Posts

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The NSA’s Purge Obfuscations

One thing that the 2011 702 documents Charlie Savage liberated make clear is that the government is (and was) obtaining more domestic communications — but purging them — than it wants to let on (and the numbers have surely gotten worse since 2011).

In a hearing on September 7, 2011, the first question that John Bates asked (starting at PDF 35) about the sampling the NSA had done is how many communications had been purged before the agency started counting its sample, a sample that included both PRISM and upstream collection. As Bates noted, it would be one thing if the NSA were purging half its collection and then counting than if it only had to purge a small amount.

During this exchange, the government was careful to limit their discussion of purged communications to upstream MCT related collection.

When the government responded (starting at PDF 117), it provided numbers for just what had gotten purged from upstream collection.

I’m not entirely sure their claim that none of this purged information was “upstream” collection — as opposed to MCT collection — is correct (as a post on the violations will explore). But they make it clear: the 18,446 purged communications were just Internet upstream. For every upstream  record purged because the target had roamed into the US, there might be correlated telephony collection that would get purged — some of the most commonly discussed purged communications. It might also include PRISM production that would have to get purged (if, for example, the target continued to use GMail while in the US). In addition, there might be targets discovered to be (perhaps by reading that PRISM production) Americans. So the 18,446 is just a portion of what got purged — but the government pointedly avoided telling Bates how much of the other kind there was.

Of the upstream Internet collection in 2011, .1% was getting purged.

The purge numbers for telephony and PRISM would not be the same as for upstream. The telephony numbers might be far far higher, given public reporting from the period. The NSA was working off some overcollection that was limited to upstream during this period, which would lead to more upstream communications being purged. But the rules on domestic collection of PRISM communications are different than they are for upstream.

In any case, the government’s careful dodge of providing Bates the full purge number suggests the telephony and PRISM purge numbers might be substantial, too. But we don’t get that number.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Reclassification of Details on the 2011 Upstream Fight

As I noted in this post, Charlie Savage recently liberated more details on the resolution of the 2011 upstream 702 problems.

With respect to some details, however, the newly liberated documents represent a reclassification of details that were made public when the October 3, 2011 John Bates opinion was released in 2013. The government has provided entirely classified documents that are probably the early exchanges on the problem, including language that was unclassified in Bates’ 2011 opinion. In addition, the government has redacted dates that were also made public in Bates’ opinion.

I laid out both the timeline and the language cited from those early exchanges in this post. As I noted in this post, that timeline makes it clear that at the same time John Bates was asking NSA to assess the impact of upstream collection on US persons by sampling real NSA collection, Ron Wyden and Mark Udall were asking for the same thing.

I’ve laid out the combined timeline below. What it — and the newly released documents — show is just how brazen James Clapper’s refusal to provide real numbers to Wyden and Udall was. Not only did their request exactly coincide with the government’s request for more time so they could get more data — the count of US persons — to Bates (though Clapper’s record quick response delivered his refusal before Bates got his first real numbers). But the 48-hour turnaround on analysis of SCTs in September shows how quickly NSA can get rough estimates of US person data when they need to.

There are more alarming things the reclassification of these details suggests, which I’ll address in a follow-up. But for now, know that in 2011, the Intelligence Community refused to treat Congress with the same respect due a co-equal branch of government as it was treating Bates (and that’s the deep background to James Clapper’s 2013 “not wittingly” response).

April 2011, unknown date: Wyden and Udall ask for estimate of US person collection verbally

 

April 19, 2011: Notice of two upstream overcollection violations [see PDF 144]

April 20, 2011: One recertification submission

April 22, 2011: Two more recertification submissions

May 2, 2011: Clarification letter first admits MCT problem

May 5, 2011: Government asks for extension until July 22, 2011

May 9, 2011: Court grants extension, issues briefing order

June 1, 2011: Government submits response to briefing order

June 17, 2011: Court presents follow-up questions

June 28, 2011: Government response to follow-up questions

July 8, 2011: Court (John Bates) meets with senior DOJ people, tells them he has serious concerns

July 14, 2011: Government files another extension; court grants extension to September 20, 2011

July 14, 2011: Wyden and Udall send letter to James Clapper asking (among other things):

  • In a December 2007 Statement of Administration Policy on the FISA Amendments Act, the Office of Management and Budget said that it would “likely be impossible” to count the number of people located in the United States whose communications were reviewed by the government pursuant to the FISA Amendments Act. Is this still the case? If so, is it possible to estimate this number with any accuracy?
  • Have any apparently law-abiding Americans had their communications collected by the government pursuant to the FISA Amendments Act?

July 26, 2011: Clapper responds to Wyden and Udall, refusing to give numbers or describe compliance incidents

August 16, 2011: Government files supplement, presenting results of “manual review of statistically representative sample” for 6 months

August 22, 2011: Meeting between Court and government

August 30, 2011: Government makes another submission

September 7, 2011: Court has hearing

September 9, 2011: Government files additional submission, submitting results of analysis of SCTs completed in just 48 hours

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Domestic Communications NSA Won’t Reveal Are Almost Certainly Obscured Location Communications

The other day, I laid out the continuing fight between Director of National Intelligence Dan Coats and Senator Ron Wyden over the former’s unwillingness to explain why he can’t answer the question, “Can the government use FISA Act Section 702 to collect communications it knows are entirely domestic?” in unclassified form. As I noted, Coats is parsing the difference between “intentionally acquir[ing] any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States,” which Section 702 prohibits, and “collect[ing] communications [the government] knows are entirely domestic,” which this exchange and Wyden’s long history of calling out such things clearly indicates the government does.

As I noted, the earlier iteration of this debate took place in early June. Since then, we’ve gotten two sets of documents that all but prove that the entirely domestic communication the NSA refuses to tell us about involves communications that obscure their location, probably via Tor or VPNs.

Most Entirely Domestic Communications Collected Via Upstream Surveillance in 2011 Obscured Their Location

The first set of documents are those on the 2011 discussion about upstream collection liberated just recently by Charlie Savage. They show that in the September 7, 2011 hearing, John Bates told the government that he believed the collection of discrete communications the government had not examined in their sampling might also contain “about” communications that were entirely domestic. (PDF 113)

We also have this other category, in your random sampling, again, that is 9/10ths of the random sampling that was set aside as being discrete communications — 45,000 out of the 50,0000 — as to which our questioning has indicataed we have a concern that some of the about communications may actually have wholly domestic communications.

And I don’t think that you’ve really assessed that, either theoretically or by any actual examination of those particular transactions or communications. And I’m not indicating to you what I expect you to do, but I do have this concern that there are a fair number of wholly domestic communications in that category, and there’s nothing–you really haven’t had an opportunity to address that, but there’s nothing that has been said to date that would dissuade me from that conclusion. So I’m looking there for some convincing, if you will, assessment of why there are not wholly domestic communications with that body which is 9/10s of the random sample.

In a filing submitted two days later, the government tried to explain away the possibility this would include (many) domestic communications. (The discussion responding to this question starts at PDF 120.) First, the NSA used technical means to determine that 41,272 of the 45,359 communications in the sample were not entirely domestic. That left 4,087 communications, which the NSA was able to analyze in just 48 hours. Of those, the NSA found just 25 that were not to or from a tasked selector (meaning they were “abouts” or correlated identities, described as “potentially alternate accounts/addresses/identifiers for current NSA targets” in footnote 7, which may be the first public confirmation that NSA collects on correlated identifiers). NSA then did the same kind of analysis it does on the communications that it does as part of its pre-tasking determination that a target is located outside the US. This focused entirely on location data.

Notably, none of the reviewed transactions featured an account/address/identifier that resolved to the United States. Further, each of the 25 communications contained location information for at least one account/address/identifier such that NSA’s analysts were able assess [sic] that at least one communicant for each of these 25 communications was located outside of the United States. (PDF 121)

Note that the government here (finally) drops the charade that these are simply emails, discussing three kinds of collection: accounts (which could be both email and messenger accounts), addresses (which having excluded accounts would significantly include IP addresses), and identifiers. And they say that having identified an overseas location for the communication, NSA treats it as an overseas communication.

The next paragraph is even more remarkable. Rather than doing more analysis on those just 25 communications it effectively argues that because latency is bad, it’s safe to assume that any service that is available entirely within the US will be delivered to an American entirely within the US, and so those 25 communications must not be American.

Given the United States’ status as the “world’s premier electronic communications hub,” and further based on NSA’s knowledge of Internet routing patterns, the Government has already asserted that “the vast majority of communications between persons located in the United States are not routed through servers outside the United Staes.” See the Government’s June 1, 2011 Submission at 11. As a practical matter, it is a common business practice for Internet and web service providers alike to attempt to deliver their customers the best user experience possible by reducing latency and increasing capacity. Latency is determined in part by the geographical distance between the user and the server, thus, providers frequently host their services on servers close to their users, and users are frequently directed to the servers closest to them. While such practices are not absolute in any respect and are wholly contingent on potentially dynamic practices of particular service providers and users,9 if all parties to a communication are located in the United States and the required services are available in the United States, in most instances those communications will be routed by service providers through infrastructure wholly within the United States.

Amid a bunch of redactions (including footnote 9, which is around 16 lines long and entirely redacted), the government then claims that its IP filters would ensure that it wouldn’t pick up any of the entirely domestic exceptions to what I’ll call its “avoidance of latency” assumption and so these 25 communications are no biggie, from a Fourth Amendment perspective.

Of course, the entirety of this unredacted discussion presumes that all consumers will be working with providers whose goal is to avoid latency. None of the unredacted discussion admits that some consumers choose to accept some latency in order to obscure their location by routing it through one (VPN) or multiple (Tor) servers distant from their location, including servers located overseas.

For what it’s worth, I think the estimate Bates did on his own to come up with a number of these SCTs was high, in 2011. He guessed there would be 46,000 entirely domestic communications collected each year; by my admittedly rusty math, it appears it would be closer to 12,000 (25 / 50,000 comms in the sample = .05% of the total; .05% of the 11,925,000 upstream transactions in that 6 month period = 5,962, times 2 = roughly 12,000 a year). Still, it was a bigger part of the entirely domestic upstream collection than those collected as MCTs, and all those entirely domestic communications have been improperly back door searched in the interim.

Collyer claims to have ended “about” collection but admits upstream will still collect entirely domestic communications

Now, if that analysis done in 2011 were applicable to today’s collection, there shouldn’t be a way for the NSA to collect entirely domestic communications today. That’s because all of those 25 potentially domestic comms were described as “about” collection. Rosemary Collyer has, according to her IMO apparently imperfect understanding of upstream collection, shut down “about” collection. So that should have eliminated the possibility for entirely domestic collection via upstream, right?

