USA Freedumb Act: The Timing

/2 Comments/in /by

A number of people have expressed appreciation for this analysis: if you find this useful, please consider donating to support my work. 

I’m going to do a series of more finished posts on the “compromised” version of Jim Sensenbrenner’s USA Freedom Act, which I hereby dub the USA Freedumb Act (thanks to Fake John Schindler for the suggestion), because so many of the reforms have been gutted. Here’s the initially proposed bill. Here’s my working thread on USA Freedumb.

You will hear a great many respectable people making positive comments about this bill, comments they normally would not make. That’s because of the carefully crafted timing.

As you recall, Mike Rogers originally got the House Parliamentarian to rule that the bill could go through the House Intelligence Committee. And his bill, which I affectionately call “RuppRoge” after Rogers and Dutch Ruppersberger and Scooby Doo’s “Rut Roh” phase, is genuinely shitty. Not only does it put the NSA onsite at providers and extend call records collection beyond terrorism applications, but it also extends such collection beyond call records generally. It is likely an attempt to get the US back into the Internet dragnet business. Shitty bill.

That said, in key ways RuppRoge is very similar to USA Freedumb. Both “limit” bulk collection by limiting collection to selectors (Freedumb does so across the board, including for NSLs, whereas RuppRoge does so for sensitive Business Records, call records, and Internet metadata). Both propose a similarly (IMO) flimsy FISC advocate. Both propose laughably weak FISC transparency measures. Both will include compensation and immunity for providers they don’t currently have.

Aside from three areas where RuppRoge is better — it forces agencies to update their EO 12333 proposals, doesn’t extend the PATRIOT Act, and provides a (not very useful) way to challenge certificates, all the way up to SCOTUS — and three where it is far worse — it develops more Insider Threat measures, it applies for uses beyond terrorism and beyond call records, and doesn’t include new (but now circumscribed) IG reporting  — they’re not all that different. [Correction: USA Freedumb ALSO applies beyond terrorism.]

They’re differently shitty, but both are pretty shitty.

The reason why otherwise respectable people are welcoming the shitty Freedumb bill, however, is that it gives House Judiciary Committee — with a number of real reformers on it — first pass on this bill. It’s a jurisdictional issue. It puts the jurisdiction for surveillance bills back where it belongs, at the Judiciary Committee.

Oh, by the way, one of the more extensive (in terms of text) real changes in Freedumb is it finally includes the House Judiciary Committee, along with the House and Senate Intelligence Committees and Senate Judiciary Committee, among the committees that get certain kinds of reporting. Jurisdiction. (No, I can’t explain to you why it wasn’t included in the first place in 2008, and no, I can’t explain why that detail is not better known.) It gives everyone on HJC a tiny reason to support the bill, because they’ll finally get the reporting they should have gotten in 2008.

The House Intelligence Committee will consider RuppRoge the day after HJC considers Freedumb, Thursday. Which has elicited hasty (overly hasty, IMO) statements of support for Freedumb, as a way to head off the shitty RuppRoge.

Effectively, the National Security State has managed to put two differently shitty bills before Congress and forced reformers to choose. Freedumb is the better (as in less horrible) bill, and it might get better in Committee. But it’s not a runaway call. And the haste has prevented anyone from really figuring out what a central change to both programs means, which limits collection to selectors, which could be defined in very broad terms (and about which — you’ll have to take my word for now — the NSA has lied in public comments).

One more timing issue that I suspect explains the sudden activity surrounding “reform.” The Privacy and Civil Liberties Oversight Board is due to release a report on Section 702 in the next month or so (its comment period for the report closed on April 11). Given the comments of David Medine, James Dempsey, and Patricia Wald at hearings, I strongly suspect PCLOB will recommend reforms — at least — to back door searches, and possibly to upstream collection. Both are items which were gutted as USA Freedom became Freedumb. (In addition, two aspects that would have expanded PCLOB’s authorities — giving it a role in picking the FISC advocate and giving it subpoena power — have been removed.) So in the same way that President Obama rushed to reaffirm NSA’s unified structure, in which the Information Assurance Division and Cybercommand functions are unified with the more general NSA spying function, before his handpicked Review Group recommended they be split, this seems to be a rush to pre-empt any recommendations PCLOB makes.

Ultimately, these two shitty bills are destined to be merged in conference anyway, and reformers seem to have given up 75% of the field before we get started.

Which means just about the only “reform” we’ll get are actually tactical fixes to help the Security State deal with legal and technical issues they’ve been struggling with.

The USA Freedumb Act has become — with DiFi’s Fake FISA Fix and RuppRoge before it — the third fake reform since Edward Snowden’s leaks first got published. Wearing down the reformers seems to be working.

New “Freedom” Equals Less Protection for All But the Telecoms (Working Thread)

/8 Comments/in /by

A number of people have expressed appreciation for this analysis: if you’re one of them, please consider donating to support my work. 

As a number of outlets are reporting, the House Judiciary Committee will mark-up a Manager’s Amendment to the USA Freedom Act on Wednesday.

This post will lay out what the changes are, as a working thread (updated as I read). But the short version is this: the Manager’s Amendment offers us mere shmoes less protection than the original bill did — particularly with regards to upstream and back door searches. But it does add “liability protection” and financial compensation to the providers that wasn’t in the original bill.

Call Records

The Manager’s Amendment  (MA) provides for 2-hop production from providers, akin to President Obama’s reform proposal. Such orders last for 180 days and can be extended. The Manager’s amendment explicitly limits such protection to international terrorism (which Obama’s reform was wishy-washy on). Correction: it has no such limitation. This would expand the use of the dragnet well beyond terrorism.

It includes really bizarre language on multiple hops:

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii)  as the basis for production;

(II) using the results of the production under subclause (I) as the  basis for production; and

(III) using the results of the  production under subclause (II) as the  basis for production;

The bill mandates 5 year destruction for call records — except for those that are relevant to an investigation.

(v) direct the Government to destroy all call detail records produced under the order not later than 5 years after the date of the production of such records, except for records that are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to protect against international terrorism.

Remember, by FISC opinion, “relevant to” now means “anything even remotely possiby relevant to.” Given that meaning, pretty much all records turned over to the government can be kept forever; strictly by being turned over they’re already more relevant than the definition of relevant the NSA and DOJ currently use.

