Posts

The Section 215 Rap Sheet

Marco Rubio, who is running for President as an authoritarian, claims that “There is not a single documented case of abuse of this program.”

He’s not alone. One after another defender of the dragnet make such claims. FBI witnesses who were asked specifically about abuses in 2011 claimed FBI did not know of any abuses (even though FBI Director Robert Mueller had had to justify FBI’s use of the program to get it turned back on after abuses discovered in 2009).

Comment — Russ Feingold said that Section 215 authorities have been abused. How does the FBI respond to that accusation?

A — To the FBI’s knowledge, those authorities have not been abused.

Though Section 215 boosters tend to get sort of squishy on their vocabulary, changing language about whether this was illegal, unconstitutional, or abusive.

Here’s what we actually know about the abuses, illegality, and unconstitutionality of Section 215, both the phone dragnet program and Section 215 more generally.

Judges

First, here’s what judges have said about the program:

1) The phone dragnet has been reapproved around 41 times by at least 17 different FISC judges

The government points to this detail as justification for the program. It’s worth noting, however, that FISC didn’t get around to writing an opinion assessing the program legally until 10 judges and 34 orders in.  Since Snowden exposed the program, the FISC appears to have made a concerted effort to have new judges sign off on each new opinion.

2) Three Article III courts have upheld the program:

Judges William Pauley and Lynn Winmill upheld the constitutionality of the program (but did not asses the legality of it); though Pauley was reversed on statutory, not constitutional grounds. Judge Jeffrey Miller upheld the use of Section 215 evidence against Basaaly Moalin on constitutional grounds.

3) One Article III court — Judge Richard Leon in Klayman v. Obama — found the program unconstitutional.

4) The Second Circuit (along with PCLOB, including retired Circuit Court judge Patricia Wald, though they’re not a court), found the program not authorized by statute.

The latter decision, of course, is thus far the binding one. And the 2nd Circuit has suggested that if it has to consider the program on constitution grounds, it might well find it unconstitutional as well.

Statutory abuses

1) As DOJ’s IG confirmed yesterday, for most of the life of the phone dragnet (September 2006 through November 2013), the FBI flouted a mandate imposed by Congress in 2006 to adopt Section 215-specific minimization procedures that would give Americans additional protections under the provision (note–this affects all Section 215 programs, not just the phone dragnet). While, after a few years, FISC started imposing its own minimization procedures and reporting requirements (and rejected proposed minimization procedures in 2010), it nevertheless kept approving Section 215 orders.

In other words, in addition to being illegal (per the 2nd Circuit), the program also violated this part of the law for 7 years.

2) Along with all the violations of minimization procedures imposed by FISC discovered in 2009, the NSA admitted that it had been tracking roughly 3,000 presumed US persons against data collected under Section 215 without first certifying that they weren’t targeted on the basis of First Amendment protected activities, as required by the statute.

Between 24 May 2006 and 2 February 2009, NSA Homeland Mission Coordinators (HMCs) or their predecessors concluded that approximately 3,000 domestic telephone identifiers reported to Intelligence Community agencies satisfied the RAS standard and could be used as seed identifiers. However, at the time these domestic telephone identifiers were designated as RAS-approved, NSA’s OGC had not reviewed and approved their use as “seeds” as required by the Court’s Orders. NSA remedied this compliance incident by re-designating all such telephone identifiers as non RAS-approved for use as seed identifiers in early February 2009. NSA verified that although some of the 3,000 domestic identifiers generated alerts as a result of the Telephony Activity Detection Process discussed above, none of those alerts resulted in reports to Intelligence Community agencies.

NSA did not fix this problem by reviewing the basis for their targeting; instead, it simply moved these US person identifiers back onto the EO 12333 only list.

While we don’t have the background explanation, in the last year, FISC reiterated that the government must give First Amendment review before targeting people under Emergency Provisions. If so, that would reflect the second time where close FISC review led the government to admit it wasn’t doing proper First Amendment reviews, which may reflect a more systematic problem. That would not be surprising, since the government has already been chipping away at that First Amendment review via specific orders.

Minimization procedure abuses

1) The best known abuses of minimization procedures imposed by the FISC were disclosed to the FISC in 2009. The main item disclosed involved the fact that NSA had been abusing the term “archive” to create a pre-archive search against identifiers not approved for search. While NSA claimed this problem arose because no one person knew what the requirements were, in point of fact, NSA’s Inspector General warned that this alert function should be disclosed to FISC, and it was a function from the Stellar Wind program that NSA simply did not turn off when FISC set new requirements when it rubber-stamped the program.

But there were a slew of other violations of FISC-imposed minimization procedures disclosed at that time, almost all arising because NSA treated 215 data just like it treats EO 12333, in spite of FISC’s clear requirements that such data be treated with additional protections. That includes making query results available to CIA and FBI, the use of automatic search functions, and including querying on any “correlated” identifiers. These violations, in sum, are very instructive for the USA F-ReDux debate because NSA has never managed to turn these automated processes back on since, and one thing they presumably hope to gain out of moving data to the providers is to better automate the process.

2) A potentially far more egregious abuse of minimization procedures was discovered (and disclosed) in 2012, when NSA discovered that raw data NSA’s techs were using over 3,000 files of phone dragnet data on their technical server past the destruction date.

