Posts

The NSA Hides Its Domestic Collection by Refusing to Count It

/9 Comments/in , /by

In his speech at Cato last week Ron Wyden made it clear that when he asked Keith Alexander and James Clapper in advance of the reauthorization of the FISA Amendments Act for the number of Americans’ communications that had been collected under Section 702, he meant to elicit the estimates John Bates made in his October 3, 2011 opinion.

I spent much of 2012 asking the NSA and the DNI [Director of National Intelligence] whether anyone had done an estimate of how many American communications had been collected under section 702. The ODNI and the NSA insisted that such an estimate was impossible, but what they failed to tell the public was that the Fisa court had already done one.

Bates had the NSA conduct a manual review of a statistical subsection of 50,440 transactions collected via upstream collection between January and June 2011. (Note, it appears Bates may have had to raise dire warnings with “top DOJ officials” on July 8, 2011 before he got such a review.) He then annualized the results and estimated that the NSA was collecting up to 56,000 communications of Americans each year, made up of 46,000 communications consisting entirely of an American’s communication (Single Communication Transactions), and 10,000 in which their communication got included in a Multiple Communication Transaction swept up in the search.

Given what we’ve learned about the 2011 confrontation, Wyden’s serial requests for this information take on added importance for two reasons.

Administration never disclosed its domestic collection to the most Members of Congress

First, because the Administration very pointedly did not inform the bulk of Congress that NSA had been — and had been allowed to continue — collecting purely domestic communications from telecom switches. Neither the February 9, 2012 statement to the Senate Intelligence Committee nor the May 4, 2012 notice to Congress provided any indication that this violation involved collecting domestic communications (the December 8, 2011 statement to the House Intelligence Committee did, and both Committees, presumably as well as the Judiciary Committees, received the opinion itself, which makes that clear). It’s also not clear whether any of these notices included any mention of the SCTs, those single communication transactions involving just a US person communication.

Read more

The 2011 Disclosures

/in /by

This post simply breaks out the dates in the October 3, 2011 John Bates opinion, adding the claims the government made at the time. It provides a somewhat better idea of the circumstances surrounding the manual review of upstream collection NSA did.

Read more

“Folksy and Firm” Flummoxes Fancy NYT Journalists

/18 Comments/in /by

Less than 10 days ago, Keith Alexander admitted to Patrick Leahy that the single solitary case in which the phone dragnet proved critical was that of Basaaly Moalin. But that was not an attack. Rather, it was an effort to send money to al-Shabaab (and others) because they were protecting Somalia against a US backed Ethiopian invasion.

And yet two crack “journalists” used this as the lead of their “interview” with Alexander with not a hint of pushback.

The director of the National Security Agency, Gen. Keith B. Alexander, said in an interview that to prevent terrorist attacks he saw no effective alternative to the N.S.A.’s bulk collection of telephone and other electronic metadata from Americans.

The phone dragnet has never — never! — been more than one tool in preventing any attack, and yet Alexander gets to imply, unchallenged, it is critical going forward.

Instead of actual reporting, we get platitudes like this.

General Alexander was by turns folksy and firm in the interview. But he was unapologetic about the agency’s strict culture of secrecy and unabashed in describing its importance to defending the nation.

That culture is embodied by two installations that greet visitors to Fort Meade. One is a wall to honor N.S.A. personnel killed on overseas missions. The other is a tribute to the Enigma program, the code-breaking success that helped speed the end of World War II and led to the creation of the N.S.A. The intelligence community kept Enigma secret for three decades.

The only thing remotely resembling a challenge came when these “reporters” note Alexander’s claim to have willingly shut down the Internet metadata program (which the NSA has largely kept secret, in spite of having been disclosed) ignores NSA claims it (like the phone dragnet now, purportedly) was critical.

But he said the agency had not told its story well. As an example, he said, the agency itself killed a program in 2011 that collected the metadata of about 1 percent of all of the e-mails sent in the United States. “We terminated it,” he said. “It was not operationally relevant to what we needed.”

However, until it was killed, the N.S.A. had repeatedly defended that program as vital in reports to Congress.

