Posts

Judge Pauley’s Deliberate Blind Spot: Systematic Section 215 Abuses

/73 Comments/in , /by

Sorry for my silence of late, particularly regarding William Pauley’s ruling finding the phone dragnet legal. The good news is my mom can now reach the light switch in her sewing room without risk of falling.

As noted, Judge Pauley ruled against the ACLU in their suit challenging the phone dragnet. A number of commentators have pointed to some bizarre errors or focus in Pauley’s ruling, including,

  • Pauley says the government could not find the “gossamer threads” of terrorist plotters leading up to 9/11. They did find them. They simply didn’t act appropriately with them.
  • He unquestioningly considers the 3 uses of Section 215 (with Zazi, Headley, and Ouazzani) proof that it is effective. He does not note that even Keith Alexander has admitted it was only critical in one case, one not even mentioned in the government’s filings in this case.
  • He ignores the role of the Executive in willingly declassifying many details this program, instead finding it dangerous to allow the ACLU to sue based on an unauthorized leak. The government has actually been very selective about what Snowden-leaked programs they’ve declassified, almost certainly to protect even more problematic programs from legal challenge.
  • He claims Congress has renewed Section 215 7 times (including 2001, it was renewed it 5 times).
  • He claims there is no doubt the Intelligence and Judiciary Committees knew about the rulings underlying the program in spite of the fact that some rulings were not provided until after Section 215 was renewed; he admits that the limits on circulation of notice in 2011 was “problematic” but asserts the Executive met its statutory requirements (he doesn’t deal with the evidence in the record that the Executive Branch lied in briefings about the conduct of the dragnet).

There are also Pauley’s claims about the amount of data included — he says the government collects all phone metadata; they say NSA collects far less data. This is a more complicated issue which I’ll return to, though maybe not until the New Year.

But I’m most interested in the evidence Pauley points to to support his claim that the FISC (and Congress) conduct adequate oversight over this program. He points to John Bates’ limits to the government’s intentional collection of US person data via upstream collection rather than Reggie Walton’s limits to Section 215 abuses.

For example, in 20011, FISC Judge Bates engaged in a protracted iterative process with the Government–over the Government’s application for reauthorization of another FISA collection program. That led to a complete review of that program’s collection and querying methods.

He then immediately turns to Claire Eagan’s opinion reiterating that the government had found and dealt with abuses of the phone dragnet program.

In other words, for some bizarre reason he introduces a series of rulings pertaining to Section 702 — and not to Section 215 — to support his argument that the government can regulate this Section 215 collection adequately.

It’s particularly bizarre given that we have far more documents showing the iterative process that took place in 2009 pertaining directly to the phone dragnet. Why even mention the Bates rulings on upstream collection when there are so many Reggie Walton ones pertaining directly to Section 215?

I suspect this is because Pauley relies so heavily on the adequacy of the minimization procedures imposed by the FISC, as when he cites Claire Eagan’s problematic opinion to claim that without adequate minimization procedures, FISC would not approve Section 215 phone dragnet orders.

Without those minimization procedures, FISC would not issue any section 215 orders for bulk telephony metadata collection.

(Note, Pauley doesn’t note that the government has not met the terms of the Section 215 itself with regards to minimization procedures, which among other things would require an analysis of the NSA using a statute written for the FBI.)

The only way Pauley can say the limits he points to in his analysis — that NSA can only analyze 3 hops deep, that FBI only gets summaries of the queries, that every query got approved for RAS — is if he ignores that for the first 3 years of the program, all of these claims were false.

He uses similar analysis to dismiss concerns about the power of metadata.

But [ACLU’s contention that the government could use metadata analysis to learn sensitive details about people] is at least three inflections from the Government’s bulk telephony metadata collection. First, without additional legal justification–subject to rigorous minimization procedures–the NSA cannot even query the telephony metadata database. Second, when it makes a query, it only learns the telephony metadata of the telephone numbers within three “hops” of the “seed.” Third, without resort to additional techniques, the Government does not know who any of the telephone numbers belong to.

These last assertions are all particularly flawed. Not only have these minimization procedures failed in the past, not only has the government been able to go four hops deep in the past (which could conceivably include all Americans in a query), not only is there abundant evidence — which I’ll lay out in a future post — that the government does know the identities of at least some of those whom it is chaining, but there are two ways the government accesses this data for which none of this is true: when “data integrity analysts” fiddle with the data to prepare it for querying, and when it is placed in the “corporate store” and analyzed further.

All the claims about minimization Pauley uses to deem this program legal have big big problems.

The NSA conducted a fraud on the FISC for 3 years (and still is, to the extent they claim the violations under the program arose from complexity rather than their insistence on adopting all the practices used under the illegal program for the FISC-authorized program). Yet Pauley points to the FISC to dismiss any Constitutional concerns with this program.

And to do that, he ignores the abundant evidence that all his claims have been — and may still be, in some cases — false.

NSA’s Bid for a 6 Month Delay in Protecting Larry Klayman’s Phone Records

/9 Comments/in , /by

The White House has announced they’re going to release the recommendations of the Committee to Make You Love the Dragnet today. Given that the report recommends putting the dragnet into someone else’s hands, I suspect the White House changed plans (It was going to release the report in mid-January) as a way to stave off the Klayman and other suits.

