USA Freedumb Act and RuppRoge Both Adopt Intelligence Community Definition of “Bulk Collection”

/1 Comment/in /by

Update: An updated version of the Managers Amendment does define the term:

(2) SPECIFIC SELECTION TERM.—The term  ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

This is far better than nothing. Though I have concerns about “entity” and I suspect there will be some pushback here, since not even phone numbers “uniquely describe a person,” much less IPs. (Update: see my post on my concerns about the definition.)

As I noted in this post, USA Freedumb Act (what I’ve renamed the compromised USA Freedom Act) purports to limit bulk collection by tying all collection to specific selection terms. It does this for Section 215.

No order issued under this subsection may authorize the collection of tangible things without the use of a specific selection term that meets the requirements of subsection (b)(2).

It does it for Pen Register/Trap and Trace.

(3) a specific selection term to be used as the basis for selecting the telephone line or other facility to which the pen register or trap and trace device is to be attached or applied;

And it does for all four NSL types, as here with call records under ECPA.

COUNTERINTELLIGENCE ACCESS TO TELEPHONE TOLL AND TRANSACTIONAL RECORDS.—Section 2709(b) of title 18, United States Code, is amended in the matter preceding paragraph (1) by striking ‘‘may’’ and inserting ‘‘may, using a specific selection term as the basis for a request’’.

In fact, that’s the same mechanism RuppRoge (the House Intelligence Committee’s bill) uses to prevent bulk collection — though it limits bulk collection for fewer categories of things.

It does so for electronic communications records.

Notwithstanding any other provision of law, the Federal Government may not acquire under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) records of any electronic communications without the use of specific identifiers or selection terms.

And it does so for sensitive business records.

Notwithstanding any other provision of law, the Federal Government may not acquire under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.) library circulation records, library patron lists, book sales records, book customer lists, firearm sales records, tax return records, education records, or medical records containing information that would identify a person without the use of specific identifiers or selection terms.

And this limitation, both bills proclaim, will prevent bulk collection.

Neither bill defines what they mean by selection term or specific identifier.

Before I consider whether these bills will, in fact, prevent what you and I might consider bulk collection, note what has happened: both of these bills — the crappy Intelligence Committee wish list bill and the allegedly less crappy “reform” bill — have adopted the definition of “bulk collection” used by the notoriously Orwellian Intelligence Community.

This is perhaps best explained in Obama’s President’s Policy Directive on surveillance.

References to signals intelligence collected in “bulk” mean the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).

Now, we’re at a huge disadvantage to be able to assess whether this definition of bulk collection bears any resemblance to what ordinary humans might understand bulk collection to mean, because the government is being very disingenuous about what they claim it to mean.

The government often publicly claims selectors are things “like telephone numbers or email addresses,” as they did repeatedly at the last PCLOB hearing.

I can assure you, however, that when they refer to “selectors like email or telephone,” they’re downplaying their use of things like other IDs (phone handset and SIM card IDs, credit card numbers, Internet IDs or even passwords, IP address, and site cookies). And nothing in the definition says selection terms have to have anything to do with actual people (as the evidence they use malware code as a selector would indicate). Plus, I could envision many things — such as “Area Code 202” or “Western Union transfers over $100”  — that would seem to qualify as selection terms.

But we can measure whether limits to selectors or search terms prohibits bulk collection via another means — by looking at the program about which we’ve gotten most details on selector searches: upstream 702 collection.

While we can’t assess how many “innocent” Americans get sucked up in this purportedly non-bulk collection (and I doubt NSA can either!), we do have an idea how many American communications get sucked up who shouldn’t according to the one-end foreign rule on the collection.

Up to 56,000 American communications a year, according to FISC Judge John Bates’ estimate (because the NSA refused to provide him the real numbers).

56,000 American communications that should not, under the law, have been targeted, sucked up using “identifiers” and “selection terms.”

And the government doesn’t consider that bulk collection at all.

That, my friends, is the standard two different Committees in Congress have adapted as well, doing the intelligence community’s bidding, claiming they’ve solved the bulk collection problem.

Share this entry

Section 215, Under USA Freedumb

/6 Comments/in , /by

This post attempts to do more than lay out how Section 215 will look if USA Freedumb were to pass in its current form. For sections that don’t change, I just mark what they cover. Bolded text is new. My comments are in red. Please let me know if I’ve missed anything.

Update: An updated version of the Managers Amendment does define the term specific selection term:

(2) SPECIFIC SELECTION TERM.—The term  ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

This is far better than nothing. Though I have concerns about “entity” and I suspect there will be some pushback here, since not even phone numbers “uniquely describe a person,” much less IPs.

(a) APPLICATION

(b) Recipient and contents of application
Each application under this section—

(1) shall be made to—
(A) a judge of the court established by section 1803 (a) of this title; or

(B) a United States Magistrate Judge under chapter 43 of title 28, who is publicly designated by the Chief Justice of the United States to have the power to hear applications and grant orders for the production of tangible things under this section on behalf of a judge of that court; and

(2) shall include—

(A) a specific selection term to be used as the basis for the production of the tangible things sought;

Unless I’m mistaken, the term “selection term” is never defined in this bill, nowhere, in spite of the fact that this section and several others rely on it. I can assure you the intelligence community already goes far beyond the email address and phone number they claim to use. And think how broad this could be, without specific limitations. Is there anything preventing “selection term” to be “Area Code 202”? And once you’re talking financial records, what prevents “specific selection term” to be “pressure cooker purchased with a credit card” or “Western Union transfer over $100”?

(B) in the case of an application other than an application described in subparagraph (C), a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities, such things being presumptively relevant to an authorized investigation if the applicant shows in the statement of the facts that they pertain to—

(i) a foreign power or an agent of a foreign power;

(ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or

(iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation;

(C) in the case of an application for the production of call detail records created on or after the date of the application, a statement of facts showing that—

Note that this language limits prospective collection to call detail records, not Internet data. That is one key improvement over RuppRoge — though see my comments below about how this might be gamed.