The rest consists of more of the same kind of rebuttal by redefinition. The claim that NSA shares data with Israel is wrong, this “journalism” says, because “the probability of American content in the shared data was extremely small” (which of course says nothing about the way it would violate minimization procedures in any case). The claim that NSA launched 200 offensive cyberattacks in 2011 is wrong because many of those were actually other “electronic missions.” Besides, Alexander claims,

“I see no reason to use offensive tools unless you’re defending the country or in a state of war, or you want to achieve some really important thing for the good of the nation and others,” he said. [my link, for shits and giggles]

We are not now nor were we in 2006 when StuxNet started “in a state of war” with Iran, so how credible are any of these claims?

Mostly though, this appears to be an attempt, four months after highlighting the importance of PRISM against cyberattacks but then going utterly silent about that function, to reassert the importance of NSA’s hacking to prevent hacking.

Even there, though, Alexander presented dubious claims that got no challenge.

General Alexander said that confronting what he called the two biggest threats facing the United States — terrorism and cyberattacks — would require the application of expanded computer monitoring. In both cases, he said, he was open to much of that work being done by private industry, which he said could be more efficient than government.

In fact, he said, a direct government role in filtering Internet traffic into the United States, in an effort to stop destructive attacks on Wall Street, American banks and the theft of intellectual property, would be inefficient and ineffective.

“I think it leads people to the wrong conclusion, that we’re reading their e-mails and trying to listen to their phone calls,” he said.

The NSA already is filtering Internet traffic into the United States (and also searching on and reading incidentally collected Internet traffic without a warrant) under Section 702 certificates supporting counterterrorism, counterproliferation and … cyberattacks.

But nosiree, Alexander can’t envision doing what he’s already doing — and had been doing in a way that violated statute and the Fourth Amendment for three years already by 2011 — in the name of protecting the banksters who’ve gutted our economy. Only all of that — including the retention of US person data in the name of protecting property (presumably including intellectual property) is baked right into the NSA’s minimization procedures.

And that bit about violating Section 702 and the Fourth Amendment for over three years with a practice that was also baked into NSA’s minimization procedures? Here’s the claim the NYT’s crack journalists allow Alexander to end this charade with.

“We followed the law, we follow our policies, we self-report, we identify problems, we fix them,” he said. “And I think we do a great job, and we do, I think, more to protect people’s civil liberties and privacy than they’ll ever know.”

Findings versus Law: “The Intelligence Community Does Not Task Itself”

/9 Comments/in , /by

Predictably, Ben Wittes adopted the Shane Harris piece airing NSA gripes about the White House’s flaccid defense of them as part of Lawfare’s Empathy for Wiretappers series (brought to you in part by NSA contractor Northrop Grumman!).

In his commentary on the piece, Wittes compares Bush’s defense of torture (which Wittes calls coercive interrogation) and warrantless wiretapping (I assume he means the illegal warrantless wiretapping, as distinct from the warrantless wiretapping permitted under the existing legally sanctioned program) with Obama’s relative silence on NSA’s programs.

Another comparison would be to the way President Bush handled the firestorms over NSA’s warrantless wiretapping program and the CIA’s coercive interrogation program. Whatever one thinks of the programs in question, in my view the comparison does not flatter Obama.

Say what you will about Bush and the CIA’s interrogation program; there’s no question that he owned it. Nobody in the public ever thought that the program belonged to then-CIA Director George Tenet—though Tenet certainly was an enthusiastic executor. It was Bush’s program, and the reason it came off this way was that Bush publicly, repeatedly, and personally defended it. He made speeches about it. He wrote about it in his book. He never ran away from it. Nor, notably, did his attorney general. Similarly, Bush never ran away from warrantless wiretapping program. We associate him so personally with these programs, because he stoutly stood by them.

Obama has a lot on his plate right now. But he and his White House should not be leaving defense of intelligence programs he believes in to the intelligence community. Nor should Eric Holder, whose department convinced the FISA Court of the legal views currently at issue and oversees day-to-day FISA collection activity at NSA.

The intelligence community does not task itself. And when the political leadership tasks it to do something that then engulfs it in controversy, it should be a matter of honor not to let it dangle in the breeze.

As a threshold matter, who in their right mind would ask Eric Holder to defend a program? For better or worse, he has no more credibility right now than James Clapper or Keith Alexander, particularly among conservatives who believe he’s responsible for Fast and Furious. That may make him ineffective as an AG, but that is the AG Obama has chosen to retain.