Other Section 215 Production

The MA tries to limit bulk production differently than USA Freedom did, by requiring the search on a specific selector. I’ll have to reflect on whether this will be more restrictive or open for abuse.

The MA takes out language permitting the FISC to review whether the government has complied with minimization procedures.

The MA provides immunity and compensation where the USA Freedom Act had not.

Inspector General Reports

The MA changes mandated Inspector General Reports from USA Freedom in two interesting ways. First, it only requires reports from 2012 through 2014, whereas the USA Freedom had required them throughout (that is, including 2010 and 2011). I’ll have more to say about this in the future. There’s good reason to believe, however, that there are things the government doesn’t want reviewed that happened in 2010, especially.

Furthermore, it doesn’t require these reports until December 31, 2015 — that is, after PATRIOT Act Reauthorization. The bill also extends the PATRIOT Reauthorization to 2017, so this report would come in before that, but would extend the authorities as a whole for 2 more years.

Finally, it takes out this language:

describe any noteworthy facts or circumstances relating to orders under such title

This would allow IGs to ignore details about the actual practice of these programs.

PRTT

As with business records, the MA limits bulk collection by requiring the use of a specific selector, not by prohibiting bulk collection.

Interestingly, it does permit the Judge to assess compliance with minimization procedures, unlike with call records.

Backdoor searches

Here’s the language USA Freedom used to limit back door searches.

(2) CLARIFICATION ON PROHIBITION ON SEARCHING OF COLLECTIONS OF COMMUNICATIONS
23 OF UNITED STATES PERSONS.—

(A) IN GENERAL.—Except as provided in subparagraph (B), no officer or employee of the United States may conduct a search of a collection of communications acquired under this section in an effort to find communications of a particular United States person (other than a corporation).

(B) CONCURRENT AUTHORIZATION AND EXCEPTION FOR EMERGENCY SITUATIONS.—

Subparagraph (A) shall not apply to a search for communications related to a particular
10 United States person if—

(i) such United States person is the subject of an order or emergency authorization authorizing electronic surveillance or physical search under section 105, 304, 703, 704, or 705, or title 18, United States Code, for the effective period of that order;

(ii) the entity carrying out the search has a reasonable belief that the life or safety of such United States person is
21 threatened and the information is sought for the purpose of assisting that person; or

(iii) such United States person has consented to the search.

Here’s the language the MA uses to prohibit back door searches (and I’m not even sure that’s what it does, as opposed to prevent the MCAT collection Bates declared illegal in 2011), which is part of the minimization procedures.

prohibit the use of any discrete, non-target communication that is determined to be to or from a United States person or a person who appears to be located in the United States, except to protect against an immediate threat to human life.

We know they use back door searches to identify which selectors to further investigate. Does this permit such a use?

In any case, I believe — though am not 100% certain — that the MA takes out any protection against back door searches (save for stronger language on reverse targeting that is similar to what USA Freedom had).

Section 702

The MA takes out language that would have prevented the use of upstream searches for cybersecurity, which I wrote about here.

Remember how RuppRoge had a clause prohibiting the government to store illegally collected data (which they lost in the drafting process).

The MA retains this to Section 702, which appears to prohibit the use of illegally collected data but actually newly permits it. [Update note: most of this was in the USA Freedom]

‘‘(i) IN GENERAL.—Except as provided in clause (ii), no information obtained or evidence derived from an acquisition pursuant to a certification or targeting or minimization procedures subject to an order under subparagraph (B) concerning any United States person shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof, and no information cocerning any United States person acquired from the acquisition shall subsequently be used or disclosed in any other manner by Federal officers or employees without the consent of the United States person, except with the approval of the Attorney General if the information indicates a threat of death or serious bodily harm to any person.

(ii) EXCEPTION.—If the Government corrects any deficiency identified by the order of the Court under subparagraph (B), the Court may permit the use or disclosure of information acquired before the date of the correction under such minimization procedures as the Court shall establish for purposes of this clause.’’.

Remember, first of all, that NSA has secretly rewritten “serious bodily harm” to include threats to property, so that clause is already fairly limited.

But then add in the ability to use illegally collected data once you’ve fixed the problems that made it illegal and it makes this pretty broad. At a minimum, this would permit the government to use all the upstream collection John Bates deemed illegal in 2011.

The MA takes out some other changes to FAA, including a new sunset that would have coincided with the PATRIOT Sunset. Actually, the bill just extends PATRIOT so it coincides with FAA.

Special Advocate

The MA changes how the FISC Special Advocate is chosen. It had been that PCLOB would pick candidates and the Chief Justice (John Roberts!) would pick who got to be the advocates. The MA changes that to letting the presiding judge pick no less than 5 people, including people with technical as well as civil liberties expertise. The Executive still gets to decide whether those people get access however. And the FISC gets to decide if the Special Advocate participates, in which case she’ll be treated like an amicus curiae.

The new scheme also does not provide for appellate review, suggesting that the Special Advocate would not be in a position to raise challenges to decisions the court had already made.

The whole thing seems like a Super Clerk position, not anything really new.

Declassification

The MA also waters down the declassification language in USA Freedom, essentially adopting the language the Obama Administration claims to be currently using (under which it only releases opinions if Edward Snowden comes along and leaks them). Though this language is, roughly, the language that Jeff Merkley tried to get them to adopt back in 2012.

NSLs

The NSLs section repeats the method of prohibiting bulk collection by limiting use to a specific selector.

However, it also takes out limits USA Freedom had put on financial NSLs.

(A) the name of a customer of the financial institution;

(B) the address of a customer of the financial institution;

(C) the length of time during which a person has been, or was, a customer of the financial institution (including the start date) and the type of service provided by the financial institution to the customer; and

(D) any account number or other unique identifier associated with a customer of the financial institution.

(2) LIMITATION.—A request issued under this subsection may not require the production of records  or information not listed in paragraph (1).

As well as a new definition of financial institution borrowed from the Bank Secrecy Act.

