about the definition — will limit any current practices. At Wednesday’s hearing Bob Goodlatte said the bill “preserves the individual use of Section 215 under the existing relevancy standard for all business records,” and at least for several NSL authorities, the new “restrictions” almost certainly present no change (and another NSL authority, the Right to Financial Privacy Act, uses the same “entity” language the bill definition does, suggesting it is unlikely to change either). Plus, at least according to DOJ’s public claims and court filings, it ended the bulk domestic collection under PRTT in 2011. So the language “ending” “bulk collection” may do no more than make it harder for FBI to construct its own phone books of phone company and ISP subscribers using NSLs, if it does even that.

What the bill doesn’t do — because this part of the bill was stripped as part of the compromise — is provide the Intelligence Community’s oversight committees detailed reports of what kind of records the government obtains under Section 215 (and for what agencies), and how many Americans are subject to all the FISA authorities, including Section 215. That is, the compromise eliminated the one thing that could measure whether the bill really did “end” “bulk collection” as you or I would understand it. In its stead, the bill largely codifies an existing reporting agreement that AT&T has already demonstrated to be completely deceptive. In Wednesday’s hearing, Zoe Lofgren called provider reporting “the canary in the coal mine” the committee would rely on to understand what collection occurred.

So this bill that “ends” “bulk collection” still prevents us, or even the oversight committees working in our name, from learning whether it does so.

It does, however, have some interesting features, given its other purpose of solving one or more challenges facing the NSA.

The first of those is immunity.

No cause of action shall lie in any court against a person who produces tangible things or provides information, facilities, or technical assistance pursuant to an order issued or an emergency production required under this section.

This is another part of the bill the underlying reasons for which the public, and probably much of Congress, doesn’t understand. At one level, it seems to immunize the process that may have telecoms playing a role the NSA previously did, analyzing the data; it may also pertain to providing NSA access to the telecoms’ physical facilities. But given the background to the move to telecoms — NSA’s legal-technical problems dealing with cell phone data because it ties to location — it is possible the immunity gives the telecoms protection if they use but don’t turn over data they have already, such as location data or even Internet metadata, to perform the interim analysis.

Consider how the bill describes the call record query process.

[T]he Government may require the production of call detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using the results of the production under subclause (I) as the basis for production;

So a 2-hop query goes from a “specific selection term” to “the results of the production” to the “call detail record” handed over to the government. While the definition of call detail records clearly prohibits the final production to the government of either content or cell location, nothing in this process description prevents the telecoms from using such things (most Internet metadata is legally content to the telecoms) in that interim hop; indeed, the “results of the production under subclause (I)” available to the telecoms almost certainly would include some of this information, particularly for smart phones. We know the Hemisphere program (the AT&T-specific program for the DEA) uses cell location in its analysis. Remember, too, how NSA is gobbling up smart phone data (including things like address books) in overseas programs; this may permit analysis of similar data — if not collection of it — domestically. So at the very least, this scheme seems to give the NSA access to cell location and possibly a whole lot more data for analysis they otherwise couldn’t get (which David Sanger’s sources confirm).

And consider two more details from Wednesday’s House Judiciary hearing. At it, Lofgren repeated a list of business records the government might obtain under Section 215 she got Deputy Attorney General James Cole to confirm at an earlier hearing. It includes:

ATM photos
location where phone calls made
credit card transactions
cookies
Internet searches
pictures captured by CCTV cameras

So long as the word “entity” in the definition of specific selection term remains undefined, so long as FISC precedents permit the tapping of entire circuits in the name of collecting on an entity, the government may still be able to collect massive amounts of this data, not actually targeted at a suspect but rather something defined as an entity (in both the existing 215 program and the new call records one the bill retains the “relevant to” language that has been blown up beyond meaning).

Finally, consider what happened with Lofgren’s last attempted amendment. After having submitted a number of other failed amendments, Lofgren submitted an amendment to fix what she called an inadvertent error in the manager’s amendment specifically prohibiting the collection of content under Section 215.

I believe this amendment fixes — at least I hope — an error that was created in the manager’s amendment that I cannot believe was intended. As you know we have specified that the content is not included in business records. This amendment clarifies that business records do not include the content of communication. We specify that in the new section about call detail records, but but the specification that content was not included somehow got dropped out of the business records section. It was included in your original bill but it didn’t make it into the manager’s amendment. I think this amendment clarifies the ambiguity that could be created and I hope it was not intentional.

