Freedom of Association: From Six Degrees of Kevin Bacon to Three Degrees of Terry Stop

/4 Comments/in , /by

One thing the July 24, 2004 Colleen Kollar-Kotelly opinion and the May 23, 2006 phone dragnet application reveal is that the government and the court barely considered the First Amendment Freedom of Association implications of the dragnets.

The Kollar-Kotelly opinion reveals the judge sent a letter asking the government about “First Amendment issues.” (3) Way back on 57, she begins to consider First Amendment issues, but situates the in the querying of data, not the creation of a dragnet showing all relationships in the US.

In this case, the initial acquisition of information is not directed at facilities used by particular individuals of investigative interest, but meta data concerning the communications of such individuals’ [redacted]. Here, the legislative purpose is best effectuated at the querying state, since it will be at a point that an analyst queries the archived data that information concerning particular individuals will first be compiled and reviewed. Accordingly, the Court orders that NSA apply the following modification of its proposed criterion for querying the archived data: [redacted] will qualify as a seed [redacted] only if NSA concludes, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable articulable suspicion that a particularly known [redacted] is associated with [redacted] provided, however, that an [redacted] believed to be used by a U.S. person shall not be regarded as associated with [redacted] solely on the basis of activities that are protected by the First Amendment to the Constitution. For example, an e-mail account used by a U.S. person could not be a seed account if the only information thought to support the belief that the account is associated with [redacted] is that, in sermons or in postings on a web site, the U.S. person espoused jihadist rhetoric that fell short of “advocacy … directed to inciting or producing imminent lawless action and … likely to incite or produce such action.” Brandnberg v. Ohio

By focusing on queries rather than collection, Kollar-Kotelly completely sidesteps the grave implications for forming databases of all the relationships in the US.

Then, 10 pages later, Kollar-Kotelly examines the First Amendment issues directly. She cites Reporters Committee for Freedom of the Press v. AT&T to lay out that in criminal investigations the government can get reporters’ toll records. Predictably, she says that since this application is “in furtherance of the compelling national interest of identifying and tracking [redacted terrorist reference], it makes it an easier case. Then, finally, she cites Paton v. La Prade to distinguish this from an much less intrusive practice, mail covers.

The court in Paton v. La Prade held that a mail cover on a dissident political organization violated the First Amendment because it was authorized under a regulation that was overbroad in its use of the undefined term “national security.” In contrast, this pen register/trap and trace surveillance does not target a political group and is authorized pursuant to statute on the grounds of relevance to an investigation to protect against “international terrorism,” a term defined at 50 U.S.C. § 1801(c). This definition has been upheld against a claim of First Amendment overbreadth. [citations omitted]

Of course, a mail cover is not automated and only affects the targeted party. This practice, by contrast, affects the targeted party (the selector) and anyone three hops out from him. Thus, even if those people are, in fact, a dissident organization (perhaps a conservative mosque), they in effect become criminalized by the association to someone only suspected — using the Terry Stop standard (the same used with stop-and-frisk) — of ties (but not even necessarily organizational ties) to terrorism.

Here’s how it looks in translation, in the 2006 application:

It bears emphasis that, given the types of analysis the NSA will perform, no information about a telephone number will ever be accessed or presented in an intelligible form to any person unless either (i) that telephone number has been in direct contact with a reasonably suspected terrorist-associated number or is linked to such a number through one or two intermediaries. (21)

So: queries require only a Terry Stop standard, and from that, mapping out everyone who is three degrees of association — whose very association with the person should be protected by the First Amendment — is fair game too.

Imagine if Ray Kelly had the authority to conduct an intrusive investigation into every single New Yorker who was three degrees of separation away from someone who had ever been stop-and-frisked. That’s what we’re talking about, only it happens in automated, secret fashion.

Share this entry

Colleen Kollar-Kotelly Ate the Serpent’s Fruit of Judicial “Oversight” in Lieu of Law

/8 Comments/in , /by

Sometime next week, I will have a post on what known documents the government chose not to release in yesterday’s dump — a significant chunk, for example, almost certainly show how the dragnet programs are tied inextricably to the content programs.

But for now, we’re getting increased clarity on the phone and Internet dragnet program.

One thing that seems clear is that there is no opinion authorizing the phone dragnet, as I suggested two months ago.

What passes as the government’s application for the phone dragnet — it is described as “Production to Congress of a May 23, 2006 Government Memorandum of Law,” but for a number of reasons, I have my doubts we’ve gotten even precisely that, which I’ll lay out at a future time — is dated May 23, 2006, the day before Malcom Howard approved the application. That doesn’t leave time for Howard to have written a fulsome opinion on the practice (and indeed, the timing makes me wonder whether this was approved because of urgent legal deadlines facing the telecoms). [Update: And when John Bates cites the “precedent” in his June-July 2010 opinion (75) he doesn’t cite an opinion.]

And the application makes it clear it relies on Kollar-Kotelly’s opinion as its legal justification. The first instance of doing so, tellingly, makes it clear FISC approval is designed primarily to give legal sanction for the program, not to assess whether the program actually is legal.

