The New Transparency Guidelines

/1 Comment/in /by

DOJ and the tech companies just came to a deal on new transparency reporting. (h/t Mike Scarcella) It is a big improvement over what the government offered last year which was:

Option One: Provide total number of requests (criminal NSL, FISA) and total number of accounts targeted, broken out by 1000s

Option Two: Provide exact number of criminal requests and accounts affected, and number of NSLs received and accounts affected, broken out by 1000s, without providing any numbers on FISC service

This approach basically permitted the government to hide the FISC surveillance, by ensuring it only ever appeared lumped into the larger universe of criminal requests, along with other bulk requests. In addition, it didn’t let providers say whether they were mostly handing over metadata (NSLs would be limited to metadata, though FISC requests might include both metadata and content) or content in a national security context.

The new solution is:

Option One: Biannual production, with a 6-month delay on FISC reporting

  1. Criminal process, subject to no restrictions
  2. NSLs and the number of customer accounts affected by NSLs, reported in bands of 1000, starting at 0-999
  3. FISA orders for content and the number of customer selectors targeted, both reported in bands of 1000, starting at 0-999
  4. FISA orders for non-content and the number of customer selectors targeted, both reported in bands of 1000, starting at 0-999*

This option subjects a two-year delay on new (internally developed or purchased) platforms, products, or services. So for example, if Google started to get Nest orders today, Google couldn’t include it in their reporting until 2 years from now.

Option Two:

  1. Criminal process, subject to no restrictions
  2. Total national security process, including NSLs and FISA lumped together, reported in bands of 250, starting at 0-250
  3. Total customer selectors targeted under all national security requests, reported in bands of 250, starting at 0-250

* The order has a footnote basically saying the government hasn’t ceded the issue of reporting on the phone dragnet yet (though only tech companies were parties to this, and their only telecom production would be VOIP).

So my thoughts:

First, you can sort of see what the government really wants to hide with these schemes. They don’t want you to know if they submit a single NSL or 215 order affecting 1000 customers, which it’s possible might appear without the bands.They don’t want you to see if there’s a provider getting almost no requests (which would be hidden by the initial bands).

And obviously, they don’t want you to know when they bring new capabilities online, in the way they didn’t want users to know they had broken Skype. Though at this point, what kind of half-assed terrorist wouldn’t just assume the NSA has everything?

I think the biggest shell game might arise from the distinction between account (say, my entire Google identity) and selector (my various GMail email addresses, Blogger ID, etc). By permitting reporting on selectors, not users, this could obscure whether a report affects 30 identities of one customer or the accounts of 30 customers. Further, there’s a lot we still don’t know about what FISC might consider a selector (they have, in the past, considered entire telecom switches to be).

But it will begin to give us an outline of how often they’re using NatSec process as opposed to criminal process, which providers are getting primarily NSL orders and which are getting potentially more exotic FISC orders. Further, it will tell us more about what the government gets through the PRISM program, particularly with regard to metadata versus content.

Update: Apple’s right out of the gate with their report of fewer than 250 orders affecting fewer than 250 “accounts,” which doesn’t seem how they’re supposed to report using that option.

Update: Remember, Verizon issued a transparency report itself, just 5 days ago. Reporting under these new guidelines wouldn’t help them much as the government has bracketed whether it could release phone dragnet information. Moreover, Verizon is almost certainly one of the telecoms that provide upstream content; that would likely show up as just one selector, but it’s not clear how it gets reported.

Important: Changes to Section 215 Dragnet Will Not Change Treatment of EO 12333 Metadata

/2 Comments/in , /by

In their Angry Birds stories, both the Guardian and NYT make what I believe is a significant error. They suggest changes in the handling of the Section 215-collected phone metadata will change the way NSA handles EO 12333-collected phone metadata.

Guardian:

Data collected from smartphone apps is subject to the same laws and minimisation procedures as all other NSA activity – procedures which US president Barack Obama suggested may be subject to reform in a speech 10 days ago. But the president focused largely on the NSA’s collection of the metadata from US phone calls and made no mention in his address of the large amounts of data the agency collects from smartphone apps.

NYT:

President Obama announced new restrictions this month to better protect the privacy of ordinary Americans and foreigners from government surveillance, including limits on how the N.S.A. can view “metadata” of Americans’ phone calls — the routing information, time stamps and other data associated with calls. But he did not address the avalanche of information that the intelligence agencies get from leaky apps and other smartphone functions.

Here’s what the President actually said, in part, about phone metadata:

I am therefore ordering a transition that will end the Section 215 bulk metadata program as it currently exists, and establish a mechanism that preserves the capabilities we need without the government holding this bulk meta-data.