(c) DEFINITION OF FINANCIAL INSTITUTION.—For purposes of this section (and sections 1115 and 1117, insofar as the sections relate to the operation of this section), the term ‘financial institution’ has the same meaning as in subsections (a)(2) and (c)(1) of section 5312 of  title 31, United States Code, except that the term shall include only a financial institution any part of which is located inside any State or territory of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, or the United States Virgin Islands.’’.

In addition, whereas the USA Freedom Act had repealed the Counterterrorism NSL for credit reports which permits FBI to get a more extensive credit report in the name of terrorism (adjusting the counterintelligence one such that it targets agents of foreign power) the MA keeps it.

USA Freedom had also put new limits on NSL gags. The MA eliminates those limits.

US Freedom had included the same mandated IG Reports for NSLs as it had for business records. The MA eliminates them.

Reporting

215 Orders

The law providing reports to Congress on how the government uses Section 215 now mandates reports only for HPSCI, SSCI, and SJC. USA Freedom had added HJC to that. But the HJC MA eliminates that change! Update: I need to check–they may have retained this in another part of the bill.

USA Freedom had required detailed descriptions of what the government was doing with 215 orders, and which agencies were using them. The MA eliminates that requirement.

Most troubling, USA Freedom had this language trying to understand how many people are affected by 215 orders.

(C) a good faith estimate of the total number  of individuals whose tangible things were produced  under an order entered under section 501, rounded  to the nearest 100;

(D) a good faith estimate of the total number  of United States persons whose tangible things were  produced under an order entered under section 501, rounded to the nearest 100; and

(E) a good faith estimate of the total number of United States persons whose tangible things were produced under an order entered under section 501 and subsequently reviewed or accessed by a Federal officer, employee, or agent, rounded to the nearest 100.;

That language is gone.

That pattern is repeated through the rest of the reporting requirements. Where USA Freedom had tried to quantify the number of people and US persons who got sucked up in surveillance, and how many of those whose records got reviewed, the MA no longer does so. Shouldn’t they be more willing to provide this data if they were really getting rid of bulk surveillance?

PCLOB

In addition to taking PCLOB out of the FISC advocate role, the MA  eliminates provision giving PCLOB subpoena authority.

Surveillance Democracy in ‘Murka: Shitty Immunity or Less Shitty Immunity

/1 Comment/in /by

As a number of outlets are reporting, on Wednesday, the House Judiciary Committee will mark up a manager’s amendment to the USA Freedom Act. On Thursday, the House Intelligence Committee will mark up the shitty Ruppersberger-Rogers bill.

I’ll have more details on what’s in the Manager’s Amendment. But here’s one thing that will be in both the less shitty HJC bill and the very shitty RuppRoge bill: Immunity.

(e) No cause of action shall lie in any court against a person who produces tangible things or provides information, facilities, or technical assistance pursuant to an  order issued or an emergency production required under this section. Such production shall not be deemed to constitute a waiver of any privilege in any other proceeding or context.

American democracy! Where you can choose between immunity as part of a less shitty bill or immunity as part of a very shitty bill!

Either way, you get immunity.

Adel Daoud Challenges the Government’s “Treatise” against FISA Review

/2 Comments/in /by

On Saturday, I pointed to a newly unsealed exhibit in the Adel Daoud case suggesting that the case arose out of an unsolicited referral from a redacted entity based in part on a claim Daoud made comments in an extremist forum about using Inspire to conduct an attack.

That detail, however, is just background to the more pressing question of whether the 7th Circuit will uphold Judge Sharon Coleman’s order granting Daoud’s lawyers review of the FISA materials against him. As Daoud is the only defendant ever granted such an opportunity, the case presents the possibility of a change in the way FISA has been used against defendants for 36 years.

On Friday, Daoud’s lawyers submitted their response to the government’s argument that Coleman used the wrong standard when she deemed defense review of the FISA materials to be “necessary.”

The response is significant for the important argument it makes about the balance of civil rights and security Congress intended when it passed FISA. (Daoud’s team added powerhouse lawyer John Cline — who readers of this site may remember as Scooter Libby’s graymail lawyer — for this appeal and the brief seems to reflects Cline’s long engagement at the forefront of how classified evidence affects defendants).

Daoud’s lawyers point to this passage of the government brief.

In light of these procedures, “[d]isclosure of FISA materials is the exception and ex parte, in camera determination is the rule.” El-Mezain, 664 F.3d at 567 (citing Abu-Jihaad, 630 F.3d at 129); Duggan, 743 F.2d at 78  (same); United States v. Rosen, 447 F. Supp. 2d 538, 546 (E.D. Va. 2006); see also Belfield, 692 F.2d at 147 (“The language of section 1806(f) clearly anticipates that an ex parte, in camera determination is to be the rule. Disclosure and an adversary hearing are the exception, occurring only when necessary.”); United States v. Isa, 923 F.2d 1300, 1306 (8th Cir. 1991). As this Court observed, a case in which “disclosure is necessary” is “one-in-a-million.” In re Grand Jury Proceedings of Special April 2002 Grand Jury, 347 F.3d 197, 203 (7th Cir. 2003) (affirming district court’s decision not to disclose FISA applications and orders based on the court’s own review of the record); see also Kris & Wilson, National Security Investigations § 29:3 n.1 (2d ed. 2012) (“Necessary means ‘essential’ or ‘required,’ and therefore the plain language of that provision makes clear that a court may not disclose . . . unless it cannot determine whether the surveillance was unlawful without the assistance of defense counsel and an adversary hearing.”).[my emphasis]

It’s a fairly boilerplate version of the paragraph the government uses in all challenges to FISA (though it includes a circuit-specific case they appear to misread and mischaracterize, not least because the District Judge said FISA review was moot in what was a grand jury contempt challenge).

But, as the defense notes, the paragraph relies for its definition of “necessary” on the book National Security Investigations, by former Assistant Attorney General for National Security David Kris and Federal Prosecutor Douglas Wilson, not on precedent. And as Kris and Wilson apparently admit, their claims about the term don’t match with the legislative history says. (Significantly, the government cites the legislative history elsewhere in their appeal, but not on this point.)