(i) there are reasonable grounds to believe that the call detail records sought to be produced based on the specific selection term required under subparagraph (A) are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to protect against international terrorism; and

(ii) there are facts giving rise to a reasonable, articulable suspicion that such specific selection term is associated with a foreign power or an agent of a foreign power; and

This is where the bill purportedly limits ongoing production to terrorist investigations. But remember how this “relevant to” term has blown up to include anything that could possibly have a tie to terrorism? Which makes this clause meaningless, leaving the only limitation on what call detail records you want to get to be the original selector having a tie to a foreign power. So it would be a cinch to use this language for other uses. One question I have about this is whether the judge approves just the argument that the records are necessary and the term is associated with a foreign power, or does the judge approve the term itself?

(D) an enumeration of the minimization procedures adopted by the Attorney General under subsection (g) that are applicable to the retention and dissemination by the Federal Bureau of Investigation of any tangible things to be made available to the Federal Bureau of Investigation based on the order requested in such application.

(c) Ex parte judicial order of approval
(1) Upon an application made pursuant to this section, if the judge finds that the application meets the requirements of subsections (a) and (b), and that the minimization procedures submitted in accordance with subsection (b)(2)(D) meet the definition of minimization procedures under subsection (g), the judge shall enter an ex parte order as requested, or as modified, approving the release of tangible things. Such order shall direct that minimization procedures adopted pursuant to subsection (g) be followed.

Read more

Share this entry

USA Freedumb Act: The Timing

/2 Comments/in /by

A number of people have expressed appreciation for this analysis: if you find this useful, please consider donating to support my work. 

I’m going to do a series of more finished posts on the “compromised” version of Jim Sensenbrenner’s USA Freedom Act, which I hereby dub the USA Freedumb Act (thanks to Fake John Schindler for the suggestion), because so many of the reforms have been gutted. Here’s the initially proposed bill. Here’s my working thread on USA Freedumb.

You will hear a great many respectable people making positive comments about this bill, comments they normally would not make. That’s because of the carefully crafted timing.

As you recall, Mike Rogers originally got the House Parliamentarian to rule that the bill could go through the House Intelligence Committee. And his bill, which I affectionately call “RuppRoge” after Rogers and Dutch Ruppersberger and Scooby Doo’s “Rut Roh” phase, is genuinely shitty. Not only does it put the NSA onsite at providers and extend call records collection beyond terrorism applications, but it also extends such collection beyond call records generally. It is likely an attempt to get the US back into the Internet dragnet business. Shitty bill.

That said, in key ways RuppRoge is very similar to USA Freedumb. Both “limit” bulk collection by limiting collection to selectors (Freedumb does so across the board, including for NSLs, whereas RuppRoge does so for sensitive Business Records, call records, and Internet metadata). Both propose a similarly (IMO) flimsy FISC advocate. Both propose laughably weak FISC transparency measures. Both will include compensation and immunity for providers they don’t currently have.

Aside from three areas where RuppRoge is better — it forces agencies to update their EO 12333 proposals, doesn’t extend the PATRIOT Act, and provides a (not very useful) way to challenge certificates, all the way up to SCOTUS — and three where it is far worse — it develops more Insider Threat measures, it applies for uses beyond terrorism and beyond call records, and doesn’t include new (but now circumscribed) IG reporting  — they’re not all that different. [Correction: USA Freedumb ALSO applies beyond terrorism.]

They’re differently shitty, but both are pretty shitty.

The reason why otherwise respectable people are welcoming the shitty Freedumb bill, however, is that it gives House Judiciary Committee — with a number of real reformers on it — first pass on this bill. It’s a jurisdictional issue. It puts the jurisdiction for surveillance bills back where it belongs, at the Judiciary Committee.

Oh, by the way, one of the more extensive (in terms of text) real changes in Freedumb is it finally includes the House Judiciary Committee, along with the House and Senate Intelligence Committees and Senate Judiciary Committee, among the committees that get certain kinds of reporting. Jurisdiction. (No, I can’t explain to you why it wasn’t included in the first place in 2008, and no, I can’t explain why that detail is not better known.) It gives everyone on HJC a tiny reason to support the bill, because they’ll finally get the reporting they should have gotten in 2008.

The House Intelligence Committee will consider RuppRoge the day after HJC considers Freedumb, Thursday. Which has elicited hasty (overly hasty, IMO) statements of support for Freedumb, as a way to head off the shitty RuppRoge.

Effectively, the National Security State has managed to put two differently shitty bills before Congress and forced reformers to choose. Freedumb is the better (as in less horrible) bill, and it might get better in Committee. But it’s not a runaway call. And the haste has prevented anyone from really figuring out what a central change to both programs means, which limits collection to selectors, which could be defined in very broad terms (and about which — you’ll have to take my word for now — the NSA has lied in public comments).

One more timing issue that I suspect explains the sudden activity surrounding “reform.” The Privacy and Civil Liberties Oversight Board is due to release a report on Section 702 in the next month or so (its comment period for the report closed on April 11). Given the comments of David Medine, James Dempsey, and Patricia Wald at hearings, I strongly suspect PCLOB will recommend reforms — at least — to back door searches, and possibly to upstream collection. Both are items which were gutted as USA Freedom became Freedumb. (In addition, two aspects that would have expanded PCLOB’s authorities — giving it a role in picking the FISC advocate and giving it subpoena power — have been removed.) So in the same way that President Obama rushed to reaffirm NSA’s unified structure, in which the Information Assurance Division and Cybercommand functions are unified with the more general NSA spying function, before his handpicked Review Group recommended they be split, this seems to be a rush to pre-empt any recommendations PCLOB makes.