Nope.

As she admits in her opinion, it will still be possible for the NSA to “acquire an MCT” (that is, bundled collection) “that contains a domestic communication.”

So there must be something that has changed since 2011 that would lead NSA to collect entirely domestic communications even if that communication didn’t include an “about” selector.

In 2014 Collyer enforced a practice that would expose Americans to 702 collection

Which brings me back to the practice approved in 2014 in which, according to providers newly targeted under the practice, “the communications of U.S. person will be collected as part of such surveillance.”

As I laid out in this post, in 2014 Thomas Hogan approved a change in the targeting procedures. Previously, all users of a targeted facility had to be foreign for it to qualify as a foreign target. But for some “limited” exception, Hogan for the first time permitted the NSA to collect on a facility even if Americans used that facility as well, along with the foreign targets.

The first revision to the NSA Targeting Procedures concerns who will be regarded as a “target” of acquisition or a “user” of a tasked facility for purposes of those procedures. As a general rule, and without exception under the NSA targeting procedures now in effect, any user of a tasked facility is regarded as a person targeted for acquisition. This approach has sometimes resulted in NSA’ s becoming obligated to detask a selector when it learns that [redacted]

The relevant revision would permit continued acquisition for such a facility.

It appears that Hogan agreed it would be adequate to weed out American communications after collection in post-task analysis.

Some months after this change, some providers got some directives (apparently spanning all three known certificates), and challenged them, though of course Collyer didn’t permit them to read the Hogan opinion approving the change.

Here’s some of what Collyer’s opinion enforcing the directives revealed about the practice.

Collyer’s opinion includes more of the provider’s arguments than the Reply did. It describes the Directives as involving “surveillance conducted on the servers of a U.S.-based provider” in which “the communications of U.S. person will be collected as part of such surveillance.” (29) It says [in Collyer’s words] that the provider “believes that the government will unreasonably intrude on the privacy interests of United States persons and persons in the United States [redacted] because the government will regularly acquire, store, and use their private communications and related information without a foreign intelligence or law enforcement justification.” (32-3) It notes that the provider argued there would be “a heightened risk of error” in tasking its customers. (12) The provider argued something about the targeting and minimization procedures “render[ed] the directives invalid as applied to its service.” (16) The provider also raised concerns that because the NSA “minimization procedures [] do not require the government to immediately delete such information[, they] do not adequately protect United States person.” (26)

[snip]

Collyer, too, says a few interesting things about the proposed surveillance. For example, she refers to a selector as an “electronic communications account” as distinct from an email — a rare public admission from the FISC that 702 targets things beyond just emails. And she treats these Directives as an “expansion of 702 acquisitions” to some new provider or technology.

Now, there’s no reason to believe this provider was involved in upstream collection. Clearly, they’re being asked to provide data from their own servers, not from the telecom backbone (in fact, I wonder whether this new practice is why NSA has renamed “PRISM” “downstream” collection).

But we know two things. First: the discrete domestic communications that got sucked up in upstream collection in 2011 appear to have obscured their location. And, there is now a means of collecting bundles of communications via upstream collection (assuming Collyer’s use of MCT here is correct, which it might not be) such that even communications involving no “about” collection would be swept up.

Again, the evidence is still circumstantial, but there is increasing evidence that in 2014 the NSA got approval to collect on servers that obscure location, and that that is the remaining kind of collection (which might exist under both upstream and downstream collection) that will knowingly be swept up under Section 702. That’s the collection, it seems likely, that Coats doesn’t want to admit.

The problems with permitting collection on location-obscured Americans

If I’m right about this, then there are three really big problems with this practice.

First, in 2011, location-obscuring servers would not themselves be targeted. Communications using such servers would only be collected (if the NSA’s response to Bates is to be believed) if they included an “about’ selector.

But it appears there is now some collection that specifically targets those location-obscuring servers, and knowingly collects US person communications along with whatever else the government is after. If that’s right, then it will affect far more than just 12,000 people a year.

That’s especially true given that a lot more people are using location-obscuring servers now than on October 3, 2011, when Bates issued his opinion. Tor usage in the US has gone from around 150,000 mean users a day to around 430,000 users.

And that’s just Tor. While fewer VPN users will consistently use overseas servers, sometimes it will happen for efficacy reasons and sometimes it will happen to access content that is unavailable in the US (like decent Olympics coverage).

In neither of Collyer’s opinions did she ask for the kind of numerical counts of people affected that Bates asked for in 2011. If 430,000 Americans a day are being exposed to this collection under the 2014 change, it represents a far bigger problem than the one Bates called a Fourth Amendment violation in 2011.

Finally, and perhaps most importantly, Collyer newly permitted back door searches on upstream collection, even though she knew that (for some reason) it would still collect US person communications. So not only could the NSA collect and hold location obscured US person communications, but those communications might be accessed (if they’re not encrypted) via back door searches that (with Attorney General approval) don’t require a FISA order (though Americans back door searched by NSA are often covered by FISA orders).

In other words, if I’m right about this, the NSA can use 702 to collect on Americans. And the NSA will be permitted to keep what they find (on a communication by communication basis) if they fall under four exceptions to the destruction requirement.

The government is, once again, fighting Congressional efforts to provide a count of how many Americans are getting sucked up in 702 (even though the documents liberated by Savage reveal that such a count wouldn’t take as long as the government keeps claiming). If any of this speculation is correct, it would explain the reluctance. Because once the NSA admits how much US person data it is collecting, it becomes illegal under John Bates’ 2010 PRTT order.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Did NSA Start Using Section 702 to Collect from VPNs in 2014?

I’ve finally finished reading the set of 702 documents I Con the Record dumped a few weeks back. I did two posts on the dump and a related document Charlie Savage liberated. Both pertain, generally, to whether a 702 “selector” gets defined in a way that permits US person data to be sucked up as well. The first post reveals that, in 2010, the government tried to define a specific target under 702 (both AQAP and WikiLeaks might make sense given the timing) as including US persons. John Bates asked for legal justification for that, and the government withdrew its request.

The second reveals that, in 2011, as Bates was working through the mess of upstream surveillance, he asked whether the definition of “active user,” as it applies for a multiple communication transaction, referred to the individual user. The question is important because if a facility is defined to be used by a group — say, Al Qaeda or Wikileaks — it’s possible a user of that facility might be an unknown US person user, the communications of which would only be segregated under the new minimization procedures if the individual user’s communication were reviewed (not that it mattered in the end; NSA doesn’t appear to have implemented the segregation regime in meaningful fashion). Bates never got a public answer to that question, which is one of a number of reasons why Rosemary Collyer’s April 26 702 opinion may not solve the problem of upstream collection, especially not with back door searches permitted.

As it happens, some of the most important documents released in the dump may pertain to a closely related issue: whether the government can collect on selectors it knows may be used by US persons, only to weed out the US persons after the fact.

In 2014, a provider challenged orders (individual “Directives” listing account identifiers NSA wanted to collect) that it said would amount to conducting surveillance “on the servers of a U.S.-based provider” in which “the communications of U.S. persons will be collected as part of such surveillance.” The provider was prohibited from reading the opinions that set the precedent permitting this kind of collection. Unsurprisingly, the provider lost its challenge, so we should assume that some 702 collection collects US person communications, using the post-tasking process rather than pre-targeting intelligence to protect American privacy.

The documents

The documents that lay out the failed challenge are:

2014, redacted date: ACLU Document 420: The government response to the provider’s filing supporting its demand that FISC mandate compliance.

2014, redacted date: EFF Document 13: The provider(s) challenging the Directives asked for access to two opinions the government relied on in their argument. Rosemary Collyer refused to provide them, though they have since been released.

2014, redacted date: EFF Document 6 (ACLU 510): Unsurprisingly, Collyer also rejected the challenge to the individual Directives, finding that post-tasking analysis could adequately protect Americans.

The two opinions the providers requested, but were refused, are:

September 4, 2008 opinion: This opinion, by Mary McLaughlin, was the first approval of FAA certifications after passage of the law. It lays out many of the initial standards that would be used with FAA (which changed slightly from PAA). As part of that, McLaughin adopted standards regarding what kinds of US person collection would be subject to the minimization procedures.

August 26, 2014 opinion: This opinion, by Thomas Hogan, approved the certificates under which the providers had received Directives (which means the challenge took place between August and the end of 2014). But the government also probably relied on this opinion for a change Hogan had just approved, permitting NSA to remain tasked on a selector even if US persons also used the selector.

The argument also relies on the October 3, 2011 John Bates FAA opinion and the August 22, 2008 FISCR opinion denying Yahoo’s challenge to Protect America Act. The latter was released in a second, less redacted form on September 11, 2014, which means the challenge likely post-dated that release.

The government’s response

The government’s response consists of a filing by Stuart Evans (who has become DOJ’s go-to 702 hawk) as well as a declaration submitted by someone in NSA that had already reviewed some of the taskings done under the 2014 certificates (which again suggests this challenge must date to September at the earliest). There appear to be four sections to Evans’ response. Of those sections, the only one left substantially unredacted — as well as the bulk of the SIGINT declaration — pertains to the Targeting Procedures. So while targeting isn’t the only thing the provider challenged (another appears to be certification of foreign intelligence value), it appears to be the primary thing.

Much of what is unredacted reviews the public details of NSA’s targeting procedure. Analysts have to use the totality of circumstances to figure out whether someone is a non US person located overseas likely to have foreign intelligence value, relying on things like other SIGINT, HUMINT, and (though the opinion redacts this) geolocation information and/or filters to weed out known US IPs. After a facility has been targeted, the analyst is required to do post-task analysis, both to make sure that the selector is the one intended, but also to make sure that no new information identifies the selector as being used by a US person, as well as making sure that the target hasn’t “roamed” into the US. Post-task analysis also ensures that the selector really is providing foreign intelligence information (though in practice, per PCLOB and other sources, this is not closely reviewed).

Of particular importance, Evans dismisses concerns about what happens when a selector gets incorrectly tasked as a foreigner. “That such a determination may later prove to be incorrect because of changes in circumstances or information of which the government was unaware does not render unreasonable either the initial targeting determination or the procedures used to reach it.”