The government relies for its interpretation of “necessary” on a treatise. G.Br.19 (citing 2 David S. Kris & J. Douglas Wilson, National Security Investigations & Prosecutions § 31:3, at 263 (2d ed. 2012)) [“Kris & Wilson”]. (The government mis-cites the relevant provision as § 29:3.) But Kris and Wilson rely on the purported “plain meaning” of “necessary,” without citing authority for that meaning, and they concede (in an understatement, as we demonstrate below) that what they consider the “plain meaning” of the term “is, however, somewhat at odds with the explanation in the legislative history.”

From there, the defense proceeds to explain what the legislative history is. Here’s what they conclude (based on the Senate reports).

First, the Senate Judiciary and Intelligence Committees plainly did not anticipate what followed over the next thirty-six years—that no court would ever find the “necessary” standard satisfied. Nothing in the Committees’ discussion suggests that they intended that standard to erect an insuperable barrier to disclosure. To the contrary, in choosing a balanced approach, the Committees specifically eschewed “an entirely in camera proceeding”—only to have the courts overturn that Congressional intent through an overly strict interpretation of “necessary.”

Second, the Committees, through their citation to Butenko, placed broad discretion in district judges in determining when disclosure is “necessary to make an accurate determination of the legality of the surveillance.” They intended that discretion to be exercised “after reviewing the underlying documentation and determining its volume, scope and complexity”—precisely as the district court did here.

Third, the Committees—again through their reliance on Butenko—suggest that the “necessary” standard is met when the district court determines that “adversary presentation would substantially promote a more accurate decision”—a far lower standard than the “essential” or “indispensable” standard the government advocates.

Fourth, the Committees noted the district court’s “broad discretionary power to excise certain sensitive portions” from the FISA materials before disclosure. This recognition of the district court’s inherent power to take necessary protective measures now finds a statutory basis in CIPA (discussed below). That power substantially ameliorates the government’s professed national security concerns.

Finally, the Senate Judiciary and Intelligence Committees contemplated—and did not shy away from—the outcome the government suggests is intolerable (G.Br.29-30): that the district court would order disclosure, the government would refuse to comply, and the court would suppress the surveillance or dismiss the prosecution. Just as Congress did in CIPA, 18 U.S.C. App. 3 § 6(e), the Committees left the choice with the government: either comply with the disclosure order or refuse and suffer appropriate sanctions.

I look forward to the government’s rebuttal of the legislative record. But this, noted defense expert on how classified information is supposed to affect criminal defense John Cline argues, is how Congress intended FISA to work. Sometimes the defense is supposed to be able to see and challenge the underlying FISA application.

Perhaps appropriately, given that Daoud is the first defendant ever to be granted review, this has become more than a review of whether the FISA warrant against him was proper. It has become a long-overdue debate about how FISA was supposed to balance defendants’ constitutional rights with concerns about national security.

The Suppressed Inspire-Ation for the Adel Daoud Investigation

/10 Comments/in /by

According to an FBI 302 recently unsealed in the Adel Daoud case (see this post for background on Daoud), an FBI undercover counterterrorism team first targeted the 18-year old on May 10, 2012 in response to “unsolicited information” from an unknown entity, most of which remains redacted in the 302.

One piece of information legible in the 302, however, reveals that,

Adel David, believed to be an 18 year old male of Egyptian and Palestinian descent living in the greater Chicago area, has stated on web forum [redacted] that he has read an article on bomb making in Inspire Magazine and would make the bomb if he could find the required materials.

Compare that with the details in the September 15, 2012 Complaint used to arrest Daoud.

That narrative starts on October 9, 2011 (9 days after the CIA killed Awlaki in a drone strike), when Daoud sent himself “anwar al awlaki articles.” It also includes a number of subsequent emails with jihadist and anti-Israeli propaganda.  As email content, all this could have been obtained in a FISA physical search warrant on stored communication.

On February 6, 2012, according to the narrative, Daoud received an email regarding his registration to a jihad-related forum.

Then there’s this, dated the day before Chicago’s FBI office opened a full investigation into Daoud based in the referral, in part, based on Daoud’s forum claim to have Inspire in his possession.

On or about May 9, 2012, Daoud, using Daoud Account 1, sent himself (i.e., to Daoud Account 1) a link for Inspire magazines, issues on through nine.

Did Daoud download Inspire and immediately talk about it in that forum, that very same day, leading to a referral to the FBI, leading immediately to a full investigation?

We don’t know, because unless I’m mistaken, Daoud’s reference to Inspire in the jihadist forum that figures centrally in the unsolicited information sent to Chicago’s FBI office never appears in the complaint. It remains completely unmentioned, as if FBI has some reason to suppress it.

Mind you, a few days after May 14, 2012, Daoud did recommend one of the undercover officers, who presented himself to Daoud as a 17 year old Aussie with an interest in jihad, read Inspire. 

During their communications, Daoud recommended that OCE2 read Inspire magazine and sent OCE2 a website link to the publication, which OCE2 downloaded. Daoud characterized the magazine as “amazing” and remarked that he may use instructions from the magazine to carry out an attack.

The FBI did not quote Daoud purportedly stating he would use the magazine to carry out an attack.

And on May 31 — the FBI claimed — Daoud talked about using Inspire to conduct an attack. Here’s what he actually wrote, though:

The point is in this magazine they encourage Muslims in the West especially in the USA to attack IN America. By all means this is something i would consider. But in know that if i started attacking in American i would probably not be able to go to Yemen or anywhere else for Jihad in the Cause of Allah.

Is there a way i could do both, or what’s your opinion on that? i personally think it’s easier and more rewarding to go to Yemen but at the same time i hate the oppression of the USA and i would love to do something that would hurt it from the inside.

That is, a good 21 days after the FBI opened a full investigation of Daoud, he was still saying he’d prefer to go to Yemen. And the FBI’s claim he here said he’d use Inspire to launch an attack seems overstated based on the quoted language.

So the government made 3 claims Daoud said he’d use Inspire to launch an attack:

  • Sometime on or before May 10 (and possibly on May 9 or 10); the referring entity found this comment, and we don’t get to see that language
  • Sometime in the days after May 14, after FBI launched a full investigation; the FBI doesn’t show language saying he’d launch an attack
  • On May 31; at least in the quotation given, the FBI overstates the tie between Inspire and an attack

Now perhaps Daoud really did say it, in that forum comment that led immediately to a full investigation and potentially a FISA warrant. But the FBI isn’t showing it, either because the evidence doesn’t do what they say and/or because they need to hide that Daoud was under surveillance by an unknown agency before FBI got the investigation.