As of 16 February 2012, NSA determined that approximately 3,032 files containing call detail records potentially collected pursuant to prior BR Orders were retained on a server and been collected more than five years ago in violation of the 5-year retention period established for BR collection. Specifically, these files were retained on a server used by technical personnel working with the Business Records metadata to maintain documentation of provider feed data formats and performed background analysis to document why certain contact chaining rules were created. In addition to the BR work, this server also contains information related to the STELLARWIND program and files which do not appear to be related to either of these programs. NSA bases its determination that these files may be in violation of BR 11-191 because of the type of information contained in the files (i.e., call detail records), the access to the server by technical personnel who worked with the BR metadata, and the listed “creation date” for the files. It is possible that these files contain STELLARWIND data, despite the creation date. The STELLARWIND data could have been copied to this server, and that process could have changed the creation date to a timeframe that appears to indicate that they may contain BR metadata.

But rather than investigate this violation — rather than clarify how much data this entailed, whether it had been mingled with Stellar Wind data, whether any other violations had occurred — NSA destroyed the data.

In one incident, NSA technical personnel discovered a technical server with nearly 3,000 files containing call detail records that were more than five years old, but that had not been destroyed in accordance with the applicable retention rules. These files were among those used in connection with a migration of call detail records to a new system. Because a single file may contain more than one call detail record, and because the files were promptly destroyed by agency technical personnel, the NSA could not provide an estimate regarding the volume of calling records that were retained beyond the five-year limit. The technical server in question was not available to intelligence analysts.

From everything we’ve seen the tech and research functions are not audited, not even when they’re playing with raw data (which is, I guess, why SysAdmin Edward Snowden could walk away with so many records). So not only does this violation show that tech access to raw data falls outside of the compliance mechanisms laid out in minimization procedures (in part, with explicit permission), but that NSA doesn’t try very hard to track down very significant violations that happen.

Overall sloppiness

Finally, while sloppiness on applications is not a legal violation, it does raise concerns about production under the statute. The IG Report reviewed just six case files which used Section 215 orders. Although the section is heavily redacted, there are reasons to be significantly concerned about four of those.

  • An application made using expedited approval that made a material misstatement about where FBI obtained a tip about the content of a phone call. The FBI agent involved “is no longer with the FBI.” The target was prosecuted for unlawful disclosure of nuke information, but the Section 215 evidence was not introduced into trial and therefore he did not have an opportunity to challenge any illegal investigative methods.
  • A 2009 application involving significant minimization concerns and for which FBI rolled out a “investigative value” exception for access limits on Section 215 databases. This also may involve FBI’s secret definition of US person, which I suspect pertains to treating IP addresses as non-US persons until they know it is a US person (this is akin to what they do under 702 MPs). DOJ’s minimization report to FISC included inaccuracies not fixed until June 13, 2013.
  • A 2009 application for a preliminary investigation that obtained medical and education records from the target’s employer. FBI ultimately determined the target “had no nexus to terrorism,” though it appears FBI kept all information on the target (meaning he will have records at FBI for 30 years). The FBI’s minimization report included an error not fixed until June 13, 2013, after the IG pointed it out.
  • A cyber-investigation for which the case agent could not locate the original production, which he claims was never placed in the case file.

And that’s just what can be discerned from the unredacted bits.

Remember, too: the inaccuracies (as opposed to the material misstatement) were on minimization procedures. Which suggests FBI was either deceitful — or inattentive — to how it was complying with FISC-mandated minimization procedures designed to protect innocent Americans’ privacy.

And remember — all this is just Section 215. The legal violations under PRTT were far more egregious, and there are other known violations and misstatements to FISC on other programs.

This is a troubling program, one that several judges have found either unconstitutional or illegal.

 

Garr King’s Mohamud Decision: Classifying the Unclassified Details of Section 215

There are a lot of appalling things Garr King did in his opinion denying Mohamed Osman Mohamud any of a number of remedies for the government not having revealed he was caught using Section 702.

King gives far too much credence to the government’s farcical claims about why they didn’t disclose the 702 surveillance back when they disclosed the traditional FISA surveillance.  I think King’s portrayal of the FISA Court contradicts itself — and the public record — from paragraph to paragraph (see the last paragraph on 18 and the first on 19, especially). The Third Party argument used for content (see page 40) is pretty crazy, and the minimization procedures discussion (page 41) is ripe for challenge under Chief Justice John Roberts’ insistence that “protocols” are not the protection from General Warrants our Founders fought a Revolution for (and even King seems unpersuaded by the Government’s arguments about back door searches on page 43).

But King’s craziest move is to hide his argument for rejecting Mohamud’s challenge to Section 215 collection.

Defendant raises concerns about the collection of telephone metadata under § 215 of the Patriot Act, codified at 50 U.S.C. § 1861, and any other still-secret warrantless surveillance programs. He assumes there is a strong possibility that his telephone metadata has been collected, and he asks the court to address the lawfulness of these programs, conclude they violate the First and Fourth Amendments, and suppress all fruits of these other surveillance activities.

I deny defendant’s arguments concerning § 215 for the reasons stated in the classified opinion.

It seems to me the proper responses to this question should have been a standing argument (he has no proof he was surveilled, even though we all were) or an unclassified discussion, as Jeffery Miller managed in the Basaaly Moalin case. But to put this discussion of a program that the government claims it has substantially declassified in a classified opinion seems to confirm 215 was used, but deprives Mohamud of challenging the new details about its use the government likely provided.