Evans also dismisses the concern that minimization procedures don’t protect the providers’ customers (presumably because they provide four ways US person content may be retained with DIRNSA approval). Relying on the 2008 opinion that states in part…

The government argues that, by its terms, Section 1806(i) applies only to a communication that is unintentionally acquired,” not to a communication that is intentionally acquired under a mistaken belief about the location or non-U.S. person status of the target or the location of the parties to the communication. See Government’s filing of August 28, 2008. The Court finds this analysis of Section 1806(i) persuasive, and on this basis concludes that Section 1806(i) does not require the destruction of the types of communications that are addressed by the special retention provisions.”

Evans then quotes McClaughlin judging that minimization procedures “constitute a safeguard against improper use of information about U.S. persons that is inadvertently or incidentally acquired.” In other words, he cites an opinion that permits the government to treat stuff that is initially targeted, even if it is later discovered to be an American’s communication, differently than it does other US person information as proof the minimization procedures are adequate.

The missing 2014 opinion references

As noted above, the provider challenging these Directives asked for both the 2008 opinion (cited liberally throughout the unredacted discussion in the government’s reply) and the 2014 one, which barely appears at all beyond the initial citation.  Given that Collyer reviewed substantial language from both opinions in denying the provider’s request to obtain them, the discussion must go beyond simply noting that the 2014 opinion governs the Directives in question. There must be something in the 2014 opinion, probably the targeting procedures, that gets cited in the vast swaths of redactions.

That’s especially true given that on the first page of Evans’ response claims the Directives address “a critical, ongoing foreign intelligence gap.” So it makes sense that the government would get some new practice approved in that year’s certification process, then serve Directives ostensibly authorized by the new certificate, only to have a provider challenge a new type of request and/or a new kind of provider challenge their first Directives.

One thing stands out in the 2014 opinion that might indicate the closing of a foreign intelligence gap.

Prior to 2014, the NSA could say an entity — say, Al Qaeda — used a facility, meaning they’d suck up any people that used that facility (think how useful it would be to declare a chat room a facility, for example). But (again, prior to 2014) as soon as a US person started “using” that facility — the word use here is squishy as someone talking to the target would not count as “using” it, but as incidental collection — then NSA would have to detask.

The 2014 certifications for the first time changed that.

The first revision to the NSA Targeting Procedures concerns who will be regarded as a “target” of acquisition or a “user” of a tasked facility for purposes of those procedures. As a general rule, and without exception under the NSA targeting procedures now in effect, any user of a tasked facility is regarded as a person targeted for acquisition. This approach has sometimes resulted in NSA’ s becoming obligated to detask a selector when it learns that [redacted]

The relevant revision would permit continued acquisition for such a facility.

[snip]

For purposes of electronic surveillance conducted under 50 U.S.C. §§ 1804-1805, the “target” of the surveillance ‘”is the individual or entity … about whom or from whom information is sought.”‘ In re Sealed Case, 310 F.3d 717, 740 (FISA Ct. Rev. 2002) (quoting H.R. Rep. 95-1283, at 73 (1978)). As the FISC has previously observed, “[t]here is no reason to think that a different meaning should apply” under Section 702. September 4, 2008 Memorandum Opinion at 18 n.16. It is evident that the Section 702 collection on a particular facility does not seek information from or about [redacted].

In other words, for the first time in 2014, the FISC bought off on letting the NSA target “facilities” that were used by a target as well as possibly innocent Americans, based on the assumption that the NSA would weed out the Americans in the post-tasking process, and anyway, Hogan figured, the NSA was unlikely to read that US person data because that’s not what they were interested in anyway.

Mind you, in his opinion approving the practice, Hogan included a bunch of mostly redacted language pretending to narrow the application of this language.

This amended provision might be read literally to apply where [redacted]

But those circumstances fall outside the accepted rationale for this amendment. The provision should be understood to apply only where [redacted]

But Hogan appears to be policing this limiting language by relying on the “rationale” of the approval, not any legal distinction.

The description of this change to tasking also appears in a 3.5 page discussion as the first item in the tasking discussion in the government’s 2014 application, which Collyer would attach to her opinion.

Collyer’s opinion

Collyer’s opinion includes more of the provider’s arguments than the Reply did. It describes the Directives as involving “surveillance conducted on the servers of a U.S.-based provider” in which “the communications of U.S. person will be collected as part of such surveillance.” (29) It says [in Collyer’s words] that the provider “believes that the government will unreasonably intrude on the privacy interests of United States persons and persons in the United States [redacted] because the government will regularly acquire, store, and use their private communications and related information without a foreign intelligence or law enforcement justification.” (32-3) It notes that the provider argued there would be “a heightened risk of error” in tasking its customers. (12) The provider argued something about the targeting and minimization procedures “render[ed] the directives invalid as applied to its service.” (16) The provider also raised concerns that because the NSA “minimization procedures [] do not require the government to immediately delete such information[, they] do not adequately protect United States person.” (26)

All of which suggests the provider believed that significant US person data would be collected off their servers without any requirement the US person data get deleted right away. And something about this provider’s customers put them at heightened risk of such collection, beyond (for example) regular upstream surveillance, which was already public by the time of this challenge.

Collyer, too, says a few interesting things about the proposed surveillance. For example, she refers to a selector as an “electronic communications account” as distinct from an email — a rare public admission from the FISC that 702 targets things beyond just emails. And she treats these Directives as an “expansion of 702 acquisitions” to some new provider or technology. Finally, Collyer explains that “the 2014 Directives are identical, except for each directive referencing the particular certification under which the directive is issued.” This means that the provider received more than one Directive, and they fall under more than one certificate, which means that the collection is being used for more than one kind of use (counterterrorism, counterproliferation, and foreign government plus cyber). So the provider is used by some combination of terrorists, proliferators, spies, or hackers.

Ultimately, though, Collyer rejected the challenge, finding the targeting and minimization procedures to be adequate protection of the US person data collected via this new approach.

Now, it is not certain that all this relied on the new targeting procedure. Little in Collyer’s language reflects passing familiarity with that new provision. Indeed, at one point she described the risk to US persons to involve “the government may mistakenly task the wrong account,” which suggests a more individualized impact.

Except that after her almost five pages entirely redacted of discussion of the provider’s claim that the targeting procedures are insufficient, Collyer argues that such issues don’t arise that frequently, and even if they do, they’d be dealt with in post-targeting analysis.

The Court is not convinced that [redacted] under any of the above-described circumstances occurs frequently, or even on a regular basis. Assuming arguendo that such scenarios will nonetheless occur with regard to selectors tasked under the 2014 Directives, the targeting procedures address each of the scenarios by requiring NSA to conduct post-targeting analysis [redacted]

Similarly, Collyer dismissed the likelihood that Americans’ data would be tasked that often.

[O]ne would not expect a large number of communications acquired under such circumstances to involve United States person [citation to a redacted footnote omitted]. Moreover, a substantial proportion of the United States person communications acquired under such circumstances are likely to be of foreign intelligence value.

As she did in her recent shitty opinion, Collyer appears to have made these determinations without requiring NSA to provide real numbers on past frequency or likely future frequency.

However often such collection had happened in the past (which she didn’t ask the NSA to explain) or would happen as this new provider started responding to Directives, this language does sound like it might implicate the new case of a selector that might be used both by legitimate foreign intelligence targets and by innocent Americans.

Does the government use 702 collection to obtain VPN traffic?

As I noted, it seems likely, though not certain, that the new collection exploited the new permission to keep tasking a selector even if US persons were using it, in addition to the actual foreigners targeted. I’m still trying to puzzle this through, but I’m wondering if the provider was a VPN provider, being asked to hand over data as it passed through the VPN server. (I think the application approved in 2014 would implicate Tor traffic as well, but I can’t see how a Tor provider would challenge the Directives, unless it was Nick Merrill again; in any case, there’d be no discussion of an “account” with Tor in the way Collyer uses it).

What does this mean for upstream surveillance

In any case, whether my guesstimates about what this is are correct, the description of the 2014 change and the discussion about the challenge would seem to raise very important questions given Collyer’s recent decision to expand the searching of upstream collection. While the description of collection from a provider’s server is not upstream, it would seem to raise the same problems, the collection of a great deal of associated US person collection that could later be brought up in a search. There’s no hint in any of the public opinions that such problems were considered.

When NSA Talks about Unintended Consequences, You Need to Ask a Follow-Up Question

In yesterday’s hearing on Section 702 reauthorization, Dianne Feinstein asked all DOJ, FBI, and NSA whether they opposed a statutory prohibition on “about” searches.

DOJ’s Stuart Evans falsely claimed that the FISC has found “about” collection to be legal; that’s not true given the assumption — which has proven out in practice — that NSA would do back door searches on the resulting domestic communications that result. Indeed, both judges who considered whether collecting and searching MCTs including domestic communications was constitutional, John Bates and Rosemary Collyer, called it a Fourth Amendment problem.

But I’m more interested in NSA Deputy General Counsel for Operations Paul Morris’ answer.

Morris: NSA opposes a statutory change at this point because that would box us in and possibly have unintended consequences.

Feinstein: Are you saying you would oppose this?

Morris: Oppose, right, we don’t think it would be a good idea at this time.

Feinstein: Huh. Thank you. That answers my question.

When the NSA complains preemptively about being “boxed in” to prevent a practice the FISC has found constitutionally problematic, it ought to elicit a follow-up question. Why doesn’t the NSA want to be prohibited from an activity that is constitutionally suspect?

More importantly, especially given that “abouts” collection is currently not defined in a way that has any technical meaning, Feinstein should have followed up to ask about what “unintended consequences” Morris worried about. Morris’ comment leads me to believe my suspicion — that the NSA continues to do things that have the same effect as “abouts” collection, even if they don’t reach into the “content” of emails that are only a subset of the kinds of things that get collected using upstream collection — is correct. It seems likely that Morris wants to protect collection that would violate any meaningful technical description of “abouts.”

Which suggests the heralded “end” to “abouts” collection is no such thing, it’s just the termination of one kind of collection that sniffs into content layers of packets.


Links to all posts on yesterday’s 702 hearing:

NSA talks about unintended consequences … no one asks what they might be

NSA argues waiting 4 years before dealing with systematic violations is not a lack of candor

FBI’s can only obtain raw feeds on selectors “relevant to” a full investigation

Everyone claims an FBI violation authorized by MOU aren’t willful 

Even amicus fans neglect to mention Rosemary Collyer violated USAF in not considering one

 

The [Publicly] Unanswered John Bates Question about How You Define an Active User of a Targeted Facility

In this post, I showed how sometime in fall 2010, the government tried to get the FISA Court to let it use Section 702 to spy on Americans. Specifically, it defined one of the terms used in its application (presumably its targeting certification) “to include US persons,” which Bates took to understand as a request to undertake the “intentional acquisition of communications of US persons reasonably believed to be located outside the United States.”