All this seems to suggest either that pre-May 10 forum comment launched the investigation and/or Daoud’s download of Inspire did. And that that’s precisely what the FBI is trying to hide with its refusal to tell how it got a FISA warrant against Adel Daoud.

This has further significance given the possibility it reflects either NSA tracking Inspire downloads (which I suspect it does as upstream collection), or a surveillance of forums under FISA. I’ll return to that in a future post.

“Facts Matter” Said NSA Yay-Man Michael Hayden Who Told Serial Lies about the Phone Dragnet

/11 Comments/in , /by

I’m not sure if you saw last night’s Munk Debate pitting Glenn Greenwald and Alexis Ohanian against Michael Hayden and Alan Dershowitz. I did a whole slew of fact checking and mockery on twitter last night.

But I wanted to pay particular attention to a string of false claims Hayden made about the phone dragnet program.

First, my hobbyhorse, he claimed the database can only be used for terror. (After 1:08)

If this program — and here we’re talking about the metadata program — which is about terrorism, because the only reason you can use the metadata is to stop terrorism. No other purpose.

Actually, terrorism and … Iranian “terrorism.” It’s unclear when or why or how Iran got included in database access (though it is considered a state sponsor of terror). But according to Dianne Feinstein and Keith Alexander, analysts can also access the database for Iran-related information. Now, maybe they can only access the Iran data if they claim terror. But that’s a very different thing than claiming a tie to al Qaeda.

The real doozies come later (my transcription; after 1:20:40; I’ve numbered the false claims and provided the “facts matter” below).

I started out with facts matter. So I assume on the metadata issue we’re talking about the 215 program. About the phone records, alright? Because frankly, that’s the only bulk metadata NSA has on American citizens. (1)

[cross talk]

Accusations fit on a bumper sticker. The truth takes longer. NSA gets from American telephone providers the billing records of American citizens. (2) What happens to the billing records is actually really important. I didn’t make this phrase up but I’m gonna use it. They put it in a lock box, alright? They put it in a lock box at NSA. (3) 22 people at NSA are allowed to access that lockbox. (4) The only thing NSA is allowed to do with that truly gajillion record field sitting there is that when they have what’s called a seed number, a seed number about which they have reasonable articulable suspicion that that seed number is affiliated with al Qaeda — you roll up a safe house in Yay-Man, he’s got pocket litter, that says here’s his al Qaeda membership card, he’s got a phone you’ve never seen before. Gee, I wonder how this phone might be associated with any threats in the United States. (5) So, I’ll be a little cartoonish about this, NSA gets to walk up to the transom and yell through the transom and say hey, anybody talk to this number I just found in Yay-Man? And then, this number, say in Buffalo, says well, yeah, I call him about every Thursday. NSA then gets to say okay Buffalo number — by the way, number, not name — Buffalo number, who did you call. At which point, by description the 215 metadata program is over. That’s all NSA is allowed to do with the data. There is no data mining, there’s no powerful algorithms chugging through it, trying to imagine relationships. (6)   It’s did that dirty number call someone in the United States. The last year for which NSA had full records is 2012 — I’ll get the 13 numbers shortly (7) — but in 2012, NSA walked up to that transom and yelled “hey! anybody talk to this number?” 288 times. (8)

(1) Under the SPCMA authority, NSA can include US persons in contact-chaining of both phone and Internet metadata collected overseas. SPCMA has far fewer of the dissemination and subject matter limitations that the Section 215 dragnet has.

(2) NSA doesn’t get the “billing records.” It gets routing information, which includes a great deal of data (such as the cell phone and SIM card ID and telecom routing information) that wouldn’t be included on a phone bill, even assuming a bill was itemized at all (most local landline calls are not). It also gets the data every day, not every month, like a billing record.

(3) Starting in early January 2008, NSA made a copy of the dragnet data and “for the purposes of analytical efficiency” dumped it in with all their other metadata. That allows them to conduct “federated queries,” which is contact chaining across authorities (so chains including both foreign collected EO12333 data and domestic Section 215 data). The NSA coaches its analysts to rerun queries that are replicable in EO12333 alone because of the greater dissemination that permits.

(4) The 22 number refers to the people who can approve an identifier for Reasonable Articulable Suspicion, not the people who can conduct queries. Those 22 are:

the Chief or Deputy Chief, Homeland Security Analysis Center; or one of the twenty specially-authorized Homeland Mission Coordinators in the Analysis and Production Directorate of the Signals Intelligence Directorate.

While we don’t know how many analysts are trained on Section 215 dragnet right now, the number was 125 in August 2010.

But even those analysts are not the only people who can access the database. “Technicians” may do so too.

Appropriately trained and authorized technical personnel may access the BR metadata to perform those processes needed to make it usable for intelligence analysis. Technical personnel may query the BR metadata using selection terms that have not been RAS-approved (described below) for those purposes described above, and may share the results of those queries with other authorized personnel responsible for these purposes, but the results of any such queries ill not be used for intelligence analysis purposes. An authorized technician may access the BR metadata to ascertain those identifiers that may be high volume identifiers. The technician may share the results of any such access, i.e., the identifiers and the fact that they are high volume identifiers, with authorized personnel (including those responsible for the identification and defeat of high volume and other unwanted BR metadata from any of NSA’s various metadata repositories), but may not share any other information from the results of that access for intelligence analysis purposes.

And this access — which requires access to the raw metadata — is not audited.

(5) Note, in the past, the government has also accessed the database with “correlated” identifiers — phone numbers and SIM cards associated with the same person. It’s unclear what the current status of querying on correlated identifiers is, but that is likely the topic of one of the FISC opinions the government is withholding, and the government is withholding the opinion in question in the name of protecting an ongoing functionality.

(6) Hayden pretends there’s a clear boundary to this program, but even the FISC minimization procedures for it approve the corporate store, where these query results — people 2 degrees from someone subjected to a digital stop-and-frisk — may be subjected to “the full range of [NSA’s] analytic tradecraft.” So when Hayden says there’s no data mining and no powerful algorithms, he’s lying about the data mining and powerful algorithms (and content access) that are permitted for identifiers in the corporate store.