Given that we expect that recommendation — and that the government claims it’d take years to effect — I want to point to a claim that NSA Director of Signals Intelligence Division Theresa Shea made in her declaration in the Klayman suit. She claimed it would be an onerous process to take Larry Klayman’s call records out of the dragnet.

Beyond harming national security and the Government’s counterterrorism capabilities, plaintiffs’ proposed preliminary injunction would seriously burden the Government. While plaintiffs seek an order barring the Government from collecting metadata reflecting their calls, the Government does not know plaintiffs’ phone numbers, and would need plaintiffs to identify all numbers they use to even attempt to implement such an injunction. Ironically, as explained above, these numbers are not currently visible to NSA intelligence analysts unless they are within a three hopes of a call chain of a number that based on RAS is associated with a foreign terrorist organization.

Even if plaintiffs’ phone numbers were available, extraordinarily burdensome technical and logistical hurdles to compliance with a preliminary injunction order would remain. Technical experts would have to develop a solution such as removing the numbers from the system upon receipt of each batch of metadata or developing a capability whereby plaintiffs’ numbers would be received by NSA but would not be visible in response to an authorized query. To identify, design, build, and test the best implementation solution would potentially require the creation of new full-time positions and could take six months or more to implement. Once implemented, any potential solution could undermine the results of any authorized query of a phone number that based on RAS is associated with one of the identified foreign terrorist organizations by eliminating, or cutting off potential call chains. If this Court were to grant a preliminary injunction and the defendants were to later prevail on the merits of this litigation, it could prove extremely difficult to develop a solution to reinsert any quarantined records and would likely take considerable resources and several months to build, test, and implement a reinsertion capability suited to this task.

Judge Richard Leon treated this complaint as the obvious bullpuckey it clearly is.

[T]he Government says that it will be burdensome to comply with any order that requires the NSA to remove plaintiffs from its database. Of course, the public has no interest in saving the Government from the budens of complying with the Constitution! Then, the Government frets such an order “could ultimately have a degrading effect on the utility of the program if an injunction in this case precipitated successful requests for such relief by other litigants.” For reasons already explained, I am not convinced at this point in the litigation that the NSA’s database has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations, and so I am certainly not convinced that the removal of two individuals from the database will “degrade” the program in any meaningful sense.68

[snip]

In [staying my order to destroy the plaintiffs’ metadata] I hereby give the Government fair notice that should my ruling be upheld, this order will go into effect forthwith. Accordingly, I fully expect that during the appellate process, which will consume at least the next six months, the Government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld. Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.

68 To the extent that removing plaintiffs from the database would create the risk of “eliminating, or cutting off potential call chains,” the Government concedes that the odds of this happening are miniscule. (“[O]nly a tiny fraction of the collected metadata is ever reviewed . . . .”) (“Only the tiny fraction of the telephony metadata records that are responsive to queries authorized under the RAS standard are extracted, reviewed, or disseminated. . . . “). [citations removed]

But the plea for time– when it’s crystal clear NSA could start treating Larry Klayman’s data like a high volume number they intentionally defeat on intake tomorrow — made me wonder what purpose this complaint was really meant to serve, especially given James Cole’s refusal the other day to answer whether the Leahy-Sensenbrenner bill would eliminate bulk collection, which Jennifer Granick likens to a coup.

Responding to a question at yesterday’s hearing on the bill, Cole said, “Right now the interpretation of the word ‘relevant’ is a broad interpretation. Adding ‘pertinent to a foreign agent’ or ‘somebody in contact with a foreign agent’ could be another way of talking about relevance as it is right now. We’d have to see how broadly the court interprets that or how narrowly.”  In other words, the FISA court might let us keep doing what we’re doing no matter what the law says and despite Congress’ intent.

All courts issue opinions about what the laws that legislatures pass mean. These opinions are called the “common law”. But common law interpretations of statutes are only legitimate if they are fair and reasonable interpretations.

The NSA has a great track record getting FISC judges to interpret even obviously narrow phrases in surprisingly broad ways.

[snip]

Time and again, the FISC accepts the Administration’s shockingly flimsy arguments. As a set, the few public FISC opinions we’ve seen suggest that the Executive Branch—in cahoots with a few selected judges—has replaced legitimate public statutes with secret, illegitimate common law.

The rule of law is a basic democratic principle meaning that all members of a society—individuals, organizations, and government officials—must obey publicly disclosed legal codes and processes. If Cole is right that, try as it might, Congress cannot end bulk collection because the secret FISA court may defer to the NSA’s interpretation of the rules, there is no rule of law.  The NSA is in charge, the FISA court process is just a fig leaf, and this is no longer a democracy. There’s been a coup d’etat.

But it appears that not even the FISC judges are always in on the game. After all, at the moment when Judges Walton and Bates started reining in the Internet dragnet in the US, NSA started rolling out an expanded Internet dragnet program — which made it easier to pick up US person data and presumably easier to disseminate it — overseas. With that 6 month delay, would NSA just be figuring out how to maintain the dragnet function, but beyond the reach of meddling judges like Richard Leon?

The NSA suggested it would need 6 months notice to take just two people out of the dragnet. I can imagine no feasible technical reason that’s true.

So why were they implying they’d need that 6 months?

Did DOJ Prosecute Basaaly Moalin Just to Have a Section 215 “Success”?