In addition to the big dump of 702 related documents released last week, Charlie Savage liberated some of the documents pertaining to upstream surveillance from 2011. One of the documents included a set of questions John Bates asked on November 7, in advance of approving the new minimization procedures. And one of the questions is one I asked — and for the same reason — in my post on Rosemary Collyer’s recent upstream opinion: how you define an “active user.”

The Court’s Memorandum defined “active user” to be “the individual using the electronic communications account/address/identifier to interact with his/her Internet service provider.” See Oct. 3, 2011 Memorandum Opinion at 35 n. 34 (emphasis added). However, the amended minimization procedures state that NSA will identify and segregate through technical means MCTs where “the active user of the transaction (i.e., the electronic communications account/address/identifier used to send or receive the Internet transaction to or from a service provider) is reasonably believed to be located in the United States; or the location of the active user is unknown.” See Section 3(b)(5)(a). Please confirm that NSA’s “technical means” for identification and segregation will focus on the location of the individual using the account.

Taken in the wake of the government’s 2010 effort to target a group that includes Americans, the importance of the answer is obvious. If, for example, the active user of a selector is the targeted group rather than a specific individual, then the Americans that are part of that targeted group would also have their communications collected and those communications wouldn’t get segregated as a result. For example, if the NSA were targeting the encryption keys that ISIS uses, and an American were also using that key to talk to other Americans, that communication would be collected but not segregated. So Bates, a year after backing the government down off its effort to use 702 to spy on Americans only to find that the government had been collecting on Americans for 4 years, seemed to be trying to make sure that the government didn’t achieve the same goal via different means.

Except, nowhere in the public record, did he explicitly force the government to integrate this focus on individual users into the minimization procedures. In his November 30, 2011 opinion approving the new MCT scheme, he cited of the requirement that MCTs including the communications of possible US persons get segregated, he added “the [user of]” to the language he cited from the minimization procedures.

Under the amended NSA minimization procedures, NSA must segregate and restrict access to certain portions of its upstream collection following acquisition.3 Section 3(b)(5)(a) requires NSA to

take reasonable steps post-acquisition to identify and segregate through technical means Internet transactions that cannot be reasonably identified as containing single, discrete communications where: the active user of the transaction (i.e., the [user of] the electronic communications account/address/identifier used to send or receive the Internet transaction to or from a service provider) is reasonably believed to be located in the United States; or the location of the active user is unknown.

But he didn’t specify that that user had to be an individual. In the same passage, he cited what are probably the responses to his November 7 questions, without citing the language used to respond to him.

Then, in restating the requirement to segregate such communications, Bates cited to his earlier opinion, but not the page he cited in his question invoking “individual” users.

Unlike the measures previously proposed by the government for MCTs, the new procedures require NSA, following acquisition, to identify and segregate the two categories of Internet transactions that are most likely to contain discrete wholly domestic communications and non-target communications to or from United States persons or persons located in the United States: (1) those as to which the “active user” is located inside the United States; and (2) those as to which the location of the active user is unknown. See Amended NSA Minimization Procedures at 4 (§ 3(b)(5)(a)); see also Oct. 3 Opinion at 37-41.

And neither the September 2012 opinion authorizing the next year’s certificates and clearing the government of ongoing violation of 1809(a)(2) doesn’t appear to mention active users.

I raised this issue with respect to Collyer’s opinion because, if the government can treat a group as a target and the group’s communication methods as a facility, then upstream surveillance will still collect entirely domestic communications that will newly be available via back door search (though in reality, NSA never fully implemented the scheme laid out in the 2011 opinion). Yet nowhere is this made clear.

In 2010, the Government Tried to Use Section 702 against US Persons

I’m working my way through the FISA related documents released last week. And I wanted to point out something that happened around October 2010: the NSA tried to turn 702 into a domestic surveillance program.

First, some background. Before 2011, it appears the government got 702 certificates approved every six months. Also, because the initial certificates were approved a month apart (in part because the initial PAA certificates were also approved a month apart for some really interesting reasons), the government submitted two sets of documents. That’s what explains the nearly identical pairs of documents released last week (Documents 11 and 5 approve 2009 certs, and Documents 4 and 2 approve 2010 certs).

Sometime in late summer to fall 2010, the government submitted a pretty dramatically altered request (see Document 16). [Update: This targeting certificate from 2010 was submitted on July 16, though that feels like odd timing and none of the targets are described as including US persons.]

As part of that, the government defined one of the targets to include US persons (albeit ones apparently located overseas).

Moreover, the government has defined the term [redacted] to include US persons, which raises the question whether permitting the intentional acquisition of communications of US persons reasonably believed to be located outside the United States is consistent with the requirements of 50 U. S.C. § 1881 a(b)(3).

In addition, the government requested to keep and disseminate any US person or domestic data it found “to the extent reasonably necessary to counter any imminent threat to human life or the national security that is related to the target.”

Another significant change to the minimization procedures relates to the provisions that allow NSA to retain, process, and disseminate any communication acquired while a target of 702 collection was inside the United States or after a target has been determined to be a United States person, “to the extent reasonably necessary to counter any imminent threat to human life or the national security that is related to the target, including obtaining authorization against the target pursuant to another section of the Act.” NSA Minimization Procedures at 7-10.

Whereas later minimization procedures have language about protecting imminent threats (defined broadly to include property), this request included vague “threat to national security” language.

Finally, John Bates implied that the submission implicated some prior court decision(s), including one by the FISCR.

Remarkably, these prior decisions (as well as the name of the target that includes US persons) were redacted with the b(7)E law enforcement technique exemption, not the b(1) or b(3) that covers most of the other redactions in these memos. I can’t recall any other b(7)E redaction in all the FISA orders I’ve read.

Also note, that in 2010, there were only two known FISCR opinions, the one tearing down the wall in 2002, and the one authorizing PRISM in 2008; this may be an as yet unidentified FISCR opinion.

By all appearances, in fall of 2010, the government tried to get approval to use 702 against US persons.

In response to this request, Bates basically said, “submit a legal justification.”

To date, the government has not provided the Court with an adequate legal basis upon which to undertake this review and make the required findings. Therefore, and in accordance with Rule 10(a)(ii) of the Foreign Intelligence Surveillance Court Rules of Procedure, the Court hereby ORDERS the government to file a written memorandum of law that addresses the legal issues identified in this Briefing Order and any others that have not previously been presented to the Court.

Document 4 and Document 2 reveal that the government submitted that memorandum. But after the court saw it and discussed it, the government basically said, “um, nevermind”

The government timely filed its Memorandum of Law on [redacted] 2010.

The Court then discussed the issues presented with representatives of the government on [redacted] 2010, at which time the Court identified certain concerns regarding the government’s submissions. On [redacted], 2010, the Attorney General and the DNI executed two amendments regarding the [redacted] Submission, which were filed with the Court as part of the [redacted] Submission. These amendments have the effect of reverting to the use of targeting and minimization procedures previously approved by the Court in the context of prior certifications.

Just to make sure the government got the message, Bates emphasized that his 2010 approvals were limited to non-US persons outside of the US.

Like the acquisitions approved by the Court in all of the Prior 702 Dockets, acquisitions under are limited to “the targeting of non-United States persons reasonably believed to be located outside the United States.”

This all had to have happened after July 2010 (because the approvals cite Bates July 2010 opinion restarting the PRTT dragnet). But the approvals almost certainly happened in November, because the government submitted its reauthorization applications on April 20 and 22 the following year and they were still doing reauthorizations every six months with applications submitted a month in advance.

So in 2010, the government asked to use 702 to spy on Americans, Bates called them on it, and they backed down.

Sort of. On May 2, the government confessed for the first time that it had been collecting US person data all along.

Privacy Community Lets Dan Coats Off Easy in Letter Accusing Him of Reneging on His Promise

This post may make me some enemies in DC.

But the privacy community appears to be missing some critical points in this letter accusing Dan Coats of reneging on his promise to provide an estimate of how many Americans have been sucked up in Section 702 surveillance. The letter rehearses what it claims is the history of NSA counting or not counting how many Americans get collected under Section 702, going back to 2011.

This debate began in 2011 when Senator Wyden first asked Director Clapper to provide an estimate.2 In 2012, the Inspector General of the Intelligence Community claimed that such an estimate would not be possible because the process of establishing the estimate would violate the privacy of U.S. persons, and require too many resources.3

Yet in the same letter, it claims that NSA managed to do a count of Americans implicated in upstream surveillance in 2011.

First, the NSA previously undertook an effort to provide the Foreign Intelligence Surveillance Court (FISC) with a similar estimate, and “there is no evidence that this undertaking impeded any NSA operations.”5 There, in order to address the FISC’s concerns about the number of wholly domestic communications that were being collected under Section 702, the NSA “conducted a manual review of a random sample consisting of 50,440 Internet transactions taken from the more than 13.25 million Internet transactions acquired through the NSA’s upstream collection during a six month period.”6

It is absolutely true that NSA “undertook an effort” to provide the number of Americans implicated in upstream surveillance. But it was not “a similar estimate.” On the contrary, NSA only obtained an estimate of entirely domestic communications collected as part of multiple communication transactions, MCTs. It did not — not even after Bates asked — come up with an estimate of how many entirely domestic communications NSA collected via upstream collection as single communication transactions, much less an estimate of all the Americans collected.

Here’s how John Bates described it in the opinion cited in footnote 6.

NSA’s manual review focused on examining the MCTs acquired through NSA’s upstream collection in order to assess whether any contained wholly domestic communications. Sept. 7, 2011 Hearing Tr. at 13-14. As a result, once NSA determined that a transaction contained a single, discrete communication, no further analysis of that transaction was done. See August 16 Submission at 3. After the Court expressed concern that this category of transactions might also contain wholly domestic communications, NSA conducted a further review. See Sept. 9 Submission at 4. NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13.25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Now, ODNI might raise this detail and say that the 2011 review was not as intensive as the one the privacy community wants to conduct. They’d be right, not least because the upstream review should be easier to conduct than the PRISM review, even though there should be less upstream collection under the new rules (under 702, anyway — much of it would have just gone to EO 12333 collection).

But the other critical point is that, having done the sampling, NSA wasn’t even willing to give Bates the information he requested t0 explain the scope of illegal collection under Section 702.