(7) Given that DOJ has already released their numbers for FISA use in 2013, I presume it also has the number of identifiers that have been queried.

(8) The 288 number refers to the number of identifiers queried, not the number of queries run. Given that the dragnet serves as a kind of alert system — to see who has had contracts with a certain number over time — the number of actual queries is likely significantly higher, as most of the identifiers were likely run multiple times.

Confirmed: Obama’s Dragnet “Fix” Isn’t About Us

/5 Comments/in /by

After Obama rolled out his phone dragnet fix, I noted the real reason he was doing it was not so much a concern for civil liberties, but rather a recognition that by outsourcing the data to providers, it would solve the legal-technical problems NSA had been having in two (probably related) areas: collection of cell data and operation of an alert function.

The Obama plan is an improvement over the status quo (though I do have grave concerns about its applicability in non-terrorist contexts, and my concerns about what the government does with the data of tens to hundreds of thousands of innocent Americans remain).

But don’t be fooled. Obama’s doing this as much because it’s the easiest way to solve legal and technical problems that have long existed because the government chose to apply a law that was entirely inapt to the function they wanted to use it for.

Shockers! A more privacy protective solution also happens to provide the best technical and legal solution to the problem at hand.

Yesterday, David Sanger confirmed that was the case, at least for the cell data problem.

At the N.S.A., there is grumbling about the continuing disclosures of material stolen by Mr. Snowden, but comparatively little complaint on the new limits Mr. Obama has proposed. In some cases, the N.S.A. gained some access to data even as it lost some autonomy. For example, its program to collect metadata missed a large percentage of cellphone calls. Under Mr. Obama’s plan, if it becomes law, the N.S.A. would have to leave that data in private hands, but when the N.S.A. does get it, under court order, the agency should have access to a lot more than it does today.

“It’s a pretty good trade,” said one senior intelligence official who has been working on the issue. “All told, if you are an N.S.A. analyst, you will probably get more of what you wanted to see, even it’s more cumbersome.”

And given Spencer Ackerman’s report that the White House wants to give the telecoms immunity under this new “fix,” the issue may well go beyond the cell data, though cell data has its own legal risks.

In a statement of principles privately delivered to lawmakers some weeks ago to guide surveillance reforms, the White House said it wanted legislation protecting “any person who complies in good faith with an order to produce records” from legal liability for complying with court orders for phone records to the government once the NSA no longer collects the data in bulk.

[snip]

A congressional aide said the telecommunications companies were expected to “fight hard” for the provision to survive in any surveillance bill. Those firms, including Verizon and AT&T, have typically kept far more silent in public about NSA surveillance and their role in it than internet giants, like Yahoo and Google, which have pushed for reforms.

Ackerman’s wrong about Verizon’s silence — not only has it already issued a somewhat critical statement on proposed reforms, it also made a flaccid challenge to a recent order. But its stated concerns refusing to create new records is probably related to the real legal concerns underlying demands for immunity. To get cell records without location information (the latter of which would probably violate US v. Jones), Verizon apparently would and will need to make new records not otherwise required for its business purposes (which, again, may be the source of the cell data problem).  That’s a very different legal role than simply as a communications provider, one it apparently is not thrilled about playing.

And all that’s before you consider the possibility, under the House Intelligence RuppRoge “reform,” that these “reforms” would also get Internet content-as-metadata again.

The fact is the government can’t legally do what it wants to do. They’re trying a new plan, by outsourcing to the providers. But it’s not clear that’s legal either.

The Qazi Brothers: The Craziest Bit of Blatant Parallel Construction to Protect FAA

/6 Comments/in /by

On Monday, the government submitted unclassified and classified motions asking Magistrate Judge John O’Sullivan to reconsider his order that the government defend the constitutionality of the FISA Amendments Act in their case against Raees and Sheheryar Qazi, two Pakistani Americans charged with conspiring to use a WMD. While the government admits there was never a real plot, Raees was allegedly reaching out to al Qaeda and the FBI found batteries and Christmas lights in Sheheryar’s place, where Raees lived, which the government claims were to be used to make a bomb.

I’ll get into the long, ongoing dispute about the FAA in this case.

But before I do, note that in August 2013, over 8 months after the brothers had been arrested and 4 months after the older brother, Sheheryar, had demanded notice if the government had used FISA Amendments Act against him, the government obtained warrants; the government provided those warrants while handing over content obtained under a warrant from Yahoo and Hotmail, precisely the kind of content the government obtains under PRISM using Section 702 authority.

While I can’t know whether the government obtained warrants for content originally obtained under FAA, O’Sullivan permitted a constitutional challenge to FAA even without notice from the government that it had been used against the brothers (though last July the government did submit an response to Sheheryar’s challenge to FISA that discussed 3 different authorities; see section IB).

You do the math.

As I said, this challenge goes back some time, to April 2013, in the wake of both Dianne Feinstein’s naming of the brothers in a speech defending the reauthorization of the FAA and the Amnesty v. Clapper decision ruling that judged the plaintiffs didn’t have standing, but that defendants who did would be accorded the opportunity to challenge the constitutionality of the law.

Of particular interest, after the government originally refused to give notice to the brothers on whether it had used FAA to get them, Sheheryar asked specifically whether the government used 702 information in the affidavit to obtain the content and physical search FISA warrants used against the brothers (probably targeted, as I said, at Raees). The government reacted particularly aggressively to that affidavit request, as if Sheheryar struck close to the bone.

Which brings us to the argument the government is now making to Sheheryar’s constitutional challenge. The government says that Sheheryar Qazi should not be able challenge the constitutionality of the FISA Amendments Act because it will not introduce any FAA-derived information against him at trial.

Thus, in order for a defendant to move to suppress FISA or FAA-obtained or derived evidence, the defendant must be: ( 1) “a person against whom evidence obtained or derived from” (2) “an electronic surveillance” [or physical search] (3) “to which he is an aggrieved person” (4) “is to be, or has been, introduced or otherwise used or disclosed” (5) in a “trial, hearing or other proceeding.”