/3 Comments/in , /by

At yesterday’s Senate Judiciary Committee hearing on the dragnet, the government’s numbers supporting the value of the dragnet got even worse. At one point, Pat Leahy asserted that the phone dragnet had only been useful in one case (in the last hearing, there had been a debate over whether it had been critical in one or two cases).

Leahy (after 1:09:40): We’ve already established that Section 215 was uniquely valuable in just one terrorism case, not the 54 that have been talked about before.

In a follow up some minutes later, Keith Alexander laid out numbers that explain how the Administration had presented that 1 case as 12 in previous claims.

Alexander (at 1:21:30): As you correctly stated, there was one unique case under 215 where the metadata helped. There were 7 others where it contributed. And 4 where it didn’t find anything of value, and we were able to tell the FBI that.

That is, to publicly claim that the phone dragnet has been useful in 12 cases, the Administration included 7 cases where — as with the Najibullah Zazi case — it proved to be a tool that provided non-critical information available by other means, and 4 cases where it was useful only because it didn’t show any results.

To fluff their numbers, the Administration has been counting cases where the phone dragnet didn’t show results as showing results of no results.

With sketchy numbers like that, it’s high time for a closer examination of the details — and the timing — of the Basaaly Moalin prosecution, the only case (Alexander now agrees) where the phone dragnet has been critical.

As a reminder, Moalin was first identified via the dragnet — probably on a second hop away from Somali warlord Aden Ayro — in October 2007.  They used that and probably whatever tip they used to investigate him in 2003 to get a FISA warrant by December 20, 2007. Only 2 months later, February 26, 2008, was al-Shabaab listed as a foreign terrorist organization. Ayro was killed on May 1, 2008, though the government kept the tap on Moalin through December 2008, during which period they collected evidence of Moalin donating money (maybe 3 times as much as he gave to al-Shabaab-related people) to a range of people who had nothing to do with al-Shabaab. A CIPA stipulation presented at the trial revealed that during this period after the inculpatory conversations, Moalin’s tribe and Shabaab split and Moalin’s collections supported other entities in Somalia.

1. Money collected for the Ayr sub-clan was given to individuals including Abukar Suyare (Abukar Mohamed) and Fare Yare, who were associated with the Ilays charity.

2. Money collected by the men in Guracewl on behalf of the Ayr sub-clan was given to a group that was not as-Shabaab. [sic]

3. There was a dispute between al-Shabaab, the Ayr clan and Ilays over the administration pf [sic] of Galgaduud regions.

4. Members of the Ilays charity and the Ayr sub-clan, including Abukar Suryare, were opposed to the al-Shabaab and were Ayrow’s enemies.

On April 8, 2009, FBI would search the hawala used to send money based entirely on Moalin’s case. Yet on April 23, 2009, according to a document referenced but not provided to Moalin’s defense, the FBI concluded that Moalin not only no longer expressed support for al-Shabaab, but that he had only ever supported it because of tribal loyalties, not support for terrorism.

The San Diego FIG assesses that Moalin, who belongs to the Hawiye tribe/Habr Gedir clan/Ayr subclan, is the most significant al-Shabaab fundraiser in the San Diego Area of Operations (AOR). Although Moalin has previously expressed support for al-Shabaab, he is likely more attentive to Ayr subclan issues and is not ideologically driven to support al-Shabaab. The San Deigo FIG assesses that Moalin likely supported now deceased senior al-Shabaab leader Aden Hashi Ayrow due to Ayrow’s tribal affiliation with the Hawiye tribe/Habr Gedir clan/Ayr subclan rather than his position in al-Shabaab. Moalin has also worked diligently to support Ayr issues to promote his own status with Habr Gedir elders. The San Diego FIG assesses, based on reporting that Moalin has provided direction regarding financial accounts to be used when transferring funds overseas that he also serves as a controller for the US-based al-Shabaab fundraising network.

The intercepts on which the prosecution was based support this. They show that Moalin’s conversations with Ayro and others focused on fighting the (American-backed) Ethiopian invaders of his region, not anything outside of Somalia.

Read more

Former Top NSA Officials Insist Employees Are Leaving Because Obama Is Mean, Not Because They Object To NSA’s Current Activities

/29 Comments/in /by

Ellen Nakashima has a story that purports to show 1) significant morale problems at the NSA and 2) proof that the morale stems from Obama’s failure to more aggressively support the NSA in the wake of the Edward Snowden revelations.

The story relies in significant part on former NSA IG Joel Brenner and two other former officials who insisted on remaining anonymous because “they still have dealings” with the NSA.

“The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it’s been carrying out publicly approved intelligence missions,” said Joel Brenner, NSA inspector general from 2002 to 2006. “They feel they’ve been hung out to dry, and they’re right.”

A former U.S. official — who like several other former officials interviewed for this story requested anonymity because he still has dealings with the agency — said: “The president has multiple constituencies — I get it. But he must agree that the signals intelligence NSA is providing is one of the most important sources of intelligence today.

“So if that’s the case, why isn’t the president taking care of one of the most important elements of the national security apparatus?”

[snip]

A second former official said NSA workers are polishing up their résumés and asking that they be cleared — removing any material linked to classified programs — so they can be sent out to potential employers. He noted that one employee who processes the résumés said, “I’ve never seen so many résumés that people want to have cleared in my life.”