NSA’s refusal to count all the entirely domestic communications collected in their own right is particularly important given another point that would be worth mentioning here.

It’s not so much that this debate started when Ron Wyden made his request. Rather, Ron Wyden, with Mark Udall, made a written request for such a count on the very same day, July 14, 2011, that DOJ obtained an extension to conduct the count for John Bates.

In April 2011, Wyden and Mark Udall asked for the number.

In April of 2011, our former colleague, Senator Mark Udall, and I then asked the Director of National Intelligence, James Clapper, for an estimate.

According to Clapper’s response, they sent a written letter with the request on July 14, 2011. The timing of this request is critically important because it means Wyden and Udall made the request during the period when NSA and FISA Judge John Bates were discussing the upstream violations (see this post for a timeline). As part of that long discussion Bates had NSA do analysis of how often it collected US person communications that were completely unrelated to a targeted one (MCTs). Once Bates understood the scope of the problem, he asked how many US person communications it collected that were a positive hit on the target that were the only communication collected (SCTs).

But the timing demands even closer scrutiny. On July 8, John Bates went to DOJ to express “serious concerns” — basically, warning them he might not be able to reauthorize upstream surveillance. On July 14 — the same day Wyden and Udall asked Clapper for this information — DOJ asked Bates for another extension to respond to his questions, promising more information. Clapper blew off Wyden and Udall’s request in what must be record time — on July 26. On August 16, DOJ provided their promised additional information to Bates. That ended up being a count of how many Americans were affected in MCTs.

So this debate started when Wyden, simultaneously with the FISC, asked for numbers on how many Americans were affected. But the NSA proceeded to do a count that was only partially responsive to Bates’ concerns and barely responsive to Wyden’s.

NSA did a count in 2011. But even though they had requests for a number from both other co-equal branches of government, they refused to do a responsive count, even as they were already committing the resources to doing the count.

The claim about resources made in 2011 rings hollow, because the resources were expended but the scope was narrowly drawn.

Which brings me to the last critical point here: the most likely motive for drawing the scope so narrowly even as both other co-equal branches of government were requesting the number.

In July 2010, John Bates wrote another opinion. On its face, it addressed the NSA’s collection of prohibited categories under the PR/TT Internet dragnet. But in reality, that collection was just upstream collection with some filtering to try to get down to the part of the packets that constituted metadata under rules set in 2004. Effectively, then, it was also an opinion about the deliberate collection of domestic content via upstream collection. And in that opinion, he weighed the government’s request to let it keep data it had collected that might contain entirely domestic content. Ultimately, Bates said that if the government knew it had obtained domestic content, it had to delete the data, but if it didn’t know, it could keep it.

When it is not known, and there is no reason to know, that a piece of information was acquired through electronic surveillance that was not authorized by the Court’s prior orders, the information is not subject to the criminal prohibition in Section 1809(a)(2). Of course, government officials may not avoid the strictures of Section 1809(a)(2) by cultivating a state of deliberate ignorance when reasonable inquiry would likely establish that information was indeed obtained through unauthorized electronic surveillance.

[snip]

In light of the government’s assertions of need, and in heavy reliance on the assurances of the responsible officials, the Court is prepared — albeit reluctantly — to grant the government’s request with respect to information that is not subject to Section 18099a)(2)’s prohibition. Hence, the government may access, use, and disseminate such information subject to the restrictions and procedures described above that will apply to future collection.

From that point forward, it was a precedent in the FISC that the government could obtain entirely domestic communications, provided that they didn’t know they were collecting it. But they couldn’t cultivate deliberate ignorance of what they were doing. (They still violated the precedent, but quickly destroyed all the data before they got caught in 2011.)

If the NSA knows they’re intentionally collecting entirely domestic communications, it is illegal. If the NSA doesn’t know they’re intentionally collecting entirely domestic collections, it’s not illegal.

You can see how, even with Bates’ stern warning not to deliberately cultivate ignorance, this provided a huge incentive to deliberately cultivate ignorance.

Of course, Dan Coats performed just that deliberate ignorance the other day, when Wyden made it clear Coats had signed the reauthorization certification for 702 even though the accompanying memo made it clear that the NSA would still be collection entirely domestic communications. Coats claimed they wouldn’t collect Americans’ communications even in spite of the fact that the memo accompanying his certification said it would do just that.

This is a concept the privacy community really needs to learn, quickly. Because Ron Wyden is laying all the ground work to make it clear that this is about deliberate ignorance, of just the sort that Bates said was improper, not actually a concern about resources.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

This post took a great deal of time, both in this go-around, and over the years to read all of these opinions carefully. Please consider donating to support this work. 

It often surprises people when I tell them this, but in general, I’ve got a much better opinion of the FISA Court than most other civil libertarians. I do so because I’ve actually read the opinions. And while there are some real stinkers in the bunch, I recognize that the court has long been a source of some control over the executive branch, at times even applying more stringent standards than criminal courts.

But Rosemary Collyer’s April 26, 2017 opinion approving new Section 702 certificates undermines all the trust and regard I have for the FISA Court. It embodies everything that can go wrong with the court — which is all the more inexcusable given efforts to improve the court’s transparency and process since the Snowden leaks. I don’t think she understood what she was ruling on. And when faced with evidence of years of abuse (and the government’s attempt to hide it), she did little to rein in or even ensure accountability for those abuses.

This post is divided into three sections:

  • My analysis of the aspects of the opinion that deal with the upstream surveillance
    • Describing upstream searches
    • Refusing to count the impact
    • Treating the problem as exclusively about MCTs, not SCTs
    • Defining key terms
    • Failing to appoint (much less consider) appointing an amicus
    • Approving back door upstream searches
    • Imposing no consequences
  • A description of all the documents I Con the Record released — and more importantly, the more important ones it did not release (if you’re in the mood for weeds, start there)
  • A timeline showing how NSA tried to hide these violations from FISC

Opinion

The Collyer opinion deals with a range of issues: an expansion of data sharing with the National Counterterrorism Center, the resolution of past abuses, and the rote approval of 702 certificates for form and content.

But the big news from the opinion is that the NSA discovered it had been violating the terms of upstream FISA collection set in 2011 (after violating the terms of upstream FISA set in 2007-2008, terms which were set after Stellar Wind violated FISA since 2002). After five months of trying and failing to find an adequate solution to fix the problem, NSA proposed and Collyer approved new rules for upstream collection. The collection conducted under FISA Section 702 is narrower than it had been because NSA can no longer do “about” searches (which are basically searching for some signature in the “content” of a communication). But it is broader — and still potentially problematic — because NSA now has permission to do the back door searches of upstream collected data that they had, in reality, been doing all along.

My analysis here will focus on the issue of upstream collection, because that is what matters going forward, though I will note problems with the opinion addressing other topics to the extent they support my larger point.

Describing upstream searches

Upstream collection under Section 702 is the collection of communications identified by packet sniffing for a selector at telecommunication switches. As an example, if the NSA wants to collect the communications of someone who doesn’t use Google or Yahoo, they will search for the email address as it passes across circuits the government has access to (overseas, under EO 12333) or that a US telecommunications company runs (domestically, under 702; note many of the data centers at which this occurs have recently changed hands). Stellar Wind — the illegal warrantless wiretap program done under Bush — was upstream surveillance. The period in 2007 when the government tried to replace Stellar Wind under traditional FISA was upstream surveillance. And the Protect America Act and FISA Amendments Act have always included upstream surveillance as part of the mix, even as they moved more (roughly 90% according to a 2011 estimate) of the collection to US-based providers.

The thing is, there’s no reason to believe NSA has ever fully explained how upstream surveillance works to the FISC, not even in this most recent go-around (and it’s now clear that they always lied about how they were using and processing a form of upstream collection to get Internet metadata from 2004 to 2011). Perhaps ironically, the most detailed discussions of the technology behind it likely occurred in 2004 and 2010 in advance of opinions authorizing collection of metadata, not content, but NSA was definitely not fully forthcoming in those discussions about how it processed upstream data.

In 2011, the NSA explained (for the first time), that it was not just collecting communications by searching for a selector in metadata, but it was also collecting communications that included a selector as content. One reason they might do this is to obtain forwarded emails involving a target, but there are clearly other reasons. As a result of looking for selectors as content, NSA got a lot of entirely domestic communications, both in what NSA called multiple communication transactions (“MCTs,” basically emails and other things sent in bundles) and in single communication transactions (SCTs) that NSA didn’t identify as domestic, perhaps because they used Tor or a VPN or were routed overseas for some other reason. The presiding judge in 2011, John Bates, ruled that the bundled stuff violated the Fourth Amendment and imposed new protections — including the requirement NSA segregate that data — for some of the MCTs. Bizarrely, he did not rule the domestic SCTs problematic, on the logic that those entirely domestic communications might have foreign intelligence value.

In the same order, John Bates for the first time let CIA and NSA do something FBI had already been doing: taking US person selectors (like an email address) and searching through already collected content to see what communications they were involved in (this was partly a response to the 2009 Nidal Hasan attack, which FBI didn’t prevent in part because they were never able to pull up all of Hasan’s communications with Anwar al-Awlaki at once). Following Ron Wyden’s lead, these searches on US person content are often called “back door searches” for the way they let the government read Americans’ communications without a warrant. Because of the newly disclosed risk that upstream collection could pick up domestic communications, however, when Bates approved back door searches in 2011, he explicitly prohibited the back door searching of data collected via upstream searches. He prohibited this for all of it — MCTs (many of which were segregated from general repositories) and SCTs (none of which were segregated).

As I’ve noted, as early as 2013, NSA knew it was conducting “many” back door searches of upstream data. The reasons why it was doing so were stupid: in part, because to avoid upstream searches analysts had to exclude upstream repositories from the search query (basically by writing “NOT upstream” in a Boolean query), which also required them realizing they were searching on a US person selector. For whatever reason, though, no one got alarmed by reports this was going on — not NSA’s overseers, not FISC (which reportedly got notices of these searches), and not Congress (which got notices of them in Semiannual reports, which is how I knew they were going on). So the problem continued; I noted that this was a persistent problem back in August, when NSA and DOJ were still hiding the extent of the problems from FISC.