That is, Obama was speaking only about NSA’s treatment of Section 215 metadata, not the data — which includes a great amount of US person data — collected under Executive Order 12333.

To be clear, both Guardian and NYT were distinguishing Obama’s promises from the treatment extended to the leaky mobile data app. But they incorrectly suggested that all phone metadata, regardless of how it was collected, receives the same protections.

Section 215 metadata has different and significantly higher protections than EO 12333 phone metadata because of specific minimization procedures imposed by the FISC (arguably, the program doesn’t even meet the minimization procedure requirements mandated by the law). We’ve seen the implications of that, for example, when the NSA responded to being caught watch-listing 3,000 US persons without extending First Amendment protection not by stopping that tracking, but simply cutting off the watch-list’s ability to draw on Section 215 data.

Basically, the way NSA treats data collected under FISC-overseen programs (including both Section 215 and FISA Amendments Act) is to throw the data in with data collected under EO 12333, but add query screens tied to the more strict FISC-regulations governing production under it. This post on federated queries explains how it works in practice. As recently as 2012 at least one analyst improperly searched on US person FAA-collected content because she didn’t hit the right filter on her query screen.

[T]he NSA analyst conducted a federated query using a known United States person identifier, but forgot to filter out Section 702-acquired data while conducting the federated query.

That’s it. If the data is accessed via one of the FISC-overseen programs, US persons benefit from the additional subject matter, dissemination, and First Amendment protections of those laws or FISC’s implementation of them (and would benefit from the minor changes Obama has promised to both Section 215 and FAA).

But if NSA collected the data via one of its EO 12333 programs, it does not get get those protections. To be clear, it does get some dissemination protection and can only be accessed with a foreign intelligence purpose, but that is much less than what the FISC programs get. Which leaves the NSA a fair amount of leeway to spy on US persons, so long as it hasn’t collected the data to do so under the programs overseen by FISC. And when it collects data under EO 12333, it is a lot easier for the NSA to spy on Americans.

The metadata from leaky mobile apps almost certainly comes from EO 12333 collection, not least given the role of GCHQ and CSEC (Canada’s Five Eyes’ partner) to the collection. The Facebook and YouTube data GCHQ collects (just reported by Glenn Greenwald working with NBC) surely counts as EO 12333 collection.

NSA’s spokeswoman will say over and over that “everyday” or “ordinary” Americans don’t have to worry about their favorite software being sucked up by NSA. But to the extent that collection happens under EO 12333, they have relatively little protection.

The Latest in Terrorist Training: Playing Angry Birds

/1 Comment/in /by

I confess, I don’t really know what Angry Birds is, except that my tweener niece was hot on the game a year ago.

But apparently it must be a key part of terrorist training (which makes me worried about my niece), because the NSA gathers up cell phone data the Angry Birds app leaks.

The National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of “leaky” smartphone apps, such as the wildly popular Angry Birds game, that transmit users’ private information across the internet, according to top secret documents.

[snip]

From some app platforms, relatively limited, but identifying, information such as exact handset model, the unique ID of the handset, software version, and similar details are all that are transmitted.

Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media’s website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.

Rovio, the maker of Angry Birds, said it had no knowledge of any NSA or GCHQ programs looking to extract data from its apps users.

“Rovio doesn’t have any previous knowledge of this matter, and have not been aware of such activity in 3rd party advertising networks,” said Saara Bergström, Rovio’s VP of marketing and communications. “Nor do we have any involvement with the organizations you mentioned [NSA and GCHQ].”

Millennial Media did not respond to a request for comment.

This is all very predictable (and will undoubtedly finally launch a conversation about data spillage on mobile apps).

But seriously. How many Angry Bird players does NSA really claim it has a valid foreign intelligence purpose to target?

Susan Collins Can’t Decide Whether to Abandon Her Infant, PCLOB

/2 Comments/in /by

Politico has an article predicting civil liberties will become a big issue this year. I’m skeptical (I say that as someone whose Rep the GOP is trying to take out largely because of his defense of civil liberties).

But I am interested in what Susan Collins had to say about Democratic challenger Shenna Bellows’ criticism of her stance on civil liberties.

In a phone interview from Maine, Collins rebutted criticism that she has not done enough to protect against civil liberties, highlighting legislation she co-sponsored in 2004 that created the independent Privacy and Civil Liberties Board and her support for recent proposals to tighten oversight over the surveillance programs. But, she said, doing away with the ability of the government to collect phone records would cause great harm to the country’s ability to root out terrorism.

“We know that there were plots thwarted solely or partially by the programs, so doing away with it altogether would mean a less safe America,” said Collins, who sits on the Senate Select Committee on Intelligence and has supported the PATRIOT Act and legislation codifying broader electronic surveillance.

