Are Even the Basaaly Moalin Claims Falling Apart Now?

/2 Comments/in , /by

I’ll have a much longer post later on what PCLOB has to say about the efficacy of the dragnet, which is actually far more interesting than I’ve seen reported thus far. But I want to look in detail at the passage in which they treat Basaaly Moalin.

And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. In that case, moreover, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program.

Note the verb: “may have,” not “might have” or “could have.” Thus, the passage has a (presumably intentionally) ambiguous meaning which could suggest either that the FBI did find Moalin on their own or they had the ability to.

But in conjunction with the adverb “arguably,” the use of “may” here sure seems to suggest PCLOB thinks a case could be made that FBI did, in fact, find Moalin on their own. Without the dragnet.

That is, PCLOB seems to suggest that even the claim that the dragnet helped find a cab driver giving $8,500 to al-Shabaab in hopes of protecting his tribal lands against US-backed invaders may be false.

Does the fact that DOJ didn’t include Moalin in its claims of success to the 3 lawsuits against the dragnet reflect growing questions within DOJ about how they really rediscovered Moalin?

As I see it, there are two obvious ways that FBI might have discovered Moalin on their own, and a third that would be even more interesting.

Recall that Moalin was actually prosecuted with the help of his hawala, who also happened to be in contact with people close to Aden Ayro, the warlord Moalin is presumed to be a second hop from (the case against the hawala is largely sealed). It’s possible the FBI found Moalin through the investigation of the hawala.That’s particularly likely given PCLOB’s later comment that Moalin “was the user of a telephone number already linked to pending FBI investigations.”

 Alternately, it’s possible the FBI got a tip off content related to Ayro and investigated using NSLs and found Moalin (though I think this is less likely because NSA has so few Somali translators). It’s also worth considering that at one point NSA contacted FBI because they had lost Ayro, asking if FBI had seen a new number for Ayro in Moalin’s calls. Which suggests, at least after they got a tap on Moalin, FBI may had an easier time of tracking Ayro than NSA did.

More interesting still, it’s possible FBI found Moalin in October 2007 by accessing dragnet results directly (as was possible for FBI to do until NSA shut this access down in June 2009), without having received a formal report from NSA reporting the link. If that’s the case, it’d be interesting for a slew of reasons, because it’d be a patently illegal lead, but it would technically come from the dragnet. If that were the case, I can see everyone wanting to lie about it, which might lead to … the kind of seemingly conflicting and increasingly cautious statements we’re seeing now (as well as DOJ’s silence on this “success” in recent court filings).

I have suggested that the timing of Moalin’s prosecution at least hints that they pursued it to have a first Section 215 success in time for PATRIOT reauthorization in 2011. Certainly, they were quick to roll out his case as a “dragnet success” last June. But if he wasn’t found via the dragnet, or if DOJ misrepresented precisely how he was found back in court filings in 2012 to hide that FBI had direct access to databases at NSA they weren’t legally entitled to have, then it’d put DOJ in a tight spot now, as Moalin appeals to the 9th Circuit. At least in September, they claimed to Judge Jeffrey Miller Moalin had been caught by the dragnet, and Miller didn’t think it harmed their case (though even there, Miller’s language made it clear he learned new information in those filings he hadn’t been told on the first FISA review). But if he wasn’t — or if FBI had legally impermissible access to the dragnet results — then Moalin’s appeal might get more interesting, either because DOJ misrepresented to the District what happened and/or because there’s something funky about the use of the dragnet with Moalin.

Of course, all that assumes Moalin would ever get to see the FISA related evidence against him, which PCLOB may have but which no FISA-related defendants ever have been able to do. Which is unlikely to happen.

If by “Big Data” You Mean “Big Campaign Donations”

/8 Comments/in , /by

President Obama has named the people who will help John Podesta accomplish this task.

I have also asked my Counselor, John Podesta, to lead a comprehensive review of big data and privacy. This group will consist of government officials who—along with the President’s Council of Advisors on Science and Technology—will reach out to privacy experts, technologists and business leaders, and look at how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.

As I said in my annotations to Obama’s speech, effectively Obama responded “to a review by calling for another review,” but at least it would be a welcome first time he reached out to technologists.

Here’s the list:

That’s why in his speech, the President asked me to lead a comprehensive review of the way that “big data” will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy. I will be joined in this effort by Secretary of Commerce Penny Pritzker, Secretary of Energy Ernie Moniz, the President’s Science Advisor John Holdren, the President’s Economic Advisor Gene Sperling and other senior government officials.