Morale is “bad overall,” a third former official said. “The news — the Snowden disclosures — it questions the integrity of the NSA workforce,” he said. “It’s become very public and very personal. Literally, neighbors are asking people, ‘Why are you spying on Grandma?’ And we aren’t. People are feeling bad, beaten down.”

Does “still have dealings with the agency” mean these people still contract to it, indirectly or directly? If it does, how much of this contracting works through The Chertoff Group, where a slew of former officials seem to have had remarkably consistent interests in spreading this line for months? Nakashima might want to provide more details about this in any future of these stories, as it may tell us far more about how much these men are profiting for espousing such views.

After all, while they do provide evidence that NSA employees are leaving, they provide only second-hand evidence — evidence that is probably impossible for any of these figures to gain in depth personally — that the issue pertains to Obama’s response.

And there are at least hints that NSA employees might be leaving for another reason: they don’t want to be a part of programs they’re only now — thanks to compartmentalization — learning about

We can look to the two letters the NSA has sent to “families” of workers for such hints.

The first, sent in September (page one, page two, h/t Kevin Gosztola), got sent just 3 days after the release of documents showing NSA had been violating just about every rule imposed on the phone dragnet for the first three years it operated (partly, it should be said, because of Joel Brenner’s inadequate oversight at its inception). In the guise of providing more context to NSA employee family members about that and recent disclosures, Keith Alexander and John Inglis wrote,

We want to put the information you are reading and hearing about in the press into context and reassure you that this Agency and its workforce are deserving and appreciative of your support. Read more

Federated Queries and EO 12333 FISC Workaround

/8 Comments/in /by

Particularly given the evidence NSA started expanding its dragnet collection overseas as soon as the FISA Court discovered it had been breaking the law for years, I’ve been focusing closely on the relationship between the FISA Court-authorized dragnets (which NSA calls BR FISA — Business Records FISA — and PR/TT — Pen Register/Trap and Trace — after the authorities used to collect the data) and those authorized under Executive Order 12333.

This document — Module 4 of a training program storyboard that dates to late 2011 — provides some insight of how NSA trained its analysts to use international collections to be able to share data otherwise restricted by FISC.

The module lays out who has access to what data, then describes how analysts look up both the Reasonable Articulable Suspicion (RAS) determinations of identifiers they want to query on, as well as the BR and PR/TT credentials of those they might share query results with. It also describes how “EAR” prevents an analyst from querying BR or PR/TT data with any non-RAS approved identifier. So a chunk of the module shows how software checks should help to ensure the US-collected data is treated according to the controls imposed by FISC.

But the module also describes how a software interface (almost certainly MARINA, the metadata database) manages all the metadata collected from all over the world.

All of it, in one database.

So if you do what’s called a “federated” query with full BR and/or PR/TT credentials — meaning it searches on all collections the analyst has credentials for, with BR and PR/TT being the most restrictive — you may pull metadata collected via a range of different programs. Alternately, you can choose just to search some of the collections.

When launching analysts with [redacted] the appropriate BR or PR/TT credentials have the option to check a box if they wish to include BR or PR/TT metadata in their queries. If an analyst checks the “FISABR Mode” or “PENREGISTRY Mode” box when logging into [redacted] will perform a federated query. This means that in addition to either BR or PR/TT metadata, [redacted] will also query data collected under additional collection authorities, depending on the analyst’s credentials. Therefore, when performing a query of the BR or PR/TT metadata, analysts will potentially receive results from all of the above collection sources. Users of more recent versions of [redacted] do have the option, however, to “unfederate” the query, and pick and choose amongst the collection sources that they would like to query (10)

Back in 2009, when NSA was still working through disclosures of dragnet problems to FISC, analysts apparently had to guess where the data they were querying came from (which of course is an implicit admission that BR data had been improperly treated with weaker EO 12333 protections for years). But by 2011 they had worked it out so queries showed both what SIGAD (collection point) the metadata came from, as well as (using a classification mark) its highest classification.

It is possible to determine the collection source or sources of each result within the chain by examining the Producer Designator Digraph (PDDG)/SIGINT Activity Designator (SIGAD) and collection source(s) at the end of the line.

If at least one source of a result is BR or PR/TT metadata, the classification at the beginning of the line will contain the phrases FISABR or PR/TT, respectively. In addition, in the source information at the end of the line, the SIGAD [redacted] BR data can be recognized by SIGADs beginning with [redacted] For PR/TT, data collected after October 2010 is found [redacted] For a comprehensive listing of all the BR and PR/TT SIGADs as well as information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert.

Since it is possible that one communication event will be collected under multiple collection authorities (and multiple collection sources), not all of the results will be unique to one collection authority (or collection source). Keep in mind that the classification at the beginning of each result only indicates the highest level classification of that result, and does not necessarily reflect whether a result was unique to one collection authority (or collection source). If a result was obtained under multiple authorities (or sources), you will see more [redacted] (15-16)

In other words, analysts will be able to see from their results where the results come from. If a query result includes data only from BR or PR/TT sources, then the analyst can’t share the result with anyone not cleared into those programs without jumping some hoops. But if a query result showed other means to come up with the same results from a BR or PR/TT search (that is, if EO 12333 data would return the same result), then the result would not be considered a BR- or PR/TT-unique result, meaning the result could be shared far more widely. (Note, this passage also provides more details about the timing of the Internet metadata shutdown, suggesting it may have lasted from November 2009 to October 2010.)