You see, it was only 4 days ago that Collins was disowning her infant creation, PCLOB, because it had presented a hard-hitting report that said the dragnet was not just bad policy, but against the law.

“As the mother of this board, that [split decision] is not what I’m looking for,” said Sen. Susan Collins (R., Maine), who co-wrote the post-Sept. 11 legislation creating the Privacy and Civil Liberties Oversight Board. The split in the board’s first major report “really weakens its recommendations and undermines the role that we envisioned it would play,” she said.

At the moment when Collins’ self-described offspring took its first step, the Senator felt it had not chosen bipartisanship over stating the truth. I guess we understand what role Collins felt it could play.

And as for her purported efforts to tighten oversight over the dragnet (which includes measures to strengthen PCLOB she probably now regrets), while she did support some improvements to DiFi’s Fake FISA Fix, she not only cast a decisive vote against limiting dragnet retention to 3 years, but even backed a failed Tom Coburn amendment to “eliminate restrictions on the retention of bulk metadata.”

 

Is NSA Wiretapping Now Rather than Tipping?

/3 Comments/in , /by

One of the news bits a number of outlets took away from the phone dragnet order document dump 10 days ago is that the NSA averages(d) about 3 tips a day to the FBI.

That’s actually not news. It’s consistent with a series of accountings NSA gave to Reggie Walton in 2009, as when, in February 2009, they provided more exact numbers (though they’d get tweaked a bit during that summer) that were smaller, but still in the range of 2-3 tips a day.

Demonstrating the value of the BR metadata to the U.S. Intelligence Community, the NSA has disseminated 275 reports and tipped over 2,500 telephone identifiers to the FBI and CIA for further investigative action since the inception of this collection in docket number BR 06-05.

That said, at least according to Geoffrey Stone, the scale of the referrals may have gone down dramatically.

Under the FISA statute, the NSA queried 288 numbers in 2012 and had only 16 instances where matches were analyzed, confirmed, and then forwarded to the FBI. According to Stone, these queries only produced about 6,000 numbers that were “touched” by the analysis, of the millions of numbers whose meta-data the NSA stores for up to five years.

In general and specifically here, there are reasons I don’t entirely trust Stone’s comments on the dragnet. He has said a lot that is inconsistent with other public (and legally sworn) claims, notably on the volume of phone records collected. And his silences about certain aspects of the dragnet make me wonder how complete an understanding he has.

Plus, the “16 instances” may — as was true in the earlier period — represent reports that include more than one number. If, as occurred until 2009, each report had roughly 10 numbers, then this might amount to 160 identifiers (which is still far below the pace of the 2006-2009 period, but then during that period they weren’t enforcing RAS).

Then there’s the complete lack of definition for “touch” with regards to his 6,000 number.

In addition, 2012 might be a new baseline (or perhaps outlier) year, as the rollout of the new automated system at the end of 2011 would likely have changed the treatment of phone identifiers entirely.

And as I’ve said, I expect the use of the phone dragnet for a “peace of mind” query after the Boston Marathon attack to result in a huge number of tips (though perhaps in just one or several reports), given how wired the Tsarnaevs were and had been for the five years leading up to the attack.

Moreover, in a development that may or may not be entirely unrelated, the number of telephone taskings under Section 702 have started to go up again starting in 2012, after having been down since 2009.

As the chart demonstrates, the number of newly tasked telephone numbers decreased after 2009, but began to increase again in 2012. The average number of telephone numbers tasked each month for the first 11 months of 2012 [redacted].

There are admittedly a number of possible explanations (increasing collection of text messages, different kind of upstream collection, potentially even a fourth certificate in addition to the terror, proliferation, and cyber ones we know about). But one possibility is that the new alert system has led NSA to move toward wiretapping interesting numbers, rather than sending them to FBI for investigation. Moreover, by wiretapping someone, NSA could share data with FBI and CIA in relatively unfettered fashion, as both are permitted to receive unminimized content under 702 in certain circumstances, and both have the authority to do backdoor searches on US person content on all but upstream collected 702 data.

The NSA can’t give phone numbers to FBI without review, but according to section 702 minimization procedures, in some cases they can let CIA and FBI read wiretap content without such review.

That is, wiretapping someone could be a way to evade data dissemination restrictions in place on actual phone dragnet queries.

The Dead-Enders Insist Their Illegal Dragnet Was and Is Not One

/12 Comments/in /by

As I noted in my last post, seven Bush dead-enders plus KS Representative and House Intelligence member Mike Pompeo wrote a letter to … someone … pushing back against the RNC condemnation of the NSA dragnet. As I noted in that post, along with waggling their collective national security experience, the dead-enders used the same old stale tricks to deny that the dragnet surveils US person content.

