NSA’s Bid for a 6 Month Delay in Protecting Larry Klayman’s Phone Records

/9 Comments/in , /by

The White House has announced they’re going to release the recommendations of the Committee to Make You Love the Dragnet today. Given that the report recommends putting the dragnet into someone else’s hands, I suspect the White House changed plans (It was going to release the report in mid-January) as a way to stave off the Klayman and other suits.

Given that we expect that recommendation — and that the government claims it’d take years to effect — I want to point to a claim that NSA Director of Signals Intelligence Division Theresa Shea made in her declaration in the Klayman suit. She claimed it would be an onerous process to take Larry Klayman’s call records out of the dragnet.

Beyond harming national security and the Government’s counterterrorism capabilities, plaintiffs’ proposed preliminary injunction would seriously burden the Government. While plaintiffs seek an order barring the Government from collecting metadata reflecting their calls, the Government does not know plaintiffs’ phone numbers, and would need plaintiffs to identify all numbers they use to even attempt to implement such an injunction. Ironically, as explained above, these numbers are not currently visible to NSA intelligence analysts unless they are within a three hopes of a call chain of a number that based on RAS is associated with a foreign terrorist organization.

Even if plaintiffs’ phone numbers were available, extraordinarily burdensome technical and logistical hurdles to compliance with a preliminary injunction order would remain. Technical experts would have to develop a solution such as removing the numbers from the system upon receipt of each batch of metadata or developing a capability whereby plaintiffs’ numbers would be received by NSA but would not be visible in response to an authorized query. To identify, design, build, and test the best implementation solution would potentially require the creation of new full-time positions and could take six months or more to implement. Once implemented, any potential solution could undermine the results of any authorized query of a phone number that based on RAS is associated with one of the identified foreign terrorist organizations by eliminating, or cutting off potential call chains. If this Court were to grant a preliminary injunction and the defendants were to later prevail on the merits of this litigation, it could prove extremely difficult to develop a solution to reinsert any quarantined records and would likely take considerable resources and several months to build, test, and implement a reinsertion capability suited to this task.

Judge Richard Leon treated this complaint as the obvious bullpuckey it clearly is.

[T]he Government says that it will be burdensome to comply with any order that requires the NSA to remove plaintiffs from its database. Of course, the public has no interest in saving the Government from the budens of complying with the Constitution! Then, the Government frets such an order “could ultimately have a degrading effect on the utility of the program if an injunction in this case precipitated successful requests for such relief by other litigants.” For reasons already explained, I am not convinced at this point in the litigation that the NSA’s database has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations, and so I am certainly not convinced that the removal of two individuals from the database will “degrade” the program in any meaningful sense.68

[snip]

In [staying my order to destroy the plaintiffs’ metadata] I hereby give the Government fair notice that should my ruling be upheld, this order will go into effect forthwith. Accordingly, I fully expect that during the appellate process, which will consume at least the next six months, the Government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld. Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.

68 To the extent that removing plaintiffs from the database would create the risk of “eliminating, or cutting off potential call chains,” the Government concedes that the odds of this happening are miniscule. (“[O]nly a tiny fraction of the collected metadata is ever reviewed . . . .”) (“Only the tiny fraction of the telephony metadata records that are responsive to queries authorized under the RAS standard are extracted, reviewed, or disseminated. . . . “). [citations removed]

But the plea for time– when it’s crystal clear NSA could start treating Larry Klayman’s data like a high volume number they intentionally defeat on intake tomorrow — made me wonder what purpose this complaint was really meant to serve, especially given James Cole’s refusal the other day to answer whether the Leahy-Sensenbrenner bill would eliminate bulk collection, which Jennifer Granick likens to a coup.

Responding to a question at yesterday’s hearing on the bill, Cole said, “Right now the interpretation of the word ‘relevant’ is a broad interpretation. Adding ‘pertinent to a foreign agent’ or ‘somebody in contact with a foreign agent’ could be another way of talking about relevance as it is right now. We’d have to see how broadly the court interprets that or how narrowly.”  In other words, the FISA court might let us keep doing what we’re doing no matter what the law says and despite Congress’ intent.

All courts issue opinions about what the laws that legislatures pass mean. These opinions are called the “common law”. But common law interpretations of statutes are only legitimate if they are fair and reasonable interpretations.

The NSA has a great track record getting FISC judges to interpret even obviously narrow phrases in surprisingly broad ways.

