Posts

The Phone Dragnet Adopted “Selection Term” by 2013

As I laid out last week, I’m not convinced the term “specific selection term” is sufficiently narrowly defined to impose adequate limits to the “reformed” Section 215 (and NSL and PRTT) programs. Here’s how the House defined it:

SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

That said, as I also noted, the motion to amend January’s primary order used the term to refer to the query term, which may suggest my concerns are unfounded.

I’ve looked further, and the amendment’s use of the term was not new in the phone dragnet.

In fact, the phrase used to refer to the query subject changed over the course of the dragnet. The first Primary Order authorized the search on “particular known phone numbers.” That usage continued until 2008, when Primary Order BR 08-08 introduced the term “particular known identifier.” A completely redacted footnote seems to have defined the term (and always has). Significantly, that was the first Primary Order after an August 20, 2008 opinion authorized some “specific intelligence method in the conduct of queries (term “searches”) of telephony metadata or call detail records obtained pursuant to the FISC’s orders under the BR FISA program.” I think it highly likely that opinion authorized the use of correlations between different identifiers believed to be associated with the same person. 

The September 3, 2009 Primary Order — the first one resuming some normality after the problems identified in 2009 — references a description of identifier in a declaration. And the redaction provides hints that the footnote describing the term lists several things that are included (though the footnote appears to be roughly the same size as others describing identifier).

Identifier Footnote

 

The Primary Orders revert back to the same footnote in all the orders that have been released (the government is still withholding 3 known Primary Orders from 2009). And that continued until at least June 22, 2011, the last Primary Order covered by the ACLU and EFF FOIAs.

But then in the first Primary Order after the 2011-2012 break (and all Primary Orders since), the language changes to “selection term,” which like its predecessor has a footnote apparently explaining the term — though the footnote is twice as long. Here’s what it looks like in the April 25, 2013 Primary Order:

Selection Term Footnote

 

The change in language is made not just to the subject of queries. There’s a paragraph in Primary Orders approving the use of individual FISA warrant targets for querying (see this post for an explanation) that reads,

[Identifiers/selection terms] that are currently the subject of electronic surveillance authorized by the Foreign Intelligence Surveillance Court (FISC) based on the FISC’s finding of probable cause to believe that they are used by agents of [redacted] including those used by U.S. persons, may be deemed approved for querying for the period of FISC-authorized electronic surveillance without review and approval by a designated approving official.

The change appears there too. That’s significant because it suggests a use that would be tied to targets about whom much more would be known, and in usages that would be primarily email addresses or other Internet identifiers, rather than just phone-based ones. I think that reflects a broader notion of correlation (and undermines the claim that a selection term is “unique,” as  it would tie the use of an identity authorized for Internet surveillance to a telephone metadata identifier used to query the dragnet).

Finally, the timing. While the big gap in released Primary Orders prevents us from figuring out when the NSA changed from “identifier” to “selection term,” it happened during the same time period when the automated query process was approved.

This may all seem like a really minor nit to pick.

But even after the language was changed to “selection term” on Primary Orders, top intelligence officials continued to use the term “identifier” to describe the process (see the PCLOB hearing on Section 215, for example). The common usage, it seems, remains “identifier,” though there must be some legal reason the NSA and DOJ use “selection term” with the FISC.

It also means there’s some meaning for selection term the FISA Court has already bought off on. It’s a description that takes 15 lines to explain, one the government maintains is still classified.

And we’re building an entire bill off a vague 17-word definition without first learning what that 15-line description entails.

 

Share this entry

Jim Sensenbrenner Seems to Endorse Two Times Two Hops

I’m working on a larger post about a theory I have about the Internet dragnet. But while working on that, I noticed that in 2009 the government admitted that it had used the Internet dragnet, like the phone dragnet, to contact chain on US emails that were connected with suspect emails, but which had not themselves found to be suspicious (or tied to a foreign power).

This practice involved an analyst running  query using as a seed “a U.S.-based e-mail account” thta had been in direct contact with a properly validated seed account, but had not itself been properly validated under the RAS approval process. [redacted] Response at 2-3. When he granted renewed authorization for bulk PR/TT surveillance on [redacted], Judge Walton ordered the government not to resume this practice without proper Court approval. See Docket No. PR/TT [redacted] Primary Order issued [redacted] at 10.

In its response, the government also described an automated means of querying, which it regarded as consistent with the applicable PR/TT orders. This form of querying involved the determination that an e-mail address satisfied the RAS standard, but for the lack of a connection to one of the Foreign Powers (e.g., there were sufficient indicia that the user of the e-mail address was involved in terrorist activities, but the user’s affiliation with a particular group was unknown).