The stale tricks, by now, are uninteresting. I find the list of the dead-enders (Eli Lake fleshed it out here) more so.

Here’s the list of the dead-enders:

  • Michael Hayden (NSA Director until 2005, DDNI 2005-2006, CIA Director 2006-2009)
  • Mike Mukasey (AG 2007-2008)
  • Michael Chertoff (DOJ Criminal AAG 2001-2003, DHS Secretary 2005-2009)
  • Stewart Baker (Assistant DHS Secretary 2005-2009)
  • Steven Bradbury (Acting OLC head 2005-2009)
  • Eric Edelman (National Security lackey in OVP 2001-2003, Undersecretary of Defense for Policy 2005-2009)
  • Ken Wainstein (AAG for National Security 2006-2008, White House CT Czar 2008-2009)

Some of these we expect. Michael Hayden and Stewart Baker have been two of the main cheerleaders for NSA since the start of Snowden’s leaks, and Michael Chertoff’s firm (at which Hayden works) seems to be working under some kind of incentive to have as many of its top people defend the dragnet as well. Further, both Bradbury and Wainstein have testified to various entities along the way.

So in some senses, it’s the usual gang of dead-enders.

But I find the collection of Michael Mukasey, Bradbury, and Wainstein, to be particularly interesting.

After all, they’re the 3 names (and in Mukasey’s case, authorizing signature) on this memo, which on January 3, 2008 authorized NSA to contact chain Internet (and phone) “metadata” of Americans collected via a variety of means, including FISA, broadly defined, which would include Protect America Act, and EO 12333 and potentially other means — but let’s just assume it was collected legally, Bradbury and Wainstein say twice in the memo.

They implemented this change, in part, to make it easier to share “United States communications metadata” outside of the NSA, including with CIA, by name (though CIA made that request in 2004, before Hayden had moved over to CIA).

When implementing the change, they defined Internet “metadata” this way:

b) For electronic communications, “metadata” includes the information appearing on the “to,” “from,” “cc,” and “bcc” lines of a standard e-mail or other electronic communication. For e-mail communications, the “from” line contains the e-mail address of the sender, and the “to,” “cc,” and “bcc” lines contain the e-mail addresses of the recipients. “Metadata” also means (1) information about the Internet-protocol (IP) address of the computer from which an e-mail or other electronic communication was sent and, depending on the circumstances, the IP address of routers and servers on the Internet that have handled the communication during transmission; (2) the exchange of an IP address and e-mail address that occurs when a user logs into a web-based e-mail service; and (3) for certain logins to web-based e-mail accounts, inbox metadata that is transmitted to the user upon accessing the account. “Metadata” associated with electronic communications does not include information from the “subject” or “re” line of an e-mail or information from the body of an e-mail.

It includes IP (both sender and recipient, as well as interim), email address, inbox metadata which has reported to include content as well.

But let’s take a step back and remember some timing.

In 2004 DOJ tried to clean up NSA’s Internet metadata problem which legally implicated Michael Hayden directly (because he personally continued it after such time as DOJ said it was not legal). The solution was to get Colleen Kollar-Kotelly sign an opinion (dated July 14, 2004) approving the Internet collection as a Pen Register/Trap and Trace order. But she limited what categories of “metadata” could be collected, almost certainly to ensure the metadata in question was actually metadata to the telecoms collecting it.

Before the very first order expired — so before October 12, 2004 — the NSA already started breaking those rules. When they disclosed that violation, they provided some of the same excuses as when they disclosed the phone dragnet violations in 2009: that the people who knew the rules didn’t communicate them adequately to the people implementing the rules (see page 10ff of this order). As part of those disclosures, however, they falsely represented to the FISC that they had only collected the categories of “metadata” Kollar-Kotelly had approved.

The Court had specifically directed the government to explain whether this unauthorized collection involved the acquisition of information other than the approved Categories [redacted] Order at 7. In response, the Deputy Secretary of Defense [Paul Wolfowitz] stated that the “Director of NSA [Michael Hayden] has informed me that at no time did NSA collect any category of information … other than the [redacted] categories of meta data” approved in the [redacted] Opinion, but also note that NSA’s Inspector General [Joel Brenner] had not completed his assessment of this issue. [redacted] Decl. at 21.13 As discussed below, this assurance turned out to be untrue.

Read more

The RNC and the Dead-Enders

/10 Comments/in /by

If you’ve spent much time in political party conventions, you likely know that the resolution process largely serves as an opportunity for active members to vent. While party resolutions might represent where the ideological base of the party is, nothing prevents the elected leaders of the party to blow off resolutions (though at times resolutions are deemed toxic enough for leaders to undermine by parliamentary stunts).