[snip]

Time and again, the FISC accepts the Administration’s shockingly flimsy arguments. As a set, the few public FISC opinions we’ve seen suggest that the Executive Branch—in cahoots with a few selected judges—has replaced legitimate public statutes with secret, illegitimate common law.

The rule of law is a basic democratic principle meaning that all members of a society—individuals, organizations, and government officials—must obey publicly disclosed legal codes and processes. If Cole is right that, try as it might, Congress cannot end bulk collection because the secret FISA court may defer to the NSA’s interpretation of the rules, there is no rule of law.  The NSA is in charge, the FISA court process is just a fig leaf, and this is no longer a democracy. There’s been a coup d’etat.

But it appears that not even the FISC judges are always in on the game. After all, at the moment when Judges Walton and Bates started reining in the Internet dragnet in the US, NSA started rolling out an expanded Internet dragnet program — which made it easier to pick up US person data and presumably easier to disseminate it — overseas. With that 6 month delay, would NSA just be figuring out how to maintain the dragnet function, but beyond the reach of meddling judges like Richard Leon?

The NSA suggested it would need 6 months notice to take just two people out of the dragnet. I can imagine no feasible technical reason that’s true.

So why were they implying they’d need that 6 months?

The Purpose(s) of the Dragnet, Revisited

/4 Comments/in , /by

As I noted the other day, one basis Judge Richard Leon used to find that the dragnet was likely unconstitutional was that it wasn’t all that useful. But I was particularly interested in the evidence he points to to establish that (see page 61 of his ruling), because it and the underlying basis for it reveal far more about how the government uses the dragnet than we’ve seen.

Leon points to the three cases in which the phone dragnet was supposed to be useful, which he gets from the declaration of FBI Acting Assistant Director Robert Holley. Holley claims the dragnet was useful in the Khalid Ouazzani, David Headley, and Najibullah Zazi cases (though Holley does not mention Ouazzani by name), using the following language.

In January 2009, using authorized collection under Section 702 of the Foreign Intelligence Surveillance Act to monitor the communications of an extremist overseas with ties to al-Qa’ida, NSA discovered a connection with an individual based in Kansas City. NSA tipped the information to the FBI, which during the course of its investigation discovered that there had been a plot in its early stages to attack the New York Stock Exchange. After further investigation, NSA queried the telephony metadata to ensure that all potential connections were identified, which assisted the FBI in running down leads.

[snip]

At the time of his arrest, Headley and his colleagues, at the behest of al-Qa’ida, were plotting to attack the Danish newspaper that published cartoons depicting the Prophet Mohammed. Headley was later charged with support for terrorism based on his involvement in the planning and reconnaissance for the 2008 hotel attack in Mumbai. Collection against foreign terrorists and telephony metadata analysis were utilized in tandem with FBI law enforcement authorities to establish Headley’s foreign ties and them in context with his U.S. based planning efforts.

[snip]

NSA received Zazi’s telephone number from the FBI and ran it against the Section 215 telephony metadata, identifying and passing additional leads back to the FBI for investigation. One of these leads revealed a previously unknown number  for co-conspirator Adis Medunjanin and corroborated his connection to Zazi as well as to other U.S.-based extremists.

First, note what’s missing? Any mention of Basaaly Moalin, the only defendant for which the government claims the phone dragnet was critical to his identification. Holley may have left Moalin out because of the timing: DOJ submitted his declaration on November 12, the day before the hearing on Moalin’s bid for a new trial and two days before Jeffrey Miller’s ruling rejecting that. Did DOJ think they might lose that argument, and so left it out out of fear it would make them more likely to lose this one (Leon does acknowledge Miller’s ruling in his own). Or was the case just so dated they chose not to mention it?

Whatever the reason, they’re left describing three cases in which even Keith Alexander admits the dragnet was at best only helpful.

But note the other thing: Up until now, the government has only described how the dragnet was useful in the Zazi case. While in its propaganda about 54 plots or maybe just terrorist events thwarted, it has implicitly suggested that only those with a US-nexus could involve the dragnet, I know of no other instance where they made it clear that they sort of used it in the Headley and Ouazzani cases (I’m going to check the declarations in the parallel suits later).

In both cases, it appears, the government only used it after the fact (which is how they used it in the Boston Marathon attack, which bizarrely also goes unmentioned).

Read more

Dianne Feinstein Glosses Jeffrey Miller Phone Dragnet Decision

/12 Comments/in , /by

Dianne Feinstein just released a statement effectively saying she likes the FISA Court phone dragnet decisions and the one Judge Jeffrey Miller made in the Moalin case better than the one Richard Leon issued yesterday.