This is a problem I pointed out here.

Almost without missing a beat after she introduced this, Jim Sensenbrenner recessed the hearing, citing votes. While there were, in fact, votes, Luis Pierluisi (who cast the decisive vote in favor of an amendment to redefine counterintelligence) and possibly Lofgren got a lecture at the break about how any such amendments might blow up the deal the Committee had with Mike Rogers and HPSCI. After the break, Lofgren withdrew the amendment, expressing hope it could be treated as a clerical fix.

That purported error was not fixed before HPSCI (which explicitly permitted the collection of content under its bill) voted out the bill.

Perhaps it will be “fixed” before it comes to the floor.

But if it doesn’t, it may expand (or, given Lofgren’s stated concerns about what records Section 215 might cover, sustain) the use of Section 215 to collect content, not just metadata. Imagine the possibility this gets yoked to expanded analysis at telecoms under the new CDR program?

We don’t know. This bill has gotten past two committees of Congress (we didn’t get to see any of the debate at HPSCI) without these details becoming clear. But the questions raised by this bill when you consider it as the fix to one or more problems the NSA has been struggling with, it does raise real questions.

Again, I don’t want to make light of the one thing we know this bill will do — take a database showing all phone-based relationships in the country out of NSA’s hands. That eliminates an intolerably risky program. That is an important fix.

But that shouldn’t lead us to ignore the potential expansion of spying that may come with this bill.

Will the Dragnet Reform Criminalize Ordering Pizza?

May 7, 2014/8 Comments/in FISA /by emptywheel

There are two major problems with the phone dragnet, as it currently exists.

First, the government has a database of all the phone-based relationships in the United States, one they currently (as far as we know) do not abuse, but one that is ripe for unbelievable abuse.

But there is current abuse going on. The dragnet takes completely innocent people who are three (now two) degrees of separation from someone subjected to a digital stop-and-frisk, a very low standard, and puts them (by dint of at least one communication with someone who communicated with someone who might be suspicious) into the NSA’s analytical maw. Permanently. Those people can have their multiple IDs connected, including any online searches NSA happened to injest, they can be subjected to data mining, by dint of those conversations, they apparently can even have the content of their communications accessed without a warrant, they might even be targeted to become informants using the data available to NSA.

This may well be the digital equivalent of J Edgar Hoover’s subversives list, a collection of people who will always be subject to heightened scrutiny, including unbelievably invasive digital analysis, because of a three degree association years in the past.

According to PCLOB’s estimate, as many as 120 million people may have been — may still be! — subjected for this treatment.

Discussions of whether the House Judiciary and Intelligence Committee bills “reforming” the dragnet really fix it have almost entirely ignored this second abuse, the innocent people who will be subjected to the “full range of NSA’s analytical tradecraft” merely because of a potentially completely innocent association.

There are things that should be done — whether in the current dragnet or the “reformed” one — to mitigate this abuse. Those data ought to age off, which they currently don’t (and won’t, under the new program, as currently described). That analysis ought to be subject to audits, which they’re not currently. The FISC ought to get some sense of what happens in this corporate store, which it’s not clear it currently has. Criminal defendants ought to have some visibility into whether their prosecutions stemmed from such analysis.

But there are also things — as Congress crafts a dragnet replacement — that can affect the sheer number of new people who will be thrown into the corporate store, into NSA’s analytical pool. And those things have a lot to do with how this new scheme deals with what is called “data integrity.”

As I have written repeatedly, the number of results NSA (or the telecoms, under the new system) will get under a particular query depends on how many noisy numbers — things like telemarketers, voice mail numbers, and pizza joints — remain in the collection. As Jonathan Mayer showed, even in his 300 person dataset that included just 2 people who had ever called each other, 17% were connected at the second hop through T-Mobile’s voice mail number.

In spite of the fact that just 2 of its participants had called each other, the fact that so many people had called T-Mobile’s voicemail number connected 17% of participants at two hops.

Already 17.5% of participants are linked. That makes intuitive sense—many Americans use T-Mobile for mobile phone service, and many call into voicemail. Now think through the magnitude of the privacy impact: T-Mobile has over 45 million subscribers in the United States. That’s potentially tens of millions of Americans connected by just two phone hops, solely because of how their carrier happens to configure voicemail.