Which is why I find the response to the RNC’s resolution renouncing the NSA’s “Surveillance Prorgam” (it mentions PRISM and, implicitly, the phone dragnet) so interesting.

There are responses like this, from Kevin Drum, who spins it as pure politics.

I get that politics is politics, and the grass always looks browner when the other party occupies the Oval Office. And there are plenty of liberals who are less outraged by this program today than they were back when George Bush and Dick Cheney were in charge of it.

But holy cow! The RNC! Officially condemning a national security program that was designedby Republicans to fight terrorism!

Benjy Sarlin, in the account Drum linked, got the politics more clear, reading this, in part, as the influence of libertarians who largely gained ascendance as part of a backlash against Bush policies or at least failures.

But the resolution also is a sign of the increasing influence of the libertarian wing of the party, especially supporters of Ron Paul and his son, Rand Paul, who have made government overreach in pursuit of terrorists a top issue. Both Orrock and fellow Nevada Committeeman James Smack, who presented the resolution on her behalf, supported the elder Paul’s presidential campaign.

But I also think there’s more to it.

There is certainly a great deal of opportunism here (note, Democrats’ utter disdain for tech companies’ concerns about the dragnet make this a monetary, as well as political opportunity for the GOP, one already bearing fruit). And while the GOP establishment is still cautiously trying to regain control over the Tea Party forces that it once encouraged, there has also been a slow change in traditional conservatives’ stance, too, which I measure through Amash-Conyers opponent Bob Goodlatte’s changing position.

Goodlatte has issued three statements in recent weeks (January 9, January 17, and January 23) calling for reform (including more civil liberties protections and attention to tech companies’ concerns) and more transparency. In the most interesting of the statements, Goodlatte suggested that if Obama wanted to keep the dragnet he’d have to explain what purpose it was really serving and then argue that that purpose

Over the course of the past several months, I have urged President Obama to bring more transparency to the National Security Agency’s intelligence-gathering programs in order to regain the trust of the American people. In particular, if the President believes we need a bulk collection program of telephone data, then he needs to break his silence and clearly explain to the American people why it is needed for our national security. The President has unique information about the merits of these programs and the extent of their usefulness. This information is critical to informing Congress on how far to go in reforming the programs. Americans’ civil liberties are at stake in this debate. [my emphasis]

As I’ve been pointing out for some time, no dragnet defenders have yet to explain what purpose it really serves, and I’m struck that Goodlatte seems to suggest the same. Note, too, that Goodlatte was among the 6 Representatives who attended Bruce Schneier’s briefing on what NSA was really doing, along with leading GOP dragnet opponents Jim Sensenbrenner and Justin Amash and 3 Democrats.

I would suggest to Democrats who see this resolution exclusively as an overly cynical attack on Obama there may, in fact, be things that could explain why Republicans specifically or reasonable Americans more generally might have good reason to oppose the dragnet.

Now back to the resolution. As Sarlin notes, “Not a single member rose to object or call for further debate, as occurred for other resolutions.” (I like to think that had Michigan’s retrograde Dave Agema been able to participate rather than fending off calls for his resignation, he might have spoken up for authoritarianism.)

Instead of opposition from the Republican Party then, came first this quote to Sarlin,

“I think it probably does reflect the views of many of the people who really want to turn out the vote and who are viewing the world through the prism of the next election,” Stewart Baker, a former Bush-era Homeland Security official, told msnbc in an email. “It’s a widespread view among Republicans, but I think the ones that know this institution best and for whom national security is a high priority don’t share this view.”

Then what Eli Lake reports as a letter (Lake doesn’t say to whom) from just one elected official — KS Representative and House Intelligence Committee member Mike Pompeo — and 7 Bush officials (including Baker) blasting the resolution. Part of the letter, apparently, serves to waggle National Security seniority, as Baker already had.

Their letter says: “The Republican National Committee plays a vital role in political campaigns, but it has relatively little expertise in national security.”

And part of it serves to correct a technical inaccuracy that may not be one.

In particular the letter takes issue with the resolution’s claim that the NSA’s PRISM program “monitors searching habits of virtually every American on the internet.”

“In fact, there is no program that monitors the searches of all Americans,” the letter says. “And what has become known as the PRISM program is not aimed at collecting the communications of Americans. It is targeted at the international communications of foreign persons located outside the United States and is precisely the type of foreign-targeted surveillance that Congress approved in 2008 and 2012 when it enacted and reauthorized amendments to the Foreign Intelligence Surveillance Act.”

At issue is the language of the resolution, which starts by discussing PRISM, but then talks about what is clearly the phone (though it would encompass the Internet) dragnet, but then explicitly returns to both, by name of the authority that govern them.

