In Cut and Paste Tumblr Post, James Clapper Describes Who We Can Spy on without Discriminants

/in , , /by

As part of his Presidential Policy Directive on Signals Intelligence, Obama said this about bulk collection:

In particular, when the United States collects nonpublicly available signals intelligence in bulk, it shall use that data only for the purposes of detecting and countering: (1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests; (2) threats to the United States and its interests from terrorism; (3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction; (4) cybersecurity threats; (5) threats to U.S. or allied Armed Forces or other U.S or allied personnel; and (6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section. In no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S . business sectors commercially; or achieving any purpose other than those identified in this section.

The Assistant to the President and National Security Advisor (APNSA), in consultation with the Director of National Intelligence (DNI), shall coordinate, on at least an annual basis, a review of the permissible uses of signals intelligence collected in bulk through the National Security Council Principals and Deputies Committee system identified in PPD-1 or any successor document. At the end of this review, I will be presented with recommended additions to or removals from the list of the permissible uses of signals intelligence collected in bulk.

The DNI shall maintain a list of the permissible uses of signals intelligence collected in bulk. This list shall be updated as necessary and made publicly available to the maximum extent feasible, consistent with the national security.

To fulfill that bolded “shall” language, James Clapper just released this on his IContheRecord Tumblr page:

Presidential Policy Directive/PPD-28 – Signals Intelligence Activities establishes a process for determining the permissible uses of nonpublicly available signals intelligence that the United States collects in bulk. It also directs the Director of National Intelligence to “maintain a list of permissible uses of signals intelligence collected in bulk” and make the list “publicly available to the maximum extent feasible, consistent with the national security.”

Consistent with that directive, I am hereby releasing the current list of permissible uses of nonpublicly available signals intelligence that the United States collects in bulk.

Signals intelligence collected in “bulk” is defined as “the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).” As of Jan. 17, 2014, nonpublicly available signals intelligence collected by the United States in bulk may be used by the United States “only for the purposes of detecting and countering:

  1. Espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
  2. Threats to the United States and its interests from terrorism;
  3. Threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
  4. Cybersecurity threats;
  5. Threats to U.S. or allied Armed Forces or other U.S. or allied personnel; and
  6. Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.”

Further, as prescribed in PPD-28, “in no event may signals intelligence collected in bulk be used for the purpose of suppressing or burdening criticism or dissent; disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion; affording a competitive advantage to U.S. companies and U.S. business sectors commercially;” or achieving any purpose other than those identified above.

Effectively, Clapper fulfilled an obligation mandated by the PPD by simply cutting and pasting the list of 6 permissible uses of bulk collection in the PPD.

Given that this list is expected to be assessed annually, does that mean the PPD itself should be considered valid for no more than a year?

Death by Geolocation: “We’re Going after Their Phones”

/9 Comments/in , /by

In December, I talked about the role I thought SIGINT played in drone targeting (here, noting that the same analysis that picks key pirates out of a database might choose to kill them).

[I]t is very easy to see what kind of role metadata analysis would play in the early stages of targeting a signature strike, because that’s precisely how the intelligence community identify the nodes that, McNeal tells us, they’re often targeting when they conduct signature strikes. Wiretap the person at that node and you may learn a lot (that’s also probably the same kind of targeting they do to select potential informants, as we know they do with metadata), kill that person and you may damage the operational capabilities of a terrorist (or pirate) organization.

When the WaPo reported on NSA’s role in drone killing, it focused on how NSA collected content associated with a known target — Hassan Ghul — to pinpoint his location for drone targeting.

But NSA probably plays a role in the far more controversial targeting of people we don’t know for death, with precisely the kind of contact chaining it uses on US persons.

It turns out I overestimated the role of HUMINT in the targeting process.

In their first story at the Intercept, Glenn Greenwald and Jeremy Scahill describe drone killing being done almost entirely on SIGINT.

What’s more, he adds, the NSA often locates drone targets by analyzing the activity of a SIM card, rather than the actual content of the calls. Based on his experience, he has come to believe that the drone program amounts to little more than death by unreliable metadata.

