Posts

The People Who Work at Arthur Anderson NSA Are Such Nice People

/8 Comments/in /by

[youtube]uF40mZbrd7I[/youtube]

Back in 2001 or early 2002, I sat next to a lifetime Arthur Anderson accountant on a long plane ride. We talked about the Enron debacle and its ties to Anderson. She hadn’t worked the Enron account, and she insisted that Anderson itself was a highly ethical company — it was just the Enron account that was bad, she said. I gently raised the several other big accounting scandals Anderson starred in — Waste Management and Sunbeam both broke in 2001. But in her mind, that she and the people she worked with seemed like good people was all the proof she needed that Anderson was not a systematically unethical company.

That is, effectively, the defense that Bobby Chesney and Ben Wittes want to offer of the NSA after Chesney helped set up a special meeting of academics (plus Wittes) with the agency.

Our major takeaway concerns the dramatic disparity that separates the perception on the outside of what this agency does and NSA’s self-perception. To hear NSA folks talk about their compliance regime, for example, is to hear about an entirely different animal than the situation depicted in many new stories. To hear NSA folks discuss the relationship between encryption, cyber-security, and cyber offense is a different animal than to read news stories about how NSA breaks encryption. And so forth.  These conversations were all unclassified, but they vividly described a wide gap in understanding between NSA and the press, members of Congress, and the public regarding what the agency does and doesn’t do, how accountable and regulated it is, to what extent it complies with the law and how, and what the relevant law is.

That gap is unnecessary, or at least it need not be so wide. Read more

Ron Wyden’s Past Provocative Hearing Question on Cell Site Location

/8 Comments/in , /by

As I’ve noted, yesterday Ron Wyden got Keith Alexander to refuse to answer a question about whether the NSA has ever collected or made plans to collect Americans’ cell-site information in bulk.

Wyden: Senators Udall, Heinrich and I and about two dozen other senators have asked in the past whether the NSA has ever collected or made any plans to collect Americans’ cell-site information in bulk. What would be your response to that?

Gen. Keith Alexander (Alexander): Senator, on July 25, Director Clapper provided a non-classified written response to this question amongst others, as well as a classified supplement with additional detail. Allow me to reaffirm what was stated in that unclassified response. Under section 215, NSA is not receiving cell-site location data and has no current plans to do so. As you know, I indicated to this committee on October 20, 2011, that I would notify Congress of NSA’s intent to obtain cell-site location data prior to any such plans being put in place. As you may also be aware, –

Wyden: General, if I might. I think we’re all familiar with it. That’s not the question I’m asking. Respectfully, I’m asking, has the NSA ever collected or ever made any plans to collect Americans’ cell-site information. That was the question and we, respectfully General, have still not gotten an answer to it. Could you give me an answer to that? [my emphasis]

In addition to saying NSA is not doing so under Section 215, Alexander also pointed to two classified responses he would not repeat in unclassified setting.

Which I think confirms — as if there was any doubt — that the answer is yes, the NSA has at least planned, if not actually collected, cell-site location in bulk (though not necessarily under Section 215).

That said, many people are treating this as Wyden’s first provocative hearing question on the topic. This one — from February 2012, just after the US v Jones decision found use of a GPS to constitute a search — may provide some important insight onto the timing and rationale behind such bulk collection.

Wyden: Director Clapper, as you know the Supreme Court ruled last week that it was unconstitutional for federal agents to attach a GPS tracking device to an individual’s car and monitor their movements 24/7 without a warrant. Because the Chair was being very gracious, I want to do this briefly. Can you tell me as of now what you believe this means for the intelligence community, Read more

Ron Wyden’s What’s-Old-Is-New Question: Reverse Targeting

/2 Comments/in , /by

When you track Ron Wyden’s persistent attempts to squeeze answers out of National Security officials, you grow familiar with the rhythm of questions. Drone memos — Article II or AUMF, he asked for years before getting a still-secret answer. Has the government ever bulk collected location, Keith Alexander refused to answer yet again yesterday. As I noted, he publicly asked for the common commercial agreement OLC memo back in January before he asked again yesterday, in addition to a number of non-public requests he (and Russ Feingold) made.

That’s true of most of his questions from yesterday.

He asked, again, about the NSA’s ability to search through incidentally collected data for US person communications.

Section 702 of FISA was intended to give the government new authority to target foreigners, but the executive branch has argued that the NSA should have the authority to deliberately go through communications collected under section 702 and conduct warrantless searches for the communications of individual Americans. Has the NSA ever conducted any of these warrantless searches for individual Americans’ communications?