WHEREAS, the secret surveillance program called PRISM targets, among other things, the surveillance of U.S. citizens on a vast scale and monitors searching habits of virtually every American on the internet;

WHEREAS, this dragnet program is, as far as we know, the largest surveillance effort ever launched by a democratic government against its own citizens, consisting of the mass acquisition of Americans’ call details encompassing all wireless and landline subscribers of the country’s three largest phone companies.

[snip]

RESOLVED, the Republican National Committee encourages Republican lawmakers to enact legislation to amend Section 215 of the USA Patriot Act, the state secrets privilege, and the FISA Amendments Act to make it clear that blanket surveillance of the Internet activity, phone records and correspondence — electronic, physical, and otherwise — of any person residing in the U.S. is prohibited by law and that violations can be reviewed in adversarial proceedings before a public court;

RESOLVED, the Republican National Committee encourages Republican lawmakers to call for a special committee to investigate, report, and reveal to the public the extent of this domestic spying and the committee should create specific recommendations for legal and regulatory reform ot end unconstitutional surveillance as well as hold accountable those public officials who are found to be responsible for this unconstitutional surveillance; [my emphasis]

7 Bush officials and 1 HPSCI member (but not, oddly enough, the always boisterous Mike Rogers) have weighed in to say that the NSA doesn’t monitor the searches of some Americans and then trots out the tired “targeted at foreign persons” line, without addressing the question of blanket surveillance of communications more generally.

Sarlin, in his piece, similarly retreats to “targeting” claptrap, claiming only that “lawmakers have accused the agency of overreaching.”

Somehow both the Bush dead-enders and Sarlin neglect to mention backdoor searches, which allow the NSA to use metadata collected under a range of dragnets to obtain US content without even Reasonable Articulable Suspicion.

And while it’s not all that surprising that Sarlin chose not to discuss how NSA can get domestic content, as I will show in a follow-up post the collection of dead-enders (Lake fleshed out the list here) who weighed in to deny that the NSA dragnet gets US person content is particularly instructive, as I’ll show in a follow-up post.

The Corporate Store: Where NSA Goes to Shop Your Content and Your Lifestyle

/56 Comments/in , /by

I’m increasingly convinced that for seven months, we’ve been distracted by a shiny object, the phone dragnet, the database recording all or almost all of the phone-based relationships in the US over the last five years. We were never wrong to discuss the dangers of the dragnet. It is the equivalent of a nuclear bomb, just waiting to go off. But I’m quite certain the NatSec establishment decided in the days after Edward Snowden’s leaks to intensify focus on the actual construction of the dragnet — the collection of phone records and the limits on access to the initial database (what they call the collection store) of them — to distract us away from the true family jewels.

A shiny object.

All that time, I increasingly believe, we should have been talking about the corporate store, the database where queries from the collection store are kept for an undisclosed (and possibly indefinite) period of time. Once records get put in that database, I’ve noted repeatedly, they are subject to “the full range of [NSA’s] analytic tradecraft.”

We don’t know precisely when that tradecraft gets applied or to how many of the phone identifiers collected in any given query. But we know that tradecraft includes matching individuals’ various communication identifiers (which can include phone number, handset identifier, email address, IP address, cookies from various websites) — a process the NSA suggests may not be all that accurate, but whatever! Once NSA links all those identities, NSA can pull together both network maps and additional lifestyle information.

The agency was authorized to conduct “large-scale graph analysis on very large sets of communications metadata without having to check foreignness” of every e-mail address, phone number or other identifier, the document said.

[snip]

The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such “enrichment” data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners.

That analysis might even include tracking a person’s online sex habits, if the government deems you a “radicalizer” for opposing unchecked US power, even if you’re a US person.

Such profiles are not the only thing included in NSA’s “full range of analytic tradecraft.”

We also know — because James Clapper told us this very early on in this process — the metadata helps the NSA pick and locate which content to read. The head of NSA’s Signals Intelligence Division, Theresa Shea, said this more plainly in court filings last year.

Section 215 bulk telephony metadata complements other counterterrorist-related collection sources by serving as a significant enabler for NSA intelligence analysis. It assists the NSA in applying limited linguistic resources available to the counterterrorism mission against links that have the highest probability of connection to terrorist targets. Put another way, while Section 215 does not contain content, analysis of the Section 215 metadata can help the NSA prioritize for content analysis communications of non-U.S. persons which it acquires under other authorities. Such persons are of heightened interest if they are in a communication network with persons located in the U.S. Thus, Section 215 metadata can provide the means for steering and applying content analysis so that the U.S. Government gains the best possible understanding of terrorist target actions and intentions. [my emphasis]

The NSA prioritizes reading the content that involves US persons. And the NSA finds it, and decides what to read, using the queries that get dumped into the corporate store (presumably, they do some analytical tradecraft to narrow down which particular conversations involving US persons they want to read).