Ultimately, these two shitty bills are destined to be merged in conference anyway, and reformers seem to have given up 75% of the field before we get started.

Which means just about the only “reform” we’ll get are actually tactical fixes to help the Security State deal with legal and technical issues they’ve been struggling with.

The USA Freedumb Act has become — with DiFi’s Fake FISA Fix and RuppRoge before it — the third fake reform since Edward Snowden’s leaks first got published. Wearing down the reformers seems to be working.

Share this entry

New “Freedom” Equals Less Protection for All But the Telecoms (Working Thread)

/8 Comments/in /by

A number of people have expressed appreciation for this analysis: if you’re one of them, please consider donating to support my work. 

As a number of outlets are reporting, the House Judiciary Committee will mark-up a Manager’s Amendment to the USA Freedom Act on Wednesday.

This post will lay out what the changes are, as a working thread (updated as I read). But the short version is this: the Manager’s Amendment offers us mere shmoes less protection than the original bill did — particularly with regards to upstream and back door searches. But it does add “liability protection” and financial compensation to the providers that wasn’t in the original bill.

Call Records

The Manager’s Amendment  (MA) provides for 2-hop production from providers, akin to President Obama’s reform proposal. Such orders last for 180 days and can be extended. The Manager’s amendment explicitly limits such protection to international terrorism (which Obama’s reform was wishy-washy on). Correction: it has no such limitation. This would expand the use of the dragnet well beyond terrorism.

It includes really bizarre language on multiple hops:

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii)  as the basis for production;

(II) using the results of the production under subclause (I) as the  basis for production; and

(III) using the results of the  production under subclause (II) as the  basis for production;

The bill mandates 5 year destruction for call records — except for those that are relevant to an investigation.

(v) direct the Government to destroy all call detail records produced under the order not later than 5 years after the date of the production of such records, except for records that are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to protect against international terrorism.

Remember, by FISC opinion, “relevant to” now means “anything even remotely possiby relevant to.” Given that meaning, pretty much all records turned over to the government can be kept forever; strictly by being turned over they’re already more relevant than the definition of relevant the NSA and DOJ currently use.

Other Section 215 Production

The MA tries to limit bulk production differently than USA Freedom did, by requiring the search on a specific selector. I’ll have to reflect on whether this will be more restrictive or open for abuse.

The MA takes out language permitting the FISC to review whether the government has complied with minimization procedures.

The MA provides immunity and compensation where the USA Freedom Act had not.

Inspector General Reports

The MA changes mandated Inspector General Reports from USA Freedom in two interesting ways. First, it only requires reports from 2012 through 2014, whereas the USA Freedom had required them throughout (that is, including 2010 and 2011). I’ll have more to say about this in the future. There’s good reason to believe, however, that there are things the government doesn’t want reviewed that happened in 2010, especially.

Furthermore, it doesn’t require these reports until December 31, 2015 — that is, after PATRIOT Act Reauthorization. The bill also extends the PATRIOT Reauthorization to 2017, so this report would come in before that, but would extend the authorities as a whole for 2 more years.

Finally, it takes out this language:

describe any noteworthy facts or circumstances relating to orders under such title

This would allow IGs to ignore details about the actual practice of these programs.

PRTT

As with business records, the MA limits bulk collection by requiring the use of a specific selector, not by prohibiting bulk collection.

Interestingly, it does permit the Judge to assess compliance with minimization procedures, unlike with call records.

Backdoor searches

Here’s the language USA Freedom used to limit back door searches.

(2) CLARIFICATION ON PROHIBITION ON SEARCHING OF COLLECTIONS OF COMMUNICATIONS
23 OF UNITED STATES PERSONS.—

(A) IN GENERAL.—Except as provided in subparagraph (B), no officer or employee of the United States may conduct a search of a collection of communications acquired under this section in an effort to find communications of a particular United States person (other than a corporation).

(B) CONCURRENT AUTHORIZATION AND EXCEPTION FOR EMERGENCY SITUATIONS.—

Subparagraph (A) shall not apply to a search for communications related to a particular
10 United States person if—

(i) such United States person is the subject of an order or emergency authorization authorizing electronic surveillance or physical search under section 105, 304, 703, 704, or 705, or title 18, United States Code, for the effective period of that order;

(ii) the entity carrying out the search has a reasonable belief that the life or safety of such United States person is
21 threatened and the information is sought for the purpose of assisting that person; or

(iii) such United States person has consented to the search.

Here’s the language the MA uses to prohibit back door searches (and I’m not even sure that’s what it does, as opposed to prevent the MCAT collection Bates declared illegal in 2011), which is part of the minimization procedures.

prohibit the use of any discrete, non-target communication that is determined to be to or from a United States person or a person who appears to be located in the United States, except to protect against an immediate threat to human life.

We know they use back door searches to identify which selectors to further investigate. Does this permit such a use?

In any case, I believe — though am not 100% certain — that the MA takes out any protection against back door searches (save for stronger language on reverse targeting that is similar to what USA Freedom had).

Section 702

The MA takes out language that would have prevented the use of upstream searches for cybersecurity, which I wrote about here.

Remember how RuppRoge had a clause prohibiting the government to store illegally collected data (which they lost in the drafting process).

The MA retains this to Section 702, which appears to prohibit the use of illegally collected data but actually newly permits it. [Update note: most of this was in the USA Freedom]

‘‘(i) IN GENERAL.—Except as provided in clause (ii), no information obtained or evidence derived from an acquisition pursuant to a certification or targeting or minimization procedures subject to an order under subparagraph (B) concerning any United States person shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof, and no information cocerning any United States person acquired from the acquisition shall subsequently be used or disclosed in any other manner by Federal officers or employees without the consent of the United States person, except with the approval of the Attorney General if the information indicates a threat of death or serious bodily harm to any person.