I’ll outsource judging whether this amounts to reaching out to technologists to Chris Soghoian:

None of the big names named in the president’s “big data” review announcement are technologists. DC at its finest.

But I’m particularly interested in Penny Pritzker’s presence on the list.

After Cass Sunstein and Geoffrey Stone ended up being too independent to deliver the whitewash Obama wanted, he has picked one of his biggest campaign donors to review Big Data.

So I guess by “Big Data” we know what Obama meant.

Worse still, Pritzker heads up an Agency that — it is increasingly clear — serves a key role in offering carrots and sticks to coerce compliance from private companies with government data demands. And compliance not just for the purposes of defense of spying, but also for cyberoffense. Not exactly the kind of person who might expect candor from the Big Data companies likely to be coerced by the government.

NSA, Destroying the Evidence

/10 Comments/in /by

In my obsessions with the poor oversight over the phone dragnet techs, I have pointed to this description several times.

As of 16 February 2012, NSA determined that approximately 3,032 files containing call detail records potentially collected pursuant to prior BR Orders were retained on a server and been collected more than five years ago in violation of the 5-year retention period established for BR collection. Specifically, these files were retained on a server used by technical personnel working with the Business Records metadata to maintain documentation of provider feed data formats and performed background analysis to document why certain contact chaining rules were created. In addition to the BR work, this server also contains information related to the STELLARWIND program and files which do not appear to be related to either of these programs. NSA bases its determination that these files may be in violation of BR 11-191 because of the type of information contained in the files (i.e., call detail records), the access to the server by technical personnel who worked with the BR metadata, and the listed “creation date” for the files. It is possible that these files contain STELLARWIND data, despite the creation date. The STELLARWIND data could have been copied to this server, and that process could have changed the creation date to a timeframe that appears to indicate that they may contain BR metadata.

The NSA just finds raw data mingling with data from the President’s illegal program. And that’s all the explanation we get for why!

Well, PCLOB provides more explanation for why we don’t know what happened with that data.

In one incident, NSA technical personnel discovered a technical server with nearly 3,000 files containing call detail records that were more than five years old, but that had not been destroyed in accordance with the applicable retention rules. These files were among those used in connection with a migration of call detail records to a new system. Because a single file may contain more than one call detail record, and because the files were promptly destroyed by agency technical personnel, the NSA could not provide an estimate regarding the volume of calling records that were retained beyond the five-year limit. The technical server in question was not available to intelligence analysts.

This is actually PCLOB being more solicitous in other parts of the report. After all, it’s not just that there was a 5 year data retention limit on this data, there was also a mandate that techs destroy data once they’re done fiddling with it. So this is a double violation.

And yet NSA’s response to finding raw data sitting around places is to destroy it, making it all the more difficult to understand what went on with it?

PCLOB Estimates 120 Million Phone Numbers in Corporate Store

/3 Comments/in , /by

PCLOB’s report confirms something ACLU’s Patrick Toomey and I have been harping on. One of the biggest risks of the phone dragnet stems not from the initial queries themselves, but from NSA’s storage of query results in the “corporate store,” permanently, where they can be accessed without the restrictions required for access to the full database, and exposed to all the rest of NSA’s neat toys.

According to the FISA court’s orders, records that have been moved into the corporate store may be searched by authorized personnel “for valid foreign intelligence purposes, without the requirement that those searches use only RAS-approved selection terms.”71 Analysts therefore can query the records in the corporate store with terms that are not reasonably suspected of association with terrorism. They also are permitted to analyze records in the corporate store through means other than individual contact-chaining queries that begin with a single selection term: because the records in the corporate store all stem from RAS-approved queries, the agency is allowed to apply other analytic methods and techniques to the query results.72 For instance, such calling records may be integrated with data acquired under other authorities for further analysis. The FISA court’s orders expressly state that the NSA may apply “the full range” of signals intelligence analytic tradecraft to the calling records that are responsive to a query, which includes every record in the corporate store.73

PCLOB doesn’t say it, but NSA’s SID Director Theresa Shea has: those other authorities include content collection, which means coming up in a query can lead directly to someone reading your content.

Section 215 bulk telephony metadata complements other counterterrorist-related collection sources by serving as a significant enabler for NSA intelligence analysis. It assists the NSA in applying limited linguistic resources available to the counterterrorism mission against links that have the highest probability of connection to terrorist targets. Put another way, while Section 215 does not contain content, analysis of the Section 215 metadata can help the NSA prioritize for content analysis communications of non-U.S. persons which it acquires under other authorities. Such persons are of heightened interest if they are in a communication network with persons located in the U.S. Thus, Section 215 metadata can provide the means for steering and applying content analysis so that the U.S. Government gains the best possible understanding of terrorist target actions and intentions. [my emphasis]

Plus, those authorities will include datamining, including with other data collected by NSA, like a user’s Internet habits and financial records.