The Application is completely consistent with this Court’s ground breaking and innovative decision [redacted] in [redacted]. In that case, the Court authorized the installation and use of pen registers and trap and trace devices to collect bulk e-mail metadata [redacted]. The Court found that all of “the information likely to be obtained” from such collection is “relevant to an ongoing investigation to protect against international terrorism.” 50 U.S.C. § 1842(c)(2); [redacted] 25-54. The Court explained that “the bulk collection of meta data–i.e., the collection of both a huge volume and high percentage of unrelated communications–is necessary to identify the much smaller number of [redacted] communications.” Id. at 49. Moreover, as was the case in [redacted], this Application promotes both the twin goals of FISA: facilitating the foreign-intelligence collection needed to protect American lives while at the same time providing judicial oversight to safeguard American freedoms.

Let’s pause and reflect on this point for a moment.

We can now say with some certainty that a great many dragnet applications stem from the Kollar-Kotelly opinion. That’s because we have almost certainly identified the two opinions named in Claire Eagan’s opinion from earlier this year.

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.”

An earlier reference in Eagan quotes the Kollar-Kotelly opinion directly (and the page number lines up), and while I have not found the citation from this passage in the Bates opinion also released yesterday yet (I think it may appear in the redactions on page 76), that opinion discusses relevance at length and was clearly written between 2009 and 2011. [Update: the quote appears to be a rough transcription of Bates’ cherry picked quote from Kollar-Kotelly that appears on page 9. Update 2: The quote comes from page 73, which is Bates’ own transcription of his citation of K-K, but Eagan missed the word “analytic” before tools.]

[Update] Another thing suggests the Bates opinion dates to 2010. The language in the December 2009 notice to Congress suggests ongoing problems, and includes the Internet metadata problems, whereas the February 2011 notice includes far more redacted discussion (yet still treats an active Internet metadata program.

In addition, we know from the geolocation materials that the government didn’t get an opinion dedicated to that application before they started.

DOJ advised in February 2010 that obtaining the data for the described testing purposes was permissible based upon the current language of the Court’s BR FISA order requiring the production of’ all ca11 detail records.’ It is our understanding that DOJ also orally advised the FISC, via its staff, that we had obtained a limited set of test data sampling of cellular mobility data (cell site location information) pursuant to the Court-authorized program and that we were exploring the possibility of acquiring such mobility data under the BR FISA program in the near future based upon the authority currently granted by the Court.

There are 2004, 2006, 2008, 2010, and 2013 opinions that relate to Section 215 (and, I suspect, other activities as well; updated with typo fixed). But at the very least, Kollar-Kotelly’s opinion authorized gathering substantially all the phone and (by 2010) Internet metadata in the country, as well as (starting in 2010) some subset of geolocation data).

Kollar-Kotelly, then, is the primary analysis the government has always relied on to construct maps charting the relationships of every American.

Which is why I find it so troubling that the application here is unashamed that the point of the opinion is not to assess the legality of a practice, but instead to “provid[e] judicial oversight to safeguard American freedoms.” (Side note: these opinions argue these practices are “necessary” to protect American lives, but the phone dragnet has never once done so, as far as we know, and the government has since purportedly canceled the Internet dragnet program because it was unnecessary, though that is almost certainly a lie.)

Guaranteeing the government doesn’t violate the Constitution was supposed to safeguard American freedoms. But with the Kollar-Kotelly opinion and all that follows from it, impotent oversight has came to substitute for defending the Constitution.

Share this entry

The “Heroes” of the Hospital Confrontation Brief the FISC

/6 Comments/in , /by

I’m going to have several posts on the documents released yesterday, starting with the Internet dragnet opinion and the phone dragnet application.

But to give those two background, I want to look at a passage in the Internet dragnet opinion, in which Colleen Kollar-Kotelly describes a fascinating briefing that she received in advance of authoring what Orin Kerr describes as a “quite strange” opinion.

After describing some declarations she received (including one from a person whose title remains redacted) and some questions she posed, she describes this briefing.

The Court also relies on information and arguments presented in a briefing to the Court on [redacted] which addressed the current and near-term threats posed by [redacted reference to Al Qaeda and others], investigations conducted by the Federal Bureau of investigation (FBI) to counter those threats, the proposed collection activities of the NSA (now described in the instant application), the expected analytical value of information so collected in efforts to identify and track operatives [redacted] and the legal bases for conducting these collection activities under FISA’s pen register/trap and trace provisions. 4

4 This briefing was attended by (among others) the Attorney General; [redacted] the DIRNSA; the Director of the FBI; the Counsel to the President; the Assistant Attorney General for the Office of Legal Counsel; the Director of the Terrorist Threat Integration Center (TTIC); and Counsel for Intelligence Policy.