(ii) EXCEPTION.—If the Government corrects any deficiency identified by the order of the Court under subparagraph (B), the Court may permit the use or disclosure of information acquired before the date of the correction under such minimization procedures as the Court shall establish for purposes of this clause.’’.

Remember, first of all, that NSA has secretly rewritten “serious bodily harm” to include threats to property, so that clause is already fairly limited.

But then add in the ability to use illegally collected data once you’ve fixed the problems that made it illegal and it makes this pretty broad. At a minimum, this would permit the government to use all the upstream collection John Bates deemed illegal in 2011.

The MA takes out some other changes to FAA, including a new sunset that would have coincided with the PATRIOT Sunset. Actually, the bill just extends PATRIOT so it coincides with FAA.

Special Advocate

The MA changes how the FISC Special Advocate is chosen. It had been that PCLOB would pick candidates and the Chief Justice (John Roberts!) would pick who got to be the advocates. The MA changes that to letting the presiding judge pick no less than 5 people, including people with technical as well as civil liberties expertise. The Executive still gets to decide whether those people get access however. And the FISC gets to decide if the Special Advocate participates, in which case she’ll be treated like an amicus curiae.

The new scheme also does not provide for appellate review, suggesting that the Special Advocate would not be in a position to raise challenges to decisions the court had already made.

The whole thing seems like a Super Clerk position, not anything really new.

Declassification

The MA also waters down the declassification language in USA Freedom, essentially adopting the language the Obama Administration claims to be currently using (under which it only releases opinions if Edward Snowden comes along and leaks them). Though this language is, roughly, the language that Jeff Merkley tried to get them to adopt back in 2012.

NSLs

The NSLs section repeats the method of prohibiting bulk collection by limiting use to a specific selector.

However, it also takes out limits USA Freedom had put on financial NSLs.

(A) the name of a customer of the financial institution;

(B) the address of a customer of the financial institution;

(C) the length of time during which a person has been, or was, a customer of the financial institution (including the start date) and the type of service provided by the financial institution to the customer; and

(D) any account number or other unique identifier associated with a customer of the financial institution.

(2) LIMITATION.—A request issued under this subsection may not require the production of records  or information not listed in paragraph (1).

As well as a new definition of financial institution borrowed from the Bank Secrecy Act.

(c) DEFINITION OF FINANCIAL INSTITUTION.—For purposes of this section (and sections 1115 and 1117, insofar as the sections relate to the operation of this section), the term ‘financial institution’ has the same meaning as in subsections (a)(2) and (c)(1) of section 5312 of  title 31, United States Code, except that the term shall include only a financial institution any part of which is located inside any State or territory of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, or the United States Virgin Islands.’’.

In addition, whereas the USA Freedom Act had repealed the Counterterrorism NSL for credit reports which permits FBI to get a more extensive credit report in the name of terrorism (adjusting the counterintelligence one such that it targets agents of foreign power) the MA keeps it.

USA Freedom had also put new limits on NSL gags. The MA eliminates those limits.

US Freedom had included the same mandated IG Reports for NSLs as it had for business records. The MA eliminates them.

Reporting

215 Orders

The law providing reports to Congress on how the government uses Section 215 now mandates reports only for HPSCI, SSCI, and SJC. USA Freedom had added HJC to that. But the HJC MA eliminates that change! Update: I need to check–they may have retained this in another part of the bill.

USA Freedom had required detailed descriptions of what the government was doing with 215 orders, and which agencies were using them. The MA eliminates that requirement.

Most troubling, USA Freedom had this language trying to understand how many people are affected by 215 orders.

(C) a good faith estimate of the total number  of individuals whose tangible things were produced  under an order entered under section 501, rounded  to the nearest 100;

(D) a good faith estimate of the total number  of United States persons whose tangible things were  produced under an order entered under section 501, rounded to the nearest 100; and

(E) a good faith estimate of the total number of United States persons whose tangible things were produced under an order entered under section 501 and subsequently reviewed or accessed by a Federal officer, employee, or agent, rounded to the nearest 100.;

That language is gone.

That pattern is repeated through the rest of the reporting requirements. Where USA Freedom had tried to quantify the number of people and US persons who got sucked up in surveillance, and how many of those whose records got reviewed, the MA no longer does so. Shouldn’t they be more willing to provide this data if they were really getting rid of bulk surveillance?

PCLOB

In addition to taking PCLOB out of the FISC advocate role, the MA  eliminates provision giving PCLOB subpoena authority.

Share this entry

Surveillance Democracy in ‘Murka: Shitty Immunity or Less Shitty Immunity

/1 Comment/in /by

As a number of outlets are reporting, on Wednesday, the House Judiciary Committee will mark up a manager’s amendment to the USA Freedom Act. On Thursday, the House Intelligence Committee will mark up the shitty Ruppersberger-Rogers bill.

I’ll have more details on what’s in the Manager’s Amendment. But here’s one thing that will be in both the less shitty HJC bill and the very shitty RuppRoge bill: Immunity.

(e) No cause of action shall lie in any court against a person who produces tangible things or provides information, facilities, or technical assistance pursuant to an  order issued or an emergency production required under this section. Such production shall not be deemed to constitute a waiver of any privilege in any other proceeding or context.

American democracy! Where you can choose between immunity as part of a less shitty bill or immunity as part of a very shitty bill!

Either way, you get immunity.

Share this entry

Adel Daoud Challenges the Government’s “Treatise” against FISA Review

/2 Comments/in /by

On Saturday, I pointed to a newly unsealed exhibit in the Adel Daoud case suggesting that the case arose out of an unsolicited referral from a redacted entity based in part on a claim Daoud made comments in an extremist forum about using Inspire to conduct an attack.