I suspect it is likely that the government has used Moalin’s call records just like James Clapper admitted they do from the start, as a kind of index to find the content of interest. If I’m right, King’s discussion of it would pertain directly to his wobbly support for back door searches. And it would show just how outrageous the phone dragnet is — because it basically amounts to content “collection” without a warrant (which brings us back to King’s crazypants treatment of content as if it fell under the Third Party doctrine).

We have now had at least 4 cases assessing the constitutionality of the phone dragnet decided in largely unclassified fashion, including another criminal defendant.

And yet the first defendant who might challenge the way Section 215 is likely yoked to Section 702 somehow loses the right to have an adversarial discussion about it.

That seems to betray just how damaging such a discussion might be to the government’s claims.

The Verizon Publicity Stunt, Mosaic Theory, and Collective Fourth Amendment Rights

On Friday, I Con the Record revealed that a telecom — Ellen Nakashima confirms it was Verizon — asked the FISA Court to make sure its January 3 order authorizing the phone dragnet had considered Judge Richard Leon’s December 16 decision that it was unconstitutional. On March 20, Judge Rosemary Collyer issued an opinion upholding the program.

Rosemary Collyer’s plea for help

Ultimately, in an opinion that is less shitty than FISC’s previous attempts to make this argument, Collyer examines the US v. Jones decision at length and holds that Smith v. Maryland remains controlling, mostly because no majority has overturned it and SCOTUS has provided no real guidance as to how one might do so. (Her analysis raises some of the nuances I laid out here.)

The section of her opinion rejecting the “mosaic theory” that argues the cumulative effect of otherwise legal surveillance may constitute a search almost reads like a cry for help, for guidance in the face of the obvious fact that the dragnet is excessive and the precedent that says it remains legal.

A threshold question is which standard should govern; as discussed above, the court of appeals’ decision in Maynard and two concurrences in Jones suggest three different standards. See Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Mich. L. Rev. at 329. Another question is how to group Government actions in assessing whether the aggregate conduct constitutes a search.See id. For example, “[w]hich surveillance methods prompt a mosaic approach? Should courts group across surveillance methods? If so, how? Id. Still another question is how to analyze the reasonableness of mosaic searches, which “do not fit an obvious doctrinal box for determining reasonableness.” Id. Courts adopting a mosaic theory would also have to determine whether, and to what extent, the exclusionary rule applies: Does it “extend over all the mosaic or only the surveillance that crossed the line to trigger a search?”

[snip]

Any such overhaul of Fourth Amendment law is for the Supreme Court, rather than this Court, to initiate. While the concurring opinions in Jones may signal that some or even most of the Justices are ready to revisit certain settled Fourth Amendment principles, the decision in Jones itself breaks no new ground concerning the third-party disclosure doctrine generally or Smith specifically. The concurring opinions notwithstanding, Jones simply cannot be read as inviting the lower courts to rewrite Fourth Amendment law in this area.

As I read these passages, I imagined that Collyer was trying to do more than 1) point to how many problems overruling the dragnet would cause and 2) uphold the dignity of the rubber stamp FISC and its 36+ previous decisions the phone dragnet is legal.

There is reason to believe she knows what we don’t, at least not officially: that even within the scope of the phone dragnet, the dragnet is part of more comprehensive mosaic surveillance, because it correlates across platforms and identities. And all that’s before you consider how, once dumped into the corporate store and exposed to NSA’s “full range of analytic tradecraft,” innocent Americans might be fingerprinted to include our lifestyles.

That is, not only doesn’t Collyer see a way (because of legal boundary concerns about the dragnet generally, and possibly because of institutional concerns about FISC) to rule the dragnet illegal, but I suspect she sees the reverberations that such a ruling would have on the NSA’s larger project, which very much is about building mosaics of intelligence.

No wonder the government is keeping that August 20, 2008 opinion secret, if it indeed discusses the correlations function in the dragnet, because it may well affect whether the dragnet gets assessed as part of the mosaic NSA uses it as.

Verizon’s flaccid but public legal complaint

Now, you might think such language in Collyer’s opinion would invite Verizon to appeal this decision. But given this lukewarm effort, it seems unlikely to do so. Consider the following details:

Leon issued his decision December 16. Verizon did not ask the FISC for guidance (which makes sense because they are only permitted to challenge orders).

Verizon got a new Secondary Order after the January 3 reauthorization. It did not immediately challenge the order.

It only got around to doing so on January 22 (interestingly, a few days after ODNI exposed Verizon’s role in the phone dragnet a second time), and didn’t do several things — like asking for a hearing or challenging the legality of the dragnet under 50 USC 1861 as applied — that might reflect real concern about anything but the public appearance of legality. (Note, that timing is of particular interest, given that the very next day, on January 23, PCLOB would issue its report finding the dragnet did not adhere to Section 215 generally.)

Indeed, this challenge might not have generated a separate opinion if the government weren’t so boneheaded about secrecy.

Verizon’s petition is less a challenge of the program than an inquiry whether the FISC has considered Leon’s opinion.

It may well be the case that this Court, in issuing the January 3,2014 production order, has already considered and rejected the analysis contained in the Memorandum Order. [redacted] has not been provided with the Court’s underlying legal analysis, however, nor [redacted] been allowed access to such analysis previously, and the order [redacted] does not refer to any consideration given to Judge Leon’s Memorandum Opinion. In light of Judge Leon’s Opinion, it is appropriate [redacted] inquire directly of the Court into the legal basis for the January 3, 2014 production order,

As it turns out, Judge Thomas Hogan (who will take over the thankless presiding judge position from Reggie Walton next month) did consider Leon’s opinion in his January 3 order, as he noted in a footnote.