Clearly we have competing decisions from those of at least three different courts (the FISA Court, the D.C. District Court and the Southern District of California). I have found the analysis by the FISA Court, the Southern District of California and the position of the Department of Justice, based on the Supreme Court decision in Smith, to be compelling.

But I’m particularly interested in the way she describes the Miller decision.

It should be noted that last month Judge Jeffrey Miller of the Southern District of California found the NSA business records program to be constitutional.

Judge Miller was ruling on a real world terrorist case involving the February 2013 conviction of Basaaly Moalin and three others for conspiracy and providing material support to the Somali terrorist organization Al-Shabaab. In that case, the NSA provided the FBI with information gleaned from an NSA query (under Section 215) of the call records database that established a connection between a San Diego-based number and a number known to be used by a terrorist with ties to al Qaeda.

In upholding these convictions, Judge Miller cited Smith v. Maryland (1979) the controlling legal precedent and held the defendants had ‘no legitimate expectation of privacy’ over the type of telephone metadata acquired by the government—which is the ‘to’ and ‘from’ phone numbers of a call, its time, its date and its duration. There is no content, no names and no locational information acquired.

As a threshold matter, Judge Miller did not decide last month that the phone dragnet was constitutional. He decided sometime around June 5, 2012, and that decision remains sealed in its entirety. He treated Moalin’s bid for a new trial as a reconsideration of his earlier decision, stating he had,”already considered and addressed many of the FISA and CIPA arguments from a federal and constitutional law perspective.” He deliberated just one day after the hearing on a new trial before rejecting the motion. Which means that his decision rests primarily on whatever representations the government made in secret — and none of us have gotten to see that decision.

If Senator Feinstein would like to use her position on the Senate Intelligence and Judiciary Committees to liberate that decision given that she’s relying on it, by all means let’s have some transparency!

Now look at how Feinstein characterizes the issue before Miller:

[T]he NSA provided the FBI with information gleaned from an NSA query (under Section 215) of the call records database that established a connection between a San Diego-based number and a number known to be used by a terrorist with ties to al Qaeda.

That is, she characterizes Miller’s review as weighing whether using an (at least) second-degree hop in a database to establish probable cause is Constitutional.

But that’s most definitely not what Miller did. Instead, he ignored the database entirely (the word “database” doesn’t appear in his ruling), and assessed the use of what Feinstein describes as a database query as two separate pen registers.

Defendants argue that the collection of telephony metadata violated Defendant Moalin’s First and Fourth Amendment rights. At issue are two distinct uses of telephone metadata obtained from Section 215. The first use involves telephony metadata retrieved from communications between third parties, that is, telephone calls not involving Defendants. Clearly, Defendants have no reasonable expectation of privacy to challenge any use of telephony metadata for calls between third parties. See Steagald v. United States, 451 U.S. 204, 219 (1981) (Fourth Amendment rights are personal in nature); Rakas v. Illinois, 439 U.S. 128, 133-34 (1978) (“Fourth Amendment rights are personal rights which, like some other constitutional rights, may not be vicariously asserted.”); United States v. Verdugo-Uriquidez, 494 U.S. 259, 265 (1990) (the term “people” described in the Fourth Amendment are persons who are part of the national community or may be considered as such). As noted in Steagald, “the rights [] conferred by the Fourth Amendment are personal in nature, and cannot bestow vicarious protection on those who do not have a reasonable expectation of privacy in the place to be searched.” 451 U.S. at 219. As individuals other than Defendants were parties to the telephony metadata, Defendants cannot vicariously assert Fourth Amendment rights on behalf of these individuals. To this extent, the court denies the motion for new trial.

The second use of telephony metadata involves communications between individuals in Somalia (or other countries) and Defendant Moalin. The following discusses whether Defendant Moalin, and other Defendants through him, have any reasonable expectation of privacy in telephony metadata between Moalin and third parties, including co-defendants. [my emphasis]

I believe that in documents that have been released since Miller’s ruling, the government distinguished this from pen registers (digging up those references now). But one thing’s clear: Miller didn’t approve the use of a database to show that his two-degree link between Moalin and Aden Ayro amounted to probable cause that he was an agent of a foreign power. He approved of two or more discrete pen registers.

That may or may not amount to a legal difference (Leon didn’t consider the database as such either). But I find it mighty telling that Feinstein describes the dragnet in terms her favored criminal ruling does not.

Will Obama Attempt to Co-Opt the Internet Companies?