[snip]

In the event that such an e-mail address was in contact with a RAS-approved seed-account on an NSA “Alert List,” that e-mail address would itself be used as a seed for automatic querying, on the theory that the requisite nexus to one of the Foreign Powers had been established.

Up until 2009, the government was blithely extending the chaining process by declaring US person targets new seeds and chaining from there.

I raise this because the NSA has been struggling, unsuccessfully, since 2009  to resume it’s alert function(s). It may be that’s one reason why NSA embraced outsourcing data retention to the telecoms.

And because, in effort to defeat a Zoe Lofgren amendment at least Wednesday’s markup of the Jim Sensenbrenner seemed to endorse this derivative hop process.

Lofgren’s amendment would have added language limiting upstream collection to that which involved the target of the acquisition.

Lofgren. Mr. Chairman, I believe that this amendment fixes a loophole that was created by the FISA court in its November 2011 decision that is now in the public arena. The amendment clarifies that the government can only use selectors to collect information to or from the target of an authorized investigation. Under the current law, as blessed by the FISA court, NSA is using 702 authority to collect communications that are to, from, or even about a foreign intelligence target so long as these communications are believed not to be wholly between U.S. persons. Now, the USA Freedom Act did not address this loophole, and actually the original PATRIOT Act did not either, this is a court-constructed document, but it allows false positives, and intentional use of vague about criteria could be used to lead to massive collection of U.S. persons’ communication. This amendment would prevent that adverse outcome by limiting the selectors to target and collect communications only when one of the parties to that communication is the target of an authorized investigation.

Sensenbrenner’s response was, at first, on point, claiming that the prohibition targeting that has reverse targeting as a purpose of the acquisition at all.

But then he went into this language about Section 215, a totally different part of FISA.

Sensenbrenner: Say there is a section 215 order that is aimed at a target, it goes two hops and on the second hop, there is a U.S. person who is not at the time of the second hop a target of an authorized investigation. What this amendment does is limits adding that person to a target of an authorized investigation and going the two hops from that. Now, a lot of these conspiracies are more than two hops. But I don’t think that if there is a reasonable suspicion that if it goes for more than two hops that we ought to preclude, finding out who those people are talking to in the furtherance of their plot.

In it, he seemed to say that NSA must be able to declare US person selection terms new RAS approved seeds without having enough evidence to declare them a target of an investigation. But in the process, he seemed to envision derivative seeds, the addition of new US person seeds off of existing contact chains.

Which sounds a lot like the old alert process that FISC ruled improper in 2009 (although this would presumably require a new FISC review).

My theory about the dragnet may explain a bit more about why Sensenbrenner seemed to offer such an inapt argument against Lofgren’s memo (and why Lofgren’s warnings that upstream collection can easily become the new dragnet).

But for the moment, note that Sensenbrenner at least seems to envision the 2 hops permitted by his bill could, in turn, become two more hops without any more reasonable basis for suspicion.

Share this entry

NSA Destroyed Its Illegal Content-as-Metadata Data in 2011

The government released a bunch more documents in its several legal battles with EFF today. One of those is the newly-declassified declaration SID Director Theresa Shea submitted back in March about how difficult it would be to retain the phone dragnet data relevant in EFF’s phone dragnet suit, First Unitarian.

There are a number of interesting things in the declaration (including probably outdated claims about NSA’s efforts to roll out a new architecture integrating Section 215 data in with the rest of the dragnets). But I find this revelation quite interesting.

The NSA’s collection of bulk Internet metadata transitioned to FISC authority under section 402 of FISA in July 2004. Until December 2009, these data were subject to the FISC’s orders to a 4.5-year retention limit, after which, pursuant to  a change in the FISC orders, these data could be retained for up to five years. In December 2011, the Government decided not to seek FISC reauthorization of the NSA’s bulk collection of Internet metadata because the program had not met operational expectations. Because the NSA did not intend thereafter to use the Internet metadata it had retained for purposes of producing or disseminating foreign intelligence information, in keeping with the principle underlying the destruction requirements by the FISC, the NSA destroyed the remaining bulk Internet metadata in December 2011.

Poof! Proof of at least 2.5 years (figuring 2007 to October 2009; there should be a gap after that, followed by what I assume is a period of legal but not very useful data) of illegal collection of US person content in the US, gone!

Mind you, I’m glad they’re not sitting on all our Internet content-as-metadata anymore, but I do find it interesting they’ve destroyed the evidence of their crime.