“People get hung up that there’s a targeted list of people,” he says. “It’s really like we’re targeting a cell phone. We’re not going after people – we’re going after their phones, in the hopes that the person on the other end of that missile is the bad guy.”

[snip]

The former JSOC drone operator estimates that the overwhelming majority of high-value target operations he worked on in Afghanistan relied on signals intelligence, known as SIGINT, based on the NSA’s phone-tracking technology.

“Everything they turned into a kinetic strike or a night raid was almost 90 percent that,” he says. “You could tell, because you’d go back to the mission reports and it will say ‘this mission was triggered by SIGINT,’ which means it was triggered by a geolocation cell.”

Their source argues the reliance exclusively on SIGINT is particularly bad for JSOC in Yemen.

As the former drone operator explains, the process of tracking and ultimately killing a targeted person is known within the military as F3: Find, Fix, Finish. “Since there’s almost zero HUMINT operations in Yemen – at least involving JSOC – every one of their strikes relies on signals and imagery for confirmation: signals being the cell phone lock, which is the ‘find’ and imagery being the ‘unblinking eye’ which is the ‘fix.’” The “finish” is the strike itself.

“JSOC acknowledges that it would be completely helpless without the NSA conducting mass surveillance on an industrial level,” the former drone operator says. “That is what creates those baseball cards you hear about,” featuring potential targets for drone strikes or raids.

I’ve been pointing out JSOC’s inaccuracy for some time.

In fact, this may explain Dianne Feinstein’s efforts to ensure CIA retains control of drone targeting.

Of course, the HUMINT CIA gets — in both Pakistan and Yemen — has proven highly susceptible to manipulation by our partners on the ground. So it’s not clear that’s any better either.

All this Intelligence and so little actual intelligence.

Will NSA Lose Access to All Verizon Cell Metadata in 12 Days Time?

/14 Comments/in /by

Last week, NSA selectively leaked a claim it only obtains 20 to 30% of US call data because it doesn’t collect some or all cell provider data. (WSJ, WaPo, LAT, NYT)

I believe the claim itself is true only in a narrow sense and the premises given to journalists underlying it are laughably false as presented (though have grains of truth).

I suspect this leaked propaganda campaign might better be explained by the possibility that NSA will lose some of its existing access to Verizon cell data on February 21, when the Vodaphone/Verizon split becomes legally official.

Some aspect of Verizon’s structure — and a good deal suggests it’s that dual-country ownership — has created problems in the metadata program since 2009. On May 29, 2009, Judge Reggie Walton started breaking out directions to Verizon’s Custodian of Records in its own paragraph of the Primary Order so as to clarify that it should only provide entirely domestic or one-end domestic calls under the Section 215 order, not entirely foreign calls. Then, in a July 9, 2009 Primary Order the government is still withholding, Walton actually shut down production from Verizon, apparently entirely. He restored production with the September 3, 2009 Primary Order, permitting retroactive collection of any records still in existence. We know Verizon was this provider because ODNI failed to redact Verizon’s name in the Verizon-specific paragraph in a recent document dump.

While we don’t know why including foreign production presented such a problem (that 3 month period is the only period I know of during which production of any part of the phone dragnet was shut down), it did.

But we do have hints of why Verizon’s international collection might be so sensitive. In August (a month before Verizon and Vodaphone agreed to split), Suddeutsche newspaper revealed that Verizon was among the 7 providers included in GCHQ’s Tempora program.

BT, Vodafone Cable, and the American firm Verizon Business – together with four other smaller providers – have given GCHQ secret unlimited access to their network of undersea cables. The cables carry much of the world’s phone calls and internet traffic.

In June the Guardian revealed details of GCHQ’s ambitious data-hoovering programmes, Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. It emerged GCHQ was able to tap into fibre-optic cables and store huge volumes of data for up to 30 days. That operation, codenamed Tempora, has been running for 20 months.

The Guardian explained that providers were compelled, under licensing requirements, to participate under the UK’s Telecom Act.