And there are several different kinds of content this might involve: content (phone or Internet) of a specific targeted individual — perhaps the identifier NSA conducted the RAS query with in the first place — already sitting on some NSA server, Internet and in some cases phone content the NSA can go get from providers after having decided it might be interesting, or content the NSA collects in bulk from upstream collections that was never targeted at a particular user.

The NSA is not only permitted to access all of this to see what Americans are saying, but in all but the domestically collected upstream content, it can go access the content by searching on the US person identifier, not the foreign interlocutor, without establishing even Reasonable Articulable Suspicion that it pertains to terrorism (though the analyst does have to claim it serves foreign intelligence purpose). That’s important because lots of this content-collection is not tied to a specific terrorist suspect (it can be tied to a geographical area, for example), so the NSA can hypothetically get to US person content without ever having reason to believe it has any tie to terrorism.

In other words, all the things NSA’s defenders have been insisting the dragnet doesn’t do — it doesn’t provide content, it doesn’t allow unaudited searches, NSA doesn’t know identities, NSA doesn’t data mine it, NSA doesn’t develop dossiers on it, even James Clapper’s claim that NSA doesn’t voyeuristically troll through people’s porn habits — every single one is potentially true for the results of queries run three hops off an identifier with just Reasonable Articulable Suspicion of some tie to terrorism (or Iran). Everything the defenders say the phone dragnet is not, the corporate store is.

All the phone contacts of all the phone contacts of all the phone contacts of someone subjected to the equivalent of a digital stop-and-frisk are potentially subject to all the things NSA’s defenders assure us the dragnet is not subject to.

Read more

Ancient History: December 2012 in the Dragnet

/12 Comments/in , /by

PCLOB tells us that the FISA Court approved a new automated query system (versions appear to have been in development for years, and it replaced the automated alert system from 2009) in late 2012 that permitted all the 3-degree contact chains off all RAS-approved identifiers to be dumped into the corporate store at once where they can be combined with data collected under other authorities (presumably including both EO 12333 and FAA) for further analysis.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records. 68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’ s database periodically perform s queries on all RAS – approved seed terms, up to three hops away from the approved seeds. The database places the results of these queries together in a repository called the “corporate store.”

The ultimate result of the automated query process is a repository, the corporate store, containing the records of all telephone calls that are within three “hops” of every currently approved selection term. 69 Authorized analysts looking to conduct intelligence analysis may then use the records in the corporate store, instead of searching the full repository of records.

According to the FISA court’s orders, records that have been moved into the corporate store may be searched by authorized personnel “for valid foreign intelligence purposes, without the requirement that those searches use only RAS – approved selection terms.” 71 Analysts therefore can query the records in the corporate store with terms that are not reasonably suspected of association with terrorism. They also are permitted to analyze records in the corporate store through means other than individual contact-chaining queries that begin with a single selection term: because the records in the corporate store all stem from RAS-approved queries , the agency is allowed to apply other analytic methods and techniques to the query results. 72 For instance, such calling records may be integrated with data acquired under other authorities for further analysis. The FISA court’s orders expressly state that the NSA may apply “the full range” of signals intelligence analytic tradecraft to the calling records that are responsive to a query, which includes every record in the corporate store.

(While I didn’t know the date, I have been pointing the extent to which corporate store data can be analyzed for some time, but thankfully the PCLOB report has finally led others to take notice.)

On December 27, 2012, Jeff Merkley gave a speech in support of his amendment to the FISA Amendments Act that would push to make FISC decisions public. It referenced both the backdoor loophole (which John Bates extended to NSA and CIA in 2011, was implemented in 2012, and affirmed by the Senate Intelligence Committee in June 2012) and the language underlying the phone dragnet. Merkley suggested the government might use these secret interpretations to conduct wide open spying on Americans.

If it is possible that our intelligence agencies are using the law to collect and use the communications of Americans without a warrant, that is a problem. Of course, we cannot reach conclusions about that in this forum because this is an unclassified discussion.

My colleagues Senator Wyden and Senator Udall, who serve on Intelligence, have discussed the loophole in the current law that allows the potential of backdoor searches. This could allow the government to effectively use warrantless searches for law-abiding Americans. Senator Wyden has an amendment that relates to closing that loophole. Congress never intended the intelligence community to have a huge database to sift through without first getting a regular probable cause warrant, but because we do not have the details of exactly how this proceeds and we cannot debate in a public forum those details, then we are stuck with wrestling with the fact that we need to have the sorts of protections and efforts to close loopholes that Senator Wyden has put forward.