Furthermore, which Attorney General does Ben have in mind that also defended these programs (or does he mean just torture?). Not only did John Ashcroft refuse to reauthorize parts of the illegal wiretap program, but Alberto Gonzales lied about it to get confirmed as Attorney General. Or does he mean Michael Mukasey, who by all appearances sold his soul at a meeting with David Addington, promising he wouldn’t oppose torture, in order to become Attorney General in the first place?

But I’m more interested, generally, in what I consider an inapt comparison.

One can argue that the President should aggressively defend whatever intelligence activities take place under his watch. But there is a big difference between the illegal wiretap and torture programs — which were authorized by a Presidential Directive and Finding, respectively — and the surveillance programs being exposed as a result of the Snowden  leaks — which were authorized by law.

In the former case, the intelligence agencies are all the more reliant on the President’s vocal defense, because without it they are entirely illegal. And for better and worse, the President should (but didn’t, at least not in the case of torture) pay close attention to the execution of those programs because he’s on the hook for them himself. That makes it much harder for the President to criticize any violations of the programs he authorized (like torture contractors James Mitchell and Bruce Jessen exceeding the terms of the program).

To the extent that the Intelligence Committees operate within the terms of the law, the same could be said of congressionally sanctioned programs.

That’s not what we’re talking about here. We’re talking about phone dragnet, Internet dragnet, and upstream collection, all of which violated the laws and/or Court ordered procedures authorizing them. When the government moved the phone dragnet under Section 215, it retained access for other agencies, performed contact chaining on unapproved selectors, and allowed access to the database from other NSA interfaces, old features of the illegal program that should have been turned off in 2006. We don’t know what the Internet dragnet violations were, but they’re likely also continuations of the illegal program. And NSA used FISA to intentionally target (according to John Bates) US person communications, in violation of the law and the Fourth Amendment, but also a practice that continued from the illegal program.

And the phone dragnet and (presuming they were discovered as part of the end-to-end review, though if they weren’t it’d be even more damning) Internet dragnet violations were admitted, after having persisted for 3 years, just as Obama entered the White House. The phone dragnet violations, at least, did not operate unchecked under the Obama Administration.

Further, as I noted yesterday, the woman now being criticized for her silence, Lisa Monaco, is one of the handful of people who had to ride herd on NSA as DOJ’s National Security Division brought NSA practices into compliance with the actual letter of the law.

I’d like to learn more about the tensions between Agencies as the Administration tried to bring the NSA programs into line with the letter of the law and FISC orders. Perhaps NSA worked proactively to reveal and fix everything (though the record seems to suggest the opposite). Perhaps it didn’t, and David Kris and Lisa Monaco had to push to force them to comply. But under Keith Alexander, the NSA failed to stay within the letter of the law (which ought to be reason enough to fire him). That makes the problems now being revealed substantively different from the torture and illegal wiretap programs, where the Executive only had to comply with what the President personally bought off on.

It may well be that Obama has approved all of what we’re seeing (he certainly approved an expanded StuxNet so should be held responsible for much of the hacking we’re doing; note that our offensive attacks actually are parallel to the covert programs raised by Wittes), though he couldn’t have approved the phone dragnet violations. It may well be that his Administration instead reined them in as soon as they discovered them, with whatever cooperation or resistance from NSA. We simply don’t know.

But an Agency violating the letter of the law and court orders affirmatively authorizing their actions is qualitatively different than an Agency violating the law based on direct orders from the President.

“Together, we all prevail”

/17 Comments/in /by

For a 1,500-word Shane Harris piece that could be part of Lawfare’s Empathy for Wiretappers series (brought to you by NSA contractor Northrop Grumman!), Stewart Baker blames the White House failure to mount a vocal defense of NSA on John Brennan’s departure.

“I think actually this is the first signal that John Brennan is gone,” said Baker, the former NSA general counsel. “I think that if Brennan had still been there he would have immediately appreciated the importance, and communicated that to the president, of defending the program.”

John Brennan, of course, played a key role in rationalizing Dick Cheney’s illegal wiretap program, and therefore not only has a stake in protecting NSA, but also in insisting that the current program — which is just a rehashed version of the illegal program — is critical for detecting terrorists.