And from this, the piece concludes that NSA could get access to a huge number of numbers with just one seed.

But our measurements are highly suggestive that many previous estimates of the NSA’s three-hop authority were conservative. Under current FISA Court orders, the NSA may be able to analyze the phone records of a sizable proportion of the United States population with just one seed number.

We know NSA currently does significant work to pull those noisy numbers via a “data integrity” process both before new data is used for contact chaining and as new numbers are identified as “high volume numbers.” While we don’t get to assess the efficacy of that process, it can make the difference between hundreds of millions of Americans getting thrown into the NSA’s analytical pool, or just tens of thousands. But as the contact-chaining process gets outsourced to the telecoms, the question becomes more pressing.

As I see it, there are three possible ways this function might be done going forward:

The telecoms do an initial sort of high volume numbers, taking out voice mail box and telemarketer calls, then pass the data onto NSA, which does a secondary sort to pull out things like pizza joints (which NSA might want to keep in the data set, but suppress in contact chaining until they have evidence a pizza joint might be a key hub in a terrorist attack). This plays to existing telecom strengths (most likely do similar analysis on their own use of the data now), but doesn’t require they make what are analytical intelligence decisions. Even though this is likely the best solution, it still means many completely innocent Americans may be subject to NSA’s analysis because they ordered pizza.
The telecom does all the data integrity analysis, identifying all the high volume numbers. This would result in the fewest number (but still intolerably too many) of innocent Americans being dumped into NSA’s pot. But it would also turn the telecoms into an arm of US intelligence (well, even more than they already are!), because they’d be in the position of making analytical judgments about what data is useful for NSA’s intelligence purposes. Which may be one of the reasons the telecoms seem to be demanding immunity, again.
NSA does the data integrity analysis at the telecoms, as seems to be envisioned by the HPSCI bill. This might achieve the current status quo, borrowing on 8 years of experience to strike the right balance. But it would also present the intolerable condition of NSA employees or contractors accessing and analyzing the raw data of private communications providers at the providers’ locales.

“Specific Selection Term:” Still Not Convinced

May 6, 2014/2 Comments/in FISA /by emptywheel

While I was squawking about how Jim Sensenbrenner issued a manager’s amendment (aka USA Freedumb) purporting to end bulk collection by tying everything to a “specific selection term” without defining what “specific selection term” meant, the House Judiciary Committee released an updated version of the bill defining the term.

(2) SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.’

All the relevant invocations of the term now refer back to this definition.

The language not only doesn’t convince me this bill works, I think it validates my concern about the bill.

That’s because the word “entity” is already too loosely defined. Is this like the definition of the entity that struck us on 9/11 that Presidents have expanded anachronistically? Al Qaeda = AQAP = al-Nusra?

And in just about every case imaginable — an entity’s phone numbers, its bank accounts, its email addresses (though perhaps not domain name and IP) — there is a necessary translation process between the entity and the selector(s) that would be used for a search.

That this translation happens shows up in some of the invocations of “specific selection term” where they say the “specific selection term” will be used as a “basis” for selecting what to actually search on, as with the Pen Register section.

(3) a specific selection term to be used as the basis for selecting the telephone line or other facility to which the pen register or trap and trace device is to be attached or applied; and’

Al Qaeda is not the name of the telephone line (or facility, which itself has been an invention used to conduct bulk collection in the name of a specific selector).

This “basis for” language shows up even with the NSL language.

COUNTERINTELLIGENCE ACCESS TO TELEPHONE TOLL AND TRANSACTIONAL RECORDS.—Section 2709(b) of title 18, United States Code, is amended in the matter preceding paragraph (1) by striking ‘‘may’’ and inserting ‘‘may, using a specific selection term as the basis for a request’’.

If the bill just required account identifiers or eliminated that “as a basis for” language, it might work. But as it is, that “as a basis for” involves analysis that also involves the possibility of using far different — and far broader — terms for the actual queries. (And it’s not clear — at least not to me — where and whether judges would get to approve this translation process.)

But you don’t have to take my word for it. You can look at a program that relied on “specific selection terms” “as a basis for” unbelievably vast collection.

The phone dragnet program.