It became clear the problem was far worse than known, however, when NSA started looking into how it dealt with 704 surveillance. Section 704 is the authority the NSA uses to spy on Americans who are overseas. It basically amounts to getting a FISC order to use EO 12333 spying on an American. An IG Report completed in January 2016 generally found 704 surveillance to be a clusterfuck; as part of that, though, the NSA discovered that there were a whole bunch of 704 backdoor searches that weren’t following the rules, in part because they were collecting US person communications for periods outside of the period when the FISC had authorized surveillance (for 705(b) communication, which is the spying on Americans who are simply traveling overseas, this might mean NSA used EO 12333 to collect on an American when they were in the US). Then NSA’s Compliance people (OCO) did some more checking and found still worse problems.

And then the government — the same government that boasted about properly disclosing this to FISC — tried to bury it, basically not even telling FISC about how bad the problem was until days before Collyer was set to approve new certificates in October 2016. Once they did disclose it, Judge Collyer gave NSA first one and then another extension for them to figure out what went wrong. After 5 months of figuring, they were still having problems nailing it down or even finding where the data and searches had occurred. So, finally, facing a choice of ending “about” collection (only under 702 — they can still accomplish the very same thing under EO 12333) or ending searches of upstream data, they chose the former option, which Collyer approved with almost no accountability for all the problems she saw in the process.

Refusing to count the impact

I believe that (at least given what has been made public) Collyer didn’t really understand the issue placed before her. One thing she does is just operate on assumptions about the impact of certain practices. For example, she uses the 2011 number for the volume of total 702 collection accomplished using upstream collection to claim that it is “a small percentage of NSA’s overall collection of Internet communications under Section 702.” That’s likely still true, but she provides no basis for the claim, and it’s possible changes in communication — such as the increased popularity of Twitter — would change the mix significantly.

Similarly, she assumes that MCTs that involve “a non-U.S. person outside the United States” will be “for that reason [] less likely to contain a large volume of information about U.S. person or domestic communications.” She makes a similar assumption (this time in her treatment of the new NCTC raw take) about 702 data being less intrusive than individual orders targeted at someone in the US, “which often involve targets who are United States persons and typically are directed at persons in the United States.” In both of these, she repeats an assumption John Bates made in 2011 when he first approved back door searches using the same logic — that it was okay to provide raw access to this data, collected without a warrant, because it wouldn’t be as impactful as the data collected with an individual order. And the assumption may be true in both cases. But in an age of increasingly global data flows, that remains unproven. Certainly, with ISIS recruiters located in Syria attempting to recruit Americans, that would not be true at all.

Collyer makes the same move when she makes a critical move in the opinion, when she asserts that “NSA’s elimination of ‘abouts’ collection should reduce the number of communications acquired under Section 702 to which a U.S. person or a person in the United States is a party.” Again, that’s probably true, but it is not clear she has investigated all the possible ways Americans will still be sucked up (which she acknowledges will happen).

And she does this even as NSA was providing her unreliable numbers.

The government later reported that it had inadvertently misstated the percentage of NSA’s overall upstream Internet collection during the relevant period that could have been affected by this [misidentification of MCTs] error (the government first reported the percentage as roughly 1.3% when it was roughly 3.7%.

Collyer’s reliance on assumptions rather than real numbers is all the more unforgivable given one of the changes she approved with this order: basically, permitting the the agencies to conduct otherwise impermissible searches to be able to count how many Americans get sucked up under 702.  In other words, she was told, at length, that Congress wants this number (the government’s application even cites the April 22, 2106 letter from members of the House Judiciary Committee asking for such a number). Moreover, she was told that NSA had already started trying to do such counts.

The government has since [that is, sometime between September 26 and April 26] orally notified the Court that, in order to respond to these requests and in reliance on this provision of its minimization procedures, NSA has made some otherwise-noncompliant queries of data acquired under Section 702 by means other than upstream Internet collection.

And yet she doesn’t then demand real numbers herself (again, in 2011, Bates got NSA to do at least a limited count of the impact of the upstream problems).

Treating the problem as exclusively about MCTs, not SCTs

But the bigger problem with Collyer’s discussion is that she treats all of the problem of upstream collection as being about MCTs, not SCTs. This is true in general — the term single communication transaction or SCT doesn’t appear at all in the opinion. But she also, at times, makes claims about MCTs that are more generally true for SCTs. For example, she cites one aspect of NSA’s minimization procedures that applies generally to all upstream collection, but describes it as only applying to MCTs.

A shorter retention period was also put into place, whereby an MCT of any type could not be retained longer than two years after the expiration of the certificate pursuant to which it was acquired, unless applicable criteria were met. And, of greatest relevance to the present discussion, those procedures categorically prohibited NSA analysts from using known U.S.-person identifiers to query the results of upstream Internet collection. (17-18)

Here’s the section of the minimization procedures that imposed the two year retention deadline, which is an entirely different section than that describing the special handling for MCTs.

Similarly, Collyer cites a passage from the 2015 Hogan opinion stating that upstream “is more likely than other forms of section 702 collection to contain information of or concerning United States person with no foreign intelligence value” (see page 17). But that passage cites to a passage of the 2011 Bates opinion that includes SCTs in its discussion, as in this sentence.

In addition to these MCTs, NSA likely acquires tens of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic “about” SCT if it is routed internationally. (33)

Collyer’s failure to address SCTs is problematic because — as I explain here — the bulk of the searches implicating US persons almost certainly searched SCTs, not MCTs. That’s true for two reasons. First, because (at least according to Bates’ 2011 guesstimate) NSA collects (or collected) far more entirely domestic communications via SCTs than via MCTs. Here’s how Bates made that calculation in 2011 (see footnote 32).

NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13.25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Assuming some of this happens because people use VPNs or Tor, then the amount of entirely domestic communications collected via upstream would presumably have increased significantly in the interim period. Indeed, the redaction in this passage likely hides a reference to technologies that obscure location.

If so, it would seem to acknowledge NSA collects entirely domestic communications using upstream that obscure their location.

The other reason the problem is likely worse with SCTs is because — as I noted above — no SCTs were segregated from NSA’s general repositories, whereas some MCTs were supposed to be (and in any case, in 2011 the SCTs constituted by far the bulk of upstream collection).

Now, Collyer’s failure to deal with SCTs may or may not matter for her ultimate analysis that upstream collection without “about” collection solves the problem. Collyer limits the collection of abouts by limiting upstream collection to communications where “the active user is the target of acquisition.” She describes “active user” as “the user of a communication service to or from whom the MCT is in transit when it is acquired (e.g., the user of an e-mail account [half line redacted].” If upstream signatures are limited to emails and texts, that would seem to fix the problem. But upstream wouldn’t necessarily be limited to emails and texts — upstream collection would be particularly valuable for searching on other kinds of selectors, such as an encryption key, and there may be more than one person who would use those other kinds of selectors. And when Collyer says, “NSA may target for acquisition a particular ‘selector,’ which is typically a facility such as a telephone number or e-mail address,” I worry she’s unaware or simply not ensuring that NSA won’t use upstream to search for non-typical signatures that might function as abouts even if they’re not “content.” The problem is treating this as a content/metadata distinction, when “metadata” (however far down in the packet you go) could include stuff that functions like an about selector.

Defining key terms terms

Collyer did define “active user,” however inadequately. But there are a number of other terms that go undefined in this opinion. By far the funniest is when Collyer notes that the government’s March 30 submission promises to sequester upstream data that is stored in “institutionally managed repositories.” In a footnote, she notes they don’t define the term. Then she pretty much drops the issue. This comes in an opinion that shows FBI data has been wandering around in repositories it didn’t belong and indicating that NSA can’t identify where all its 704 data is. Yet she’s told there is some other kind of repository and she doesn’t make a point to figure out what the hell that means.

Later, in a discussion of other violations, Collyer introduces the term “data object,” which she always uses in quotation marks, without explaining what that is.

Failing to appoint (or even consider) amicus

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Approving back door upstream searches

Collyer’s failure to appoint an amicus is most problematic when it comes to her decision to reverse John Bates’ restriction on doing back door searches on upstream data.

To restate what I suggested above, by all appearances, NSA largely blew off the Bates’ restriction. Indeed, Collyer notes in passing that, “In practice, however, no analysts received the requisite training to work with the segregated MCTs.” Given the persistent problems with back door searches on upstream data, it’s hard to believe NSA took that restriction seriously at all (particularly since it refused to consider a technical fix to the requirement to exclude upstream from searches). So Collyer’s approval of back door searches of upstream data is, for all intents and purposes, the sanctioning of behavior that NSA refused to stop, even when told to.

And the way in which she sanctions it is very problematic.

First, in spite of her judgment that ending about searches would fix the problems in (as she described it) MCT collection, she nevertheless laid out a scenario (see page 27) where an MCT would acquire an entirely domestic communication.

Having laid out that there will still be some entirely domestic comms in the collection, Collyer then goes on to say this:

The Court agrees that the removal of “abouts” communications eliminates the types of communications presenting the Court the greatest level of constitutional and statutory concern. As discussed above, the October 3, 2011 Memorandum Opinion (finding the then-proposed NSA Minimization Procedures deficient in their handling of some types of MCTs) noted that MCTs in which the target was the active user, and therefore a party to all of the discrete communications within the MCT, did not present the same statutory and constitutional concerns as other MCTs. The Court is therefore satisfied that queries using U.S.-person identifiers may now be permitted to run against information obtained by the above-described, more limited form of upstream Internet collection, subject to the same restrictions as apply to querying other forms of Section

This is absurd! She has just laid out that there will be some exclusively domestic comms in the collection. Not as much as there was before NSA stopped collecting abouts, but it’ll still be there. So she’s basically permitting domestic communications to be back door searched, which, if they’re found (as she notes), might be kept based on some claim of foreign intelligence value.

And this is where her misunderstanding of the MCT/SCT distinction is her undoing. Bates prohibited back door searching of all upstream data, both that supposedly segregated because it was most likely to have unrelated domestic communications in it, and that not segregated because even the domestic communications would have intelligence value. Bates’ specific concerns about MCTs are irrelevant to his analysis about back door searches, but that’s precisely what Collyer cites to justify her own decision.

She then applies the 2015 opinion, with its input from amicus Amy Jeffress stating that NSA back door searches that excluded upstream collection were constitutional, to claim that back door searches that include upstream collection would meet Fourth Amendment standards.

The revised procedures subject NSA’s use of U.S. person identifiers to query the results of its newly-limited upstream Internet collection to the same limitations and requirements that apply to its use of such identifiers to query information acquired by other forms of Section 702 collection. See NSA Minimization Procedures § 3(b)(5). For that reason, the analysis in the November 6, 2015 Opinion remains valid regarding why NSA’s procedures comport with Fourth Amendment standards of reasonableness with regard to such U.S. person queries, even as applied to queries of upstream Internet collection. (63)

As with her invocation of Bates’ 2011 opinion, she applies analysis that may not fully apply to the question — because it’s not actually clear that the active user restriction really equates newly limited upstream collection to PRISM collection — before her as if it does.