[snip]

Because the government has not and does not intend to use or disclose in trial any evidence obtained or derived from FAA-authorized surveillance as to which Movant is an aggrieved person, Movant cannot demonstrate any sort of concrete, particularized and actual or imminent injury, much less an injury “fairly traceable” to the FAA. Movant also cannot possibly demonstrate that any resolution of the constitutionality of the FAA would redress any injury.

It says this even as it is working on a separate theory why Sheheryar’s brother, Raees, against whom the primary traditional FISA warrant was almost certainly targeted, cannot challenge FAA’s constitutionality, either. The government appears to be less sure that they can argue with a straight face that none of the evidence they’ll submit at trial against Raees derived from FAA.

But that motion is due after a May 9 hearing in which the judge will consider whether Sheheryar’s counsel, Ronald Chapman, must withdraw as counsel because he witnessed an alleged altercation between the brothers are two Marshals in a SCIF on April 8 (Chapman just submitted a statement that he has no conflict under FL Bar rules). That same day, April 8, Raees joined in his brother’s demand on the constitutionality of FAA, and I wouldn’t be surprised if the government argued Raees improperly joined his brother’s request because of that meeting.

The government suggests it may file additional charges against the brothers for the alleged altercation. At which point they’ll probably drop these flimsy terrorism charges, bust the brothers for assault, and avoid having to reveal the shell game by which they came to arrest the brothers in the first place.

Read more

The NSA’s Retroactive Discovery of Tamerlan Tsarnaev

/17 Comments/in , /by

In the days after the Boston Marathon attack last year, NSA made some noise about expanding its domestic surveillance so as to prevent a similar attack.

But in recent days, we’ve gotten a lot of hints that NSA may have just missed Tamerlan Tsarnaev.

Consider the following data points.

First, in a hearing on Wednesday, Intelligence Community Inspector General Charles McCullough suggested that the forensic evidence found after the bombing might have alerted authorities to Tamerlan Tsarnaev’s radicalization.

Senator Tom Carper: If the Russians had not shared their initial tip, would we have had any way to detect Tamerlan’s radicalization?

[McCullough looks lost.]

Carper: If they had not shared their original tip to us, would we have had any way to have detected Tamerlan’s radicalization? What I’m getting at here is just homegrown terrorists and our ability to ferret them out, to understand what’s going on if someone’s being radicalized and what its implications might be for us.

McCullough: Well, the Bureau’s actions stemmed from the memo from the FSB, so that led to everything else in this chain of events here. You’re saying if that memo didn’t exist, would he have turned up some other way? I don’t know. I think, in the classified session, we can talk about some of the post-bombing forensics. What was found, and that sort of thing. And you can see when that radicalization was happening. So I would think that this would have come up, yes, at some point, it would have presented itself to law enforcement and the intelligence community. Possibly not as early as the FSB memo. It didn’t. But I think it would have come up at some point noting what we found post-bombing.

Earlier in the hearing (around 11:50), McCullough described reviewing evidence “that was within the US government’s reach before the bombing, but had not been obtained, accessed, or reviewed until after the bombing” as part of the IG Report on the attack. So some of this evidence was already in government hands (or accessible to it as, for example, GCHQ data might be).

We know some of this evidence not accessed until after the bombing was at NSA, because the IG Report says so. (See page 20)

Screen Shot 2014-04-12 at 12.37.13 PM

That may or may not be the same as the jihadist material Tamerlan posted to YouTube in 2012, which some agency claims could have been identified as Tamerlan even though he used a pseudonym for some of the time he had the account.

The FBI’s analysis was based in part on other government agency information showing that Tsarnaev created a YouTube account on August 17, 2012, and began posting the first of several jihadi-themed videos in approximately October 2012. The FBI’s analysis was based in part on open source research and analysis conducted by other U.S. government agencies shortly after the bombings showing that Tsarnaev’s YouTube account was created with the profile name “Tamerlan Tsarnaev.” After reviewing a draft of this report, the FBI commented that Tsarnaev’s YouTube display name changed from “muazseyfullah” to “Tamerlan Tsarnaev” on or about February 12, 2013, and suggested that therefore Tsarnaev’s YouTube account could not be located using the search term “Tamerlan Tsarnaaev” before that date.20 The DOJ OIG concluded that because another government agency was able to locate Tsarnaev’s YouTube account through open source research shortly after the bombings, the FBI likely would have been able to locate this information through open source research between February 12 and April 15, 2013. The DOJ OIG could not determine whether open source queries prior to that date would have revealed Tsarnaev to be the individual who posted this material.

20 In response to a DOJ OIG request for information supporting this statement, the FBI produced a heavily redacted 3-page excerpt from an unclassified March 19, 2014, EC analyzing information that included information about Tsarnaev’s YouTube account. The unredacted portion of the EC stated that YouTube e-mail messages sent to Tsarnaev’s Google e-mail account were addressed to “muazseyfullah” prior to February 12, 2013, and to “Tamerlan Tsarnaev” beginning on February 14, 2013. The FBI redacted other information in the EC about Tsarnaev’s YouTube and Google e-mail accounts.

The FBI may not have been able to connect “muazseyfullah” with Tamerlan, but that’s precisely what the NSA does with its correlations process; it has a database that does just that (though it’s unclear whether it would have collected this information, especially given that it postdated the domestic Internet dragnet being shut down).

Finally, there’s the matter of the Anwar al-Awlaki propaganda.

An FBI analysis of electronic media showed that the computers used by Tsarnaev contained a substantial amount of jihadist articles and videos, including material written by or associated with U.S.-born radical Islamic cleric Anwar al-Aulaqi. On one such computer, the FBI found at least seven issues of Inspire, an on-line English language magazine created by al-Aulaqi. One issue of this magazine contained an article entitled, “Make a Bomb in the Kitchen of your Mom,” which included instructions for building the explosive devices used in the Boston Marathon bombings.

Information learned through the exploitation of the Tsarnaev’s computers was obtained through a method that may only be used in the course of a full investigation, which the FBI did not open until after the bombings.

The FBI claims they could only find the stuff on Tamerlan’s computer using methods available in full investigations (this makes me wonder whether the FBI uses FISA physical search warrants to remotely search computer hard drives).