In every single phone dragnet order, there’s a section that says records may only be searched if they’ve been associated with particular entities. Here’s the first one:

NSA Destroyed Its Illegal Content-as-Metadata Data in 2011

May 6, 2014/10 Comments/in FISA /by emptywheel

The government released a bunch more documents in its several legal battles with EFF today. One of those is the newly-declassified declaration SID Director Theresa Shea submitted back in March about how difficult it would be to retain the phone dragnet data relevant in EFF’s phone dragnet suit, First Unitarian.

There are a number of interesting things in the declaration (including probably outdated claims about NSA’s efforts to roll out a new architecture integrating Section 215 data in with the rest of the dragnets). But I find this revelation quite interesting.

The NSA’s collection of bulk Internet metadata transitioned to FISC authority under section 402 of FISA in July 2004. Until December 2009, these data were subject to the FISC’s orders to a 4.5-year retention limit, after which, pursuant to a change in the FISC orders, these data could be retained for up to five years. In December 2011, the Government decided not to seek FISC reauthorization of the NSA’s bulk collection of Internet metadata because the program had not met operational expectations. Because the NSA did not intend thereafter to use the Internet metadata it had retained for purposes of producing or disseminating foreign intelligence information, in keeping with the principle underlying the destruction requirements by the FISC, the NSA destroyed the remaining bulk Internet metadata in December 2011.

Poof! Proof of at least 2.5 years (figuring 2007 to October 2009; there should be a gap after that, followed by what I assume is a period of legal but not very useful data) of illegal collection of US person content in the US, gone!

Mind you, I’m glad they’re not sitting on all our Internet content-as-metadata anymore, but I do find it interesting they’ve destroyed the evidence of their crime.

USA Freedumb Act and RuppRoge Both Adopt Intelligence Community Definition of “Bulk Collection”

May 6, 2014/1 Comment/in FISA /by emptywheel

Update: An updated version of the Managers Amendment does define the term:

(2) SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

This is far better than nothing. Though I have concerns about “entity” and I suspect there will be some pushback here, since not even phone numbers “uniquely describe a person,” much less IPs. (Update: see my post on my concerns about the definition.)

As I noted in this post, USA Freedumb Act (what I’ve renamed the compromised USA Freedom Act) purports to limit bulk collection by tying all collection to specific selection terms. It does this for Section 215.

No order issued under this subsection may authorize the collection of tangible things without the use of a specific selection term that meets the requirements of subsection (b)(2).

It does it for Pen Register/Trap and Trace.

(3) a specific selection term to be used as the basis for selecting the telephone line or other facility to which the pen register or trap and trace device is to be attached or applied;

And it does for all four NSL types, as here with call records under ECPA.

COUNTERINTELLIGENCE ACCESS TO TELEPHONE TOLL AND TRANSACTIONAL RECORDS.—Section 2709(b) of title 18, United States Code, is amended in the matter preceding paragraph (1) by striking ‘‘may’’ and inserting ‘‘may, using a specific selection term as the basis for a request’’.

In fact, that’s the same mechanism RuppRoge (the House Intelligence Committee’s bill) uses to prevent bulk collection — though it limits bulk collection for fewer categories of things.

It does so for electronic communications records.

Notwithstanding any other provision of law, the Federal Government may not acquire under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) records of any electronic communications without the use of specific identifiers or selection terms.

And it does so for sensitive business records.

Notwithstanding any other provision of law, the Federal Government may not acquire under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) library circulation records, library patron lists, book sales records, book customer lists, firearm sales records, tax return records, education records, or medical records containing information that would identify a person without the use of specific identifiers or selection terms.

And this limitation, both bills proclaim, will prevent bulk collection.

Neither bill defines what they mean by selection term or specific identifier.

Before I consider whether these bills will, in fact, prevent what you and I might consider bulk collection, note what has happened: both of these bills — the crappy Intelligence Committee wish list bill and the allegedly less crappy “reform” bill — have adopted the definition of “bulk collection” used by the notoriously Orwellian Intelligence Community.

This is perhaps best explained in Obama’s President’s Policy Directive on surveillance.

References to signals intelligence collected in “bulk” mean the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).

Now, we’re at a huge disadvantage to be able to assess whether this definition of bulk collection bears any resemblance to what ordinary humans might understand bulk collection to mean, because the government is being very disingenuous about what they claim it to mean.

The government often publicly claims selectors are things “like telephone numbers or email addresses,” as they did repeatedly at the last PCLOB hearing.