Sharing restrictions in the FISC Orders only apply to unique BR or PR/TT query results. If query results are derived from multiple sources and are not unique to BR and PR/TT alone, the rules governing the other collection authority would apply. (17)

After noting this, the training storyboard spends 5 pages describing the restrictions on dissemination or further data analysis of BR and PR/TT results, even summaries of those results.

Then it returns to the point that such restrictions only hold for BR- or PR/TT-unique results and encourages analysts to run queries under EO 12333 so as to be able to get a result that can be shared and further exploited.

 However, as we’ve discussed, not all BR or PR/TT results are unique. If a query result indicates it was derived from another collection source in addition to BR or PR/TT, the rules governing the other collection authority would apply to the handling an d sharing of that query result. For example, this result came from both BR and E.O. 12333 collection; therefore, because it is not unique to BR information, it would be ok to inform non- BR cleared individuals of the fact of this communication, as well as task, query, and report this information according to standard E.O. 12333 guidelines.

In summary, if a query result has multiple collection authorities, analysts should source and/or report the non-BR or PR/TT version of that query result according to the rules governing the other authority. But if it is unique to either the BR or PR/TT authority then it is a unique query result with all of the applicable BR and PR/TT restrictions placed on it. In both cases, however, analysts should not share the actual chain containing BR or PR/TT results with analysts who do not have the credentials to receive or view BR or PR/TT information. In such an instance, if it is necessary to share the chain, analysts should re-run the query in the non-BR or non-PR/TT areas of [redacted] and share that .cml. (22)

Let me be clear: none of this appears to be illegal (except insofar as it involves a recognition it is collecting US person data overseas, which may raise issues under a number of statutes). It’s just a kluge designed to use the US-based dragnet programs to pinpoint results, then use EO 12333 results to disseminate widely.

It does, obviously, raise big questions about whether the numbers reported to Congress on dragnet searches reflect the real number of searches and/or results, which will get more pressing if new information sharing laws get passed.

Mostly, though, it shows how NSA uses overseas collection to collect the same data on Americans without the restrictions on sharing it.

There are a lot of likely reasons to explain why the NSA stopped collecting Internet metadata in the US in 2011 (seemingly weeks after this version of the storyboard, though they would still be able to access the PR/TT metadata for 5 years Update 11/20/14: they destroyed the PRTT data in December 2011). But it is clear the overseas collection serves, in part, to get around FISC restrictions on dissemination and further analysis.

Updated: Added explanation for BR FISA and PR/TT abbreviations.

Phone and Internet Associations Are Both Terror Group Membership and a Chance Encounter in a Dance Hall

/5 Comments/in , /by
Screen shot 2013-11-25 at 12.59.34 PM

The sole discussion of First Amendment considerations in this undated training (it’s probably between early 2008 and 2011) is one page with a list of protected activities.

As I noted last week, from the start of the dragnet programs, neither the Court nor the government appear to have considered the implications dragnet analysis had for Freedom of Association.

Several of the training documents released last week — notably this August 29, 2008 NSA Memo — suggest the NSA reconsidered the associational implications of the dragnet in 2008. Nevertheless, in a document that appears to reflect an August 20, 2008 effort to protect associations, the NSA continued to use at least some associations as evidence of terrorist affiliation.

The rules on dragnet queries changed on August 20, 2008

As I noted some weeks ago, the government has withheld at least 3 FISC opinions pertaining to Section 215; one of the withheld opinions is dated August 20, 2008. This memo, written 9 days later, lays out the legal standard for contact-chaining for both the phone and Internet dragnet programs as described in two 2008 dockets.

Specifically, the memo elaborates on the legal standard applicable to the contact-chaining activities in which SID offices engage pursuant to Business Records Order 08-08 (as well as subsequent Orders for the production of telephony records)1 as well as to the contact chaining activities in which SID analysts engage pursuant to the Pen Register and Trap and Trace Order 08-110 (as well as subsequent Pen/Trap Orders ).

The documents must be the most recent, given the way the memo applies this standard to orders going forward. And it replaces an earlier memo, written just months after the start of the phone dragnet.

OGC memorandum dated October 13, 2006, same subject, is canceled. This memorandum updates the prior memorandum to reflect changes in the Foreign Intelligence Surveillance Court (FISC) authorizations specifically authorizing access to the data acquired under the Orders for analysis related to [redacted — probably describes terrorism subjects] The substantive guidance concerning the application of the “reasonable articulable suspicion” standard with respect to the authorizations remains unchanged.

All of which strongly suggests this memo served to incorporate whatever changes the August 2008 opinion made into NSA practice.

The change in the rules pertain to the treatment of association

The structure of the memo — along with the footnote’s explanation that the standards for Reasonable Articulable Suspicion  (cited above) have not changed — suggest that what did change pertains to Association.

After an introductory section, the memo has this structure:

A. Summary of the [RAS] Standard

B. Association with [redacted — probably terrorist targets]

C. First Amendment Considerations

D. Summary

In other words, the memo seems to assess the impact of an August 20, 2008 FISC opinion commenting on the degree to which First Amendment protected activity may serve as proof of a tie (an association) to a terrorist organization.