Imposing no consequences

The other area where Collyer’s opinion fails to meet the standards of prior ones is in resolution of the problem. In 2009, when Reggie Walton was dealing with first phone and then Internet dragnet problems, he required the NSA to do complete end-to-end reviews of the programs. In the case of the Internet dragnet, the report was ridiculous (because it failed to identify that the entire program had always been violating category restrictions). He demanded IG reports, which seems to be what led the NSA to finally admit the Internet dragnet program was broken. He shut down production twice, first of foreign call records, from July to September 2009, then of the entire Internet dragnet sometime in fall 2009. Significantly, he required the NSA to track down and withdraw all the reports based on violative production.

In 2010 and 2011, dealing with the Internet dragnet and upstream problems, John Bates similarly required written details (and, as noted, actual volume of the upstream problem). Then, when the NSA wanted to retain the fruits of its violative collection, Bates threatened to find NSA in violation of 50 USC 1809(a) — basically, threatened to declare them to be conducting illegal wiretapping — to make them actually fix their prior violations. Ultimately, NSA destroyed (or said they destroyed) their violative collection and the fruits of it.

Even Thomas Hogan threatened NSA with 50 USC 1809(a) to make them clean up willful flouting of FISC orders.

Not Collyer. She went from issuing stern complaints (John Bates was admittedly also good at this) back in October…

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

… to basically reauthorizing 702 before using the reauthorization process as leverage over NSA.

Of course, NSA still needs to take all reasonable and necessary steps to investigate and close out the compliance incidents described in the October 26, 2016 Notice and subsequent submissions relating to the improper use of U.S.-person identifiers to query terms in NSA upstream data. The Court is approving on a going-foward basis, subject to the above-mentioned requirements, use of U.S.-person identifiers to query the results of a narrower form of Internet upstream collection. That approval, and the reasoning that supports it, by no means suggest that the Court approves or excuses violations that occurred under the prior procedures.

That is particularly troubling given that there is no indication, even six months after NSA first (belatedly) disclosed the back door search problems to FISC, that it had finally gotten ahold of the problem.

As Collyer noted, weeks before it submitted its new application, NSA still didn’t know where all the upstream data lived. “On March 17, 2017, the government reported that NSA was still attempting to identify all systems that store upstream data and all tools used to query such data.” She revealed that  some of the queries of US persons do not interact with “NSA’s query audit system,” meaning they may have escaped notice forever (I’ve had former NSA people tell me even they don’t believe this claim, as seemingly nothing should be this far beyond auditability). Which is presumably why, “The government still had not ascertained the full range of systems that might have been used to conduct improper U.S.-person queries.” There’s the data that might be in repositories that weren’t run by NSA, alluded to above. There’s the fact that on April 7, even after NSA submitted its new plan, it was discovering that someone had mislabeled upstream data as PRISM, allowing it to be queried.

Here’s the thing. There seems to be no way to have that bad an idea of where the data is and what functions access the data and to be able to claim — as Mike Rogers, Dan Coats, and Jeff Sessions apparently did in the certificates submitted in March that didn’t get publicly released — to be able to fulfill the promises they made FISC. How can the NSA promise to destroy upstream data at an accelerated pace if it admits it doesn’t know where it is? How can NSA promise to implement new limits on upstream collection if that data doesn’t get audited?

And Collyer excuses John Bates’ past decision (and, by association, her continued reliance on his logic to approve back door searches) by saying the decision wasn’t so much the problem, but the implementation of it was.

When the Court approved the prior, broader form of upstream collection in 2011, it did so partly in reliance on the government’s assertion that, due to some communications of foreign intelligence interest could only be acquired by such means. $ee October 3, 2011 Memorandum Opinion at 31 & n. 27, 43, 57-58. This Opinion and Order does not question the propriety of acquiring “abouts” communications and MCTs as approved by the Court since 2011, subject to the rigorous safeguards imposed on such acquisitions. The concerns raised in the current matters stem from NSA’s failure to adhere fully to those safeguards.

If problems arise because NSA has failed, over 6 years, to adhere to safeguards imposed because NSA hadn’t adhered to the rules for the 3 years before that, which came after NSA had just blown off the law itself for the 6 years before that, what basis is there to believe they’ll adhere to the safeguards she herself imposed, particularly given that unlike her predecessors in similar moments, she gave up any leverage she had over the agency?

The other thing Collyer does differently from her predecessors is that she lets NSA keep data that arose from violations.

Certain records derived from upstream Internet communications (many of which have been evaluated and found to meet retention standards) will be retained by NSA, even though the underlying raw Internet transactions from which they are derived might be subject to destruction. These records include serialized intelligence reports and evaluated and minimized traffic disseminations, completed transcripts and transcriptions of Internet transactions, [redacted] information used to support Section 702 taskings and FISA applications to this Court, and [redacted].

If “many” of these communications have been found to meet retention standards, it suggests that “some” have not. Meaning they should never have been retained in the first place. Yet Collyer lets an entire stream of reporting — and the Section 702 taskings that arise from that stream of reporting — remain unrecalled. Effectively, even while issuing stern warning after stern warning, by letting NSA keep this stuff, she is letting the agency commit violations for years without any disincentive.

Now, perhaps Collyer is availing herself of the exception offered in Section 301 of the USA Freedom Act, which permits the government to retain illegally obtained material if it is corrected by subsequent minimization procedures.

Exception.–If the Government corrects any deficiency identified by the order of the Court under subparagraph (B), the Court may permit the use or disclosure of information obtained before the date of the correction under such minimization procedures as the Court may approve for purposes of this clause.

Except that she doesn’t cite that provision, nor is there any evidence deficiencies have been corrected.

Which should mean, especially given the way Collyer depends on the prior opinions of Bates and Hogan, she should likewise rely on their practice of treating this as a potential violation of 50 USC 1809(a) to ensure the harm to Americans doesn’t persist. She did no such thing, basically sanctioning the illegal use of back door searches to spy on Americans.

Up until this opinion, I was generally willing to argue for the efficacy of the FISC (even while arguing the job could and should be devolved to district courts for more rigorous testing of the law). But not now. This opinion discredits the entire court.

Last April when Collyer became presiding FISC judge, I pointed to what I considered Rosemary Collyer’s worst FISC decision, which was actually a District Court opinion that permitted the NSA to keep aspects of its upstream problems secret from EFF, which is suing over those same issues. I predicted then that, “I fear she will be a crummy presiding judge, making the FISC worse than it already is.”

In my opinion — as a civil libertarian who has been willing to defend the FISC in the past — with this opinion she has done real damage to any credibility or legitimacy the FISC has.

Update: Latter for former fixed in which choice the Administration picked, h/t CS.

The Documents

Here’s what I Con the Record released.

January 7, 2016 IG Report

This heavily redacted report describes a review of NSA’s compliance with 704/705b of Title VII of FISA, the authority NSA uses to spy on Americans who are located overseas (see my report on the 704 problems here). It was conducted from March through August 2015 and reviewed data from January through March 2015. It basically showed there were no compliance mechanisms in place for 704/705b, and NSA couldn’t even reliably identify the queries that had been conducted under the authority. This report is relevant to the reauthorization, because Americans targeted in individual FISA orders are approved (and almost certainly tasked) by default for 702 back door searches. Though the report was obviously done well before the 702 certifications were submitted on September 26, was not noticed to FISC until days before the court would otherwise have approved the certifications in conjunction with the upstream problems.

September 26, 2016 702 Certification Package 

ICTR released much if not all of the materials submitted for 702 reauthorization on September 2016. The package includes:

Certification cover filing: This is basically the application, which the metadata reveals is actually two parts merged. It describes the changes to the certificates from the past year, most notably a request to share raw 702 data directly from NSA or FBI to NCTC, some tweaks to the FBI targeting and minimization procedures, and permission for NSA, FBI, and CIA to deviate from minimization procedures to develop a count of how many US persons get collected under 702.

The report also describes how the government has fulfilled reporting requirements imposed in 2015. Several of the reports pertain to destroying data it should not have had. The most interesting one is the report on how many criminal queries of 702 data FBI does that result in the retrieval and review of US person data; as I note in this post, the FBI really didn’t (and couldn’t, and can’t, given the oversight regime currently in place) comply with the intent of the reporting requirement.

Very importantly: this application did not include any changes to upstream collection, in large part because NSA did not tell FISC (more specifically, Chief Judge Rosemary Collyer) about the problems they had always had preventing queries of upstream data in its initial application. In NSA’s April statement on ending upstream about collection, it boasts, “Although the incidents were not willful, NSA was required to, and did, report them to both Congress and the FISC.” But that’s a load of horse manure: in fact, NSA and DOJ sat on this information for months. And even with this disclosure, because the government didn’t release the later application that did describe those changes, we don’t actually get to see the government’s description of the problems; we only get to see Collyer’s (I believe mis-) understanding of them.

Procedures and certifications accepted: The September 26 materials also include the targeting and minimization procedures that were accepted in the form in which they were submitted on that date. These include:

Procedures and certificates not accepted: The materials include the documents that the government would have to change before approval on April 26. These include,

Note, I include the latter two items because I believe they would have had to be resubmitted on March 30, 2017 with the updated NSA documents and the opinion makes clear a new DIRNSA affidavit was submitted (see footnote 10), but the release doesn’t give us those. I have mild interest in that, not least because the AG/DNI one would be the first big certification to FISC signed by Jeff Sessions and Dan Coats.

October 26, 2016 Extension

The October 26 extension of 2015’s 702 certificates is interesting primarily for its revelation that the government waited until October 24, 2016 to disclose problems that had been simmering since 2013.

March 30, 2017 Submissions

The release includes two of what I suspect are at least four items submitted on March 30, which are:

April 26, 2017 Opinion

This is the opinion that reauthorized 702, with the now-restricted upstream search component. My comments below largely lay out the problems with it.

April 11, 2017 ACLU Release

I Con the Record also released the FOIAed documents released earlier in April to ACLU, which are on their website in searchable form here. I still have to finish my analysis of that (which includes new details about how the NSA was breaking the law in 2011), but these posts cover some of those files and are relevant to these 702 changes:

Importantly, the ACLU documents as a whole reveal what kinds of US persons are approved for back door searches at NSA (largely, but not exclusively, Americans for whom an individual FISA order has already been approved, importantly including 704 targets, as well as more urgent terrorist targets), and reveal that one reason NSA was able to shut down the PRTT metadata dragnet in 2011 was because John Bates had permitted them to query the metadata from upstream collection.