Share this entry

Back Door Searches: One of Two Replacements for the Internet Dragnet?

I said the other day, most of NSA’s Civil Liberties and Privacy Office comment to the Privacy and Civil Liberties Oversight Board on Section 702 was disappointing boilerplate, less descriptive than numerous other statements already in the public record.

In the passage on back door searches I looked at, however, there was one new detail that is very suggestive. It said NSA does more back door searches on metadata than on content under Section 702.

NSA distinguishes between queries of communications content and communications metadata. NSA analysts must provide justification and receive additional approval before a content query using a U.S. person identifier can occur. To date, NSA analysts have queried Section 702 content with U.S. person identifiers less frequently than Section 702 metadata.

Consider what this means. NSA collects content from a selector — say, all the Hotmail communications of ScaryAQAPTerrorist. That content of course includes metadata (setting aside the question of whether this is legally metadata or content for the moment): the emails and IPs of people who were in communication with that scary terrorist.

The NSA is saying that the greater part of their back door searches on US person identifiers — say, searching on the email, “[email protected]” — is just for metadata.

Given the timing, it seems that they’re using back door searches as one of two known replacements for the PRTT Internet dragnet shut down around October 30, 2009, turned on again between July and October 2010, then shut down for good in 2011 (the other being the SPCMA contact chaining of EO 12333 collected data through US person identifiers).

Recall that NSA and CIA first asked for these back door searches in April 2011. That was somewhere between 6 to 9 months after John Bates had permitted NSA to turn the Internet dragnet back on in 2010 under sharply restricted terms. NSA was still implementing their rules for using back door searches in early 2012, just months after NSA had shut down the (domestic) Internet dragnet once and for all.

And then NSA started using 702 collection for a very similar function: to identify whether suspicious identifiers were in contact with known suspicious people.

There are many parts of this practice that are far preferable to the old Internet dragnet.

For starters, it has the benefit of being legal, which the Internet dragnet never was!

Congress and the FISC have authorized NSA to collect this data from the actual service providers targeting on overseas targets. Rather than collecting content-as-metadata from the telecoms — which no matter how hard they tried, NSA couldn’t make both legal and effective — NSA collected the data from Yahoo and Microsoft and Google. Since the data was collected as content, it solves the content-as-metadata problem.

And this approach should limit the number of innocent Americans whose records are implicated. While everyone in contact with ScaryAQAPTerrorist will potentially be identified via a backdoor search, that’s still less intrusive than having every Americans’ contacts collected (though if we can believe the NSA’s public statements, the Internet dragnet always collected on fewer people than the phone dragnet).

That said, the fact that the NSA is presumably using this as a replacement may lead it to task on much broader selectors than they otherwise might have: all of Yemen, perhaps, rather than just certain provinces, which would have largely the same effect as the old Internet dragnet did.

In addition, this seems to reverse the structure of the old dragnet (or rather, replicate some of the problems of the alert system that set off the phone dragnet problems in 2009). It seems an analyst might test a US person identifier — remember, the analyst doesn’t even need reasonable articulable suspicion to do a back door search — against the collected metadata of scary terrorist types, to see if the US person is a baddie. And I bet you a quarter this is automated, so that identifiers that come up in, say, a phone dragnet search are then run against all the baddies to see if they also email at the press of a button. And at that point, you’re just one more internal approval step away from getting the US person content.

In short, this would seem to encourage a kind of wild goose chase, to use Internet metadata of overseas contact to judge whether a particular American is suspicious. These searches have a far lower standard than the phone and Internet dragnets did (as far as we know, neither the original collection nor the back door search ever require an assertion of RAS). And the FISC is far less involved; John Bates has admitted he doesn’t know how or how often NSA is using this.

But it is, as far as we know, legal.

Share this entry

In 2009, DOJ Claimed Its Lawyers Could Not Read Docket Numbers in 2007

Some time ago, I noted that DOJ appears not to have provided the classified report on Section 215 for the Judiciary and Intelligence Committees mandated by the 2006 PATRIOT Act Reauthorization to Congress in 2009 to 2011. Instead of being sent to the Chairs of the Committees, the reports for those years were simply “filed.”

DOJ continued to provide Congress the unclassified FISA report, which included much of the same information about the numbers of Section 215 orders approved and modified.

But those reports would not have included two critical details: the fact that the sharply increasing number of modifications pertained to the FISC’s imposition of minimization procedures, suggesting collection in some bulk.

And the number of sensitive Section 215 orders issued under the following categories.