That is, right at the beginning of her opinion, Kollar-Kotelly tells us that she had a briefing with:

  • AG John Ashcroft
  • [redacted]
  • DIRNSA Michael Hayden
  • FBI Director Robert Mueller
  • Counsel to the President Alberto Gonzales
  • AAG for OLC Jack Goldsmith
  • TTIC Director John Brennan
  • Counsel for OIPR James Baker

On page 30, Kollar-Kotelly seems to refer to the same redacted person again, which in the context of the reference to CIA v. Sims in that footnote, seems to suggest this is a reference to CIA Director George Tenet, which suggests the redacted author of the brief she relied on was authored by Tenet. (I leave open the more tantalizing possibility that it’s someone like Dick Cheney, but highly doubt it.)

So before she approved the use of FISA’s Pen Register to collect much of the Internet metadata in the US, she had a meeting with at least one of the villains — Alberto Gonzales — of the hospital confrontation at which DOJ refused to reauthorize the Internet metadata program that was part of the President’s illegal wiretap program, and at least three of its “heroes:” Ashcroft, Mueller, and Goldsmith.

Interestingly, this meeting does not appear — at least not described as such — in the Draft NSA IG Report description of the transition to a FISC order.

After extensive coordination, DoJ and NSA devised the PRITT theory to which the Chief Judge of the FISC seemed amenable. DoJ and NSA worked closely over the following months, exchanging drafts of the application, preparing declarations, and responding to questions from court advisers. NSA representatives explained the capabilities that were needed to recreate the Authority, and DoJ personnel devised a workable legal basis to meet those needs. In April 2004, NSA briefed Judge Kollar-Kotelly and a law clerk because Judge Kollar-Kotelly was researching the impact of using PSP-derived information in FISA applications. In May 2004, NSA personnel provided a technical briefmg on NSA collection of bulk Internet metadata to Judge Kollar-Kotelly. In addition, General Hayden said he met with Judge Kollar-Kotelly on two successive Saturdays during the summer of 2004 to discuss the on-going efforts.

Was this “briefing” one of the Saturday meetings Hayden had with FISC’s Presiding Judge?

Remember, David Kris described the genesis of the bulk collection programs this way, in a paper emphasizing the role of the Internet dragnet.

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]

The Internet dragnet was illegal. At least 3 of the people who conveyed the importance of authorizing this program had said so — in very dramatic fashion — less than four months before she would do so.

And yet she wrote a memo saying it was legal.

Update, 8/12/14: This application confirms that George Tenet was the redacted declaration submitter.

Share this entry

Truth Claims, Malaprops, Cows, and the NSA Debate

/67 Comments/in , /by

Schindler Black PotusI was obviously unexcited about the way last night’s Chiefs-Broncos game went because I made the perhaps ill-advised decision to point out an obvious error in this post from former NSA analyst John Schindler.

He was trying to make a legitimate point — that some of the coverage of the Snowden leaks has conflated total Top Secret/SCI clearance holders with the number of people cleared into the compartments of the documents he took.

As The Guardian has taken center stage in the Snowden drama, serving as the English-language conduit of choice for publishing classified information about the National Security Agency and its partners that was stolen by Edward Snowden, it’s taken heat from the British government about its possibly illegal activities.

As a dodge, Guardian editors have taken to throwing around the “no big deal” excuse because, they claim, 850,000 people in the US, UK, and partner governments had access to this stuff. It was simply Ed, one in an (almost) million, who did the dirty deed. For one of the many iterations of this nonsense see here.

Yet nonsense it is. It plays on the fact the US and Allied governments have given out a lot of high-level clearances in recent years. But it requires a bit of explanation to understand the details – and why The Guardian is lying.

Everybody at NSA – whether military, civilian, or contractor – holds an active TOP SECRET (TS) security clearance with Sensitive Compartmented Information (SCI) access. That’s what it takes to get in the door at NSA.

[snip]

But TS/SCI is just the basic level of clearance at NSA and its partner and Allied agencies. Above that there exist many kinds of caveats and special programs that go (or have gone) by weird names such as GAMMA, VRK (Very Restricted Knowledge), and ECI (Exceptionally Controlled Information). Across DoD they have similar SAPs (Special Access Programs). The bottom line is that nobody at NSA sees “everything.” The entire system is in fact designed to prevent any one person from seeing everything.

The problem, however, is that Schindler made the same kind of stupid error he was accusing the Guardian of. I’ve copied the text above, including the link, as it was first posted and as it remained when I went to bed last night. At both of those times, the link went to this article, which actually didn’t make the claim he said it did (after the several hour exchange we had, he did finally change the link to this letter).

The agencies were supposed to be “selective in which contractors are given exposure to this information”, but it was ultimately seen by Snowden, one of 850,000 people in the US with top-secret clearance.

That is, to prove his case that the Guardian was lying, Schindler originally linked to an article showing the Guardian not making that claim (note, I have no idea what the 850,000 number actually refers to, but the total of TS security clearance holders was 1.4 million this time last year, but that would not include the Brits who had access).