Regardless of what the FISC said, association is the same thing as membership

Before I lay out the logic dismissing any associational concerns presented by using phone contacts to assume a tie to terrorism, let me get to the punch line. After explaining that simply lobbying a member of Congress to “cut off funding for U.S. troops in Iraq” does not prove an association with terrorism (though some other NSA documents suggest it may have been regarded as such at one time), the memo explains that in some circumstances direct contact can do so.

But, as we have already made clear, we do not read the Order to preclude under all circumstances the conclusion that a number is associated with [redacted — probably terrorist groups] solely on the basis of its communications [redacted] and, more specifically, based on its contacts with numbers about which NSA has the appropriate level of suspicion. Our conclusion is supported by First Amendment law, as we discuss below.

In a footnote on that same page, the memo makes a breathtaking conflation of “member” and “associated with” a terrorist group.

We note also that the very object of the overall effort supported by these Orders is to determine whether or not particular individuals are members of or are associated with the terrorist organizations named in the Orders. Thus, under these Orders, simply by being a member of a named group one becomes subject to government scrutiny. [my emphasis]

That is, NSA sets out to argue that, regardless of whatever that FISC opinion states, association with a terrorist group (provided that they engage in direct contact) amounts to membership in it.

And here’s how that analysis ends up. Read more

By “Application” the Administration Didn’t Mean “Memorandum of Law”

/1 Comment/in , /by

This is a very minor point.

But, perhaps to rebut my observation that the government withheld significant constructions of law from the oversight committees until after the PATRIOT Act was reauthorized in 2010, ODNI released these this July 22, 2009 document, approving the unsealing of the original application for the phone dragnet so it could be shared with the Judiciary and Intelligence Committees as mandated by the FISA Amendments Act over a year earlier.

That makes it clear the oversight committees did have the application, at least, before they started discussions to reauthorize PATRIOT.

But it also shows several other things.

It shows how misleading the White Paper was when it implied the oversight committees had everything by December 2008.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees. [my emphasis]

It seems that reference to “application” in the White Paper referred only to the formal application, absent the underlying legal memorandum revealing just how radical this request was, which the Executive Branch withheld for another 7 months (even as the program was showing serial violations).

It also shows that the government took over a year after FAA required this sharing before it actually shared the document.

And it shows that, while we don’t know what the government withheld for over another year, the government was still withholding substantive information from Congress until after PATRIOT was reauthorized in February 2010.

Unlike some of the documents released by the government, the original Colleen Kollar-Kotelly opinion doesn’t reveal when it got released to Congress. I wonder when the Executive decided to share that?

Update: I may have spoken too soon. FISC unsealed this, but I don’t see the submission recorded on the Vaughn indices. Will update soon.

Update: Here’s what the ACLU Vaughn Index (there are differences with the EFF Vaughn Index, but not on this point) shows as far as Congressional submissions of pre-FAA material.

  • October 3, 2008, 31 pages of post FAA matters, all apparently on Section 215
  • October 3, 2008, 31 pages of post FAA matters, all apparently on Section 215 (may be duplicate entry — see entries 13 and 82)
  • December 1, 2008, at least 1084 pages of pre FAA matters, 378 of which pertain to Section 215
  • August 16, 2010, 236 pages of Section 215 matter plus more on other topics, pre FAA matters
  • February 4, 2011, 39 pages, all apparently on Section 215, unclear whether this is pre or post FAA materials

In other words, if the Vaughn Index is accurate, FISC unsealed this opinion on July 22, 2009, but the Executive Branch didn’t provide it to the oversight committees until August 16, 2010.

The Five Year Parade of Internet Dragnet Violations

/9 Comments/in /by

Monday’s document release provided mounting evidence that when the hospital confrontation “heroes” moved the Internet dragnet they had deemed to be illegal under the auspices of the FISA Court, neither they, nor Judge Colleen Kollar-Kotelly believed it was legally sound. But they traded those truly crummy legal claims to bring the program under court oversight. Since then, boosters of the scheme have claimed the oversight serves to eliminate violations quickly.

We already knew that’s not true.

Still, Monday’s release — particularly this John Bates opinion written around July 2010 — makes that even more clear. After Kollar-Kotelly sacrificed judicial wisdom for court oversight on July 14, 2004, the government continued breaking the court’s rules for five years, until Reggie Walton shut the program down, sometime in fall 2009.

First, let’s lay out the dates. I’ve done a rough timeline below, based on the known start-date (July 14, 2004) and the rough end point with John Bates’ opinion (around July 2010). The bulk of the other dates impose the timeline laid out in the Bates opinion on a few known dates taken from the phone dragnet production (plus, the geniuses at ODNI not only left the date of the June 22 Internet dragnet order in its URL (CLEANED101.%20Order%20and%20Supplemental%20Order%20%286-22-09%29-sealed.pdf), but it’s the same document as the June 22 phone dragnet order, which has different redactions but most dates intact — see the three bolded entries below).

As you’ll see, there were two known violations in the Internet dragnet before the before the discoveries of the problems started in earnest in 2009. That’s not that big a deal — there was at least one phone violation before 2009 too, except in the case of the Internet dragnet, NSA overcollected from the very start.