By comparison, Lisa Monaco, whom Baker implicitly criticizes (and the article explicitly notes) for her silence in the face of NSA’s problems, headed DOJ’s National Security Division from 2010 2011 until this year, and so likely had to deal with the aftermath of the phone dragnet problems, the full brunt of the Internet dragnet problems (which purportedly got shut down under her tenure), and the upstream collection problems — all three “features” of the illegal program that never got shut down when it moved under FISA Court supervision, and got called “bugs” when DOJ (Monaco!) had to reveal them.

And while the piece provides interesting new details about White House’s chilly relationship with a man they’ve nevertheless given vastly increasing amounts of power to,

The weak backing from top administration officials has aggravated the relationship between Alexander and the White House, where he has never been warmly embraced.

[snip]

Alexander has never been especially close to Obama or White House officials. Some thought he had tried to amass too much surveillance authority without appreciating the legal constraints on his agency, according to a former administration official. “I don’t understand why the White House didn’t throw Alexander under the bus,” the official added.

It actually doesn’t consider whether the Administration might be pursuing a conscious strategy of weakening Alexander’s considerable power (I have no reason to believe they are, but I can imagine why they might want to weaken someone who has only expanded his power since 2005 and got caught in serial fuck-ups as well).

It also doesn’t consider the possibility that one reason NSA employees are dispirited is because they’re learning about programs that violate the self-image they’ve got of their Agency.

Former intelligence officials who remain in regular contact with those still in government say that morale at the NSA is low, both because of the reaction to leaks by former contractor Edward Snowden, which put the normally secretive agency under intense scrutiny, and because of budget cutbacks and the continuing government shutdown, which has left some employees furloughed without pay.

Ah well. The NSA spokesperson is issuing slogans, so all is well in the national security world.

An NSA spokesperson downplayed any rift between the agency and the administration. “National security is a team sport. For us, collaboration is built into the very fabric of who we are,” said Vanee Vines. “There is no truth to rumors of dissension between NSA and the administration regarding the Agency’s mission to help defend the nation and save lives. Together, we all prevail.”

Together, we all prevail.

Jack Goldsmith’s Code

/9 Comments/in /by

On May 6, 2004, Jack Goldsmith signed an OLC memo that read, in part,

We conclude that in the circumstances of the current armed conflict with al Qaeda, the restrictions set out in FISA, as applied to targeted efforts to intercept the communications of the enemy in order to prevent further armed attacks on the United States, would be an unconstitutional infringement on the constitutionally assigned powers of the President. The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States. Congress does not have the power to restrict the President’s exercise of that authority.

[snip]

Finally, as part of the balancing of interests to evaluate the Fourth Amendment reasonableness, we think it is significant that [redacted] is limited solely to those international communications for which “there are reasonable grounds to believe … [that] a party to such communication is a group engaged in international terrorism, or activities in preparation therefor, or any agent of such a group.” March 11, 2004 Authorization [redacted] The interception is thus targeted precisely at communications for which there is already a reasonable basis to think there is a terrorism connection. This is relevant because the Supreme Court has indicated that in evaluating reasonableness, one should consider the “efficacy of [the] means for addressing the problem.”

[snip]

Thus, a program of surveillance that operated by listening to the content of every telephone call in the United States in order to find those calls that might relate to terrorism would require us to consider a rather difference [sic] balance here. [redacted] however, is precisely targeted to intercept solely those international communications for which there are reasonable grounds already to believe there is a terrorism connection, a limitation which further strongly supports the reasonableness of the searches.

We now know that opinion not only authorized the wiretapping of calls involving US persons, but also at least assumed the collection and contact chaining of the call records of all Americans (there’s an almost entirely redacted section of the memo that describes the March 19 halt to the collection of Internet metadata and the April 2 modification we don’t yet know about).

It’s worth keeping in mind that Goldsmith laid out the case that such a program was “reasonable” under the Fourth Amendment as you read his current writing on the NSA. For example, when — several weeks ago — he scolded the White House for not more aggressively defending the program that has actually expanded since he authorized it 9 years ago…

The government cannot rely on outsiders to explain these documents.  It must do so itself, aggressively and comprehensively, even at the expense of revealing more classified information or having to acknowledge embarrassing information.  If it doesn’t do so, the information already leaked, and the information that will be leaked in the weeks and months ahead, will continue to be portrayed in a very unfavorable light.

He was in part calling for the White House to protect programs he — back in 2004 — deemed critical to protect against terrorism.