I can assure you, however, that when they refer to “selectors like email or telephone,” they’re downplaying their use of things like other IDs (phone handset and SIM card IDs, credit card numbers, Internet IDs or even passwords, IP address, and site cookies). And nothing in the definition says selection terms have to have anything to do with actual people (as the evidence they use malware code as a selector would indicate). Plus, I could envision many things — such as “Area Code 202” or “Western Union transfers over $100” — that would seem to qualify as selection terms.

But we can measure whether limits to selectors or search terms prohibits bulk collection via another means — by looking at the program about which we’ve gotten most details on selector searches: upstream 702 collection.

While we can’t assess how many “innocent” Americans get sucked up in this purportedly non-bulk collection (and I doubt NSA can either!), we do have an idea how many American communications get sucked up who shouldn’t according to the one-end foreign rule on the collection.

Up to 56,000 American communications a year, according to FISC Judge John Bates’ estimate (because the NSA refused to provide him the real numbers).

56,000 American communications that should not, under the law, have been targeted, sucked up using “identifiers” and “selection terms.”

And the government doesn’t consider that bulk collection at all.

That, my friends, is the standard two different Committees in Congress have adapted as well, doing the intelligence community’s bidding, claiming they’ve solved the bulk collection problem.

Section 215, Under USA Freedumb

May 6, 2014/6 Comments/in FISA, PATRIOT /by emptywheel

This post attempts to do more than lay out how Section 215 will look if USA Freedumb were to pass in its current form. For sections that don’t change, I just mark what they cover. Bolded text is new. My comments are in red. Please let me know if I’ve missed anything.

Update: An updated version of the Managers Amendment does define the term specific selection term:

(2) SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

(a) APPLICATION

(b) Recipient and contents of application
Each application under this section—

(1) shall be made to—
(A) a judge of the court established by section 1803 (a) of this title; or

(B) a United States Magistrate Judge under chapter 43 of title 28, who is publicly designated by the Chief Justice of the United States to have the power to hear applications and grant orders for the production of tangible things under this section on behalf of a judge of that court; and

(2) shall include—

(A) a specific selection term to be used as the basis for the production of the tangible things sought;

Unless I’m mistaken, the term “selection term” is never defined in this bill, nowhere, in spite of the fact that this section and several others rely on it. I can assure you the intelligence community already goes far beyond the email address and phone number they claim to use. And think how broad this could be, without specific limitations. Is there anything preventing “selection term” to be “Area Code 202”? And once you’re talking financial records, what prevents “specific selection term” to be “pressure cooker purchased with a credit card” or “Western Union transfer over $100”?

(B) in the case of an application other than an application described in subparagraph (C), a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, such things being presumptively relevant to an authorized investigation if the applicant shows in the statement of the facts that they pertain to—

(i) a foreign power or an agent of a foreign power;

(ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or

(iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation;

(C) in the case of an application for the production of call detail records created on or after the date of the application, a statement of facts showing that—

Note that this language limits prospective collection to call detail records, not Internet data. That is one key improvement over RuppRoge — though see my comments below about how this might be gamed.

(i) there are reasonable grounds to believe that the call detail records sought to be produced based on the specific selection term required under subparagraph (A) are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to protect against international terrorism; and

(ii) there are facts giving rise to a reasonable, articulable suspicion that such specific selection term is associated with a foreign power or an agent of a foreign power; and

This is where the bill purportedly limits ongoing production to terrorist investigations. But remember how this “relevant to” term has blown up to include anything that could possibly have a tie to terrorism? Which makes this clause meaningless, leaving the only limitation on what call detail records you want to get to be the original selector having a tie to a foreign power. So it would be a cinch to use this language for other uses. One question I have about this is whether the judge approves just the argument that the records are necessary and the term is associated with a foreign power, or does the judge approve the term itself?

(D) an enumeration of the minimization procedures adopted by the Attorney General under subsection (g) that are applicable to the retention and dissemination by the Federal Bureau of Investigation of any tangible things to be made available to the Federal Bureau of Investigation based on the order requested in such application.

(c) Ex parte judicial order of approval
(1) Upon an application made pursuant to this section, if the judge finds that the application meets the requirements of subsections (a) and (b), and that the minimization procedures submitted in accordance with subsection (b)(2)(D) meet the definition of minimization procedures under subsection (g), the judge shall enter an ex parte order as requested, or as modified, approving the release of tangible things. Such order shall direct that minimization procedures adopted pursuant to subsection (g) be followed.