Then, PCLOB does some math to estimate how many numbers might be in the corporate store.

If a seed number has seventy-five direct contacts, for instance, and each of these first-hop contact has seventy-five new contacts of its own, then each query would provide the government with the complete calling records of 5,625 telephone numbers. And if each of those second-hop numbers has seventy-five new contacts of its own, a single query would result in a batch of calling records involving over 420,000 telephone numbers.

[snip]

If the NSA queries around 300 seed numbers a year, as it did in 2012, then based on the estimates provided earlier about the number of records produced in response to a single query, the corporate store would contain records involving over 120 million telephone numbers.74

74 While fewer than 300 identifiers were used to query the call detail records in 2012, that number “has varied over the years.” Shea Decl. ¶ 24.

Some might quibble with these numbers: other estimates use 40 contacts per person (though remember, there’s 5 years of data), and the estimate doesn’t seem to account for mutual contacts. Plus, remember this is unique phone numbers: we should expect it to include fewer people, because people — especially people trying to hide — change phones regularly. Further, remember a whole lot of foreign numbers will be in there.

But other things suggest it might be conservative. As a recent Stanford study showed, if the NSA isn’t really diligent about removing high volume numbers, then queries could quickly include everyone; certainly, NSA could have deliberately populated the corporate store by leaving such identifiers in. We know there were 27,000 people cleared for RAS in 2008 and 17,000 on an alert list in 2009, meaning the query numbers for earlier years are effectively much much higher (which seems to be the point of footnote 74).

Plus, remember that PCLOB gave their descriptive sections to the NSA to review for accuracy. So I assume NSA did not object to the estimate.

So 120 million phone numbers might be a reasonable estimate.

That’s a lot of Americans exposed to the level of data analysis permissible in the corporate store.

The Immediate Phone Dragnet Fixes Obama Rejected

/2 Comments/in , /by

In its report, PCLOB makes it clear that President Obama had most of its recommendations before he gave his speech last Friday.

PCLOB briefed senior White House staff on the Board’s tentative conclusions on December 5, 2013. The PCLOB provided a near final draft of the Board’s conclusions and recommendations on Section 215 and the operations of the FISA court (Parts 5, 7 and 8 of this Report) to the White House on January 3, the transparency section (Part 9) on January 8, 2014, and additional statutory analysis on January 14, 2014 (Part 5). On January 8, the full Board met with the President, the Vice President and senior officials to present the Board’s conclusions and the views of individual Board members.

Which means Obama was well aware of the four recommendations PCLOB made on immediate privacy fixes (they emphasize these recommendations don’t require Congressional or FISC action).

The Board recommends that the government immediately implement several additional privacy safeguards to mitigate the privacy impact of the present Section 215 program. The recommended changes can be implemented without any need for congressional or FISC authorization. Specifically, the government should:

(a) reduce the retention period for the bulk telephone records program from five years to three years;

(b) reduce the number of “hops” used in contact chaining from three to two;

(c) submit the NSA’s “reasonable articulable suspicion” determinations to the FISC for review after they have been approved by NSA and used to query the database; and

(d) require a “reasonable articulable suspicion” determination before analysts may submit queries to, or otherwise analyze, the “corporate store,” which contains the results of contact chaining queries to the full “collection store.”

So it’s safe to assume President Obama affirmatively rejected the 2 recommendations he did not adopt in any form: reducing the retention period for dragnet data and requiring RAS to search the corporate store.

Noted.

PCLOB Report, Working Thread

/1 Comment/in /by

The report is here. I will do a running update of my comments. Page references will be to the report page numbers, not PDF.

(4) Note PCLOB had access to “various inspector general reports.”

(6) Note the dates when WH got these conclusions.

(9) PCLOB confirms what I was the first to point out: this program operated without a legal opinion until July 2013. Told ya so.

(10) One of four reasons the program is illegal is bc 215 is written for FBI, not NSA. Also says it violates ECPA.

(11) PCLOB says FBI would have found Moalin w/o the dragnet. Remember, they were investigating his hawala and had a tap on Ayro.

(14) PCLOB confirms only two cases (info sharing/minimization and Yahoo) ever got to FISCR.