Telecoms providers can be compelled to co-operate with requests from the government, relayed through ministers, under the 1984 Telecommunications Act,

[snip]

Vodafone said it complied with the laws of all the countries in which its cables operate. “Media reports on these matters have demonstrated a misunderstanding of the basic facts of European, German and UK legislation and of the legal obligations set out within every telecommunications operator’s licence … Vodafone complies with the law in all of our countries of operation,” said a spokesman.

That would seem to suggest Verizon’s legal presence in the UK made it subject to orders to participate in Tempora. This requirement, which started as early as 2008, involves the massive collection of both phone and Internet metadata which gets stored for 30 days. The kind of metadata that last week’s propaganda campaign claimed NSA didn’t get access to.

Given Verizon’s role in Tempora, I suspect it is one of the corporate partners which accesses data (including, but no way limited to, cell location data) from the telephone links between networks under the FASCIA program.

A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.”

STORMBREW collects data from 27 telephone links known as OPC/DPC pairs, which refer to originating and destination points and which typically transfer traffic from one provider’s internal network to another’s. That data include cell tower identifiers, which can be used to locate a phone’s location.

The agency’s access to carriers’ networks appears to be vast.

“Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This ‘flat’ trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one-stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.”

And as Blaze describes (Mindrayge describes some of why this is so in this comment), accessing data at these points would give Verizon access to everyone’s cell data, not just its own.

I believe that collection — because it was obligated by the UK, not the US, and because it took place offshore — would count as EO 12333 data, not Section 215 data. This is why I believe NSA does get comprehensive coverage of all cell data, just not under Section 215. NSA gets all the data it wants, just via GCHQ’s greater ability to obligate production than NSA’s. And it gets cell location data if it wants it too!

Or it did, so long as the joint corporate structure of Vodaphone and Verizon created the obligation behind that production.

Now, obviously, the hardware linking Verizon and Vodaphone won’t disappear in 12 days time. Verizon will still presumably operate the hardware where this massive data collection takes place. But if I’m understanding the legal leverage of the UK’s licensing law correctly, the UK and US’ collective ability to obligate production will change. As one possibility (there are others I’ll explain in a later post), NSA may have to rely on Section 215 to obligate production, rather than the UK’s more expansive law.

Which, I suspect, is the real logic behind last week’s propaganda campaign on cell data. For the first time, NSA may have to rely on Section 215 rather than UK licensing laws to access Verizon’s (and probably some other providers’) cell phone metadata. And that’s happening at a time when Verizon is the dominant cell provider in the US. But even as it will need to rely on Section 215, the FISC has narrowed the scope of its interpretation of the law, to specifically exclude the cell location data that has been included in this collection for years.

In other words, I believe the confluence of two events — the change in Verizon’s corporate structure and FISC’s effort to prohibit the application of Section 215 to location data — may have created significant new difficulties in maintaining what (I strongly believe) has always been comprehensive dragnet collection.

Update: On March 4, Verizon’s General Counsel said the Vodaphone/Verizon split will have no effect on their legal obligation.

The Faulty Premise of the 30% Call Data Claims: Legal Limits on Geolocation Data

/18 Comments/in /by

In this post, I suggested that reports (WSJ, WaPo) that NSA collects only 20 to 30% of US phone records probably don’t account for the records collected under authorities besides Section 215.

So why did WSJ, WaPo, LAT, and NYT all report on this story at once? Why, after 8 months in which the government has taken the heat for collecting all US call records, are anonymous sources suddenly selectively leaking stories claiming they don’t get (any, the stories suggest) cell data?

There’s a tall tale the stories collectively tell that probably explains it.

None of the stories really explain why NSA didn’t start collecting cell data from the start, when, after all, it got no legal review. Nor did they note that, according to this WSJ article which a few of them cited, NSA does get cell data from AT&T and Sprint. But the stories collectively provide two explanations for why — as cell phones came to dominate US telecommunications — NSA didn’t add them to their Section 215 collection (which remember, is different from not including them in their EO 12333 collection).

First, NSA was too busy responding to crises (their 2009 phone dragnet violations and the Snowden leaks) to integrate cell data.