Even more interesting is Goldsmith’s prediction (funded by Northrop Grumman, which is a significant NSA contractor) that we’ll all learn to welcome NSA scanning all the metadata and content of US communications — searches far more intrusive, and not committed under the guise of war — in search of hackers in the future.

“I can’t defend the country until I’m into all the networks,” General Alexander reportedly told senior government officials a few months ago.

For Alexander, being in the network means having government computers scan the content and metadata of Internet communications in the United States and store some of these communications for extended periods. Read more

The Business as Usual Brigade

/7 Comments/in /by

I missed the CATO surveillance event today (they’ll have video up soon, Julian Sanchez promises), but here’s the speech Ron Wyden gave.

I’m amused by this line:

We wanted to put this marker down early because we know in the months ahead we will be up against a “business-as-usual brigade” – made up of influential members of the government’s intelligence leadership, their allies in thinktanks and academia, retired government officials, and sympathetic legislators.

Wyden, a politician, can’t name these people.

But I would suggest they are all immediately identifiable as an archetype:

Influential members of the government’s intelligence leadership: Keith Alexander and James Clapper

Their allies in thinktanks and academia: Ben Wittes

Retired government officials: Michael Hayden

Sympathetic legislators: Dianne Feinstein

Indeed, further in his speech, he repeats claims these people have made, without identifying the speaker.

Some of the “business as usual” arguments have something of an Alice in Wonderland flavor.

We have heard that surveillance of Americans’ phone records, aka metadata, is not actually surveillance at all – it’s simply the collection of bits of information. [DiFi]

We’ve been told that falsehoods aren’t falsehoods – they are simply imprecise statements. [Clapper]

We’ve been told that rules that have been repeatedly broken are a valuable check on government overreach. [Wittes]

And we’ve been told that codifying secret surveillance laws and making them public surveillance laws is the same as actually reforming these overreaching surveillance programs. [Hayden]

And Wyden is absolutely correct. DiFi has submitted changes to Section 215 and 702 that … don’t change a single solitary thing, except that they (1) write down what the FISA Court has already mandated and (2) expand surveillance by authorizing the wiretapping of roamers for a period in the US.

So maybe Wyden isn’t correct? Maybe this is not the “Business as Usual Brigade,” but the “Use a crisis to authorizing phone wiretapping in the US brigade”?

Whatever it is, these are recognizable people. And the press should be focusing on the many ways in which their legislation actually increases surveillance.

How Can NSA Protect Our Power Grid from Cyberattack When It Can’t Keep Its Own Power On?

/34 Comments/in , /by

In the United States, it is usually a safe bet to attribute massive government fuck-ups to the bloated contractors we’ve outsourced our projects to.

And the electrical problems plaguing NSA’s new UT data center — described as lightening in a box that has caused $100,000 of damage each of the 10 times it has happened — do seem to stem from poorly supervised contractors.

The Army Corps of Engineers is overseeing the data center’s construction. Chief of Construction Operations, Norbert Suter said, “the cause of the electrical issues was identified by the team, and is currently being corrected by the contractor.” He said the Corps would ensure the center is “completely reliable” before handing it over to the NSA.

But another government assessment concluded the contractor’s proposed solutions fall short and the causes of eight of the failures haven’t been conclusively determined. “We did not find any indication that the proposed equipment modification measures will be effective in preventing future incidents,” said a report last week by special investigators from the Army Corps of Engineers known as a Tiger Team.

[snip]

It took six months for investigators to determine the causes of two of the failures. In the months that followed, the contractors employed more than 30 independent experts that conducted 160 tests over 50,000 man-hours, according to project documents.

[snip]

Contractors have started installing devices that insulate the power system from a failure and would reduce damage to the electrical machinery. But the fix wouldn’t prevent the failures, according to project documents and current and former officials.

Now, don’t pee your pants laughing.

But I did have two thoughts as I read this.

First, this extended confusion sounds similar to that which Iranian nuclear scientists experienced as they tried to figure out why their centrifuges kept blowing up, thanks to StuxNet. While I think the chances some kind of hack caused this are small (but not zero), I do find it ironic that we cause ourselves the same kind of havoc we cause our worst enemies.

And consider the mission!

Back in February, Keith Alexander warned of the possibility of cyberattacks on our grid (which, anonymous sources made clear, could probably only be launched by China or Russia, but that didn’t stop Alexander from suggesting Anonymous might launch such attacks). The NSA needs more authority to protect against attacks that might bring down our power sources, the head of the NSA suggested.