/17 Comments/in /by

Of late, Keith Alexander has added a new thing to his public schtick: inviting tech companies to come up with a way to dragnet more effectively. In the middle of discussions of why NSA must retain the phone dragnet, he’ll stop, and say, if the tech companies can come up with a way to do it better (not just to do the same thing as effectively, mind you, but better), he wants to hear it.

At a minimum, that new schtick should alert you that in 2011 when they “ended” the Internet dragnet, they didn’t end it, they just found a way to do it better, because that’s how Alexander speaks of that decision in this context.

But you might also keep this shift in Alexander’s schtick in mind as you read Matthew Aid’s story about how the President whitewash became a graywash.

At the same time, the agency’s once harmonious relationship with this country’s largest high-tech companies, such as Microsoft, Google and Yahoo, is now a shattered smoking ruin, NSA officials fret. Only the “big three” American telecommunications companies—AT&T, Verizon and Sprint—appear to remain firmly supportive, and even they are beginning to put some distance between themselves and the NSA as shareholders ask pointed questions about their clandestine relationship with the agency.

In this political climate, it was perhaps inevitable that the Review Group would recommend making substantive changes in the way the NSA operates. “We had to go this route,” a Review Group staffer told me in an interview. “If we did not recommend placing some additional controls and checks and balances on the NSA’s operations, the high-tech companies were going to kill us and Congress was going to burn the house down. Besides, our report is non-binding, so who knows what the White House is going to accept and what they are going to toss out.”

Frankly, I think the relationship with some tech companies (Microsoft) has been more harmonious than with others (Yahoo and to some extent Google). And it was never the same as the telecoms enjoy, not least because the telecoms have been stealing the tech companies’ data on and off at the government’s behest for a decade now.

But I’m not at all surprised that citizen outrage had no effect on the Review Group and Administration, but Internet company outrage did.

Fast forward to today, where Obama’s got a meeting with a curious group of CEOs.

  • Tim Cook, CEO, Apple
  • Dick Costolo, CEO, Twitter
  • Chad Dickerson, CEO, Etsy
  • Reed Hastings, co-founder and CEO, Netflix
  • Drew Houston, founder and CEO, Dropbox
  • Marissa Mayer, president and CEO, Yahoo!
  • Burke Norton, chief legal officer, Salesforce
  • Mark Pincus, founder, chief product officer and chairman, Zynga
  • Shervin Pishevar, co-founder and co-CEO, Sherpa Global
  • Brian Roberts, chairman and CEO, Comcast
  • Erika Rottenberg, vice president, general counsel and secretary, LinkedIn
  • Sheryl Sandberg, COO, Facebook
  • Eric Schmidt, executive chairman, Google
  • Brad Smith, executive vice president and general counsel, Microsoft
  • Randall Stephenson, chairman and CEO, AT&T

As WaPo’s piece on this points out, the meeting mixes the leaders of the Internet companies calling for more transparency — Yahoo, Google, and Microsoft, to a lesser extent Apple, LinkedIn, and Facebook, as well as Dropbox — and AT&T, the company that has been stealing from the critics. In addition, Comcast, which almost certainly has joined AT&T in that more harmonious role, will attend.

The initial reports on the meeting dubbed it an effort for the President to discuss — and try to fix — Federal IT contracting in the wake of the ObamaCare website.

But the critics have issued a statement making it clear they intend to talk about surveillance.

So let’s consider the dynamic to expect at this meeting. You’ve got a lot of Internet bigwigs, two Toobz bigwigs, and some smaller CEOs. That dynamic, right away, should prevent a truly candid conversation (because of the differing interests of all the parties).

And against that dynamic, the President will be discussing how to make it easier to contract with real software companies, rather than bloated federal software contractors.

There will be the stilted conversation about NSA (and AT&T) stealing from Internet companies. And a far less stilted conversation about the federal government expanding its contracting with private sector Internet companies.

They’ll have a stilted conversation about reining in government, and a less stilted conversation about putting more government dollars in Internet company pockets.

Update: Changed title to reflect these are Internet companies, not software, and fixed some syntax.

Update: Meanwhile, Obama has named a Microsoft Exec to be his new ObamaCare fixer, which should make it easier to send more business Microsoft’s way.

Richard Leon: A Phone Dragnet Is Not a Special Need

/10 Comments/in , /by

As I noted briefly in this post, Judge RIchard Leon ruled that Judicial Watch’s Larry Klayman is very likely to succeed in his suit challenging the phone dragnet on Constitutional grounds. He issued an injunction requiring NSA to take out Klayman’s data, but stayed that decision pending appeal.