But that says nothing about what NSA (or even FBI, back in the day when they had the full time tap on Awlaki, though it’s unclear what kind of monitoring of his content they’ve done since the government killed him) might have gotten via a range of means, including, potentially, upstream searches on the encryption code for Inspire.

In other words, there’s good reason to believe — and the IC IG seems to claim — that the government had the evidence to know that Tamerlan was engaging in a bunch of reprehensible speech before he attacked the Boston Marathon, but they may not have reviewed it.

Let me be clear: it’s one thing to know a young man is engaging in reprehensible but purportedly protected speech, and another to know he’s going to attack a sporting event.

Except that this purportedly protected speech is precisely — almost exactly — the kind of behavior that has led FBI to sic multiple informants and/or undercover officers on other young men, including Adel Daoud and Mohamed Osman Mohamud, even in the absence of a warning from a foreign government.

And they didn’t here.

Part of the issue likely stems from communication failures between FBI and NSA. The IG report notes that “the relationship between the FBI and the NSA” was one of the most relevant relationships for this investigation. Did FBI (and CIA) never tell the NSA of the Russian warning? And clearly they never told NSA of his travel to Russia.

But part of the problem likely stems from the way NSA identifies leads — precisely the triaging process I examined here. That is, NSA is going to do more analysis on someone who communicates with people who are already targeted. Obviously, the ghost of Anwar al-Awlaki is one of the people targeted (though the numbers of young men who have Awlaki’s propaganda is likely huge, making that a rather weak identifier). The more interesting potential target would be William Plotnikov, the Canadian-Russian boxer turned extremist whom Tamerlan allegedly contacted in 2012 (and it may be this communication attempt is what NSA had in its possession but did not access until after the attacks). But I do wonder whether the NSA didn’t prioritize similar targets in countries of greater focus, like Yemen and Somalia.

It’d be nice to know the answer to these questions. It ought to be a central part of the debate over the NSA and its efficacy or lack thereof. But remember, in this case, the NSA was specifically scoped out of the heightened review (as happened after 9/11, which ended up hiding the good deal of warning the NSA had before the attack).

We’ve got a system that triggers on precisely the same kind of speech that Tamerlan Tsarnaev engaged in before he attacked the Marathon. But it didn’t trigger here.

Why not?

The Promise [sic] of Big Data

/12 Comments/in , /by

22 pages into the White House report on Big Data, this paragraph appears:

Government keeps the peace. It makes sure our food is safe to eat. It keeps our air and  water clean. The laws and regulations it promulgates order economic and political life. Big data technology stands to improve nearly all the services the public sector delivers.

It presents several claims that are arguably not at all true:

  • Government keeps the peace (where? South Chicago? Iraq? Wall Street?)
  • Government makes our food safe to eat (with the few inspectors who inspect factory farms? with federal guidelines that don’t combat obesity?)
  • Government keeps our air and water clean (I’m more comfortable with this claim, until you consider we’re melting the planet with stuff in the air that government doesn’t want to regulate)
  • Government laws order economic and political life (they may well, but is that order just and good?)

And that, the report says, is all made possible because of BigData.

Some 15 pages later, after it has reviewed the top secret DHS database analyzing all our public called Cerberus, has admitted the government needs to rethink the meaning of metadata across both intelligence and non-intelligence functions, and explained the new continuous evaluation systems to root out insider threats, the report again proclaims Big Data’s good.

When wrestling with the vexing issues big data raises in the public sector, it can be easy  to lose sight of the tremendous opportunities these technologies offer to improve public services, grow the economy, and improve the health and safety of our communities.  These opportunities are real and must be kept at the center of the conversation about  big data.

Meanwhile, the report offers up these other signs of Big Data progress:

  • Big data “is also enabling some of the nearly 29 percent of Americans who are ‘unbanked’ or ‘underbanked’ [often because of Big Data] to qualify for a line of credit by using a wider range of non-traditional information—such as rent payments, utilities, mobile-phone subscriptions, insurance, child care, and tuition—to establish creditworthiness.”
  • “Home appliances can now tell us when to dim our lights from a thousand miles away.”
  • “Powerful algorithms can unlock value in the vast troves of information available to businesses, and can help empower consumers.”
  • “The advertising-supported Internet creates enormous value for consumers by providing access to useful services, news, and entertainment at no financial cost.”

In short, the whole thing is rather breathless about Big Data.

And in spite of the fact that respondents to a totally unscientific (not Big Data) survey said they were most concerned about intelligence (first) and law enforcement (second), the Big Data report avoided much of the discussion about this,relegating it to discussions of local law enforcement’s use of predictive analysis.

And where they do describe surveillance, it’s either to boast about how good the security is on their database, as they do for DHS’ curiously named “Cerberus” database, or to pretend big data doesn’t dominate there, too.

Today, most law enforcement uses of metadata are still rooted in the “small data” world, such as identifying phone numbers called by a criminal suspect. In the future, metadata that is part of the “big data” world will be increasingly relevant to investigations, raising the question of what protections it should be granted. While today, the content of communications, whether written or ver-bal, generally receives a high level of legal protection, the level of protection afforded to metadata is less so.

Although the use of big data technologies by the government raises profound issues of how government power should be regulated, big data technologies also hold within them solutions that can enhance accountability, privacy, and the rights of citizens. These include sophisticated methods of tagging data by the authorities under which it was collected or generated; purpose- and user-based access restrictions on this data; tracking which users access what data for what purpose; and algorithms that alert supervisors to possible abuses.

And there are a slew of places in the report — where it talks about HIPAA without talking about using Section 215s to get HIPAA data, where it talks about FCRA without talking about NSLs to get financial data, where it neglects to mention NCTC’s ability to get federal databases, including those of DHS — where it remains silent about the surveillance piggybacking on the issue at hand.

Perhaps the most frustrating part of the report — aside from the fact that it actually had to advance the recommendation that we only use Big Data collected in schools for educational purposes (setting aside how well or poorly Big Data is serving our students) — is the silence about the things we don’t use Big Data for enough, notably solving the financial crisis and regulating banksters (including things like tax havens, inequality, and shadow banking), or really doing something about climate change.

Big Data, as it appears in the report (as presented by a bunch of boosters) is not something we’re going to throw at our most intractable problems. We’re just going to use it to turn the lights off on the other side of the country.

And to spy.