Screen Shot 2014-04-28 at 10.49.42 AM

And that’s about all the government said in its response to the petition (see paragraph 3): that Hogan considered it so the FISC should just affirm it.

Verizon didn’t know that Hogan had considered the opinion, of course, because it never gets Primary Orders (as it makes clear in its petition) and so is not permitted to know the legal logic behind the dragnet unless it asks nicely, which is all this amounted to at first.

Note that the government issued its response (as set by Collyer’s scheduling order) on February 12, the same day it released Hogan’s order and its own successful motion to amend it. So ultimately this headache arose, in part, because of the secrecy with which it treats even its most important corporate spying partners, which only learn about these legal arguments on the same schedule as the rest of us peons.

Yet in spite of the government’s effort to dismiss the issue by referencing Hogan’s footnote, Collyer said because Verizon submitted a petition, “the undersigned Judge must consider the issue anew.” Whether or not she was really required to or could have just pointed to the footnote that had been made public, I don’t know. But that is how we got this new opinion.

Finally, note that Collyer made the decision to unseal this opinion on her own. Just as interesting, while neither side objected to doing so, Verizon specifically suggested the opinion could be released with no redactions, meaning its name would appear unredacted.

The government contends that certain information in these Court records (most notably, Petitioner’s identity as the recipient of the challenged production order) is classified and should remain redacted in versions of the documents that are released to the public. See Gov’t Mem. at 1. Petitioner, on the other hand, “request[s] no redactions should the Court decide to unseal and publish the specified documents.” Pet. Mem. at 5. Petitioner states that its petition “is based entirely on an assessment of [its] own equities” and not on “the potential national security effects of publication,” which it “is in no position to evaluate.” Id.

I’ll return to this. But understand that Verizon wanted this opinion — as well as its own request for it — public.

Read more

Are Even the Basaaly Moalin Claims Falling Apart Now?

I’ll have a much longer post later on what PCLOB has to say about the efficacy of the dragnet, which is actually far more interesting than I’ve seen reported thus far. But I want to look in detail at the passage in which they treat Basaaly Moalin.

And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. In that case, moreover, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program.

Note the verb: “may have,” not “might have” or “could have.” Thus, the passage has a (presumably intentionally) ambiguous meaning which could suggest either that the FBI did find Moalin on their own or they had the ability to.

But in conjunction with the adverb “arguably,” the use of “may” here sure seems to suggest PCLOB thinks a case could be made that FBI did, in fact, find Moalin on their own. Without the dragnet.

That is, PCLOB seems to suggest that even the claim that the dragnet helped find a cab driver giving $8,500 to al-Shabaab in hopes of protecting his tribal lands against US-backed invaders may be false.

Does the fact that DOJ didn’t include Moalin in its claims of success to the 3 lawsuits against the dragnet reflect growing questions within DOJ about how they really rediscovered Moalin?

As I see it, there are two obvious ways that FBI might have discovered Moalin on their own, and a third that would be even more interesting.

Recall that Moalin was actually prosecuted with the help of his hawala, who also happened to be in contact with people close to Aden Ayro, the warlord Moalin is presumed to be a second hop from (the case against the hawala is largely sealed). It’s possible the FBI found Moalin through the investigation of the hawala.That’s particularly likely given PCLOB’s later comment that Moalin “was the user of a telephone number already linked to pending FBI investigations.”

 Alternately, it’s possible the FBI got a tip off content related to Ayro and investigated using NSLs and found Moalin (though I think this is less likely because NSA has so few Somali translators). It’s also worth considering that at one point NSA contacted FBI because they had lost Ayro, asking if FBI had seen a new number for Ayro in Moalin’s calls. Which suggests, at least after they got a tap on Moalin, FBI may had an easier time of tracking Ayro than NSA did.

More interesting still, it’s possible FBI found Moalin in October 2007 by accessing dragnet results directly (as was possible for FBI to do until NSA shut this access down in June 2009), without having received a formal report from NSA reporting the link. If that’s the case, it’d be interesting for a slew of reasons, because it’d be a patently illegal lead, but it would technically come from the dragnet. If that were the case, I can see everyone wanting to lie about it, which might lead to … the kind of seemingly conflicting and increasingly cautious statements we’re seeing now (as well as DOJ’s silence on this “success” in recent court filings).

I have suggested that the timing of Moalin’s prosecution at least hints that they pursued it to have a first Section 215 success in time for PATRIOT reauthorization in 2011. Certainly, they were quick to roll out his case as a “dragnet success” last June. But if he wasn’t found via the dragnet, or if DOJ misrepresented precisely how he was found back in court filings in 2012 to hide that FBI had direct access to databases at NSA they weren’t legally entitled to have, then it’d put DOJ in a tight spot now, as Moalin appeals to the 9th Circuit. At least in September, they claimed to Judge Jeffrey Miller Moalin had been caught by the dragnet, and Miller didn’t think it harmed their case (though even there, Miller’s language made it clear he learned new information in those filings he hadn’t been told on the first FISA review). But if he wasn’t — or if FBI had legally impermissible access to the dragnet results — then Moalin’s appeal might get more interesting, either because DOJ misrepresented to the District what happened and/or because there’s something funky about the use of the dragnet with Moalin.