Not included

Given the point I noted above — that the application submitted on September 26 did not address the problem with upstream surveillance and that we only get to see Collyer’s understanding of it — I wanted to capture the documents that should or do exist that we haven’t seen.

  • October 26, 2016 Preliminary and Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
  • January 3, 2017: Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
  • NSA Compliance Officer (OCO) review covering April through December 2015
  • OCO review covering April though July of 2016
  • IG Review covering first quarter of 2016 (22)
  • January 27, 2017: Letter In re: DNI/AG 702(g) Certifications asking for another extension
  • January 27, 2017: Order extending 2015 certifications (and noting concern with “important safeguards for interests protected by the Fourth Amendment”)
  • March 30, 2017: Amendment to [Certificates]; includes (or is) second explanatory memo, referred to as “March 30, 2017 Memorandum” in Collyer’s opinion; this would include a description of the decision to shut down about searches
  • March 30, 2017 AG/DNI Certification (?)
  • March 30, 2017 DIRNSA Certification
  • April 7, 2017 preliminary notice

Other Relevant Documents

Because they’re important to this analysis and get cited extensively in Collyer’s opinion, I’m including:

Timeline

November 30, 2013: Latest possible date at which upstream search problems identified

October 2014: Semiannual Report shows problems with upstream searches during period from June 1, 2013 – November 30, 2013

October 2014: SIGINT Compliance (SV) begins helping NSD review 704/705b compliance

June 2015: Semiannual Report shows problems with upstream searches during period from December 1, 2013 – May 31, 2014

December 18, 2015: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

January 7, 2016: IG Report on controls over §§704/705b released

January 26, 2016: Discovery of error in upstream collection

March 9, 2016: FBI releases raw data

March 18, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

May and June, 2016: Discovery of querying problem dating back to 2012

May 17, 2016: Opinion relating to improper retention

June 17, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

August 24, 2016: Pre-tasking review update

September 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

September 26, 2016: Submission of certifications

October 4, 2016: Hearing on compliance issues

October 24, 2016: Notice of compliance errors

October 26, 2016: Formal notice, with hearing; FISC extends the 2015 certifications to January 31, 2017

November 5, 2016: Date on which 2015 certificates would have expired without extension

December 15, 2016: James Clapper approves EO 12333 Sharing Procedures

December 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

December 29, 2016: Government plans to deal with indefinite retention of data on FBI systems

January 3, 2017: DOJ provides supplemental report on compliance programs; Loretta Lynch approves new EO 12333 Sharing Procedures

January 27, 2017: DOJ informs FISC they won’t be able to fully clarify before January 31 expiration, ask for extension to May 26; FISC extends to April 28

January 31, 2007: First extension date for 2015 certificates

March 17, 2017:Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA; Probable halt of upstream “about” collection

March 30, 2016: Submission of amended NSA certifications

April 7, 2017: Preliminary notice of more query violations

April 28, 2017: Second extension date for 2015 certificates

May 26, 2017: Requested second extension date for 2015 certificates

June 2, 2017: Deadline for report on outstanding issues

The Upstream “About” Problem Probably Pertains to SCTs, not MCTs

Much of the reporting on the reason NSA is shutting down Section 702 authorized upstream “about” collection has assumed the problem pertains to multiple communication transactions, which is when emails get sent in batches, which can include targeted emails (meaning they include a selector tied to an approved foreign target) as well as untargeted, completely domestic ones. But we know that upstream collection also collects single communication transactions that constituted entirely domestic communications, which would happen if an email from one American to another included the selector (and remember, the selector can be things beyond email and phone numbers; it might include things like encryption keys or dark web forum addresses). Collection of a completely domestic SCT would happen for different technical reasons than an MCT: it would happen whenever an Internet communication between two Americans transited overseas and got caught in filters purportedly focused exclusively on international traffic. Here’s how John Bates described SCTs in his October 3, 2011 opinion on the upstream problems.

In addition to these MCTs, NSA likely acquires tends of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic “about” SCT if it is routed internationally.

And I think the problem at issue probably pertains to the SCTs, not to MCTs.

The NSA statement on the issue says nothing that would suggest this is a problem with MCTs. Indeed, its example of an “about” collection is an SCT — an email that itself contains the designated selector.

An example of an “about” email communication is one that includes the targeted email address in the text or body of the email, even though the email is between two persons who are not themselves targets. The independent Privacy and Civil Liberties Oversight Board described these collection methods in an exhaustive report published in 2014.

More tellingly, Ron Wyden’s statement about the risk of the practice also describes an SCT — an American’s email that got collected because she mentioned the targeted selector.

“This change ends a practice that could result in Americans’ communications being collected without a warrant merely for mentioning a foreign target,”

The government hasn’t liked to talk much about SCTs. It appears to have made no mention of them in the notice to Congress of upstream problems leading up to reauthorization in 2012. And when Bates asked NSA to count SCTs as part of upstream discussions in 2011, it basically refused to do so. Bates came up with his own estimate of 46,000 communications a year (which represented the majority of the domestic communications collected via upstream surveillance). Ron Wyden has been pushing for a real estimate since literally the same period Bates was making his own up.

But basically, the government has been permitted to collect entirely domestic communications of Americans using targeted selectors since 2007, even as Internet usage means more and more completely domestic communications will transit overseas.

And SCTs are the ones most likely to show up in a query of a US person communication.

That’s because, when Bates was trying to sort through these issues in 2011, he viewed SCTs differently than he did MCTs, figuring that an SCT might itself have foreign intelligence value, whereas a completely unrelated email would not.

NSA’s upstream collection also likely results in the acquisition of tens of thousands of wholly SCTs that contain references to targeted selectors. See supra, pages 33-34 & note 33 (discussing the limits [redacted] Although the collection of wholly domestic “about” SCTs is troubling, they do not raise the same minimization-related concerns as discrete, wholly domestic communications that are neither to, from, nor about targeted selectors, or as discrete communications that are neither to, from, nor about targeted selectors, to any target, either of which may be contained within MCTs. The Court has effectively concluded that certain communications containing a reference to a targeted selector are reasonably likely to contain foreign intelligence information, including communications between non-target accounts that contain the name of the targeted facility in the body of the message. See Docket No. 07-449, May 31, 2007 Primary Order at 12 (finding probable cause to believe that certain “about” communications were “themselves being sent and/or received by one of the targeted foreign powers”). Insofar as the discrete, wholly domestic “about” communications at issue here are communications between non-target accounts that contain the name of the targeted facility, the same conclusion applies to them. Accordingly, in the language of FISA’s definition of minimization procedures, the acquisition of wholly domestic communications about targeted selectors will generally be “consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information.” See 50 U.S.C. 1801(h)(1). Nevertheless, the Court understands that in the event NSA identifies a discrete, wholly domestic “about” communication in its databases, the communication will be destroyed upon recognition.

Accordingly, most of the special minimization procedures pertaining to upstream collection — most importantly, that it be segregated in a special database — don’t apply to SCTs.

Importantly, that destroy upon recognition is not absolute: if an analyst sees it and determines a communication has Foreign Intelligence value or is evidence of a crime (or two other things), then it can be retained, with DIRNSA approval. Of course, some kinds of selectors — such as certain dark web addresses and encryption keys — might by themselves be evidence of a crime, meaning a back door search could (hypothetically at least) lead directly to an American being implicated via 702 collection.

There are just two special limits that would protect these completely domestic SCTs: a two year — rather than five year — aging off process. And the rule that appears to have gotten broken: NSA can’t do queries on US persons (that is, back door searches) on upstream collection.

Identifiers of an identifiable U.S. person may not be used as terms to identify and select for analysis any Internet communication acquired through NSA’s upstream collection techniques.

That’s the importance of this post — describing violations involving the use of US person selectors to search upstream communications. It shows how it was possible, in 2013 and 2014, for analysts to “inadvertently” do back door searches on upstream collection. Those violations almost certainly occurred with SCTs, not MCTs, because SCTs would be the ones in general repositories that analysts who weren’t specially trained would access.

We can see in those past violations how a US person search on upstream content might happen. In 2013, analysts would avoid searching on upstream data by formally excluding it as part of their search term (maybe by adding “NOT upstream” to their query). But on “many” occasions, analysts forget to exclude “upstream” in their back door searches on US person identifiers (and none of the unredacted discussion seems to have suggested requiring them to find a better approach to prevent searches on upstream data). Then, in 2014, ODNI and DOJ seemed to think that analysts were doing searches on identifiers they didn’t know were US person identifiers and as a result doing US person searches on upstream data because they hadn’t thought about excluding it (and, in fact, the wording of the minimization procedures permit searches using selectors that are not yet identifiable as US person selectors).

We’ll find out soon enough what the current inadvertent method of searching upstream collected data using US person selectors is. But the point is, under the minimization procedures, MCTs would be segregated from general repositories but SCTs would not be, and so the mistakes are going to be easier to make (and the volume of entirely domestic communications will be greater) with SCTs. To fix the SCT problem you’d either have to move all upstream about content out of general repositories, find a better way to avoid collecting domestic communications that transited internationally, stop doing back door searches, or stop collecting on about. They’re choosing the latter option. (Note, if this were an MCT problem, then you could just delete all about MCTs on intake.)

Here’s the rub though. If the problem with upstream collection arises because so many entirely domestic US person communications now transit internationally, then shutting down upstream collection will not offer much further protection for US persons, because SCTs are — by definition! — communications that the NSA claims were transiting internationally, and so would be readily available under EO 12333 collection. And EO 12333 collection is now easier to share under Obama’s EO 12333 sharing guidelines that were passed even as the debate about what to do about upstream collection was taking place. Those guidelines do prohibit the agencies from using “a query, identifier, or other selection term that is intended to select domestic communications,” but if NSA couldn’t prevent that with the heightened scrutiny that happens under FISA, how are they going to prevent it under EO 12333 analysis?

Now, to be fair, to do a content query of EO 12333 data, you’d need to get Attorney General (Jeff Sessions!) authorization or the head of the agency, the latter of which may be used for two entirely redacted reasons.

Still, if I’m right and the problem is SCTs, then ending upstream collection under Section 702 simply shifts the privacy problems under a new shell.