(15) On the govt’s so-called transparency:

However, to date the official disclosures relate almost exclusively to specific programs that had already been the subject of leaks, and we must be careful in citing these disclosures as object lessons for what additional transparency might be appropriate in the future.

(17) PCLOB provides several immediate relationships and notes that Obama doesn’t need Congress to do them.

(19) Note PCLOB’s reference to releasing opinions on programs that have been discontinued bc of continuing relevance. Suspect this refers to more than just the Internet dragnet.

(25) Note PCLOB says the data integrity analysts take out “other unwanted data” in addition to high volume numbers. I believe some sensitive numbers are purged at this step.

(30) PCLOB dances around saying that corporate store leads right to content.

For instance, such calling records may be integrated with data acquired under other authorities for further analysis

(31) PCLOB notes FBI gets reports on the dragnet. It doesn’t mention CIA and NCTC or other agencies.

(32) CIA and NCTC have no minimization rules for data that comes from 215 reports:

Other federal agencies also receive information from the NSA that was obtained through Section 215, but the FISA court’s orders do not establish rules for how those agencies must handle the information they receive.83 In addition, the government has informed the FISA court that it may provide telephone numbers derived from the program to “appropriate . . . foreign government agencies.”84

Read more

PCLOB Adopts the Drip Drip Drip Approach Too

/1 Comment/in , /by

As Charlie Savage and Ellen Nakashima report, PCLOB will release a report on the phone dragnet today calling the program illegal. I’ll report more on the report after it gets released this afternoon.

In the meantime, note that it appears PCLOB is only reporting on the Section 215 phone dragnet with this report. They’re not reporting on Section 702.

Yet they were supposed to be. They told the President and Congress in November they would produce one report.

Met with officials of the Department of Justice (DOJ), Office of the Director of National Intelligence (ODNI), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) on several occasions to discuss the operation and oversight of programs under Section 215 of the USA PATRIOT Act (telephone metadata) and Section 702 of the Foreign Intelligence Surveillance Act. These discussions covered collection, use and dissemination practices, compliance measures, including internal and external oversight, and the implementation guidelines governing collection and use of intelligence pursuant to Sections 215 and 702. These discussions commenced prior to June 2013 as part of the Board’s basic oversight responsibilities, and then evolved, after the Snowden leaks, into a more in-depth review of the programs operated pursuant to Sections 215 and 702. The review, which is intended to culminate in a public report as requested by the President and Members of Congress, is addressing the history, legality, necessity, and effectiveness of these programs. [my emphasis]

And that was even Nakashima’s understanding just hours before she got this report. Spencer Ackerman reports they will issue the Section 702 report in the coming weeks.

The PCLOB is not finished with its assessment of NSA surveillance. It plans in the coming weeks to issue another report evaluating the NSA’s collection of bulk foreign Internet communications, which have included those with Americans “incidentally” collected.

Drip … drip … drip …

Already, several weeks ago, anonymous sources were repeating anonymous White House staffers bitching that PCLOB would not be done before the President gave his speech last Friday.

It’s unclear why Obama will announce his recommendations before receiving the report from the privacy and civil liberties board. One official familiar with the review process said that some White House officials were puzzled by the board’s delay.

Now, the PCLOB is taking at least two bites at the dragnet, which will keep problems with the dragnet in the news.

I guess those anonymous White House complainers are going to have a harder time achieving closure on the discussions about the dragnet.

PCLOB Told Mike Rogers They Would Discuss Legality of Dragnet

/1 Comment/in , /by

Mike Rogers is outraged! outraged! that PCLOB overstepped what he sees as their mandate to talk about the illegality of the phone dragnet.

Defenders of the program reacted sharply to the report’s findings on Thursday. Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, said he agreed with the two dissenters “that the board should … not partake in unwarranted legal analysis.”

I find this hysterical not just because Rogers has spent the last 7 months weighing in the program’s legality. I’ll take Retired Appeals Court Judge Patricia Wald’s opinion on legality over Rogers’ any day.

But it’s also funny because PCLOB told Rogers (as well as the President and the rest of Congress) they were going to report on the program’s legality back in their November report to the President and Congress.