But the entity that proposes to wield that authority, it seems, can’t even build a brand spanking new electrical system immune from some kind of failure.

I Con the Record Admits All This Spying Also Serves Counterintelligence

/10 Comments/in , , /by

Screen shot 2013-10-04 at 6.02.34 PMJames Clapper has a statement up at I Con the Record trying to dismiss any concerns that the US is using the same kind of technologies as China uses against its people to crack Tor.

As per usual, Clapper complains that the stories don’t paint the Intelligence Community in the light they’d like to be described.

In particular, he complains that — notwithstanding the Guardian’s publication of NSA’s graphic suggesting every Tor communication hides a bearded terrorist — the stories haven’t emphasized the “very naughty” targets of this spying.

However, the articles fail to make clear that the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies.

But that complaint comes with a new admission, one that has been all but unmentioned since when, on June 10, Clapper’s most impressive PRISM success story pertained to cybersecurity. For the first time in quite a while, Clapper today acknowledged NSA uses this not only for counterterrorism and other foreign targets, but also counterintelligence.

The articles fail to mention that the Intelligence Community is only interested in communication related to valid foreign intelligence and counterintelligence purposes and that we operate within a strict legal framework that prohibits accessing information related to the innocent online activities of US citizens.

Within our lawful mission to collect foreign intelligence to protect the United States, we use every intelligence tool available to understand the intent of our foreign adversaries so that we can disrupt their plans and prevent them from bringing harm to innocent Americans. [my emphasis]

The admission is important not just because Clapper and Keith Alexander have consistently been trying to hide the cybersecurity application of this. But because it makes clear that NSA requires no foreign nexus to target Tor communications.

Which they couldn’t well require in any case, since the design of Tor ensures the government can’t know whether an encrypted message is a domestic or foreign communication.

Of course, once you include counterintelligence (and threats to property) as a valid excuse to keep encrypted communications indefinitely and even to compromise people’s computers (see slide 16), particularly in an environment where leaks of even unclassified information are treated as spying, then the distinction between “citizens” and “targets” crumbles.

Upstream US Person Collection: EO 12333 and/or FISA?

/10 Comments/in /by

Screen shot 2013-10-04 at 2.42.00 AMKeith Alexander had a really bizarre response to a question from Mazie Hirono in Tuesday’s hearing.

SEN. HIRONO: I have one more question, Mr. Chairman. General Alexander, is PRISM the only intelligence program NSA runs under FISA Section 702?

GEN. ALEXANDER: Well, PRISM was (the statement ?), but, yes. Essentially, the only program was that — that, you know, is PRISM under 702, which under — operates under that authority for the court. But we also have programs under 703, 704 and 705.

Perhaps he was confused by her question (which came in the context of questions about the NYT’s report on the construction of dossiers, potentially on Americans). But he seems to have claimed that PRISM — the collection of Internet content from Internet providers under Section 702 — is the only way the NSA uses FISA Amendments Act to collect content.

Not only does the PRISM slide above belie that (and there’s also phone content that is not covered under PRISM).

But the government itself released the October 3, 2011 John Bates FISC opinion (and other related documents) which describes the government’s collection of Internet transactions directly from the phone company switches (see footnote 24 where Bates distinguishes between the two kinds of Section 702 Internet collection). In an attempt to spin this collection as a big mistake last week, Dianne Feinstein even confirmed that this “upstream” collection comes from the backbone operated by the phone companies.

In mid 2011, NSA notified the DOJ, the DNI, and the FISA court, and House and Senate Intelligence Committees, of a series of compliance incidents impacting a subset of NSA collection under Section 702 of FISA, known as upstream collection.

This comprises about 10 percent of all collection that takes place under 702, and occurs when NSA obtains Internet communications, such as e-mails, from certain U.S. companies that operate the Internet background;[sic] i.e., the companies that own and operate the domestic telecommunication lines over which Internet traffic flows.

So there’s PRISM, there’s phone content collection, and there’s the upstream Internet collection from the phone companies’ switches. All operated, per the 2011 Bates memo, under Section 702 (and therefore overseen by the FISA Court and Congress).

Which is why I’ve been pondering this chart and related explanation, from NSA’s internal review of compliance incidents for the first quarter of 2012.