Of course, all that assumes Moalin would ever get to see the FISA related evidence against him, which PCLOB may have but which no FISA-related defendants ever have been able to do. Which is unlikely to happen.

Dianne Feinstein Glosses Jeffrey Miller Phone Dragnet Decision

Dianne Feinstein just released a statement effectively saying she likes the FISA Court phone dragnet decisions and the one Judge Jeffrey Miller made in the Moalin case better than the one Richard Leon issued yesterday.

Clearly we have competing decisions from those of at least three different courts (the FISA Court, the D.C. District Court and the Southern District of California). I have found the analysis by the FISA Court, the Southern District of California and the position of the Department of Justice, based on the Supreme Court decision in Smith, to be compelling.

But I’m particularly interested in the way she describes the Miller decision.

It should be noted that last month Judge Jeffrey Miller of the Southern District of California found the NSA business records program to be constitutional.

Judge Miller was ruling on a real world terrorist case involving the February 2013 conviction of Basaaly Moalin and three others for conspiracy and providing material support to the Somali terrorist organization Al-Shabaab. In that case, the NSA provided the FBI with information gleaned from an NSA query (under Section 215) of the call records database that established a connection between a San Diego-based number and a number known to be used by a terrorist with ties to al Qaeda.

In upholding these convictions, Judge Miller cited Smith v. Maryland (1979) the controlling legal precedent and held the defendants had ‘no legitimate expectation of privacy’ over the type of telephone metadata acquired by the government—which is the ‘to’ and ‘from’ phone numbers of a call, its time, its date and its duration. There is no content, no names and no locational information acquired.

As a threshold matter, Judge Miller did not decide last month that the phone dragnet was constitutional. He decided sometime around June 5, 2012, and that decision remains sealed in its entirety. He treated Moalin’s bid for a new trial as a reconsideration of his earlier decision, stating he had,”already considered and addressed many of the FISA and CIPA arguments from a federal and constitutional law perspective.” He deliberated just one day after the hearing on a new trial before rejecting the motion. Which means that his decision rests primarily on whatever representations the government made in secret — and none of us have gotten to see that decision.

If Senator Feinstein would like to use her position on the Senate Intelligence and Judiciary Committees to liberate that decision given that she’s relying on it, by all means let’s have some transparency!

Now look at how Feinstein characterizes the issue before Miller:

[T]he NSA provided the FBI with information gleaned from an NSA query (under Section 215) of the call records database that established a connection between a San Diego-based number and a number known to be used by a terrorist with ties to al Qaeda.

That is, she characterizes Miller’s review as weighing whether using an (at least) second-degree hop in a database to establish probable cause is Constitutional.

But that’s most definitely not what Miller did. Instead, he ignored the database entirely (the word “database” doesn’t appear in his ruling), and assessed the use of what Feinstein describes as a database query as two separate pen registers.

Defendants argue that the collection of telephony metadata violated Defendant Moalin’s First and Fourth Amendment rights. At issue are two distinct uses of telephone metadata obtained from Section 215. The first use involves telephony metadata retrieved from communications between third parties, that is, telephone calls not involving Defendants. Clearly, Defendants have no reasonable expectation of privacy to challenge any use of telephony metadata for calls between third parties. See Steagald v. United States, 451 U.S. 204, 219 (1981) (Fourth Amendment rights are personal in nature); Rakas v. Illinois, 439 U.S. 128, 133-34 (1978) (“Fourth Amendment rights are personal rights which, like some other constitutional rights, may not be vicariously asserted.”); United States v. Verdugo-Uriquidez, 494 U.S. 259, 265 (1990) (the term “people” described in the Fourth Amendment are persons who are part of the national community or may be considered as such). As noted in Steagald, “the rights [] conferred by the Fourth Amendment are personal in nature, and cannot bestow vicarious protection on those who do not have a reasonable expectation of privacy in the place to be searched.” 451 U.S. at 219. As individuals other than Defendants were parties to the telephony metadata, Defendants cannot vicariously assert Fourth Amendment rights on behalf of these individuals. To this extent, the court denies the motion for new trial.

The second use of telephony metadata involves communications between individuals in Somalia (or other countries) and Defendant Moalin. The following discusses whether Defendant Moalin, and other Defendants through him, have any reasonable expectation of privacy in telephony metadata between Moalin and third parties, including co-defendants. [my emphasis]

I believe that in documents that have been released since Miller’s ruling, the government distinguished this from pen registers (digging up those references now). But one thing’s clear: Miller didn’t approve the use of a database to show that his two-degree link between Moalin and Aden Ayro amounted to probable cause that he was an agent of a foreign power. He approved of two or more discrete pen registers.

That may or may not amount to a legal difference (Leon didn’t consider the database as such either). But I find it mighty telling that Feinstein describes the dragnet in terms her favored criminal ruling does not.

The Era of Big Pen Register: The Flaw in Jeffrey Miller’s Moalin Decision

As I noted, on Thursday Judge Jeffrey Miller rejected Basaaly Moalin’s bid for a new trial based on disclosures of the Section 215 dragnet. Miller rejected the bid largely by relying on Smith v. Maryland and subsequent decisions that found no Fourth Amendment protection for pen registers.

But Miller resorts to a bit of a gimmick to dismiss Justice Sonia Sotomayor’s comments in US v. Jones.