While many civil liberties lawyers are hailing the decision, the its strength might be measured by the fact that Mark Udall and Jim Sensenbrenner both used it as a call to pass Leahy-Sensenbrenner; they did not celebrate the demise of the dragnet itself. That is, it is almost certain that this decision will not, by itself, end the dragnet.

I suspect this ruling will serve to break the ice for other judges (there are several other suits, a number of them launched by entities — like the ACLU — that I expect to have better command of the details of the dragnet and the reasons it is unconstitutional, which may lead to a stronger opinion). And to the extent it stands (don’t hold your breath) it will begin to chip away at NSA’s claims that searches don’t happen on collection, but on database access.

And on one point, I think Leon’s ruling provides a really important baseline on the matter of special needs.

As Orin Kerr sketches out roughly here (and I agree with much of what he says about Leon’s ruling), Leon basically held that Smith v. Maryland didn’t apply in the era of smart phones. From there, he moved onto Fourth Amendment analysis, which involves an analysis of whether the special need of hunting terrorists merits the huge privacy infringement of collecting all phone records in the US. After reviewing the precedents on special needs, Leon writes,

To my knowledge, however, no court has ever recognized a special need sufficient to justify continuous, daily searches  of virtually every American citizen without any particularized suspicion. In effect, the Government urges me to be the first non-FISC judge to sanction such a dragnet.

Then Leon goes on to challenge the government’s claims about the need involved.

The Government asserts that the Bulk Telephony Metadata Program serves the “programmatic purpose” of “identifying unknown terrorist operatives and preventing terrorist attacks.”

[snip]

A closer examination of the record, however, reveals the Government’s interest is a bit more nuanced–it is not merely to investigate potential terrorists, but rather, to do so faster than other investigative methods might allow.

Which brings him to the same issue Ron Wyden and Mark Udall keep pointing to: the NSA simply doesn’t have evidence of this actually having worked.

Yet, turning to the efficacy prong, the Government does not cite a single instance in which analysis of the NSA’s bulk metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time-sensitive in nature. In fact, none of the three “recent episodes” cited by the Government that supposedly “illustrate the role that telephony metadata analysis can play in preventing and protecting against terrorist attack” involved any urgency.

Now, I actually think the NSA and FBI declarants in this case begin to hint at the real purpose of the dragnet — I’ll come back to that once PACER recovers from what everyone jokes is NSA retaliation for this ruling.

But with regards to accomplishing the purpose the NSA claims the dragnet serves, there’s no evidence to show. Leon finds that absent real proof that the dragnet works, Klayman’s privacy interests outweigh the Government’s need.

Given the limited record before me at this point in the litigation–most notably, the utter lack of evidence that a terrorist attack has ever been prevented because searching the NSA database was faster than other investigative tactics–I have serious doubts about the efficacy of the metadata collection program as a means of conducting time-sensitive investigations in cases involving imminent threats of terrorism.

[snip]

Thus, plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the Government’s interest in collecting and analyzing build telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the Fourth Amendment.

Now, to be clear, before Leon gets here, he has to get by Smith v. Maryland, and I agree with Kerr that his argument there isn’t all that strong (though I disagree with Kerr that it couldn’t be).

But one big takeaway from this ruling –whether the DC Circuit overturns it or not — is that it will be very hard for the government to make the case that the need the dragnet serves outweighs the privacy cost.

Probably not with this ruling, but it may not be long before the government has to face up to the fact that its dragnet really hasn’t shown any results.

Update: New Yorker’s Amy Davidson writes, “But what his ruling does is deprive the N.S.A. of the argument of obviousness: the idea that what it is doing is plainly legal, plainly necessary, and nothing for decent people to worry about.” That’s about what I mean by Leon breaking the ice.

That Pirate May Be the Missing Link We Should Drone Kill

/16 Comments/in , , , /by

As I mocked last night, 60 Minutes decided to use pirate data collected under EO 12333 to demonstrate how it conducts call chaining on US citizen data collected under Section 215. But the exchange is rather interesting for the way the NSA analyst, Stephen Benitez, describes finding a potentially key player in a network of pirates.

Metadata has become one of the most important tools in the NSA’s arsenal. Metadata is the digital information on the number dialed, the time and date, and the frequency of the calls.  We wanted to see how metadata was used at the NSA.  Analyst Stephen Benitez showed us a technique known as “call chaining” used to develop targets for electronic surveillance in a pirate network based in Somalia.

Stephen Benitez: As you see here, I’m only allowed to chain on anything that I’ve been trained on and that I have access to. Add our known pirate. And we chain him out.