WSJ:

The agency’s legal orders to U.S. phone companies don’t cover most cellphone records, a gap the NSA has been trying to address for years. The effort has been repeatedly slowed by other, more pressing demands, such as responding to criticisms from the U.S. court that oversees its operations, people familiar with the matter say.

WaPo:

Compounding the challenge, the agency in 2009 struggled with compliance issues, including what a surveillance court found were “daily violations of the minimization procedures set forth in [court] orders” designed to protect Americans’ call records that “could not otherwise have been legally captured in bulk.”

As a result, the NSA’s director, Gen. Keith Alexander, ordered an “end-to-end” review of the program, during which additional compliance incidents were discovered and reported to the court. The process of uncovering problems and fixing them took months, and the same people working to address the compliance problems were the ones who would have to prepare the database to handle more records.

The NSA fell behind, the former official said.

In June, the program was revealed through a leak of a court order to Verizon by former NSA contractor Edward Snowden, setting off an intense national debate over the wisdom and efficacy of bulk collection.

The same NSA personnel were also tasked to answer inquiries from congressional overseers and others about how the program and its controls worked. “At a time when you’re behind, it’s hard to catch up,” the former official said.

This claim is pretty ridiculous, given that we know (indeed, several of these reporters got selective leaks about this in October just before Keith Alexander admitted to it) NSA worked on geolocation from 2010 to 2011, which these reporters’ anonymous sources claim is the problem with cell data now. They were working on the problem, if indeed it was one.

The existence of that 2010 to 2011 pilot program also presents problems for the other explanation offered: that NSA is legally prohibited from receiving cell geolocation data.

WaPo:

Apart from the decline in land-line use, the agency has struggled to prepare its database to handle vast amounts of cellphone data, current and former officials say. For instance, cellphone records may contain geolocation data, which the NSA is not permitted to receive.

WSJ:

Moreover, the NSA has been stymied by how to remove location data—which is isn’t allowed to collect—from cellphone records collected in bulk, a U.S. official said.

[snip]

A key difficulty has been separating location data from cellphone records. NSA has an agreement with the secret Foreign Intelligence Surveillance court that it won’t collect location data from phones.

It is true that Alexander told Congress in October NSA would warn Congress and the FISC before they started collecting cell geolocation data again, but NSA still maintained it would be legal to do so.

And it is true that the intervening years since the pilot program, the Jones case presented challenges to the practice that even James Clapper admitted — back in 2012 — might force NSA to change its current practices (even while suggesting the rules were probably different for intelligence gathering as opposed to criminal investigation).

It’s also possible NSA’s delayed notice to Congress on its geolocation efforts — not even the House Judiciary Committee got notice before the Reauthorization of the PATRIOT Act in 2011 — has created problems for NSA’s collection of geolocation (and therefore, these stories claim, cell data).

Nevertheless, the record shows that DOJ and NSA believed the language of the existing Section 215 orders permitted NSA to collect cell location data at least through the end of 2011 and probably still believed it after Jones.

So that can’t be the explanation for why NSA hasn’t been collecting cell data (under Section 215, from Verizon and T-Mobile) all these years.

But the claim NSA is not permitted to collect geolocation data provides two of these stories reason to report that the purported legal prohibition on the collection of cell location has forced NSA to seek court orders for the cell data in question.

WaPo:

The government is taking steps to restore the collection — which does not include the content of conversations — closer to previous levels. The NSA is preparing to seek court orders to compel wireless companies that currently do not hand over records to the government to do so, said the current and former officials, who spoke on the condition of anonymity to discuss internal deliberations.

LAT:

The NSA aims to build the technical capacity over the next few years to collect toll records from every domestic land line and cellphone call, assuming Congress extends authority for Section 215 of the USA Patriot Act after it expires in June 2015.

Once the capacity is available, the agency would seek court orders to require telecommunications companies that do not currently deliver their records to the NSA to do so.