(A) Library circulation records, library patron lists, book sales records, or book customer lists.

(B) Firearms sales records.

(C) Tax return records.

(D) Educational records.

(E) Medical records containing information that would identify a person.

So for the years 2008 to 2010, even two of four designated oversight committees did not learn these details (the Intelligence Committees are required to get details on every request, but who knows if that requirement was met?).

In that post, I also noted a problem with 2007’s numbers, as well, a problem DOJ readily admitted in the unclassified report issued in 2009 (supposedly covering 2008).

In its 2008 report, the Department reported to Congress that during Calendar year 2007, the Govermnent made-six applications to the FISC for access to certain business records (including the production of tangible things) for foreign intelligence purposes. Further review of the Government’s records subsequently revealed that the Government had made seventeen applications to the FISC for access to certain business records. The FISC did not deny, in whole or in part, any such application filed by the Government during calendar year 2007.

“Further review revealed.”

Bullshit.

I’m just now realizing how utterly unbelievable this is.

You see, the way the docket works, each new request has its own docket number, so to count the requests you need only count the dockets.

The last docket in the phone dragnet is BR 07-16, issued October 18, 2007 (meaning there was just one more business record docket that year). There is no conceivable way DOJ could not very simply have come up with the correct number for both reports to Congress by looking at the final docket number, which should have been 17. Which means Congress may never have gotten the proper classified detail on those additional 11 requests.

DOJ hid — purposely, necessarily, based on the way the dockets work — the details on sensitive requests to Congress in 2007. Then they appear to have hid the sensitive requests for the following three years. Given that John Bates is copied on the first request thereafter, it appears he may have made them finally fulfill the letter of the law.

They clearly were hiding something about their other Section 215 requests, for four full years.

Share this entry

Newly-Released Dragnet Order Suggests Spike in 215 Orders May Include Financial Records

I Con the Record reissued less classified versions of two Section 215 orders: the March 2, 2009 one that sharply restricted the phone dragnet without much new declassified, and the June 22, 2009 one that dealt, in part, with FBI and CIA access to the data in both the Internet and phone dragnet, showing both those parts unclassified in the same order (previously the government had released two separate versions — phone, Internet — with different things declassified).

The only new document was a November 23, 2010 order, modeled closely on a December 12, 2008 one. The earlier one had judged that the Stored Communication Act’s limits on collection did not preclude the use of Section 215 to collect phone records. This one judged that the Right to Financial Privacy Act did not preclude the use of Section 215 to collect financial records. Both opinions basically find that because those laws permit the use of National Security Letters to obtain such records without judicial review, clearly it’s okay to obtain the same records with judicial review under Section 215.

Of course, we know that in the phone context — and so presumably also in the financial records context — the use of Section 215 also entailed bulk, potentially comprehensive collection. While some bulk collection occurred under NSLs, especially for phone records (we know that because that’s the only category of NSL that doesn’t get accounted individually in public records), and while we assume bulk collection occurred under Bush’s illegal program via other means, moving a new kind of record under Section 215 may represent the institutionalization of bulk collections of another type of document.

Aside from revealing that this order pertained to financial records, we don’t know much about the underlying order. The order says the records were provided to the FBI (though WSJ and NYT reported CIA used Section 215 to get money order records). It uses “financial records” in scare quotes, so it is possible it is something beyond just bank records. And the fact that it was stamped by John Bates (then the presiding judge) suggests it may have been regarded as rather significant.

All that said, this opinion doesn’t necessarily mark November 2010 as the date the government started using Section 215 to collect (presumably bulk) financial records. After all, the government collected phone records for over 2 years before answering the seemingly obvious question of whether doing so violated other laws. I suspect they did so in 2008 in response to questions then DOJ Inspector General Glenn Fine kept raising about Section 215. And it is perhaps instructive that Fine was, in November 2010, working on a new Section 215 review, one that has since been delayed, in part by ODNI and DOJ refusal to declassify a number of documents, for 1,371 days.

Perhaps it’s just a remarkable coinkydink, but Fine resigned 6 days after this FISC ruling was issued.

Two more details about this. First, as I have shown, DOJ appears to have been hiding details about Section 215 from Congress during this period, though the only financial records they would have been obliged to disclose were tax records.

In addition, the number Section 215 orders started going up drastically in 2010, along with the number of orders the FISC modified to require minimization procedures.

Nevertheless, the reports show us two new things.