John Miller: Chain him out, for the audience, means what?

Stephen Benitez: People he’s been in contact to for those 18 days.

Stephen Benitez: One that stands out to me first would be this one here. He’s communicated with our target 12 times.

Stephen Benitez: Now we’re looking at Target B’s contacts.

John Miller: So he’s talking to three or four known pirates?

Stephen Benitez: Correct. These three here. We have direct connection to both Target A and Target B. So we’ll look at him, too, we’ll chain him out. And you see, he’s in communication with lots of known pirates. He might be the missing link that tells us everything. [my emphasis]

Compare the language Benitez uses here with that which Gregory McNeal used to describe drone targeting back in February.

Networked based analysis looks at terrorist groups as nodes connected by links, and assesses how components of that terrorist network operate together and independently of one another.  Those nodes and links, once identified will be targeted with the goal of disrupting and degrading their functionality.  To effectively pursue a network based approach, bureaucrats rely in part on what is known as “pattern of life analysis” which involves connecting the relationships between places and people by tracking their patterns of life. This analysis draws on the interrelationships among groups “to determine the degree and points of their interdependence.” It assesses how activities are linked and looks to “determine the most effective way to influence or affect the enemy system.”

[snip]

Viewing targeting in this way demonstrates how seemingly low level individuals such as couriers and other “middle-men” in decentralized networks such as al Qaeda are oftentimes critical to the successful functioning of the enemy organization. Targeting these individuals can “destabilize clandestine networks by compromising large sections of the organization, distancing operatives from direct guidance, and impeding organizational communication and function.” Moreover, because clandestine networks rely on social relationships to manage the trade-off between maintaining secrecy and security, attacking key nodes can have a detrimental impact on the enemy’s ability to conduct their operations. [my emphasis]

That is, the language describing the process behind signature strikes closely matches the language describing NSA’s targeting for wiretapping. Both these analyses are doing the same thing: trying to find the key nodes in networks of people (though the drone targeting appears to draw in additional intelligence about someone’s observed actions and locations).

Now, as I said, when Benitez used the word “target,” he was presumably discussing only targeting for surveillance, not for drone killing (besides, thus far we haven’t drone killed any pirates I know of).

But it is very easy to see what kind of role metadata analysis would play in the early stages of targeting a signature strike, because that’s precisely how the intelligence community identify the nodes that, McNeal tells us, they’re often targeting when they conduct signature strikes. Wiretap the person at that node and you may learn a lot (that’s also probably the same kind of targeting they do to select potential informants, as we know they do with metadata), kill that person and you may damage the operational capabilities of a terrorist (or pirate) organization.

When the WaPo reported on NSA’s role in drone killing, it focused on how NSA collected content associated with a known target — Hassan Ghul — to pinpoint his location for drone targeting.

But NSA probably plays a role in the far more controversial targeting of people we don’t know for death, with precisely the kind of contact chaining it uses on US persons.

Note, in related news, Richard Leon has just ruled for Larry Klayman in one of the first suits challenging the phone dragnet (with the injunction stayed pending appeal). I’ll have analysis on that later.

“He’s sure as hell no traitor”

/6 Comments/in /by

Fortune has an interview with a former colleague of Edward Snowden’s in Hawaii (some have questioned its provenance, but details in the interview accord with other stories about Snowden at NSA; even Keith Alexander said he was very good at his job).

One of my favorite details describes how Snowden repeatedly alerted NSA to security problems in their code, but they didn’t always fix it.

He also frequently reported security vulnerabilities in NSA software. Many of the bugs were never patched.

This is consistent with a story describing him trying to fix a CIA security problem when he was in Europe, so it rings true. But it also reveals the NSA’s own lax concern for security.

But I’m most interested in this paragraph:

Snowden’s former colleague says that he or she has slowly come to understand Snowden’s decision to leak the NSA’s files. “I was shocked and betrayed when I first learned the news, but as more time passes I’m inclined to believe he really is trying to do the right thing and it’s not out of character for him. I don’t agree with his methods, but I understand why he did it,” he or she says. “I won’t call him a hero, but he’s sure as hell no traitor.”

I have been tracking the apparent concern on the part of top NSA officials that employees will learn something that disturbs them. This is — if authentic — one of the first descriptions we have of an NSA employee reacting to Snowden’s leaks (albeit from one who seemed to admire him).

But it describes this employee beginning to understand Snowden’s underlying point, though not his methods (and perhaps not his ultimate judgement it was unconstitutional).