This is the point of these stories: to prepare us for the argument, in advance of next year’s PATRIOT Act reauthorization, that Section 215 must be expanded to include cell data these reporters claim NSA doesn’t collect (they imply, under any authority) now. NSA told these reporters a story about how meager its (Section 215-based) collection is to prepare for a debate that it needs to expand authority, not curtail it.

That said, even as obviously facetious as are the claims that NSA believed it was prohibited from collecting geolocation data even as it was doing so, there have been at least two intervening events, in addition to the Jones decision, that I suspect have changed NSA’s views on cell location data. These may explain why NSA is telling this tall tale now.

First, whereas before July 19, 2013 (indeed, for the entire period when it was testing cell location data), NSA had no guidance on whether Section 215 covered cell location, in July, in the wake of Snowden’s leaks, Claire Eagan explicitly excluded Cell Location Site Identifier information from the order (though that is not the only way to get cell location).

Furthermore, this Order does not authorize the production of cell site location information (CSLI).

That is, the Executive no longer operated at the full expanse of its authority on cell geolocation, because a court bound its authority, at least for Section 215 collection.

In addition, as of about two weeks ago and for the first time in 14 years, Verizon Wireless is no longer partially foreign owned. Verizon Wireless and Vodaphone announced plans to split up back in September and on January 28, the board approved the deal. The split will be final on February 21.

I suspect (this is speculation, but I will explain in a future post why my confidence on this point is very very high) that the reason NSA is telling this tall tale right now has nothing to do (as some of the stories suggested) with the fact that some of America’s key cell telecoms are partly foreign owned. Rather, I suspect any gap in cell data collection arises instead from the fact that the nation’s largest cell provider, Verizon, is no longer partly owned by a British company and therefore no longer subject to the collection agreements of GCHQ.

Say … am I really the only NSA beat writer who is wondering why it is taking ODNI so long to declassify the January 4 FISC reauthorization for the Section 215 dragnet as compared to the previous reauthorizations since the Snowden leak?

DOD Complains about “Speculative” Risk of Bulk Collection

/14 Comments/in , /by

Maybe I have a sick sense of humor.

But I laughed at the irony of this NYT story about how Edward Snowden used a web-crawler to scrape data from the NSA’s servers.

In paragraphs 28 and 29 (of 29), Defense Intelligence Agency head Michael Flynn admits what he has avoided admitting in public hearings: he has no fucking clue what Snowden took.

The head of the Defense Intelligence Agency, Lt. Gen. Michael T. Flynn, told lawmakers last week that Mr. Snowden’s disclosures could tip off adversaries to American military tactics and operations, and force the Pentagon to spend vast sums to safeguard against that. But he admitted a great deal of uncertainty about what Mr. Snowden possessed.

“Everything that he touched, we assume that he took,” said General Flynn, including details of how the military tracks terrorists, of enemies’ vulnerabilities and of American defenses against improvised explosive devices. He added, “We assume the worst case.”

DOD doesn’t actually know what Snowden took. They know he had access to a bunch of files on military operations.

But that leaves open the question of how Mr. Snowden chose the search terms to obtain his trove of documents, and why, according to James R. Clapper Jr., the director of national intelligence, they yielded a disproportionately large number of documents detailing American military movements, preparations and abilities around the world.

But DOD doesn’t know whether he just touched them, or took them with him. It doesn’t know whether he deleted any he took before turning them over to journalists.

For his part, Snowden says DOD’s claims he deliberately took military information are unfounded.

In his statement, Mr. Snowden denied any deliberate effort to gain access to any military information. “They rely on a baseless premise, which is that I was after military information,” Mr. Snowden said.

Snowden suggests any military information he got, he got incidentally. DOD will just have to trust him.

Nevertheless, DOD will assume the worst because that’s the only way to protect DOD equities — and indeed, the lives of our military service members (that is, if Flynn’s claims are true; given his track record I don’t necessarily believe they are).

The necessity of protecting people and secret plans because of a potential risk is actually not funny at all. Indeed, it points to the problem inherent with bulk collection conducted in secret: Those potentially targeted by it have to assume the worst to protect themselves.