Screen shot 2013-11-22 at 8.52.29 AM

First, while we knew the number of modifications has gone up significantly in the last three years (we now know that many of the modifications in 2009 had to do with phone dragnet violations), the latest reports ODNI released say this:

The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).

The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).

I’ve suggested that 176 modified applications may suggest the government has as many as 44 bulk collection programs, which would be renewed every three months  (or, alternately, a whole lot more specific bulk collection orders).

That is, this rise in what are almost certainly bulk collection orders came around the same time as FISC “Bates-stamped” the collection of financial records with Section 215.

Finally, consider one more thing. Last year, 26 Senators raised concerns about credit card records; last week’s RuppRoge House Intelligence Committee dragnet fix doesn’t prohibit the bulk collection of credit card records (their list, I now realize, is based off the list of sensitive records currently written into Section 215). Credit card records are covered under FRPA.

So while it would be a wildarsed guess, it would not be unreasonable to guess that some of this spike in bulk collection involved credit card records, approved by this November 2010 opinion.

Any bets we’ll finally get that DOJ IG Report on Section 215, showing that’s what they’ve been doing?

Share this entry

The October 30, 2009 Statement of Authorities: The EFF Document Fight Could Get Very Interesting

If the Chief FISC Judge accuses the government of material misrepresentations but no one but a dirty fucking hippie blogger reports it, did it happen?

On Friday, I reported on Judge Reggie Walton’s cranky opinion asking for an explanation about why the government didn’t tell him EFF believed they had a protection order in cases relevant to the dragnets. And while it overstates the resounding silence to say that only your esteemed DFH host reported it — TechDirt had a good reportsome of the other reporting on it thus far seems to have missed the whole material misrepresentation judgement in Walton’s order.

But I think it’s not yet clear — to anyone — how interesting this document fight could get.

Just as one example of why (I’ll develop some of the others over the next couple of days, I hope), consider the October 30, 2009 statement of authorities.

Earlier this month, I noted that EFF had submitted a list of filings that the government had not released in spite of what they believed to be Judge Jeffrey White’s order to declassify everything.

  • April 9, 2007 notices indicating FISC Judge rejected early bulk orders
  • October 25, 2007 government challenge to motion to protect evidence, with ex parte NSA official declaration submitted in Shubert
  • April 3, 2009 supplemental memorandum in Jewel
  • October 30, 2009 supplemental memorandum on points of authority in Shubert
  • November 2012

In last Wednesday’s hearing, the government claimed they didn’t have to release these because they engaged in a colloquy limiting White’s orders to the state secrets declarations. And for the moment, I’ll take that as accurate.

But since then, the government has released one of these — the October 25, 2007 challenge to the protection motion — as part of their filing on Monday fighting a protection order in EFF’s phone dragnet suit. And that document was pretty stunning. Not only did it show the government had redefined the Multidistrict Litigation suits so as to exclude any of the FISA-authorized metadata dragnets that EFF of course had no way of knowing about yet. But in the filing, the government revealed that because of this filing and in defiance of Vaughn Walker’s November 2007 protection order, it has been destroying the metadata dragnet data in the interim.

In other words, the government is withholding these filings because they’re fairly damning.

Which got me thinking about the timing and significance of the October 30, 2009 supplemental memorandum on points of authority supporting a motion to dismiss the Shubert suit based on sovereign immunity and state secrets.

At one level, the memorandum is not all that suspicious. As you can see above, the government filed what is presumably roughly the same filing at the analogous time in Jewel, just as it was making its state secrets bid.

But I find the timing of the October 30 filings in Shubert to be of particular interest. That’s because a 2011 NSA training program seems to indicate that the Internet dragnet shut down at almost precisely that time, as it indicates that Internet dragnet data collected prior to November 2009 requires some sort of special treatment.

In addition, in the source information at the end of the line, the SIGAD [redacted] BR data can be recognized by SIGADs beginning with [redacted] For PR/TT, data collected after October 2010 is found [redacted] For a comprehensive listing of all the BR and PR/TT SIGADs as well as information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert.

Remember, Shubert was suing for illegal wiretapping. And while Judge John Bates did not fully assess what NSA was doing — which appears to be collecting data that counts as content in the guise of collecting metadata — until the following year (some time between July and October 2010), when he did so, he implied the government had to comply with the laws in which they were claiming, in 2009, they had sovereign immunity. And the government had to know by that point they had serious legal problems with the Internet dragnet.