The examination of the Internet dragnet started in response to the first phone dragnet disclosures in January 2009 (with the change in Administration, it should be remembered). Reggie Walton told NSA to see if the Internet dragnet had the same compliance problems as the phone dragnet did.

From that point until June 2009, the discoveries seemed to work in parallel (the NSA was working on End-to-End reports for both programs at the same time, and they share some common databases). But with the discovery that both dragnet programs were sharing information freely with other agencies, it became clear the violations were much worse on the Internet dragnet side, with reports going out with US person information that did not even remotely comply with minimization requirements.

Then sometime after that — and after Walton issued what would be the last Internet dragnet order for a year (that was sometime after June 22, 2009) — NSA discovered they had been receiving “metadata” far outside the permitted scope, which surely included content. Note this may have happened around the same time as NSA reported that one phone provider had overproduced (including international data in addition to domestic, I think) on July 9, 2009, so I wonder if they were only then reviewing returned data on receipt.

In any case, it was around that time that NSA “discovered” the Internet metadata program had never ever been in compliance. From Bates:

Notwithstanding this and many similar prior representations [made on the summer 2009 reauthorization] there in fact had been systemic overcollection since [redacted]. On [redacted] the government provided written notice of yet another form of substantial non-compliance discovered by NSA OGC on [redacted] this time involving the acquisition of information beyond the [redacted] authorized categories.

[snip]

This overcollection, which had occurred continuously since the initial authorization in [redacted] included the acquisition of [long redaction]. [my emphasis]

Never.

If my math is correct, the application the NSA withdrew was submitted not long after September 20. There are briefings for the Intelligence Committees that likely alerted them to the scale of the Internet dragnet problems around that time. But as of October 5, some of the most assertive House Judiciary members seem to have had no idea about the problems with the Internet dragnet. If they found out about it with the notice to Congress on December 17, 2009, it explains why the PATRIOT Act reauthorization process stalled.

There’s one more very important thing in this timeline. You’ll see below that almost at exactly the same time as NSA “realized” it had never complied with program requirements, it started a pilot project that would be rolled out on January 3, 2011, analyzing metadata with no special protections for US persons or limit for use only on counterterrorism.

Specifically, these new procedures permit contact chaining, and other analysis, from and through any selector, irrespective of nationality or location, in order to follow or discover valid foreign intelligence targets. (Formerly analysts were required to determine whether or not selectors were associated with US communicants.)

[snip]

In the second place it enables large-scale graph analysis on very large sets of communications metadata vwithout having to check foreignness of every node or address in the graph. Analysts in S2 have used this to great benefit over the past year and a half under a pilot program. [emphasis original]

In other words, at the moment they were coming clean with the FISC that they had never ever complied with the PR/TT orders, they were beginning the pilot project that would move metadata collection overseas, under EO 12333. (This document goes back to this NYT story on social network analysis.)

So much for the notion that putting all this under court oversight would accomplish a damn thing. All it did was degrade the law and provide NSA cover until they developed the technology to do all this overseas.

Update, 11/22: More dates added to timeline.

Update, 11/26: More dates added to timeline. Read more

NSA’s Notion of Regaining Confidence

/2 Comments/in /by

In my apparent never-ending job of documenting all the lies, half truths, and misrepresentations the Intelligence Community has told Congress, I wanted to look at one more document from the chunk the I Con released last week: the briefing given the House Intelligence Committee on the phone dragnet on October 21, 2009, during the early part of the PATRIOT Act reauthorization debate. The briefing came three weeks after then-House Intelligence Chair Silvestre Reyes requested a document on the dragnet (which would end up being the notice provided to Congress).

Here’s the last entry in the October 21 briefing’s description of the efforts to fix the problems with the dragnet.

On September 3, 2009, after receiving extensive demonstrations and briefings regarding the BR FISA program, the FISC signed the Renewal Order for BR
FISA. The order, which will remain in effect through October 30, 2009, restores to NSA the authority to make Reasonable Articulable Suspicion (RAS) determinations as to whether specific telephone identifiers may be used as “seeds” for querying against the BR FISA metadata. The signing of the renewal order is viewed as an indication that NSA is regaining the Court’s confidence in its ability to safeguard US Person privacy while using BR FISA data for vital national security missions. [my emphasis]

That is, the NCTC and NSA claimed to HPSCI — one of two committees getting the most information on the phone dragnet — that “NSA is regaining the Court’s confidence in its ability to safeguard US Person privacy.”

But the September 3 reauthorization of the phone dragnet — the last interaction with FISC referenced in the briefing — was not the most recent event prior to this briefing.

The last event we know of, at least, came when, on September 21 and 23, Judge Reggie Walton — the judge who had been working through this process for 9 months and on September 3 had ordered NSA to restrict access to the phone dragnet data to those who had been specially trained for it — had a DOJ National Security Division attorney tell him, orally, of two “likely violations” of these orders. NSA employees were emailing results of phone dragnet queries around — had even set up an email list of 189 analysts — including to people who had not received the special training required by the Court.

Worse, NSA didn’t inform Walton of the violations.

The NSD attorney advised that NSD and NSA were investigating the foregoing incidents and expected to be in a position to submit a preliminary written notice to the Court in short order. As of the entry of this Order, the Court has not yet received such a notice.