Mind you, if Sam Alito were a fair and balanced kind of guy, he’d tell DOD to suck it up. The risk of this bulk collection inflicting harm on military operations is speculative.

Respondents’ claim of future injury is too speculative to establish the well-established requirement that certain injury must be “certainly impending.”

But I think Alito is wrong. I definitely don’t fault DOD for adjusting to potential risks given the lack of certainty over which of their most sensitive secrets bulk collection has compromised.

If it is a problem that Snowden touched or maybe even incidentally collected data that could cause DOD great harm — if it is understandable that DOD would assume and prepare for the worst — then NSA needs to shut down its own indiscriminate scraping of data from all over the world. Because it is imposing the same kinds of risk and costs and worries to private individuals all over the world.

Update: Eli Lake got sources who received DIA’s briefing on their Snowden report to distinguish between what DIA knows and what they’re just assuming.

NSA’s Latest Claim: It Only Gets 30% of “Substantially All” the Hay in the Haystack

/10 Comments/in , /by

SIGINT and 215In December 2007, the FBI began intercepting MOALIN’s cell phone.

FBI search warrant affidavit seeking (among other things) additional cell phones, October 29, 2010

Yesterday, Siobhan Gorman reported that NSA’s “phone-data program” collects 20% or less of the phone data in the US. She explains that the program doesn’t collect cell phone data, and so has covered a decreasing percentage of US calls over the last several years.

The National Security Agency’s phone-data program, which has been at the center of controversy over the NSA’s surveillance operations, collects information from about 20% or less of all U.S. calls—much less than previously described by lawmakers.

The program had been described as collecting records on virtually every phone call placed in the U.S., but in fact, it doesn’t cover records for most cellphones, the fastest-growing sector in telephony and an area where the agency has struggled to keep pace, according to several people familiar with the program.

Ellen Nakashima’s report places the percentage between 20 and 30%, echoing Gorman’s claim about limits on cell data.

The actual percentage of records gathered is somewhere between 20 and 30 percent and reflects Americans’ increasing turn away from the use of land lines to cellphones. Officials also have faced technical challenges in preparing the NSA database to handle large amounts of new records without taking in data such as cell tower locations that are not authorized for collection.

[snip]

The bulk collection began largely as a land-line program, focusing on carriers such as AT&T and Verizon Business Network Services. At least two large wireless companies are not covered — Verizon Wireless and T-Mobile U.S., which was first reported by the Wall Street Journal.

Industry officials have speculated that partial foreign ownership has made the NSA reluctant to issue orders to those carriers. But U.S. officials said that was not a reason.

“They’re doing business in the United States; they’re required to comply with U.S. law,” said one senior U.S. official. “A court order is a court order.”

Rather, the official said, the drop in collection stems from several factors.

Apart from the decline in land-line use, the agency has struggled to prepare its database to handle vast amounts of cellphone data, current and former officials say. For instance, cellphone records may contain geolocation data, which the NSA is not permitted to receive.

These reports offer a more credible explanation than Geoffrey Stone’s multiple claims to this effect about why the program misses data. So they may be true.

But I think they instead point to the legal range of authorities NSA uses to collect phone records, not to what records they actually have in their possession.

These reports are commenting (though without specifying, or even seeming to be aware they need to specify) on what the government claims it collects under Section 215. These reports are not commenting on what NSA collects under all authorities.

In this post I will show why I believe these reports to be credible only in a very narrow sense. In a follow-up post I will point to the legal issues that underlie the Administration’s conflicting claims about what it collects.

Read more

The Lapses in Dragnet Notice to Congress

/7 Comments/in , /by

I’m at a great conference on national security and civil liberties. Unfortunately, speakers have repeatedly claimed that NSA fully informs Congress on its programs.

Even setting aside Dianne Feinstein’s admission that the intelligence committees exercise less oversight over programs conducted under EO 12333, there are a number of public documents that show the Executive failing to fully inform Congress:

April 27, 2005: Alberto Gonzales and Robert Mueller brief SSCI on PATRIOT Authorities in advance of reauthorization. They make no mention of the use of PR/TT to gather Internet metadata, much less the violations of Colleen Kollar-Kotelly limits on the kind of data collected during the first period of its use.