So I asked (tweets are in reverse order),

Screen shot 2013-11-18 at 1.44.58 PM

Screen shot 2013-11-18 at 1.24.49 PM

His immediate response was to accuse me of willful cluelessness. He insisted it was a lie and that I was unable to see what normal people see because I was so lit phd.

it’s a LIE – which you would know if you actually knew anything about NSA & intel. Less lit PhD, more cryptology – #protip

your inability to see what’s clear to normal people is so lit-PhD-cliche it’s terrifying.

He came up with something that was closer to the claim he made, though still not what he accused the Guardian of (though also, I believe, erroneous), but did not change the original erroneous link yet.

The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

In the middle of it all, he tweeted his “stock phrase,” “This gets easier when you stop lying.”

When I was in #NSA CI I had a stock phrase: “This gets easier when you stop lying.” Now I’m saying it to The Guardian

And then it kept going and going and going, punctuated by the troubling comment above and the comedic relief of former Tory MP Louise Mensch coming in to tell me I should respect his expertise and then proceeded to lecture me that “cow” is not a verb (I think she has since deleted these tweets they’re there–I just couldn’t find them) and on what a malaprop isn’t.

Screen shot 2013-11-18 at 2.09.04 PM

Screen shot 2013-11-18 at 2.07.04 PM

Screen shot 2013-11-18 at 2.03.12 PM

Screen shot 2013-11-18 at 2.01.04 PM

 

Screen shot 2013-11-18 at 3.16.22 PM

Screen shot 2013-11-18 at 1.58.48 PM

While we were all laughing heartily, Schindler added an update and in that update linked to this article, which quoted former Lord Chancellor Falconer making the claim, but did not include such a claim from the Guardian.

Falconer, who also said he deprecated attempts to portray the Guardian as an “enemy of the state”, pointed out that 850,000 people had access to the files leaked by the US whistleblower Edward Snowden.

Falconer, a close ally of Tony Blair who served as lord chancellor from 2003-07, told the Guardian: “I am aware that the three heads of the agencies said what has been published has set back the fight against terrorism for years. Sir John Sawers [the chief of MI6] said al-Qaida would be rubbing their hands with glee. This is in the context of maybe 850,000 people literally having access to this material.”

But still, hours after I first — in what I thought was a fairly polite comment — informed him his link didn’t prove what he said it did.

Several hours into the process, Daveed Garenstein-Ross found several more examples, some of which made the 850K claim, some which didn’t.

Through this entire discussion, I didn’t dispute that Schindler could find an example nor the point of the post — that nowhere near 850K people were cleared for these compartments. I just felt that if Schindler were going to aggressively accuse Guardian of lying, his links ought to back his claims. (See below for the range of other links bandied about last night.)

To me, it served as a metaphor for the larger debate on the NSA, akin to the refusal in some quarters to consider the lies of one’s own side. I suggested Schindler fix an easily fixed error. It took him hours and heaps of insults before he did, before he would hold himself to the same standard he was holding the Guardian to.

Errors happen. Lies do too. All sides have committed both, though clearly the security services seem to be capitalizing on their information asymmetry to try to ensure maximal disinformation and confusion.

But there are still truth claims to be made, with the expectation of evidence. Or there should be.   Read more

Share this entry

The Phone Dragnet White Paper, Revisited

/8 Comments/in , /by

I made the mistake of referring to the Administration’s White Paper on the phone dragnet, which led me to do another close read of the document. Given what we know now there are several passages I find to be quite telling.

Still hiding the how and why of the first authorization

As I’ve traced, the government seems to be hiding the first authorization of the phone dragnet and may have withheld it from Congress for six months past the 2010 reauthorization of the phone dragnet.

Which is why I find it interesting the White Paper specifically admits to withholding “facts underlying its legal authorization.”

Because aspects of this program remain classified, there are limits to what can be said publicly about the facts underlying its legal authorization. This paper is an effort to provide as much information as possible to the public concerning the legal authority for this program, consistent with the need to protect national security, including intelligence sources and methods.

One fact underlying its legal authorization may well be what David Kris suggested it was: that the program was initially approved only to make Bush’s illegal program illegal.

 

The White Paper references the requirement — included as part of the FISA Amendments Act passed in 2008 — that the Administration provide all significant legal interpretations to Congress.

Although the proceedings before the FISC are classified, Congress has enacted legislation to ensure that its members are aware of significant interpretations of law by the FISC. FISA requires “the Attorney General [to] submit to the [Senate and House Intelligence and Judiciary Committees] . . . a summary of significant legal interpretations of this chapter involving matters before the [FISC or Foreign Intelligence Surveillance Court of Review (FISCR)], including interpretations presented in applications or pleadings filed with the [FISC or FISCR] by the Department of Justice and . . . copies of all decisions, orders, or opinions of the [FISC or FISCR] that include significant construction or interpretation of the provisions of this chapter.” 50 U.S.C. § 1871(a). The Executive Branch not only complied with this requirement with respect to the telephony metadata collection program, it also worked to ensure that all Members of Congress had access to information about this program and the legal authority for it. Congress was thus on notice of the FISC’s interpretation of Section 215, and with that notice, twice extended Section 215 without change.