Indeed, the government kept asking for extensions leading up to this filing — at the time they claimed it was because of DOJ’s whats-old-is-new state secrets policy. Altogether they got an extra 22 days to file this filing (which should have been substantially similar to the ones they filed in April). They were almost certainly having still-undisclosed problems with the phone dragnet (probably relating to dissemination of data), as the October 30, 2009 phone dragnet orders is one of the ones the government has withheld even though it is obviously responsive to ACLU and EFF’s FOIA. But the discussions on the Internet dragnet must have been even more contentious, given that the FISC (probably either Reggie Walton or John Bates) refused to reauthorize it. (Note, October 30, 2009 was a Friday, so if FISC formally didn’t approve the Internet dragnet in October 2009, it would have been that day).

And the thing is, from Keith Alexander’s state secrets declaration, submitted perhaps hours and almost certainly no more than a month before the Internet dragnet got shut down because it was illegally collecting metadata that was legally content, it’s not at all clear that the government fully disclosed details they knew about those legal problems with the dragnet. Look closely at ¶¶ 27 and 28, ¶¶48-56, ¶¶58-62 with footnotes.

The phone dragnet description hides the problems with ongoing dissemination problems (which the Administration hid from Congress, as well). It also makes no mention that the phone dragnet had US persons on an alert list without reviewing those selectors for First Amendment review, something that should be central to the suits against NSA (see in particular ¶60). And while there are redacted sentences and footnotes — 13 and 24 — which could include notice that the government was (and had been, since the inception of the FISC-authorized Internet dragnet) collecting metadata that counted as content, those are all very brief descriptions. Moreover, the unredacted descriptions clearly claim that the Internet dragnet program collects no content, which legally it almost certainly did. Moreover, note that the references to the Internet dragnet speak of it in the present tense: “Pursuant to the FISA Pen Register, …. NSA is authorized to collect in bulk.”But there doesn’t seem to be the parallel structure in ¶28 where you’d expect the government to confess that the program was imminently shutting down because it was illegally collecting Internet content.

Note, too, how the declaration refers to the reauthorizations. ¶59 describes the phone dragnet authority “continuing until October 30, 2009” and ¶58 describes the Internet dragnet “requires continued assistance by the providers through [redacted] 2009. They appear not to have known for sure whether the programs would be reauthorized that night! But they appear not to have explained why not.

Perhaps the most pregnant paragraph is ¶62, which in context appears to relate only to the phone dragnet, though I suspect the government would point to to claim their description of violations was not comprehensive:

NSA is committed to working with the FISC on this and other compliance issues to ensure that this vital intelligence tool works appropriately and effectively. For purposes of this litigation, and the privilege assertions now made by the DNI and by the NSA, the intelligence sources and methods described herein remain highly classified and the disclosure that [redacted] would compromise vital NSA sources and methods and result in exceptionally grave harm to national security.

By any measure, Alexander’s declaration falls short of what the government already knew at that time, demonstrably so in the case of the phone dragnet. He hid details — significantly, the watchlist of Americans that violated statute, and almost certainly that the NSA was collecting content in the name of metadata — that were material to the suits at hand.

Which brings me to the memo on authorities. Even as the government was hiding material violations of the statutes they were disclosing to Judge Walker, was it also making expansive Executive Authority claims it couldn’t (and still can’t) share with plaintiffs? Did the government, for example, make an Executive Authority claim that we have every reason to believe John Bates (especially) and Reggie Walton would rebut if they knew about it?

In any case, in addition to the watchlist data from those 3,000 US persons (which would have aged off last month otherwise), the last of the illegal Internet content-as-metadata data might be aged off as soon as April absent these stays.That data might well provide plaintiffs proof they were illegally wiretapped (note, the Internet dragnet was limited to certain switches, but Jewel was built around the Folsom Street switch which was almost certainly included in that). And that the government provided highly misleading descriptions to Vaughn Walker when bidding for a state secrets exemption.

And add in one more legal fight here: as I noted, DOJ is withholding the October 30, 2009 (as well as one later one from 2009) from both the ACLU and EFF (the EFF suit is before a different San Francisco judge). In addition, DOJ is refusing all push for expedited processing on FOIAs for the Internet dragnet filings.

Seeing how clearly manipulative their data release in these lawsuits is, it seems safe to suggest the government is also making FOIA decisions to prevent plaintiffs from obtaining information to really contest these suits. That shouldn’t surprise anyone. But I would hope it would piss off the judges.

Share this entry

Bob Litt and Rachel Brand Redefine “Incidental”

Sometimes, especially with PCLOB, there’s an exchange that I wildly imagine (emphasis on imagine–I’m not saying this is actually the case) is intended solely for my benefit.