Miller notes Sotomayor’s comments. But he points to the 170 year history of the pen register and reasons that because pen register technology is so old, they cannot be described as a “product of the so-called digital revolution,” and therefore cannot raise the kind of new privacy concerns Sotomayor had in mind.

As noted by Defendants, Justice Sotomayor stated that the recent rise of the digital era of cell phones, internet, and email communications may ultimately require a reevaluation of “expectation of privacy in information voluntarily disclosed to third parties.” Id. at 957. Defendants extrapolate from this dicta that the court should recognize that Defendant Moalin had a reasonable expectation of privacy cognizable under the Fourth Amendment that the Government would not collect either individual or aggregated metadata.

The difficulty with Defendants’ argument is twofold. First, the use of pen register-like devices – going back to Samuel Morses’s 1840 telegraph patent – predates the digital era and cannot be considered a product of the digital revolution like the internet or cell phones. See Samuel F.G. Morse, Improvement in the Mode of Communicating Information by Signals by the Application of Electro-Magnetism, U.S. Patent 1647, June 20, 1840, page 4 column 2. In short, pen register-like devices predate the internet era by about 150 years and are not a product of the so-called digital revolution – the basis for the concerns articulated by Justice Sotomayor. [my emphasis]

Now, before I pick this apart, let’s look back at an earlier move Miller made.

In assessing the Section 215 dragnet, Miller did not consider whether the collection of Moalin’s phone records as part of a database of every single American’s phone records was constitutional. Instead, he first considered Moalin’s interest in phone records not involving him, then considered Moalin’s protections in phone records involving him (this may suggest the government found Moalin on a second hop).

Defendants argue that the collection of telephony metadata violated Defendant Moalin’s First and Fourth Amendment rights. At issue are two distinct uses of telephone metadata obtained from Section 215. The first use involves telephony metadata retrieved from communications between third parties, that is, telephone calls not involving Defendants. Clearly, Defendants have no reasonable expectation of privacy to challenge any use of telephony metadata for calls between third parties. See Steagald v. United States, 451 U.S. 204, 219 (1981) (Fourth Amendment rights are personal in nature); Rakas v. Illinois, 439 U.S. 128, 133-34 (1978) (“Fourth Amendment rights are personal rights which, like some other constitutional rights, may not be vicariously asserted.”); United States v. Verdugo-Uriquidez, 494 U.S. 259, 265 (1990) (the term “people” described in the Fourth Amendment are persons who are part of the national community or may be considered as such). As noted in Steagald, “the rights [] conferred by the Fourth Amendment are personal in nature, and cannot bestow vicarious protection on those who do not have a reasonable expectation of privacy in the place to be searched.” 451 U.S. at 219. As individuals other than Defendants were parties to the telephony metadata, Defendants cannot vicariously assert Fourth Amendment rights on behalf of these individuals. To this extent, the court denies the motion for new trial.

The second use of telephony metadata involves communications between individuals in Somalia (or other countries) and Defendant Moalin. The following discusses whether Defendant Moalin, and other Defendants through him, have any reasonable expectation of privacy in telephony metadata between Moalin and third parties, including co-defendants.

In other words, Miller takes Moalin’s phone records out of the context in which they were used. In doing so, he turns an enormous database — very much the product of the “so-called digital revolution” — into two pen registers, 170 year old technology.

That move is all the more problematic given repeated Administration explanations (cited by Moalin’s defense and therefore even Miller in his ruling) that Moalin was only identified through indirect contact with an identified selector (presumed to be Somali warlord Aden Ayro).

That is, Moalin would not have been identified without using the features of the database and NSA’s chaining analysis. Moalin was identified not because a single pen register showed him to be in contact with Aden Ayro, but because a network analysis showed his contacts with someone else appeared to be of sufficient value to constitute a likely tie to Ayro himself. And that two-hop connection served either as the basis to listen to already collected conversations involving Moalin via back door searches or, by itself, the basis for probable cause to wiretap Moalin (I suspect it’s the former, and further suspect they used the fruits of that back door search to get the warrant to tap Moalin directly).

Members of the Administration have assured us, over and over, that this chaining analysis is only possible with a complete haystack. Thus, the entire haystack — the database and data analysis that are the quintessential tool of the “so-called digital revolution” — is the instrument of surveillance, not hundreds of millions of individual pen registers. And yet, in their first victory over a defendant with standing, the judge resorted to a gimmick to render that haystack back into hundreds of millions of pieces of hay again.

Update: This passage, from the Administration White Paper, is inconsistent with Miller’s treatment of the dragnet as two separate pen registers.

Although broad in scope, the telephony metadata collection program meets the “relevance” standard of Section 215 because there are “reasonable grounds to believe” that this category of data, when queried and analyzed consistent with the Court-approved standards, will produce information pertinent to FBI investigations of international terrorism, and because certain analytic tools used to accomplish this objective require the collection and storage of a large volume of telephony metadata. This does not mean that Section 215 authorizes the collection and storage of all types of information in bulk: the relevance of any particular data to investigations of international terrorism depends on all the facts and circumstances. For example, communications metadata is different from many other kinds of records because it is inter-connected and the connections between individual data points, which can be reliably identified only through analysis of a large volume of data, are particularly important to a broad range of investigations of international terrorism. [my emphasis]

Basaaly Moalin Denied New Trial

As I noted the other day, Basaaly Moalin argued for a new trial Wednesday, arguing that disclosures that his entire prosecution stems from indirect phone contacts with a Somali warlord under the Section 215 phone dragnet program raises questions about the validity of the evidence used to convict him.