But the Administration provide all the past decisions until August 16, 2010, two years after the law was passed. So their claim to have complied with that requirement sure seems like an attempt to cover up its failure to comply in good faith.

Just as interestingly, the White Paper separates the paragraph on complying with a requirement to provide all opinions from this one by a paragraph.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

This is particularly bizarre given that they address the same topic: providing FISC orders to Congress. This makes the “thereafter”–withholding the date–comment all the more suspicious.

The non-substantive queries conducted by the techs

As I’ve reviewed repeatedly, NSA needs techs to massage the data before the analysts can use the database to lay out alleged terror networks. They also seem to work on algorithms with the data.

Which is why I find the modification of query here so interesting.

The Government cannot conduct substantive queries of the bulk records for any purpose other than counterterrorism.

It seems to be an admission that the Government can conduct non-substantive queries of the bulk records for non-CT purposes. Is that just the tech massaging or is that something else the court hasn’t authorized?

Rewriting the Guidelines to require investigative overkill

As I wrote in this post, some time after September 2008, the FISC started using the Attorney General Guidelines on Domestic Operations as FBI’s minimization procedures for Section 215.

So I found it interesting to see how the White Paper used the AGG. It starts by laying out that FBI protects the US from threats to national security and collects foreign intelligence.

Authorized Investigation. The telephony metadata records are sought for properly predicated FBI investigations into specific international terrorist organizations and suspected terrorists. Read more

Share this entry

The Era of Big Pen Register: The Flaw in Jeffrey Miller’s Moalin Decision

/14 Comments/in , /by

As I noted, on Thursday Judge Jeffrey Miller rejected Basaaly Moalin’s bid for a new trial based on disclosures of the Section 215 dragnet. Miller rejected the bid largely by relying on Smith v. Maryland and subsequent decisions that found no Fourth Amendment protection for pen registers.

But Miller resorts to a bit of a gimmick to dismiss Justice Sonia Sotomayor’s comments in US v. Jones.

Miller notes Sotomayor’s comments. But he points to the 170 year history of the pen register and reasons that because pen register technology is so old, they cannot be described as a “product of the so-called digital revolution,” and therefore cannot raise the kind of new privacy concerns Sotomayor had in mind.

As noted by Defendants, Justice Sotomayor stated that the recent rise of the digital era of cell phones, internet, and email communications may ultimately require a reevaluation of “expectation of privacy in information voluntarily disclosed to third parties.” Id. at 957. Defendants extrapolate from this dicta that the court should recognize that Defendant Moalin had a reasonable expectation of privacy cognizable under the Fourth Amendment that the Government would not collect either individual or aggregated metadata.

The difficulty with Defendants’ argument is twofold. First, the use of pen register-like devices – going back to Samuel Morses’s 1840 telegraph patent – predates the digital era and cannot be considered a product of the digital revolution like the internet or cell phones. See Samuel F.G. Morse, Improvement in the Mode of Communicating Information by Signals by the Application of Electro-Magnetism, U.S. Patent 1647, June 20, 1840, page 4 column 2. In short, pen register-like devices predate the internet era by about 150 years and are not a product of the so-called digital revolution – the basis for the concerns articulated by Justice Sotomayor. [my emphasis]

Now, before I pick this apart, let’s look back at an earlier move Miller made.

In assessing the Section 215 dragnet, Miller did not consider whether the collection of Moalin’s phone records as part of a database of every single American’s phone records was constitutional. Instead, he first considered Moalin’s interest in phone records not involving him, then considered Moalin’s protections in phone records involving him (this may suggest the government found Moalin on a second hop).

Defendants argue that the collection of telephony metadata violated Defendant Moalin’s First and Fourth Amendment rights. At issue are two distinct uses of telephone metadata obtained from Section 215. The first use involves telephony metadata retrieved from communications between third parties, that is, telephone calls not involving Defendants. Clearly, Defendants have no reasonable expectation of privacy to challenge any use of telephony metadata for calls between third parties. See Steagald v. United States, 451 U.S. 204, 219 (1981) (Fourth Amendment rights are personal in nature); Rakas v. Illinois, 439 U.S. 128, 133-34 (1978) (“Fourth Amendment rights are personal rights which, like some other constitutional rights, may not be vicariously asserted.”); United States v. Verdugo-Uriquidez, 494 U.S. 259, 265 (1990) (the term “people” described in the Fourth Amendment are persons who are part of the national community or may be considered as such). As noted in Steagald, “the rights [] conferred by the Fourth Amendment are personal in nature, and cannot bestow vicarious protection on those who do not have a reasonable expectation of privacy in the place to be searched.” 451 U.S. at 219. As individuals other than Defendants were parties to the telephony metadata, Defendants cannot vicariously assert Fourth Amendment rights on behalf of these individuals. To this extent, the court denies the motion for new trial.

The second use of telephony metadata involves communications between individuals in Somalia (or other countries) and Defendant Moalin. The following discusses whether Defendant Moalin, and other Defendants through him, have any reasonable expectation of privacy in telephony metadata between Moalin and third parties, including co-defendants.