Screen shot 2013-10-04 at 2.18.15 AM

The chart shows all the violation incidents NSA discovered under programs authorized under Executive Order 12333 — the EO that covers entirely foreign collection, over which FISC and Congress exercise much less oversight than FISA. And what NSA calls “Transit Program” violations appear in the EO 12333, not the FISA, chart. In the first quarter of 2012 (the first quarter after the government started to resolve the 702 upstream collection problems laid out in the Bates memo), Transit Program violations went up from 7 in a quarter to 27.

NSA describes Transit Program violations this way.

(TS//SI//REL TO USA, FVEY) International Transit Switch Collection*: International Transit switches, FAIRVIEW (US-990), STORMBREW (US-983), ORANGEBLOSSOM (US-3251), and SILVERZEPHYR (US-3273), are Special Source Operations (SSO) programs authorized to collect cable transit traffic passing through U.S. gateways with both ends of the communication being foreign. When collection occurs with one or both communicants inside the U.S., this constitutes inadvertent collection. From 4QCY11 to 1QCY12, there was an increase of transit program incidents submitted from 7 to 27, due to the change in our methodology for reporting and counting of these types of incidents,

That is, these “Transit Program” violations reflect the collection of US person data in upstream collection, the very same problem described in the Bates opinion.

As I’ve been puzzling through why Transit Program violations would appear under EO 12333 rather than FISA, I wondered whether NSA collects off switches under both authorities — some content that the telecoms provide after doing an initial screening (as described in this WSJ article and backhandedly confirmed by the DNI), and some programs that the NSA collects and sorts off undersea cables itself. Both FAIRVIEW and STORMBREW show up — seemingly as Section 702 collection — on the PRISM slide above, but ORANGEBLOSSOM and SILVERZEPHYR don’t (WSJ also lists OAKSTAR and LITHIUM).

If so, though, you’d expect NSA to be finding violations under both authorities, because we know the government collects US person data under the 702 authorized upstream collection (they call this unintentional but Bates deemed it intentional).

This is all the more confusing given the way former Assistant Attorney General David Kris discusses “vacuum cleaner” collection taking place under EO 12333. His paper is on metadata collection, not content, but the vacuum cleaner (that is, dragnet) collection collects content as well (and the distinction may get distorted in discussions of Internet packets).

I don’t, yet, know the answer to this question, but the question itself raises several others:

  • Given that there’s not a 702-authorized Transit Program violation category, does that mean NSA wasn’t and may still not be tracking it? That doesn’t make sense, because there are greater mandates to track these things under 702.
  • If there wasn’t a 702-authorized Transit Program violation category before the revelations to John Bates, is it possible NSA instead treated upstream collection as authorized by 12333 so as not to have to report these violations?
  • Are these known violations being reported now? Are they getting reported to Congress and the Court? Or has the NSA simply decided they’re not violations since Bates has okayed them, sort of, as intentional collection?
  • If some of the upstream collection yielding US person content operates under 12333, does it have to be treated under any minimization rules?
  • What do the 7 and 27 violation numbers reflect in relation to the figures of 10,000 SCT and 46,000 MCT estimates involving US persons provided to Bates?
  • Did these violations ever get reported to Congress and the FISC?

In short, either all this upstream collection falls under 702, in which case there’s a big question why NSA tracks it as 12333 collection. Or the NSA’s ability to operate upstream collection under both authorities raises real questions about the protections it accords US person data collected under the 12333 collection.

Update: Two more things on this.

First, remember back in 2001, John Yoo pixie dusted EO 12333, basically holding the President could change the content of it without changing the language of it publicly. That was done, according to Sheldon Whitehouse, to permit the government to “wiretap Americans traveling abroad.” But I suspect it was done to permit the government to “wiretap Americans’ communications traveling abroad” — that is, American Internet traffic that transits foreign switches.

That said, I suspect the 2010 OLC memo on using 2511(2)(f) for collection was meant to clean up some of that (and also Yoo’s reliance on claiming the Fourth Amendment didn’t apply in DOD searches of entire apartment buildings if they were searching for terrorists).

Also, remember that the language of the 2008 Yahoo opinion makes it clear that the Protect America Act — Section 702’s predecessor — relied on 12333 for particularity. While we should soon learn more (FISC is releasing much more of this opinion and underlying documents), it seems that PAA was treated as a nested program within 12333.