One day after that hearing, Judge Jeffrey Miller denied Moalin a new trial.

Miller argues that the all the new disclosures about the phone dragnet present no new issues in the trial. He even suggests the multiple discussions of Moalin’s case in testimony before Congress and the documents released by the government may not be admissible (even though he relies on the most recent FISC order, which addresses the program as it exists now, not as it exists in 2007 when FBI was tipped to Moalin).

Setting aside the issue of admissibility of the public revelations of the NSA program of securing telephone metadata, the public disclosure of the NSA program adds no new facts to alter the court’s FISA and CIPA rulings. Because the court has already considered and addressed many of the FISA and CIPA arguments from a federal and constitutional law perspective, the present motion is akin to a motion for reconsideration.

Given the Judge’s quick turnaround, it’s clear he had no intention of granting a new trial, regardless of what Moalin presented yesterday. Miller determined that the phone dragnet was proper in secret a year ago — based on what I am certain was impartial information — and he refuses to consider the possibility that his determination was incorrect.

I will look closer at Miller’s thinking later today — while his legal analysis is better than, say, Claire Eagan’s, there are still at least two obvious holes in his analysis.

But for the moment, realize that the government has won the ability to base an entire conviction off even indirect phone contacts identified via the phone dragnet.

I suspect we’ll see this case again at the 9th Circuit.

Is the Government Hiding FISC’s “Erroneous” 215 Opinion Until After Basaaly Moalin’s Hearing for a New Trial?

As I mentioned in this post, the government is due to turn over the remaining documents in the ACLU FOIA for Section 215 documents on November 18. Among the documents it may release is a February 24, 2006 FISC opinion. This may be the only comprehensive opinion written to authorize the Section 215 dragnet … and if it’s not, no comprehensive opinion authorized the opinion until August 29, 2013.

In short, that release will answer a lot of questions about what former Assistant Attorney General David Kris suggests may have been an erroneous decision authorizing the entire phone dragnet. We’ll learn more November 18.

But that won’t help Basaaly Moalin, who on Wednesday, November 13, will argue he should have a new trial in light of disclosures that the government only started wiretapping him after being tipped by the Section 215 dragnet. If the Judge in his case, Jeffrey Miller, decides he doesn’t merit a new trial, then he will be sentenced on November 18. And then, later that same day, the government will release what could be evidence that the very foundations of the Section 215 dragnet that caught Moalin are “erroneous.”

That seems to be the way things have gone for Moalin since June 18, when the government pushback on the Snowden leaks first led Moalin to learn his entire prosecution rested on the Section 215 dragnet, and since August 28, when Moalin first started pushing for a delay in sentencing so he could push for a new trial.

Back in July, the ACLU demanded the government turn over all responsive documents by August 12. That would have brought the release of all documents a month before Moalin’s then-scheduled sentencing. Instead, the government asked to have until September 15, the day before the date scheduled for his sentencing. That request would have been almost two weeks after the 60 day extension James Clapper asked for on July 5, 2013.

On August 16, Judge Pauley set up this production schedule.

The Government will review the Foreign Intelligence Surveillance Court (FISC) Opinions at issue and release any segreable information not exempt under FOIA by September 10, 2013. The Government will review a second tranche of documents and release any segreable information not exempt under FOIA by October 10, 2013. The Government will review the remaining documents at issue, excluding the FISC orders in the final row of the Government’s Vaughn index, and release any segreable information not exempt under FOIA by 10/31/2013. The parties will submit a status report to the Court by 11/8/2013.

The October 10 and 31 dates got pushed back because of the shut-down (which, of course, was not DOJ’s fault).

But the results has been to limit the argument Moalin should be able to make. In the Motion for a new trial (submitted on September 5), for example, Moalin’s team relies on the October 3, 2011 John Bates opinion (released on August 21) rather than the slew of documents showing systemic problems with the very program that tipped Moalin admitted in 2009 (released September 10). The government even taunts them about it in their Response.

Defendants’ reliance on an October 3, 2011 FISC Opinion is misplaced. The opinion documented the FISC’s judicial review of the Government’s Certifications of Collection and Interception pursuant to Section 702 of FISA and is hence irrelevant here were Section 702 is not at issue.

Of course. But the only reason the defendants weren’t able to make the very same argument — that the NSA had almost no meaningful controls over the querying they were doing of the Section 215 dragnet — and make it with collection closer to the time when the dragnet tipped Moalin is because ODNI sat on the Section 215 disclosures until after Moalin submitted his motion.

Of particular concern is the delay in revealing details of contact chaining (and that at the time Moalin was tipped, it was possible to chain a fourth hop in). The defense clearly focused on the government’s admission that Moalin had been indirectly in contact with Aden Ayro. That’s a point the government almost entirely ignored in their response. Add in that the government is still largely hiding how it uses the phone dragnet to find burner phones (and the evidence the government used Moalin’s calls with Ayro to find the warlords new phone after he had ditched an old one), and the defense was only given delayed access to some of the details that might best undermine the case that such indirect contacts might constitute probable cause for a FISA warrant.

The defense integrated some of the revelations about the 2009 disclosures in their reply, submitted October 10. That left unavailable the documents released on October 28, some of which showed the government in violation of FISA Amendment’s Act’s requirement to provide all significant FISC opinions on the topic at hand to the Intelligence and Judiciary Committees. Those documents would also present additional challenges to the legitimacy of the two reauthorizations of the dragnet since 2006.