In other words, Miller takes Moalin’s phone records out of the context in which they were used. In doing so, he turns an enormous database — very much the product of the “so-called digital revolution” — into two pen registers, 170 year old technology.

That move is all the more problematic given repeated Administration explanations (cited by Moalin’s defense and therefore even Miller in his ruling) that Moalin was only identified through indirect contact with an identified selector (presumed to be Somali warlord Aden Ayro).

That is, Moalin would not have been identified without using the features of the database and NSA’s chaining analysis. Moalin was identified not because a single pen register showed him to be in contact with Aden Ayro, but because a network analysis showed his contacts with someone else appeared to be of sufficient value to constitute a likely tie to Ayro himself. And that two-hop connection served either as the basis to listen to already collected conversations involving Moalin via back door searches or, by itself, the basis for probable cause to wiretap Moalin (I suspect it’s the former, and further suspect they used the fruits of that back door search to get the warrant to tap Moalin directly).

Members of the Administration have assured us, over and over, that this chaining analysis is only possible with a complete haystack. Thus, the entire haystack — the database and data analysis that are the quintessential tool of the “so-called digital revolution” — is the instrument of surveillance, not hundreds of millions of individual pen registers. And yet, in their first victory over a defendant with standing, the judge resorted to a gimmick to render that haystack back into hundreds of millions of pieces of hay again.

Update: This passage, from the Administration White Paper, is inconsistent with Miller’s treatment of the dragnet as two separate pen registers.

Although broad in scope, the telephony metadata collection program meets the “relevance” standard of Section 215 because there are “reasonable grounds to believe” that this category of data, when queried and analyzed consistent with the Court-approved standards, will produce information pertinent to FBI investigations of international terrorism, and because certain analytic tools used to accomplish this objective require the collection and storage of a large volume of telephony metadata. This does not mean that Section 215 authorizes the collection and storage of all types of information in bulk: the relevance of any particular data to investigations of international terrorism depends on all the facts and circumstances. For example, communications metadata is different from many other kinds of records because it is inter-connected and the connections between individual data points, which can be reliably identified only through analysis of a large volume of data, are particularly important to a broad range of investigations of international terrorism. [my emphasis]

Share this entry

Like Obi Wan, Osama bin Laden Has Come Back More Powerful Than Ever Before

/10 Comments/in , , /by

In a piece that serves only to claim we need even more invasive online surveillance because we’ve made al Qaeda more insidious than before Osama bin Laden died, Michael Hirsh tries to make Abu Musab al-Suri the new boogeyman (who, as J.M. Berger notes, may not even be alive!).

The truth is much grimmer. Intelligence officials and terrorism experts today believe that the death of bin Laden and the decimation of the Qaida “core” in Pakistan only set the stage for a rebirth of al-Qaida as a global threat. Its tactics have morphed into something more insidious and increasingly dangerous as safe havens multiply in war-torn or failed states—at exactly the moment we are talking about curtailing the National Security Agency’s monitoring capability. And the jihadist who many terrorism experts believe is al-Qaida’s new strategic mastermind, Abu Musab al-Suri (a nom de guerre that means “the Syrian”), has a diametrically different approach that emphasizes quantity over quality. The red-haired, blue-eyed former mechanical engineer was born in Aleppo in 1958 as Mustafa Setmariam Nasar; he has lived in France and Spain. Al-Suri is believed to have helped plan the 2004 train bombings in Madrid and the 2005 bombings in London—and has been called the “Clausewitz” of the new al-Qaida.

[snip]

But the agency’s opponents may not realize that the practice they most hope to stop—its seemingly indiscriminate scouring of phone data and emails—is precisely what intelligence officials say they need to detect the kinds of plots al-Suri favors.

[snip]

And the consensus of senior defense and intelligence officials in the U.S. government is that NSA surveillance may well be the only thing that can stop the next terrorist from blowing apart innocent Americans, as happened in Boston last April. “Al-Qaida is far more a problem a dozen years after 9/11 than it was back then,” [Navy Postgraduate School expert John] Arquilla says.

[snip]

Officials also say they need more intelligence than ever to determine which of the multifarious new jihadist groups is a true threat. “The really difficult strategic question for us is which one of these groups do we take on,” [Michael] Hayden says. “If you jump too quickly and you put too much of a generic American face on it, then you may make them mad at us when they weren’t before. So we are going to need a pretty nuanced and sophisticated understanding of where there these new groups are going and where we need to step up and intervene.”