October 21, 2009: A Michael Leiter and NSA Associate Deputy Director briefing to the House Intelligence Committee pointed to the September 3, 2009 phone dragnet reauthorization as proof that NSA had regained FISC’s confidence, without mentioning further violations on September 21 and 23 — violations that NSA did not inform FISC about.

August 16, 2010: DOJ did not provide the Intelligence and Judiciary Committees with some of the pre-July 10, 2008 FISC rulings providing significant constructions of FISA pertaining to — at a minimum — Section 215 until after the first PATRIOT Reauthorization.

February 2, 2011: House Intelligence Chair Mike Rogers did not invite members of Congress to read the 2011 notice about the phone and Internet dragnets. Approximately 86 freshmen members — 65 of whom voted to reauthorize the PATRIOT Act, a sufficient number to tip the vote — had no opportunity to read that notice.

May 13, 2011: In a briefing by Robert Mueller and Valerie Caproni designed to substitute for the Executive’s notice to Congressmen about the phone and Internet dragnets, the following exchange took place.

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

While the balance of the briefing remains redacted, this seems to suggest the FBI did not brief House Republicans about the dragnet violations.

September 1, 2011: NSA did not provide notice to the House Judiciary Committee about its testing of geolocation data under Section 215 until after the reauthorization of PATRIOT Act, in spite of the fact that it had been conducting such tests throughout the 2010 and 2011 debates on the PATRIOT Act.

emptywheel and First Look Media: Beginnings and Continuity

/83 Comments/in /by

I’ve got some exciting new beginnings — and some continuity — to announce.

As Pierre Omidyar and Eric Bates just announced, I will be joining First Look Media as part of a new magazine that will publish Glenn Greenwald, Laura Poitras, Jeremy Scahill, and others’ work. It’s really exciting to join Glenn and others in their work, and to join the larger First Look effort as it launches.

But that opportunity won’t change much here. I am just working for First Look as a consultant — just doing document analysis, not my own reporting — and just part time. I will continue to do the kind of reporting I always do here — and potentially for other media outlets.

Some of the stories I have broken or significantly advanced since the Snowden leaks started (ignoring that I guessed the Bush’s illegal program had been moved under PATRIOT back in 2009) include:

  • FISC never issued an opinion finding the dragnet legal until last year (confirmed by PCLOB 7 months later)
  • NSA’s phone dragnet violated Section 215’s minimization requirements (confirmed by PCLOB 2 months later)
  • NSA can query the Section 215 dragnet for Iranian targets in addition to al Qaeda related ones
  • NSA uses the dragnet to identify potential informants
  • Technical personnel have unaudited access to raw dragnet data to remove “high volume” numbers and carry out other still-secret tasks
  • NSA destroyed the evidence of such tech personnel moving and retaining data outside FISC guidelines
  • NSA watchlisted 3,000 US persons under the phone dragnet with no First Amendment review
  • NSA itself considered some of its 2009 practices similar to Project Minaret’s watch-listing of anti-war activists
  • NSA trains analysts to recreate domestic phone dragnet queries using EO 12333 data to get around dissemination protections
  • NSA rolled out a new contact-chaining approach overseas just as NSA began disclosing its 5-years of Internet dragnet violations to FISC (the timing was subsequently confirmed by additional government disclosures)
  • Section 702 is used for counterterrorism, counterproliferation, and cybersecurity (strongly suggested by the Review Group 6 months later)
  • NSA uses upstream Section 702 collection for cybersecurity purposes (and Leahy-Sensenbrenner would end this use)
  • NSA can query US person content incidentally collected under Section 702 (reported by the Guardian 2 months later)
  • NSA does not even need Reasonable Articulable Suspicion to conduct these queries
  • FBI has had that authority to search incidentally collected content since 2008 (confirmed by subsequent government release)
  • NSA secretly expanded minimization procedures meant to protect life and body to cover property
  • Mike Rogers never shared the written notice to Congress in 2011 (confirmed by Justin Amash, then reported by multiple outlets)
  • In one of the briefings held instead, FBI misled Members about abuses committed under Section 215
  • NSA did not inform the Intelligence and Judiciary Committees about significant interpretations of Section 215 until after PATRIOT was reauthorized in 2010
  • NSA did not inform the Judiciary Committees about its geolocation efforts until after PATRIOT was reauthorized in 2011
  • John Brennan briefed Colleen Kollar-Kotelly on the need for the Internet dragnet in 2004 along with the “hospital confrontation” heroes and villains (I’ve been promising more interesting details about this in the future — stay tuned!)
  • Roughly 9% of NSA’s violations consist of analysts breaking standard operating procedures they’ve been trained on