Such is the case with an exchange at last week’s PCLOB hearing.

PCLOB Board Member Rachel Brand was trying — as she seemed to be doing exclusively with her questioning — to cue the government witnesses to pitch descriptions of programs in such a way as to make them less troubling. So she walked them through how NSA keeps upstream about collection for a shorter period than it keeps PRISM data. This gave NSA General Counsel Raj De an opportunity to make it sound like NSA, out of the generosity of its own heart, decided to throw out data sooner, and also gave him the opportunity to claim that collection FISC Judge John Bates found to be intentional collection of US person data was actually incidentally collected data.

MS. BRAND: Okay. So you said in an earlier round of questioning that upstream, collection from upstream is retained for a shorter period of time than collection from PRISM and you said that the reason for that distinction is that there’s a potentially greater privacy concern with respect to upstream collection. Can you elaborate on why, whether the additional privacy concerns that pertain to upstream.

MR. DE: Sure. And a lot of this is laid out in this court opinion that’s now public. This is from the fall of 2011. I think because of the nature of abouts collections, which we have discussed, there is potentially a greater likelihood of implicating incidental U.S. person communication or inadvertently collecting wholly domestic communications that therefore must need to be purged.

And for a variety of circumstances the court evaluated the minimization procedures we had in place and as a consequence of that evaluation the government put forth a shorter retention period to be sure that the court could reach comfort with the compliance of those procedures with the Fourth Amendment. And so two years was one element of the revised procedures that are now public.

It’s a nice benign way of describing how NSA got busted for violating the Fourth Amendment, and the FISC’s only response was to force the NSA to violate it for 2 years of retention rather than for 5 years.

From there, Brand invited the witnesses an opportunity to redefine the word “incidental” so it also includes this practice, which Bates judged to be intentional. ODNI General Counsel Bob Litt rose to the challenge of Orwellianism.

MS. BRAND: Okay. I want to use the word incidental collection there again, and your definition earlier seemed to be that by incidental you mean, by incidental U.S. person collection you mean that the person on the other end of the phone from the non-U.S. person abroad is a U.S. person. That’s your definition, right? Is there another definition that you’re aware of? Because you seem to be — okay. I think there’s been some frustration with the use the term incidental in that context because it’s not accidental, it’s intentional. It’s actually unavoidable. And so I just wanted to make sure that we’re all on the same page, that by incidental you mean not accidental, not unintentional, but this is actually what we’re doing.

MR. LITT: It is incidental to the collection on the target. It is not accidental, it is not inadvertent. Incidental is the appropriate term for it.

And by thus redefining incidental, Bob Litt gets to pretend that intentional wiretapping Americans in the US is not a violation of the laws — including Section 702 — prohibiting the intentional wiretapping of Americans in the US.

Share this entry

Is There a 702 Certificate for Transnational Crime Organizations?

Update, 9/8/15: We’ve subsequently learned that in 2015, the third certificate in 2011 was a vaguely defined “foreign government” one, which has been used very broadly (and lied about by the government on multiple occasions). NSA was contemplating a cyber certificate in 2012, but Bates’ 2011 decision may have made the terms of that difficult. 

I joked yesterday that James Clapper did no more than cut and paste to accomplish President Obama’s order of providing a list of acceptable bulk collection. But I’d like to note something about the list of permissible uses of bulk collection.

  1. Espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
  2. Threats to the United States and its interests from terrorism;
  3. Threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
  4. Cybersecurity threats;
  5. Threats to U.S. or allied Armed Forces or other U.S. or allied personnel; and
  6. Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.

For months, I have been noting hints that the use of Section 702 — which is one of several kinds of domestic bulk collection — is limited by the number of certifications approved by FISC, which might be limited by FISC’s assessment of whether such certifications establish a certain level of “special need.”

In 2011, it seems clear from John Bates’ opinion on the government’s Section 702 applications, there were 3 certifications.

Screen shot 2013-12-19 at 7.10.00 AM

If there are just 3 certifications, then it seems clear they cover counterterrorism, counterproliferation, and cybersecurity (which is consistent with both ODNI’s public descriptions of Section 702 and the Presidential Review Group’s limits on it), 3 of 6 of the permitted uses of bulk collection.

Furthermore, there’s some history (you’ll have to take my word for this for now, but the evidence derives in part from reports on the use of National Security Letters) of lumping in Counterintelligence and Cybersecurity, because the most useful CI application of bulk collection would target technical exploits used for spying. So if that happens with 702 collection, then 4 of the 6 permissible applications would be covered by existing known certifications.