Some officials suggest that to do that—to discriminate carefully between the terrorists who are directly targeting U.S. interests and those who aren’t—the United States needs to step up, not slow down, the NSA’s monitoring of potential targets. [my emphasis]

Hirsh doesn’t seem to notice it, but even while he quotes former and current architects of our counterterrorism strategy like Michael Hayden and Mike Rogers, if his tale is to be believed, you have to also believe those former and current counterterrorism leaders committed these grave counterterrorism failures:

  • Allowing no fewer than 25 failed states to flourish, especially in Yemen, Somalia, Syria, Libya, and Iraq
  • Failing to win or even establish governance in Afghanistan
  • Rendering al-Suri to Syria where he may or may not have been let free
  • Taking on Bashar al-Assad (who the article admits provided us counterterrorism support, including presumably proxy torturing al-Suri) even while not backing dictators who provide counterterrorism support during the Arab Spring
  • Abandoning Syrian rebels to Assad

Then Hirsh goes on to recite the debunked claims about how useful the Section 215 dragnet is (though curiously, he doesn’t mention Basaaly Moalin, perhaps because elsewhere Harold Koh admits that even most members of al-Shabaab aren’t members of al Qaeda, much less those who materially support al-Shabaab), how that would have (and, the implication is) and is the only thing that might have prevented 9/11.

Hirsh doesn’t even seem to notice that he repeats the claim that only NSA dragnets can prevent a Boston Marathon attack, yet NSA dragnets didn’t prevent the Boston Marathon attack.

Obviously, the whole thing is just as Mike Rogers/Michael Hayden sponsored advertisement to pass DiFi’s Fake FISA Fix (the article doesn’t address why she doesn’t just accept the status quo).

But in the process, Hirsh has instead laid out solid evidence we should never trust the people who’ve been running our war on terror for the last 12 years, because, if even a fraction of what he claims is true, they’ve actually made us far less safe.

Share this entry

The CIA (&etc) Money Orders

/4 Comments/in , , /by

NSL v 215Both the NYT (Charlie Savage and Mark Mazzetti) and WSJ (Siobhan Gorman, Devlin Barrett, and Jennifer Valentine-Devries) tell the same story today: the CIA is collecting bulk data on international money transfers. Given that someone has decided to deal this story to two papers at the same time, and given the number of times the Administration has pre-leaked stories to Gorman of late to increasingly spectacular effect (even making most national security journalists forget the very existence of GCHQ’s notoriously voracious taps at cable landings just off Europe) I assume this may be some kind of limited hangout.

It’s not that I doubt in the least that CIA gets and uses financial data. I don’t even doubt the government uses PATRIOT authorities to do so (as both stories assert).

But it would be unlikely that this data comes in through an FBI order and does not also get shared with Treasury and National Counterterrorism Center (if not NSA), both of which would have better infrastructure for analyzing it, and both of which we know to use such data for their known intelligence products. Indeed, in response to a question from both papers about this practice Western Union points to Treasury programs.

 A spokeswoman for one large company that handles money transfers abroad, Western Union, did not directly address a question about whether it had been ordered to turn over records in bulk, but said that the company complies with legal requirements to provide information.

“We collect consumer information to comply with the Bank Secrecy Act and other laws,” said the spokeswoman, Luella Chavez D’Angelo. “In doing so, we also protect our consumers’ privacy.”

And at WSJ a consultant to the industry points even more firmly towards Treasury.

Money-transfer companies are “highly, highly aware of their obligations under the Patriot Act,” said Robert Pargac, a director in global investigations and compliance at Navigant Consulting Inc. who has worked at several such companies. Western Union said last month it would be spending about 4% of its revenue in 2014 on compliance with rules under the Patriot Act, the Treasury Department’s Office of Foreign Assets Control and other anti-money-laundering and terrorist-financing requirements.

We know that, at least until 2008, the FBI maintained that it could share materials that came in through Section 215 with any agency so long as that agency asserted it had a need for the information, and there’s little reason to believe the FBI has changed that policy. So I would assume at least Treasury and NCTC gets this data as well. It may be all this story indicates is that — as they do with much Section 702 data — CIA gets its own access to the data. That’s a minimization story, not a collection story, because we’ve known this data was collected (as WSJ points out).

Then there’s the evidence both papers point to to show that this is a Section 215 program. Read more

Share this entry

Basaaly Moalin Denied New Trial

/in , /by

As I noted the other day, Basaaly Moalin argued for a new trial Wednesday, arguing that disclosures that his entire prosecution stems from indirect phone contacts with a Somali warlord under the Section 215 phone dragnet program raises questions about the validity of the evidence used to convict him.

One day after that hearing, Judge Jeffrey Miller denied Moalin a new trial.

Miller argues that the all the new disclosures about the phone dragnet present no new issues in the trial. He even suggests the multiple discussions of Moalin’s case in testimony before Congress and the documents released by the government may not be admissible (even though he relies on the most recent FISC order, which addresses the program as it exists now, not as it exists in 2007 when FBI was tipped to Moalin).

Setting aside the issue of admissibility of the public revelations of the NSA program of securing telephone metadata, the public disclosure of the NSA program adds no new facts to alter the court’s FISA and CIPA rulings. Because the court has already considered and addressed many of the FISA and CIPA arguments from a federal and constitutional law perspective, the present motion is akin to a motion for reconsideration.

Given the Judge’s quick turnaround, it’s clear he had no intention of granting a new trial, regardless of what Moalin presented yesterday. Miller determined that the phone dragnet was proper in secret a year ago — based on what I am certain was impartial information — and he refuses to consider the possibility that his determination was incorrect.