All this in addition to debunking the obfuscations and lies of the NSA’s defenders on a daily basis.

I’ve done that work with the support and encouragement of emptywheel’s readers. You’ve been a big part of that work.

You should still expect to see the same caliber of reporting here at emptywheel for the foreseeable future and my original reporting will continue to be my emphasis.

The Twitter Gag

/in /by

Like a bunch of tech companies, Twitter has now released an updated transparency report since last week’s settlement.

But unlike the other tech companies, Twitter offers no information about national security requests. It suggests, at first, that last week’s settlement (to which it was not a party) does not allow it to provide reporting that would be meaningful to Twitter users.

Last week, the U.S. Department of Justice and various communications providers reached an agreement allowing disclosure of national security requests in very large ranges. While this agreement is a step in the right direction, these ranges do not provide meaningful or sufficient transparency for the public, especially for entities that do not receive a significant number of – or any – national security requests.

As previously noted, we think it is essential for companies to be able to disclose numbers of national security requests of all kinds – including national security letters and different types of FISA court orders – separately from reporting on all other requests. For the disclosure of national security requests to be meaningful to our users, it must be within a range that provides sufficient precision to be meaningful. Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency. In addition, we also want the freedom to disclose that we do not receive certain types of requests, if, in fact, we have not received any. [my emphasis]

This suggests (as would be consistent with earlier reporting) that Twitter receives no national security requests — or so few it is unwilling to report it as a 0 – 250 or 0 – 999 band it is permitted to report under the new Guidelines.

But I wonder. Note that Twitter says the Guidelines “unfairly impacts our users’ privacy,” which would only be the case if Twitter’s users had been impacted by NatSec requests. In addition, they provide two years of data: precisely the time period that would be covered by a new access to communication technology.

While it definitely seems like Twitter hasn’t gotten many requests, it also seems possible they’re being affected by that two year gag for whatever request they get.

GCHQ DDoS Hackers Hang Out with NSA’s Audit-Free Techies

/1 Comment/in , , /by

Yesterday, I noted NBC’s report that GCHQ conducted a DDoS attack against Anonymous IRC chat.

There’s a subtle point that deserves more attention: GCHQ presented the underlying Powerpoint to NSA’s SIGDEV conference.

The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder — and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms.

[snip]

In the presentation on hacktivism that was prepared for the 2012 SIGDEV conference, one official working for JTRIG described the techniques the unit used to disrupt the communications of Anonymous and identify individual hacktivists, including some involved in Operation Payback. Called “Pushing the Boundaries and Action Against Hacktivism,” the presentation lists Anonymous, Lulzsec and the Syrian Cyber Army among “Hacktivist Groups,” says the hacktivists’ targets include corporations and governments, and says their techniques include DDOS and data theft.

SIGDEV is NSA’s term for the agency’s efforts to develop new signals intelligence techniques and sources. Thus, GCHQ presented the attack as the cutting edge of what NSA does.

Goodie.

But remember: NSA’s SIGDEV analysts have access to raw data outside of normal channels. This shows up repeatedly in the primary orders for the dragnet. And, as Bart Gellman noted (and I elaborated on here), Obama specifically exempted these folks from his Presidential Policy Directive limiting our spying (though his PPD did say foreigners could be spied on for cybersecurity reasons).

In other words, the people GCHQ boasted of their attack on Anonymous to are the people who have some of the least oversight within NSA.