Now, maybe this is just coincidental, that the one person who might challenge his conviction through the use of Section 215 would be prevented from using documents that might show the program itself is “erroneous.”

But as people like Dianne Feinstein squawk that the program is “legal,” they’d be well advised to consider the remarkable way that Moalin was deprived of the documents that might allow a challenge to the law as erroneous from the very start.

The 8-FISA Judge 11-Docket Spying Authorization to Identify Less than $10,000 to Al-Shabaab

In a hearing last month, FBI Deputy Director Sean Joyce described a case in which the phone metadata database helped catch terrorists. (after 1:07)

Lastly, the FBI had opened an investigation shortly after 9/11. We did not have enough information, nor did we find links to terrorism, so we shortly thereafter closed the investigation. However, the NSA, using the business record FISA, tipped us off that this individual had indirect contacts with a known terrorist overseas. We were able to reopen this investigation, identify additional individuals through legal process, and were able to disrupt this terrorist activity.

While he didn’t name it, subsequent discussions of the case made it clear he meant Basaaly Saeed Moalin, a Somali-American convicted with three others in February for sending less than $10,000 to al-Shabaab (altogether Moalin was charged with sending $17,000 to Somalia, the balance of it to non-Shabaab figures the government claims are also terrorists).

Moalin’s lawyer Joshua Dratel unsuccessfully challenged the government’s use of material derived from FISA (the judge’s opinion rejecting the challenge has never been released). Yet even with that challenge, Dratel was never informed of the use of Section 215 in the case.

All that said, the government’s opposition to his challenge is utterly fascinating, even with huge chunks redacted. I’m going to do a weedy post on it shortly. But for now, I want to point to three indicia that reveal how much more complex this surveillance was than Joyce described to the House Intelligence Committee.

First, as part of the introduction, the government provided an (entirely redacted) Overview of the FISA Collection at Issue. While we have no idea how long that passage is, the government needed 9 footnotes to explain the collection (they are also entirely redacted). Similarly, a section arguing “The FISA Applications Established Probable Cause” has the following structure and footnotes (the content is entirely redacted):

[footnote to general material]

1.

a.

2.

a. [6 footnotes]

b.

i. [2 footnotes]

ii.

iii. [1 footnote]

iv. [2 footnotes]

v. [3 footnotes]

Now it may be that section 1 here pertains to physical collection, and section 2 pertains to electronic collection (both were used, though I suspect the physical collection was metaphorical in some way). But even there, there seem to be at least 6 and possibly far more orders involved, with two types of collection — perhaps one pertaining to bulk 702-style collection (most of the intercepts happened under Protect America Act) and the other to the use of Section 215.

Then, as part of a discussion about the minimization requirements tied to the application(s) involved, the government revealed 8 different FISC judges signed off on orders pertaining to the collection.

In order to fulfill the statutory requirements discussed above, the Attorney General has adopted standard minimization procedures for FISC-authorized electronic surveilance and physical search that are on file with the FISC and that are incorporated by reference into every relevant FISA application that is submitted to the FISC. As a result, the eight FISC judges who issued the orders authorizing the FISA collections at issue in this case found that the applicable standard minimization procedures met FISA’s statutory requirements. The FISC orders in the dockets at issue directed the Governent to follow the approved minimization procedures in conducting the FISA collection. [my emphasis]

But it appears this surveillance involved even more than 8 orders. In a section claiming that this surveillance is not complex, the government cited 11 sealed exhibits that include the dockets at issue.

There is nothing extraordinary about this case that would prompt the Court to be the first to order the disclosure of highly sensitive and classified FISA materials. Disclosure is not necessar for the Court to determine the legality of the collection. Here, the FISA dockets – at Sealed Exhibits 16-26 – are well-organized and easily reviewable by the Court in camera and ex parte. The Index of Materials in the Government’s Sealed Exhibit and this memorandum serve as a road map through the issues presented for the Court’s in camera and ex parte determination. The FISA materials contain ample information from which the Court can make an accurate determination of the legality of the FISA collection; indeed, they are “relatively straightforward and not complex.” [my emphasis]

15 footnotes addressing probable cause approved by 8 judges over 11 different dockets.

This is not a simple check of the phone database. (I’ll explain what I think actually happened with the surveillance we know about in a future post.)

Now, some of this clearly invokes the iterative approval of programmatic orders as described by Eric Lichtblau and the WSJ. The May 2006 opinion authorizing the use of Section 215 to collect phone records for every American surely is one of the authorizations cited. That opinion may rely on the 2004 one that authorized the use of Pen Register/Trap and Trace to collect all the Internet metadata in the country. I suspect there may be several orders authorizing collection on al-Shabaab and/or Somalia generally — one that precedes Protect America Act, one that collects under PAA, and probably one that collects under FISA Amendments Act (the key conversations took place in late 2007 through much of 2008). I suspect, too, there’s an order governing collection of all signals off some switch. Then there may be traditional FISA warrants to collect on Moalin and his co-conspirator Mohamud Abdi Yusuf (the other co-conspirators appear not to have been targets of collection).

Still, that only gets you to 8 dockets, even assuming they used a new one for Somalia each time.

“Relatively straightforward … not complex,” the government said, in arguing the defendant shouldn’t get a look at this jerry-rigged system of surveillance. And we still can’t see the logic Judge Jeffrey Miller used to agree with them.