That detail, however, is just background to the more pressing question of whether the 7th Circuit will uphold Judge Sharon Coleman’s order granting Daoud’s lawyers review of the FISA materials against him. As Daoud is the only defendant ever granted such an opportunity, the case presents the possibility of a change in the way FISA has been used against defendants for 36 years.

On Friday, Daoud’s lawyers submitted their response to the government’s argument that Coleman used the wrong standard when she deemed defense review of the FISA materials to be “necessary.”

The response is significant for the important argument it makes about the balance of civil rights and security Congress intended when it passed FISA. (Daoud’s team added powerhouse lawyer John Cline — who readers of this site may remember as Scooter Libby’s graymail lawyer — for this appeal and the brief seems to reflects Cline’s long engagement at the forefront of how classified evidence affects defendants).

Daoud’s lawyers point to this passage of the government brief.

In light of these procedures, “[d]isclosure of FISA materials is the exception and ex parte, in camera determination is the rule.” El-Mezain, 664 F.3d at 567 (citing Abu-Jihaad, 630 F.3d at 129); Duggan, 743 F.2d at 78  (same); United States v. Rosen, 447 F. Supp. 2d 538, 546 (E.D. Va. 2006); see also Belfield, 692 F.2d at 147 (“The language of section 1806(f) clearly anticipates that an ex parte, in camera determination is to be the rule. Disclosure and an adversary hearing are the exception, occurring only when necessary.”); United States v. Isa, 923 F.2d 1300, 1306 (8th Cir. 1991). As this Court observed, a case in which “disclosure is necessary” is “one-in-a-million.” In re Grand Jury Proceedings of Special April 2002 Grand Jury, 347 F.3d 197, 203 (7th Cir. 2003) (affirming district court’s decision not to disclose FISA applications and orders based on the court’s own review of the record); see also Kris & Wilson, National Security Investigations § 29:3 n.1 (2d ed. 2012) (“Necessary means ‘essential’ or ‘required,’ and therefore the plain language of that provision makes clear that a court may not disclose . . . unless it cannot determine whether the surveillance was unlawful without the assistance of defense counsel and an adversary hearing.”).[my emphasis]

It’s a fairly boilerplate version of the paragraph the government uses in all challenges to FISA (though it includes a circuit-specific case they appear to misread and mischaracterize, not least because the District Judge said FISA review was moot in what was a grand jury contempt challenge).

But, as the defense notes, the paragraph relies for its definition of “necessary” on the book National Security Investigations, by former Assistant Attorney General for National Security David Kris and Federal Prosecutor Douglas Wilson, not on precedent. And as Kris and Wilson apparently admit, their claims about the term don’t match with the legislative history says. (Significantly, the government cites the legislative history elsewhere in their appeal, but not on this point.)

The government relies for its interpretation of “necessary” on a treatise. G.Br.19 (citing 2 David S. Kris & J. Douglas Wilson, National Security Investigations & Prosecutions § 31:3, at 263 (2d ed. 2012)) [“Kris & Wilson”]. (The government mis-cites the relevant provision as § 29:3.) But Kris and Wilson rely on the purported “plain meaning” of “necessary,” without citing authority for that meaning, and they concede (in an understatement, as we demonstrate below) that what they consider the “plain meaning” of the term “is, however, somewhat at odds with the explanation in the legislative history.”

From there, the defense proceeds to explain what the legislative history is. Here’s what they conclude (based on the Senate reports).

First, the Senate Judiciary and Intelligence Committees plainly did not anticipate what followed over the next thirty-six years—that no court would ever find the “necessary” standard satisfied. Nothing in the Committees’ discussion suggests that they intended that standard to erect an insuperable barrier to disclosure. To the contrary, in choosing a balanced approach, the Committees specifically eschewed “an entirely in camera proceeding”—only to have the courts overturn that Congressional intent through an overly strict interpretation of “necessary.”

Second, the Committees, through their citation to Butenko, placed broad discretion in district judges in determining when disclosure is “necessary to make an accurate determination of the legality of the surveillance.” They intended that discretion to be exercised “after reviewing the underlying documentation and determining its volume, scope and complexity”—precisely as the district court did here.

Third, the Committees—again through their reliance on Butenko—suggest that the “necessary” standard is met when the district court determines that “adversary presentation would substantially promote a more accurate decision”—a far lower standard than the “essential” or “indispensable” standard the government advocates.

Fourth, the Committees noted the district court’s “broad discretionary power to excise certain sensitive portions” from the FISA materials before disclosure. This recognition of the district court’s inherent power to take necessary protective measures now finds a statutory basis in CIPA (discussed below). That power substantially ameliorates the government’s professed national security concerns.

Finally, the Senate Judiciary and Intelligence Committees contemplated—and did not shy away from—the outcome the government suggests is intolerable (G.Br.29-30): that the district court would order disclosure, the government would refuse to comply, and the court would suppress the surveillance or dismiss the prosecution. Just as Congress did in CIPA, 18 U.S.C. App. 3 § 6(e), the Committees left the choice with the government: either comply with the disclosure order or refuse and suffer appropriate sanctions.

I look forward to the government’s rebuttal of the legislative record. But this, noted defense expert on how classified information is supposed to affect criminal defense John Cline argues, is how Congress intended FISA to work. Sometimes the defense is supposed to be able to see and challenge the underlying FISA application.

Perhaps appropriately, given that Daoud is the first defendant ever to be granted review, this has become more than a review of whether the FISA warrant against him was proper. It has become a long-overdue debate about how FISA was supposed to balance defendants’ constitutional rights with concerns about national security.