Met with officials of the Department of Justice (DOJ), Office of the Director of National Intelligence (ODNI), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) on several occasions to discuss the operation and oversight of programs under Section 215 of the USA PATRIOT Act (telephone metadata) and Section 702 of the Foreign Intelligence Surveillance Act. These discussions covered collection, use and dissemination practices, compliance measures, including internal and external oversight, and the implementation guidelines governing collection and use of intelligence pursuant to Sections 215 and 702. These discussions commenced prior to June 2013 as part of the Board’s basic oversight responsibilities, and then evolved, after the Snowden leaks, into a more in-depth review of the programs operated pursuant to Sections 215 and 702. The review, which is intended to culminate in a public report as requested by the President and Members of Congress, is addressing the history, legality, necessity, and effectiveness of these programs. [my emphasis]

He didn’t object at the time.

He’s only objecting now that the Board has found the program illegal.

Rogers might complain that he didn’t notice this warning back then and therefore shouldn’t be held accountable for not objecting back when he was told they were going to review the legality of the program. But to make that argument, Rogers would have to admit he’s inattentive to matters concerning the programs he has primary oversight responsibility over.

While there’s abundant evidence that’s true, I doubt Rogers is prepared to admit it.

How NSA Spies on First Amendment Protected Speech: The EO 12333 Loophole

/3 Comments/in /by

As important as the fact that NSA was illegally watch-listing 3,000 US Persons is what they did once they got caught doing so.

They kept watch-listing them.

As I noted, NSA’s solution to the problem that it had put 3,000 US Persons on its contact-chaining and alert list without doing the First Amendment review required by Section 215 was simply to move them off the list available for use with Section 215 data.

NSA remedied this compliance incident by re-designating all such telephone identifiers as non RAS-approved for use as seed identifiers in early February 2009.

The NSA continued its alert list function after the problems with it were discovered; it just restricted its use to data collected under EO 12333. Which appears to mean these 3,000 US persons would continue to have their communications that came up in EO 12333 collections (which would be collected outside of the country) watch-listed. That wouldn’t give the NSA as much data about their conversations, granted, but they chose to do that rather than affirm that they weren’t watch-listing these people solely because of First Amendment protected activities.

That suggests the NSA could — and may have, in at least some of these cases — spy on Americans’ because of their speech or religion or politics, so long as they did so only using collections for which the First Amendment protections do not attach.

Now, we don’t know whether and how many of those 3,000 people were targeted for their First Amendment activities. But seeing NSA’s behavior here does raise questions about the US person described in this story about the NSA’s efforts to discredit ideological foes of the US.

One of 6 “radicalizers” NSA sought discrediting information on in 2012 is a US person (though living overseas). The NSA used contact chaining to measure the targets’ (limited, in the case of the English speakers) ties to extremists. And then it collected things like their online porn habits.

But the thing is, it appears that the impetus for this porn-sniffing pertained only to the NSA’s very expansive disagreement with the 6 “radicalizers” ideology.

It was about their speech, including the speech of the US person.

It appears the NSA believes its mandate includes spying on Americans for their protected speech, just so long as it does so using their EO 12333 authorities.

Project Minaret 2.0: Now, with 58% More Illegal Targeting!

/6 Comments/in , /by

Screen shot 2014-01-06 at 1.03.11 PM

For weeks, I have been trying to figure out why the NSA, in a training program it created in August 2009, likened one of its “present abuses” to Project Minaret. What “unauthorized targeting of suspected terrorists in the US” had they been doing, I wondered, that was like “watch-listing U.S. people for evidence of foreign influence.”

Until, in a fit of only marginally related geekdom, I re-read the following passage in Keith Alexander’s declaration accompanying the End-to-End review submitted to the FISA Court on August 19, 2009 (that is, around the same time as the training program).

Between 24 May 2006 and 2 February 2009, NSA Homeland Mission Coordinators (HMCs) or their predecessors concluded that approximately 3,000 domestic telephone identifiers reported to Intelligence Community agencies satisfied the RAS standard and could be used as seed identifiers. However, at the time these domestic telephone identifiers were designated as RAS-approved, NSA’s OGC had not reviewed and approved their use as “seeds” as required by the Court’s Orders. NSA remedied this compliance incident by re-designating all such telephone identifiers as non RAS-approved for use as seed identifiers in early February 2009. NSA verified that although some of the 3,000 domestic identifiers generated alerts as a result of the Telephony Activity Detection Process discussed above, none of those alerts resulted in reports to Intelligence Community agencies. 7

7 The alerts generated by the Telephony Activity Detection Process did not then and does not now, feed the NSA counterterrorism target knowledge database described in Part I.A.3 below. [my emphasis]

As I’ll explain below, this passage means 3,000 US persons were watch-listed without the NSA confirming that they hadn’t been watch-listed because of their speech, religion, or political activity.

Here’s the explanation.

Read more