[snip]

Let me show an example of a passage. Here is a passage about what information can be collected: “ ….. reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2),” and so on.

Let me stress these words: “relevant to an authorized investigation.”

There are ongoing investigations, multitude investigations about the conduct of individuals and groups around this planet, and one could make the argument that any information in the world helps frame an understanding of what these foreign groups are doing. So certainly there has been some FISA Court decision about what “relevant to an authorized investigation” means or what “tangible things” means. Is this a gateway that is thrown wide open to any level of spying on Americans or is it not? Read more

The Impasse on Executive Spying

/12 Comments/in , /by

In an important post the other day, Steve Vladeck described what he believed to be the most important lesson Edward Snowden has taught us.

They miss the single most important lesson we’ve learned — or should have learned — from Snowden, i.e., that the grand bargain has broken down. Intelligence oversight just ain’t what it used to be, and the FISA Court, as an institution, seemed to have been far better suited to handle individualized warrant applications under the pre-2001 FISA regime than it has been to reviewing mass and programmatic surveillance under section 215 of the USA PATRIOT Act and section 702, as added by the FISA Amendments Act of 2008.

Thus, even if one can point to specific individual programs the disclosure of which probably has not advanced the ongoing public policy conversation, all of the disclosures therefore illuminate a more fundamental issue of public concern — and one that should be (and, arguably, has been) driving the reform agenda: Whatever surveillance authorities the government is going to have going forward, we need to rethink the structure of oversight, both internally within the Executive Branch, and externally via Congress and the courts. That’s not because the existing oversight and accountability mechanisms have been unlawful; it’s because so many of these disclosures have revealed them to be inadequate and/or ineffective. And inasmuch as such reforms may strengthen not just mechanisms of democratic accountability for our intelligence community, but also their own confidence in the propriety and forward-looking validity of their authorities, they will make all of us — including the NSA — stronger in the long term.

While I agree with Vladeck that’s an important lesson from Snowden, I don’t think it has been admitted by those who most need the lesson: most members of Congress (most of all, the Intelligence Committees) and the FISA Court, as well as the other Article III judges who are quickly becoming dragnet experts.

But I’m hopeful PCLOB — which is already under attack even from Susan Collins for having the audacity to conduct independent oversight — will press the issue.

As I have noted in the past, PCLOB has a better understanding of how the Executive uses EO 12333 than any other entity I’ve seen (I think the Review Group may have a similar understanding, but they won’t verbalize it).

That’s why I find their treatment of FISA as a compromise to put questions about separation of powers on hold so interesting.

In essence, FISA represented an agreement between the executive and legislative branches to leave that debate aside 600 and establish a special court to oversee foreign intelligence collection . While the statute has required periodic updates, national security officials have agreed that it created an appropriate balance among the interests at stake, and that judicial review provides an important mechanism regulating the use of very powerful and effective techniques vital to the protection of the country. 601

600 “[T]he bill does not recognize, ratify, or deny the existence of any Presidential power to authorize warrantless surveillance in the United States n the absence of the legislation. It would, rather, moot the debate over the existence or non – existence of this power[.]” HPSCI Report at 24. This agreement between Congress and the executive branch to involve the judiciary in the regulation of intelligence collection activities did not and could not resolve constitutional questions regarding the relationship between legislative and presidential powers in the area of national security . See In re: Sealed Case , 310 F.3d 717, 742 (FISA Ct. Rev. 2002) (“We take for granted that the President does have that authority [inherent authority to conduct warrantless searches to obtain foreign intelligence information] and, assuming that is so, FISA could not encroach on the President ’ s constitutional power.”).

When NSA chose to avoid First Amendment review on the 3,000 US persons it had been watch-listing by simply moving them onto a new list, when it refused to tell John Bates how much US person content it collects domestically off telecom switches, when it had GCHQ break into Google’s cables to get content it ought to be able to obtain through FISA 702, when it rolled out an Internet dragnet contact-chaining program overseas in part because it gave access to US person data it couldn’t legally have here, NSA made it clear it will only fulfill its side of the compromise so long as no one dares to limit what it can do.

That is, Snowden has made it clear that the “compromise” never was one. It was just a facade to make Congress and the Courts believe they had salvaged some scrap of separation of powers.

NSA has made it clear it doesn’t much care what its overseers in Congress or the Court think. It’ll do what it wants, whether it’s in the FISC  or at a telecom switch just off the US shore. And thus far, Obama seems to agree with them.

Which means we’re going to have to start talking about whether this country believes the Executive Branch should have relatively unfettered ability to spy on Americans. We’re going to have to take a step back and talk about separation of powers again.