Share this entry

The Suppressed Inspire-Ation for the Adel Daoud Investigation

/10 Comments/in /by

According to an FBI 302 recently unsealed in the Adel Daoud case (see this post for background on Daoud), an FBI undercover counterterrorism team first targeted the 18-year old on May 10, 2012 in response to “unsolicited information” from an unknown entity, most of which remains redacted in the 302.

One piece of information legible in the 302, however, reveals that,

Adel David, believed to be an 18 year old male of Egyptian and Palestinian descent living in the greater Chicago area, has stated on web forum [redacted] that he has read an article on bomb making in Inspire Magazine and would make the bomb if he could find the required materials.

Compare that with the details in the September 15, 2012 Complaint used to arrest Daoud.

That narrative starts on October 9, 2011 (9 days after the CIA killed Awlaki in a drone strike), when Daoud sent himself “anwar al awlaki articles.” It also includes a number of subsequent emails with jihadist and anti-Israeli propaganda.  As email content, all this could have been obtained in a FISA physical search warrant on stored communication.

On February 6, 2012, according to the narrative, Daoud received an email regarding his registration to a jihad-related forum.

Then there’s this, dated the day before Chicago’s FBI office opened a full investigation into Daoud based in the referral, in part, based on Daoud’s forum claim to have Inspire in his possession.

On or about May 9, 2012, Daoud, using Daoud Account 1, sent himself (i.e., to Daoud Account 1) a link for Inspire magazines, issues on through nine.

Did Daoud download Inspire and immediately talk about it in that forum, that very same day, leading to a referral to the FBI, leading immediately to a full investigation?

We don’t know, because unless I’m mistaken, Daoud’s reference to Inspire in the jihadist forum that figures centrally in the unsolicited information sent to Chicago’s FBI office never appears in the complaint. It remains completely unmentioned, as if FBI has some reason to suppress it.

Mind you, a few days after May 14, 2012, Daoud did recommend one of the undercover officers, who presented himself to Daoud as a 17 year old Aussie with an interest in jihad, read Inspire. 

During their communications, Daoud recommended that OCE2 read Inspire magazine and sent OCE2 a website link to the publication, which OCE2 downloaded. Daoud characterized the magazine as “amazing” and remarked that he may use instructions from the magazine to carry out an attack.

The FBI did not quote Daoud purportedly stating he would use the magazine to carry out an attack.

And on May 31 — the FBI claimed — Daoud talked about using Inspire to conduct an attack. Here’s what he actually wrote, though:

The point is in this magazine they encourage Muslims in the West especially in the USA to attack IN America. By all means this is something i would consider. But in know that if i started attacking in American i would probably not be able to go to Yemen or anywhere else for Jihad in the Cause of Allah.

Is there a way i could do both, or what’s your opinion on that? i personally think it’s easier and more rewarding to go to Yemen but at the same time i hate the oppression of the USA and i would love to do something that would hurt it from the inside.

That is, a good 21 days after the FBI opened a full investigation of Daoud, he was still saying he’d prefer to go to Yemen. And the FBI’s claim he here said he’d use Inspire to launch an attack seems overstated based on the quoted language.

So the government made 3 claims Daoud said he’d use Inspire to launch an attack:

  • Sometime on or before May 10 (and possibly on May 9 or 10); the referring entity found this comment, and we don’t get to see that language
  • Sometime in the days after May 14, after FBI launched a full investigation; the FBI doesn’t show language saying he’d launch an attack
  • On May 31; at least in the quotation given, the FBI overstates the tie between Inspire and an attack

Now perhaps Daoud really did say it, in that forum comment that led immediately to a full investigation and potentially a FISA warrant. But the FBI isn’t showing it, either because the evidence doesn’t do what they say and/or because they need to hide that Daoud was under surveillance by an unknown agency before FBI got the investigation.

All this seems to suggest either that pre-May 10 forum comment launched the investigation and/or Daoud’s download of Inspire did. And that that’s precisely what the FBI is trying to hide with its refusal to tell how it got a FISA warrant against Adel Daoud.

This has further significance given the possibility it reflects either NSA tracking Inspire downloads (which I suspect it does as upstream collection), or a surveillance of forums under FISA. I’ll return to that in a future post.

Share this entry

“Facts Matter” Said NSA Yay-Man Michael Hayden Who Told Serial Lies about the Phone Dragnet

/11 Comments/in , /by

I’m not sure if you saw last night’s Munk Debate pitting Glenn Greenwald and Alexis Ohanian against Michael Hayden and Alan Dershowitz. I did a whole slew of fact checking and mockery on twitter last night.

But I wanted to pay particular attention to a string of false claims Hayden made about the phone dragnet program.

First, my hobbyhorse, he claimed the database can only be used for terror. (After 1:08)

If this program — and here we’re talking about the metadata program — which is about terrorism, because the only reason you can use the metadata is to stop terrorism. No other purpose.

Actually, terrorism and … Iranian “terrorism.” It’s unclear when or why or how Iran got included in database access (though it is considered a state sponsor of terror). But according to Dianne Feinstein and Keith Alexander, analysts can also access the database for Iran-related information. Now, maybe they can only access the Iran data if they claim terror. But that’s a very different thing than claiming a tie to al Qaeda.

The real doozies come later (my transcription; after 1:20:40; I’ve numbered the false claims and provided the “facts matter” below).