I will look closer at Miller’s thinking later today — while his legal analysis is better than, say, Claire Eagan’s, there are still at least two obvious holes in his analysis.

But for the moment, realize that the government has won the ability to base an entire conviction off even indirect phone contacts identified via the phone dragnet.

I suspect we’ll see this case again at the 9th Circuit.

Share this entry

DiFi’s Circular Defense of the Phone Dragnet’s Legality Proves It Is Illegal

/15 Comments/in , /by

In the report on her own Fake FISA Fix, DiFi makes this case that the phone dragnet program is not illegal.

First, in reference to the call records program, some people will say that the FISA Improvements Act codifies an illegal program. It does not. This legislation does not provide any new legislative authority with which the government may acquire call records or any other information under Section 215—in fact, it narrows the existing authority for it. Section 2 of the FISA Improvements Act clearly prohibits the use of the Business Records authority to collect bulk communication records except through the supplemental procedures and restrictions required by this section, as are detailed in this report.

As part of this previously classified program, in 2006, the Department of Justice sought approval from the FISA Court to collect call records in large number under the Section 215 Business Records provision. The FISA Court approved that request, and has reviewed and renewed that authority every 90 days for the past seven years. These renewal applications have been approved by at least 15 different federal court judges selected by the Chief Justice of the United States to serve on this Court.

The Department of Justice’s legal analysis of the call records program has recently been publicly released, as have the two most recent opinions by the FISA Court as part of the reauthorization of the program every 90 days.

Critics of the program may dispute the legal reasoning, but there should be no disagreement that this program currently is authorized under law and has been determined to be legal and Constitutional by the Executive and Judicial branches. [my emphasis]

Her rebuttal that this doesn’t codify the program is pretty funny given that just 1 paragraph earlier she talks about “codifying existing privacy protections,” which is the equivalent claim.

I’m more interested in what she doesn’t address.

She lays out how DOJ applied for and got authorization to collect this data in 2006 (she doesn’t say what date).

She points to two FISC court opinions — the one that forgot to address Jones and the one that cleaned up that obvious error — and the Administration White Paper. And she claims that’s “the legal reasoning.”

But of course, it’s not. There was either legal reasoning dated February 24, 2006 that they’re hiding, or there was an absence of legal reasoning, which ought to be a major giveaway in either case.

Moreover, all three documents DiFi points to as “the legal reasoning” suffer from a critical flaw. They all point to Congress’ “fully informed” reauthorization of the law to justify the validity of the law today.

But that “fully informed” reauthorization didn’t happen.

Indeed, DiFi’s own comments on the Fake FISA Fix twice tacitly admit that, when she notes that every member of the Senate got a chance to read notice on the dragnet, while remaining silent about the House.

In addition, information concerning the bulk telephone metadata program has been made available to every member of the Senate prior to the reauthorization of Section 215, most recently in 2011.

[snip]

For example, the NSA telephone metadata program was approved by federal judges and overseen by Congress, where every member of the Senate had access to information concerning how the programs were conducted and an opportunity to voice objections and debate their efficacy.

The White Paper goes even further. It obliquely admits not just that Mike Rogers refused to allow the House to learn about the dragnet before they voted on it.

An updated version of the briefing paper, also recently released in redacted form to the public, was provided to the Senate and House Intelligence Committees again in February 2011 in connection with the reauthorization that occurred later that year. See Letter from Assistant Attorney General Ronald Weich to the Honorable Dianne Feinstein and the Honorable Saxby Chambliss, Chairman and Vice Chairman, Senate Select Committee on Intelligence (Feb. 2, 2011); Letter from Assistant Attorney General Ronald Weich to the Honorable Mike Rogers and the Honorable C.A. Dutch Ruppersberger, Chairman and Ranking Minority Member, House Permanent Select Committee on Intelligence (Feb. 2, 2011). The Senate Intelligence Committee made this updated paper available to all Senators later that month. See Letter from Sen. Diane Feinstein and Sen. Saxby Chambliss to Colleagues (Feb. 8, 2011). [my emphasis]

But it also, even more obliquely, admits that the Executive did not provide the legal reasoning in question until August 16, 2010, after PATRIOT was reauthorized the first time.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this [Section 215] program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees. [my emphasis]

So to sum up DiFi’s legal defense of the dragnet:

  1. Three documents say it is legal
  2. All 3 documents say it is legal largely because Congress has reauthorized a previously legally suspect program
  3. One of those 3 documents that says it is legal because Congress reauthorized a legally suspect program admits (obliquely) that Congress was not fully informed either time it reauthorized that suspect program
  4. DiFi’s document pointing to these 3 documents claiming it is legal because Congress reauthorized a legally suspect program also admits Congress was not fully informed when it reauthorized that suspect program

I’m convinced! DiFi has made the case! The program does not, because of the ample notice problems in the past, fulfill the standards which the 3 documents require it would need to meet to be legal.

But it might be if her Fake FISA Fix becomes law.

Share this entry