This is the battle Keith Alexander seems most afraid of, the battle over the belief of NSA insiders.

NSA’s 60 Wiretaps and FBI’s 1,728 Wiretaps?

/5 Comments/in /by

I want to return to the exchange shown on last night’s 60 Minutes piece on NSA where CBS’s in-house national security shill asked Keith Alexander about collecting the content of phone calls.

John Miller: There is a perception out there that the NSA is widely collecting the content of the phone calls of Americans. Is that true?

Gen. Keith Alexander: No, that’s not true. NSA can only target the communications of a U.S. person with a probable cause finding under specific court order. Today, we have less than 60 authorizations on specific persons to do that.

John Miller: The NSA as we sit here right now is listening to a universe of 50 or 60 people that would be considered U.S. persons?

Gen. Keith Alexander: Less than 60 people globally who are considered U.S. persons.

As a threshold matter, note that Alexander didn’t answer the question Miller asked, which was whether the “NSA is widely collecting the content of the phone calls of Americans.” Instead, Alexander answered how many US persons the NSA is targeting (he’s been providing this non-responsive answer for months now, so it is a well-practiced ploy). His answer is further modified by referring to “specific person.” And he used the word “globally,” which I found to be particularly interesting, given that by law the government has to get orders to wiretap Americans overseas, too.

Note two other things Alexander doesn’t address: US person content generally, and how many FISC orders the FBI gets.

According to the report to Congress on FISA covering 2012, the FISC approved 1,788 orders for electronic surveillance last year, plus another 68 for physical searches alone (which increasingly means stored content in an email server).

During the calendar year 2012, the Government made 1,856 applications to the Foreign Surveillance Court (the “FISC”) for authority to conduct electronic surveillance and/or physical searches for foreign intelligence purposes. The 1,856 applications include applications made solely for electronic surveillance, applications made solely for physical search, and combined applications requesting authority for electronic surveillance and physical search. Of these, 1, 789 applications included requests for authority to conduct electronic surveillance.

Of the 1,789 applications, one was withdrawn by the Government.

This number does not count the same number Alexander used in his dodge. It includes FISA Amendments Act orders, though those are programmatic and therefore should be far less numerous (indeed, the number of orders did not go up that much when bulk orders were first approved in 2007, and they actually went down in 2008 and 2009 with the FISA Amendments Act passage). And these orders may be email-only orders.

Thus, there are a range of explanations for why Lying Keith claims only to have taps on 60 people but the FISA report shows 1,788 orders for electronic surveillance: FBI, not NSA, submitted the orders, they don’t request phone content, they’re bulk orders targeting non-US persons.

Still, the number of US persons who have been targeted via a specific FISC order are likely far higher than the 60 Lying Keith used on last night’s show. Plus, there may be US persons who had their email collected via specific order, but not their phone content. And of course, every one of the bulk orders targeting non-US persons would include incidentally collection US person data that can be searched with no Reasonable Articulable Suspicion. And we know NSA collects email content from around 56,000 US persons each year in its upstream collection — collection which John Bates considers intentional collection.

Thus, the number of Americans having their content collected is far, far higher than the 60 Alexander used on last night’s show.

Which is another good reason to require more transparency on these FISA numbers, because without it, Keith Alexander will lie again.

60 Minutes Betters Their Benghazi Debacle: Pirates Ahoy! and Chinese Global Suicide Bombers

/24 Comments/in , /by

I will have more to say about tonight’s 60 Minutes debacle.

But for now, let me make three points.

First, John Miller should never work in journalism again (he’s reportedly prepping to run NYPD’s intelligence shop, so he may not need to). There were numerous examples in tonight’s 60 Minutes piece where even a mildly curious journalist would have asked follow-up questions. But given that Miller, who has an ODNI and FBI background, knows this stuff, his failure to ask obvious follow-up questions is proof this was not at all about journalism.

Of particular note that everyone is getting snookered on: Lying Keith Alexander said that NSA only listens to the phone calls of 60 US persons. When Miller sort of asked a follow-up, Alexander seemed to reiterate that this is NSA.

Of course, FBI formally owns the wiretapping of US persons in the US. So that 60 number may only be Americans we wiretap overseas. One of those follow-up questions that might have been useful.

Then there was the NSA’s effort to show us what contact chaining looks like. As a threshold matter, they had subbed out all the real phone numbers with “555-1212” type numbers. Which means the computer was altered for TV.

Then, CBS showed an NSA analyst contact chaining off pirates.

Yes, pirates!