I started out with facts matter. So I assume on the metadata issue we’re talking about the 215 program. About the phone records, alright? Because frankly, that’s the only bulk metadata NSA has on American citizens. (1)

[cross talk]

Accusations fit on a bumper sticker. The truth takes longer. NSA gets from American telephone providers the billing records of American citizens. (2) What happens to the billing records is actually really important. I didn’t make this phrase up but I’m gonna use it. They put it in a lock box, alright? They put it in a lock box at NSA. (3) 22 people at NSA are allowed to access that lockbox. (4) The only thing NSA is allowed to do with that truly gajillion record field sitting there is that when they have what’s called a seed number, a seed number about which they have reasonable articulable suspicion that that seed number is affiliated with al Qaeda — you roll up a safe house in Yay-Man, he’s got pocket litter, that says here’s his al Qaeda membership card, he’s got a phone you’ve never seen before. Gee, I wonder how this phone might be associated with any threats in the United States. (5) So, I’ll be a little cartoonish about this, NSA gets to walk up to the transom and yell through the transom and say hey, anybody talk to this number I just found in Yay-Man? And then, this number, say in Buffalo, says well, yeah, I call him about every Thursday. NSA then gets to say okay Buffalo number — by the way, number, not name — Buffalo number, who did you call. At which point, by description the 215 metadata program is over. That’s all NSA is allowed to do with the data. There is no data mining, there’s no powerful algorithms chugging through it, trying to imagine relationships. (6)   It’s did that dirty number call someone in the United States. The last year for which NSA had full records is 2012 — I’ll get the 13 numbers shortly (7) — but in 2012, NSA walked up to that transom and yelled “hey! anybody talk to this number?” 288 times. (8)

(1) Under the SPCMA authority, NSA can include US persons in contact-chaining of both phone and Internet metadata collected overseas. SPCMA has far fewer of the dissemination and subject matter limitations that the Section 215 dragnet has.

(2) NSA doesn’t get the “billing records.” It gets routing information, which includes a great deal of data (such as the cell phone and SIM card ID and telecom routing information) that wouldn’t be included on a phone bill, even assuming a bill was itemized at all (most local landline calls are not). It also gets the data every day, not every month, like a billing record.

(3) Starting in early January 2008, NSA made a copy of the dragnet data and “for the purposes of analytical efficiency” dumped it in with all their other metadata. That allows them to conduct “federated queries,” which is contact chaining across authorities (so chains including both foreign collected EO12333 data and domestic Section 215 data). The NSA coaches its analysts to rerun queries that are replicable in EO12333 alone because of the greater dissemination that permits.

(4) The 22 number refers to the people who can approve an identifier for Reasonable Articulable Suspicion, not the people who can conduct queries. Those 22 are:

the Chief or Deputy Chief, Homeland Security Analysis Center; or one of the twenty specially-authorized Homeland Mission Coordinators in the Analysis and Production Directorate of the Signals Intelligence Directorate.

While we don’t know how many analysts are trained on Section 215 dragnet right now, the number was 125 in August 2010.

But even those analysts are not the only people who can access the database. “Technicians” may do so too.

Appropriately trained and authorized technical personnel may access the BR metadata to perform those processes needed to make it usable for intelligence analysis. Technical personnel may query the BR metadata using selection terms that have not been RAS-approved (described below) for those purposes described above, and may share the results of those queries with other authorized personnel responsible for these purposes, but the results of any such queries ill not be used for intelligence analysis purposes. An authorized technician may access the BR metadata to ascertain those identifiers that may be high volume identifiers. The technician may share the results of any such access, i.e., the identifiers and the fact that they are high volume identifiers, with authorized personnel (including those responsible for the identification and defeat of high volume and other unwanted BR metadata from any of NSA’s various metadata repositories), but may not share any other information from the results of that access for intelligence analysis purposes.

And this access — which requires access to the raw metadata — is not audited.

(5) Note, in the past, the government has also accessed the database with “correlated” identifiers — phone numbers and SIM cards associated with the same person. It’s unclear what the current status of querying on correlated identifiers is, but that is likely the topic of one of the FISC opinions the government is withholding, and the government is withholding the opinion in question in the name of protecting an ongoing functionality.

(6) Hayden pretends there’s a clear boundary to this program, but even the FISC minimization procedures for it approve the corporate store, where these query results — people 2 degrees from someone subjected to a digital stop-and-frisk — may be subjected to “the full range of [NSA’s] analytic tradecraft.” So when Hayden says there’s no data mining and no powerful algorithms, he’s lying about the data mining and powerful algorithms (and content access) that are permitted for identifiers in the corporate store.

(7) Given that DOJ has already released their numbers for FISA use in 2013, I presume it also has the number of identifiers that have been queried.

(8) The 288 number refers to the number of identifiers queried, not the number of queries run. Given that the dragnet serves as a kind of alert system — to see who has had contracts with a certain number over time — the number of actual queries is likely significantly higher, as most of the identifiers were likely run multiple times.

Share this entry

Confirmed: Obama’s Dragnet “Fix” Isn’t About Us

/5 Comments/in /by

After Obama rolled out his phone dragnet fix, I noted the real reason he was doing it was not so much a concern for civil liberties, but rather a recognition that by outsourcing the data to providers, it would solve the legal-technical problems NSA had been having in two (probably related) areas: collection of cell data and operation of an alert function.

The Obama plan is an improvement over the status quo (though I do have grave concerns about its applicability in non-terrorist contexts, and my concerns about what the government does with the data of tens to hundreds of thousands of innocent Americans remain).

But don’t be fooled. Obama’s doing this as much because it’s the easiest way to solve legal and technical problems that have long existed because the government chose to apply a law that was entirely inapt to the function they wanted to use it for.

Shockers! A more privacy protective solution also happens to provide the best technical and legal solution to the problem at hand.

Yesterday, David Sanger confirmed that was the case, at least for the cell data problem.

At the N.S.A., there is grumbling about the continuing disclosures of material stolen by Mr. Snowden, but comparatively little complaint on the new limits Mr. Obama has proposed. In some cases, the N.S.A. gained some access to data even as it lost some autonomy. For example, its program to collect metadata missed a large percentage of cellphone calls. Under Mr. Obama’s plan, if it becomes law, the N.S.A. would have to leave that data in private hands, but when the N.S.A. does get it, under court order, the agency should have access to a lot more than it does today.