Threats against Armed Forces would, for the most part, be overseas, suggesting the bulk collection on it would be too. (Though it appears Bush’s illegal program used the excuse of force protection to spy on Iraqi-related targets, potentially even in the US, until the hospital confrontation stopped it.)

Which leaves just transnational crime threats — against which President Obama rolled out a parallel sanctions regime to terrorism in 2011 (though there had long been a regime against drug traffickers) — as the sole bulk collection that might apply in the US that doesn’t have certifications we know about.

Given that at least drug cartels have a far more viable — and deathly — operation in the United States than al Qaeda, I can’t think of any reason why the Administration wouldn’t have applied for a certification targeting TCOs, too (one of Treasury’s designated TCO targets — Russian and East European mobs — would have some overlap with the cyber function, and one — Yakuza — just doesn’t seem like a big threat to the US at all).

And last year’s Semiannual Compliance Assessment may support the argument that there are more than 3 certificates. In its description of the review process for 702 compliance, the report lays out review dates by certifications. Here’s the NSA review schedule:

Screen Shot 2014-02-11 at 9.49.59 AM

This seems to show 4 lines of certifications, one each in August and December, but two in October. Perhaps they re-review one of the certifications (counterterrorism, most likely). But if not, it would seem to suggest there’s now a 4th certification.

Here’s the FBI review schedule (which apparently requires a lot more manual review).

Screen Shot 2014-02-11 at 12.30.28 PM

Given that this requires manual review, I wouldn’t be surprised if they repeated the counterterrorism certifications review (and we don’t know whether all the NSA certifications would be used by FBI). But the redactions would at least allow for the possibility that there is a 4th certification, in addition to the 3 we know about.

Perhaps Obama rolled out TCOs as a 4th certification as he rolled out his new Treasury initiative on it (which would be after the applications laid out by Bates).

Of course, we don’t know. But I think two things are safe to say. First, the use of 702 is tied to certifications by topic. And the public statement about permissible use of bulk collection, it would seem to envision the possibility of a 4th certification covering TCOs, and with it, drug cartels.

Share this entry

Adel Daoud Wins Review of FISA Application

Screen Shot 2014-01-29 at 4.20.11 PMAs I’ve written before, Adel Daoud is a 20-year old American citizen from the Chicago suburbs busted in 2012 for attempting to bomb a nighclub. Since Dianne Feinstein mentioned Daoud’s case during the 2012 FAA reauthorization fight, his lawyers have been trying to figure out how the government obtained all the evidence against him. There are hints they may have used a back door search to collect emails dating to 2011 (before the FBI allegedly started tracking him). There are reasons to think the government may have collected upstream collection on him. Either would be particularly interesting, as this surveillance dates to the same weeks when John Bates wrote an opinion addressing both practices.

In addition, the revelations that NSA collects YouTube comments is of particular interest, as Daoud’s YouTube comments serve as part of the evidence against him. (Remember, they could also collect YouTube comments in bulk, and then conduct backdoor searches of that material.)

The judge in his case has just done what no judge has ever done before — grant his lawyers a review of the FISA application against him. As Charlie Savage first noted, Judge Sharon Coleman granted the defense the ability to review the FISA Application against Daoud.

While this Court is mindful of the fact that no court has ever allowed disclosure of FISA materials to the defense, in this case, the Court finds that the disclosure may be necessary. This finding is not made lightly, and follows a thorough and careful review of the FISA application and related materials. The Court finds however that an accurate determination of the legality of the surveillance is best made in this case as part of an adversarial proceeding. The adversarial process is the bedrock of effective assistance of counsel protected by the Sixth Amendment. Anders v. California, 386 U.S. 738, 743 (1967). Indeed, though this Court is capable of making such a determination, the adversarial process is integral to safeguarding the rights of all citizens, including those charged with a crime. “The right to the effective assistance of counsel is thus the right of the accused to require the prosecution’s case to survive the crucible of meaningful adversarial testing.” United States v. Cronic, 466 U.S. 648, 656 (1984).

In sum, this Court grants disclosure to cleared defense counsel of the FISA application materials and such disclosure will be made under an appropriate protective order.

Her mention of the necessity for adversarial review suggests the suspicions about the basis for FBI’s interest in Daoud may be well-grounded.

We’ll never learn what’s in that application, but we may get a better sense of whether one federal judge thinks it’s legal to use certain kinds of collection as a basis for a FISA warrant.

Update: Spencer Ackerman alerted me that I was cited in the response motion that won this review (see page 3). Yeah me!

Share this entry