Aside from opening up NSA to the claim that we’re now all 3 degrees of Captain Hook, the pirate operation of course means the claims of the analyst only apply to EO 12333 collection (cause pirates are almost never US persons).

That is, we should assume it is completely meaningless as a demonstration of what the US phone dragnet is about.

Then there’s the scary BIOS plot.

I’ll need to go back and review this, but the jist of the scary claim at the heart of the report is that the NSA caught China planning a BIOS plot to shut down the global economy.

To.

Shut.

Down.

The.

Global.

Economy.

Of course, if that happened, it’d mean a goodly percentage of China’s 1.3 billion people would go hungry, which would lead to unbelievable chaos in China, which would mean the collapse of the state in China, the one thing the Chinese elite want to prevent more than anything.

But the NSA wants us to believe that this was actually going to happen.

That China was effectively going to set off a global suicide bomb. Strap on the economy in a cyber-suicide vest and … KABOOOOOOOM!

And the NSA heroically thwarted that attack.

That’s what they want us to believe and some people who call themselves reporters are reporting as fact.

How FISA Dockets (Appear To) Work and Why Snowden Likely Got Few or No PayPal Documents

/12 Comments/in , , /by

Because Bill Binney made an observation about the high docket number of the phone dragnet order released this year, Sibel Edmonds has decided that Glenn Greenwald is hiding a bunch of Edward Snowden documents to protect Pierre Omidyar showing PayPal cooperated with NSA.

Here’s what Binney said, according to him.

Unfortunately, Sibel attributes some of her words to me. I do not know that PAYPAL is involved – only that financial data is being used by NSA. And, based on the “BR” number 13/80 on the Verizon court order to give records to NSA, I estimated that this program involved 78 companies. These would include: telecom’s, internet service providers, banks/finance/credit cards, travel, plus others. So, there’s a lot of business data being collected by NSA and the FBI. In the future, if I am to be quoted, I will have to I will have to insist on a pre-publication review. [my emphasis]

Now, like Peter Kofod, I don’t doubt that PayPal gives a ton of data to the national security state (more on what probably happens below).

But Binney’s comment appears to be based on a misunderstanding of how the FISA docket numbering works (though not one that changes his observation that “there’s a lot of business data being collected by NSA and the FBI”): that each docket pertains to a different company.

Given the filings we’ve seen from voluminous years — particularly 2009 — it is clear that DOJ uses one docket for all providers on a particular order. For example, 3 of the 4 docket numbers used for the phone dragnet in 2009 were 08-13, 09-06, and 09-13. For the entire 3 month period the primary order covers, all the orders and correspondence related to that primary order bears the original docket number. Even in the case where Judge Walton cut off and then resumed production (see 09-13 above) from just one provider got handled in that docketing system. The now public FISC docket appears to continue this practice, with BR 13-109 and BR 13-158 including all the correspondence on a particular order (in addition, there are the Misc dockets for lawsuits, and the 2007 docket tied to Protect America Act for the Yahoo challenge).

And over the years, the list of providers included on the dockets appears to have gotten much longer. Here’s the redacted list of providers from the original 2006 order:

Screen shot 2013-12-13 at 7.51.09 PM

Here’s the redacted list of providers from the most recent order:

Screen shot 2013-12-13 at 7.54.25 PM

 

The additional providers are probably smaller providers, as well as VOIP providers.

So just 4 and on rare occasions 5 of the Section 215 (“BR”) docket numbers in any given year (and, for the life of the program, just 4 of the PR/TT docket numbers) covered all the providers.

But that may, in fact, mean far more companies are getting Section 215 orders, even bulk orders. As I laid out in this post, the numbers of Section 215 orders have gone up in the last several years (Julian Sanchez has speculated that previously some of this collection was done via National Security Letter, which is a pretty good bet).

Section 215 orders

And as they’ve gone up, the FISA Court has been modifying far more orders — it modified 86% of the orders in 2011. It has been modifying orders to add minimization procedures (it modified 176 orders in 2011 to add minimization requirements). Given that you only need to have significant minimization procedures if you’re getting a lot of innocent people’s data, and given that these orders would also be on a 90-day cycle, that may mean there were 44 bulk collection programs in 2011.

But, as Binney said, that’s going to include a lot of different kinds of companies. We know they’ve used Section 215 to collect precursor chemical purchase records. They likely cover credit cards records, other financial records, gun purchases, health and medical records, and other computer records. There have even been questions about using Section 215 to collect URL search terms.

PayPal is one possible or even likely recipient of these, but only one out of a bunch. Read more