“It’s a pretty good trade,” said one senior intelligence official who has been working on the issue. “All told, if you are an N.S.A. analyst, you will probably get more of what you wanted to see, even it’s more cumbersome.”

And given Spencer Ackerman’s report that the White House wants to give the telecoms immunity under this new “fix,” the issue may well go beyond the cell data, though cell data has its own legal risks.

In a statement of principles privately delivered to lawmakers some weeks ago to guide surveillance reforms, the White House said it wanted legislation protecting “any person who complies in good faith with an order to produce records” from legal liability for complying with court orders for phone records to the government once the NSA no longer collects the data in bulk.

[snip]

A congressional aide said the telecommunications companies were expected to “fight hard” for the provision to survive in any surveillance bill. Those firms, including Verizon and AT&T, have typically kept far more silent in public about NSA surveillance and their role in it than internet giants, like Yahoo and Google, which have pushed for reforms.

Ackerman’s wrong about Verizon’s silence — not only has it already issued a somewhat critical statement on proposed reforms, it also made a flaccid challenge to a recent order. But its stated concerns refusing to create new records is probably related to the real legal concerns underlying demands for immunity. To get cell records without location information (the latter of which would probably violate US v. Jones), Verizon apparently would and will need to make new records not otherwise required for its business purposes (which, again, may be the source of the cell data problem).  That’s a very different legal role than simply as a communications provider, one it apparently is not thrilled about playing.

And all that’s before you consider the possibility, under the House Intelligence RuppRoge “reform,” that these “reforms” would also get Internet content-as-metadata again.

The fact is the government can’t legally do what it wants to do. They’re trying a new plan, by outsourcing to the providers. But it’s not clear that’s legal either.

Share this entry

The Qazi Brothers: The Craziest Bit of Blatant Parallel Construction to Protect FAA

/6 Comments/in /by

On Monday, the government submitted unclassified and classified motions asking Magistrate Judge John O’Sullivan to reconsider his order that the government defend the constitutionality of the FISA Amendments Act in their case against Raees and Sheheryar Qazi, two Pakistani Americans charged with conspiring to use a WMD. While the government admits there was never a real plot, Raees was allegedly reaching out to al Qaeda and the FBI found batteries and Christmas lights in Sheheryar’s place, where Raees lived, which the government claims were to be used to make a bomb.

I’ll get into the long, ongoing dispute about the FAA in this case.

But before I do, note that in August 2013, over 8 months after the brothers had been arrested and 4 months after the older brother, Sheheryar, had demanded notice if the government had used FISA Amendments Act against him, the government obtained warrants; the government provided those warrants while handing over content obtained under a warrant from Yahoo and Hotmail, precisely the kind of content the government obtains under PRISM using Section 702 authority.

While I can’t know whether the government obtained warrants for content originally obtained under FAA, O’Sullivan permitted a constitutional challenge to FAA even without notice from the government that it had been used against the brothers (though last July the government did submit an response to Sheheryar’s challenge to FISA that discussed 3 different authorities; see section IB).

You do the math.

As I said, this challenge goes back some time, to April 2013, in the wake of both Dianne Feinstein’s naming of the brothers in a speech defending the reauthorization of the FAA and the Amnesty v. Clapper decision ruling that judged the plaintiffs didn’t have standing, but that defendants who did would be accorded the opportunity to challenge the constitutionality of the law.

Of particular interest, after the government originally refused to give notice to the brothers on whether it had used FAA to get them, Sheheryar asked specifically whether the government used 702 information in the affidavit to obtain the content and physical search FISA warrants used against the brothers (probably targeted, as I said, at Raees). The government reacted particularly aggressively to that affidavit request, as if Sheheryar struck close to the bone.

Which brings us to the argument the government is now making to Sheheryar’s constitutional challenge. The government says that Sheheryar Qazi should not be able challenge the constitutionality of the FISA Amendments Act because it will not introduce any FAA-derived information against him at trial.

Thus, in order for a defendant to move to suppress FISA or FAA-obtained or derived evidence, the defendant must be: ( 1) “a person against whom evidence obtained or derived from” (2) “an electronic surveillance” [or physical search] (3) “to which he is an aggrieved person” (4) “is to be, or has been, introduced or otherwise used or disclosed” (5) in a “trial, hearing or other proceeding.”

[snip]

Because the government has not and does not intend to use or disclose in trial any evidence obtained or derived from FAA-authorized surveillance as to which Movant is an aggrieved person, Movant cannot demonstrate any sort of concrete, particularized and actual or imminent injury, much less an injury “fairly traceable” to the FAA. Movant also cannot possibly demonstrate that any resolution of the constitutionality of the FAA would redress any injury.

It says this even as it is working on a separate theory why Sheheryar’s brother, Raees, against whom the primary traditional FISA warrant was almost certainly targeted, cannot challenge FAA’s constitutionality, either. The government appears to be less sure that they can argue with a straight face that none of the evidence they’ll submit at trial against Raees derived from FAA.

But that motion is due after a May 9 hearing in which the judge will consider whether Sheheryar’s counsel, Ronald Chapman, must withdraw as counsel because he witnessed an alleged altercation between the brothers are two Marshals in a SCIF on April 8 (Chapman just submitted a statement that he has no conflict under FL Bar rules). That same day, April 8, Raees joined in his brother’s demand on the constitutionality of FAA, and I wouldn’t be surprised if the government argued Raees improperly joined his brother’s request because of that meeting.

The government suggests it may file additional charges against the brothers for the alleged altercation. At which point they’ll probably drop these flimsy terrorism charges, bust the brothers for assault, and avoid having to reveal the shell game by which they came to arrest the brothers in the first place.

Read more

Share this entry