The Court is deeply troubled by the incidents described above, which have occurred only a few weeks following the completion of an “end to end review” by the government of NSA’s procedures and processes for handling the BR metadata, and its submission of a report intended to assure the Court that NSA had addressed and corrected the issues giving rise to the history of serious and widespread compliance problems in this matter and had taken the necessary steps to ensure compliance with the Court’s orders going forward.

In his September 25 order, Walton instructed NSA to brief him on September 28 on these latest violations.

In other words, as far as the declassified record thus far shows, FISC had newfound reason to be “deeply troubled” by violations (and probably, NSA’s failure to notice the court on them) when it briefed the House Intelligence Committee on October 21.

And the Administration didn’t tell HPSCI that, right in the middle of debates about PATRIOT (and therefore Section 215) reauthorization.

And yet the I Con and its defenders insist — insist! — Congress was fully informed when it reauthorized PATRIOT.

Dianne Feinstein Opens the Tech Back Door to the Dragnet Database Even Wider

/2 Comments/in , /by

I’ve been writing for months about the great big loophole providing access to the phone dragnet database.

Basically, the NSA needs someone to massage the dragnet data before analysts do queries on it, to take out high frequency call numbers (telemarketers and pizza joints), and probably to take out certain protected numbers, like those of Members of Congress. (Note, that the NSA has to do this demonstrates not only that all their haystack claims are false, but also leaves the possibility they’ll remove numbers that actually do have intelligence value.)

The problem of course, is that this means there is routine access to the database of all phone-based relationships in the United States that does not undergo normal oversight. We know this is a problem because we know NSA has found big chunks of this data in places where it doesn’t belong, as it discovered on February 16, 2012 when it found over 3,000 call records that had been stashed and kept longer than the 5 years permitted by the FISA Court.

As of 16 February 2012, NSA determined that approximately 3,032 files containing call detail records potentially collected pursuant to prior BR Orders were retained on a server and been collected more than five years ago in violation of the 5-year retention period established for BR collection. Specifically, these files were retained on a server used by technical personnel working with the Business Records metadata to maintain documentation of provider feed data formats and performed background analysis to document why certain contact chaining rules were created. In addition to the BR work, this server also contains information related to the STELLARWIND program and files which do not appear to be related to either of these programs. NSA bases its determination that these files may be in violation of BR 11-191 because of the type of information contained in the files (i.e., call detail records), the access to the server by technical personnel who worked with the BR metadata, and the listed “creation date” for the files. It is possible that these files contain STELLARWIND data, despite the creation date. The STELLARWIND data could have been copied to this server, and that process could have changed the creation date to a timeframe that appears to indicate that they may contain BR metadata.

The bill the Intelligence Committee passed out of committee yesterday not only codifies this practice, but exempts this practice from the explicit limits placed on other uses of this database.

Here’s how it describes this access.

(D) LIMITED ACCESS TO DATA.—Access to information retained in accordance with the procedures described in subparagraph (C) shall be prohibited, except for access—

[snip]

(iii) as may be necessary for technical assurance, data management or compliance purposes, or for the purpose of narrowing the results of queries, in which case no information produced pursuant to the order may be accessed, used, or disclosed for any other purpose, unless the information is responsive to a query authorized under paragraph (3).

Note, I’ve never seen this access described in a way that would include “narrowing the results of queries” before. I’m actually very curious why a tech would need to directly access the database, presumably after a query has already been run, to narrow it. Isn’t that contrary to the entire haystack theory?

In any case, the rest of the bill relevant to the phone dragnet effectively exempts this access from almost all of the oversight it codifies.

The requirement for a written record of the Reasonable Articulable Suspicion and identity of the person making the query does not apply (see 2 A and B). Since no record is made, the FISA Court doesn’t review these queries (6A) and these queries don’t get included in the public reporting (b)(3)(C)(i). I don’t see where the bill requires any record-keeping of this access.

The requirement that the data be kept secure specifically doesn’t apply.

SECURITY PROCEDURES FOR ACQUIRED DATA.—Information acquired pursuant to such an order (other than information properly returned in response to a query under subparagraph (D)(iii)) shall be retained by the Government in accordance with security procedures approved by the court in a manner designed to ensure that only authorized personnel will have access to the information in the manner prescribed by this section and the court’s order. [my emphasis]

And the requirement that personnel accessing the database for these purposes (4) be limited and specially trained doesn’t apply.

A court order issued pursuant to an application made under subsection (a), and subject to the requirements of this subsection, shall impose strict, reasonable limits, consistent with operational needs, on the number of Government personnel authorized to make a determination or perform a query pursuant to paragraph (1)(D)(i).

The only limit that appears to apply to the queries from this data management access of the database is the 5 year destruction.

Now, I think the FISA Court made tentative bids to limit some of the activities in 2009. But this language seems to undermine some of the controls the Court has placed on this access (including audits).

In short, in a purported bid to raise confidence about the NSA creating a database of every phone-based relationship in the United States, the Intelligence Committee has actually codified a loosening of access to the database outside the central purpose of it. It permits a range of people to access the database for vaguely defined purposes, it permits them to move that data onto less secure areas of the network, and it doesn’t appear to require record-keeping of the practice.

But what could go wrong with permitting tech personnel — people like Edward Snowden — access to data with less oversight than that imposed on analysts?

Update: Added the language from the 2012 violation to show how clueless the NSA was about finding this data just lying around and its inability to determine where it came from.