He tried to limit this in last year’s reauthorization, asked about it last fall, and caught Keith Alexander lying about it back in June.

The answer to the question, of course, is “Yes.”

He asked, again, how long the government has used PATRIOT to conduct bulk collection of US person data.

How long has the NSA used Patriot Act authorities to engage in the bulk collection of Americans’ records? And was this collection underway when Congress was voting to reauthorize the Patriot Act in late 2005 and early 2006?

He — and 25 other Senators — asked this question back in June. But Clapper refused to answer it.

The answer to the question (as has been confirmed by the 2009 draft NSA IG Report) is “Yes.” Which of course either means Congress added the “relevant to” language to shut down such bulk collection, or the government lied about how it was using the Pen Register/Trap and Trace and Business Records provisions when Congress reauthorized the PATRIOT Act in 2006.

But it’s the last question that — in this form at least — is new:

One of the recurring debates about section 702 of FISA is whether the law should include stronger protections against reverse targeting, which is the prohibited practice of trying to spy on Americans by collecting the communications of foreigners that those Americans are believed to be talking to. Since the FISA Amendments Act was passed in 2008, have there been any instances of reverse targeting by NSA analysts?

Don’t get me wrong. There has been plenty of discussion of reverse targeting going back to before the FISA Amendments Act (and, for that matter, the Protect America Act) were passed.

But the answer to this question, as with the two others, is almost surely “Yes.” Otherwise, Wyden wouldn’t have asked it (and planned to ask it during a public hearing).

Which means that, either before or after the FISA Court permitted the NSA to search through incidentally collected for US person communications (see question 1), it caught analysts picking foreign targets in such a way that they could collect the communications of Americans.

They did precisely what the law prohibits explicitly.

That is new.

No wonder DiFi ensured Wyden wouldn’t get a second round of questions, saving Keith Alexander and James Clapper from answering this in public.

Did OLC Rule Americans Have Voluntarily Allowed NSA to Collect Their Communications Domestically?

/12 Comments/in , /by

Some weeks ago, I waded into a discussion between Charlie Savage and Ben Wittes to suggest that a still-secret OLC opinion Ron Wyden mentioned back in January might serve as the basis for collecting US person communications at the phone switches.

In his letter to John Brennan in January asking for a slew of things, Ron Wyden mentioned two opinions that may be the still-secret legal analysis mentioned by Savage.

Third, over two years ago, Senator Feingold and I wrote to the Attorney General regarding two classified opinions from the Justice Department’s Office of Legal Counsel, including an opinion that interprets common commercial service agreements. We asked the Attorney General to declassify both of these opinions, and to revoke the opinion pertaining to commercial service agreements. Last summer, I repeated the request, and noted that the opinion regarding commercial service agreements has direct relevance to ongoing congressional debates regarding cybersecurity legislation. The Justice Department still has not responded to these letters.

The opinions would have to pre-date January 14, 2011, because Feingold and Wyden requested the opinions before that date.

The reason I think the service agreements one may be relevant is because the opinions Ben cites focus on whether government users have given consent for EINSTEIN surveillance; in his article on it Bradbury focuses on whether the government could accomplish something similar with critical infrastructure networks.

I suspect this opinion — whatever question it addresses — makes the case that Americans have given NSA voluntary permission to collect US person communications from certain (I’m not sure which ones) switches.

Whatever it says, though, Ron Wyden just asked for the opinion again.

Over the last few years I have written multiple letters to Attorney General Holder regarding a particular opinion from the Justice Department’s Office of Legal Counsel that interprets common commercial service agreements. I have said that I believe that this opinion is inconsistent with the public’s understanding of the law, and that it needs to be both withdrawn and declassified. Despite multiple follow-ups from my staff I still have not received a response to any of these letters. Can you tell me when I can expect a response?

The biggest reason public understanding of the law would matter, after all, is if OLC were interpreting it to reflect voluntary consent for collection of data that the public didn’t realize they had given. And we know NSA wants to — if it is not already — scan communications for malicious code in the name of cybersecurity on critical infrastructure networks the same way it is doing on government networks.

Remember, this is one of 4 questions Wyden would have asked had DiFi allowed an elected Senator to ask questions rather than an NSA apologist to appear. Wyden had apparently alerted Keith Alexander to what those questions were.

Heck, this is even a question aplogist Ben Wittes has expressed an interest in. For once it is his questions, in addition to members of Congress, that are not getting answered.

Dianne Feinstein Gives NSA Apologist Ben Wittes More “Oversight” Time than Ron Wyden

/11 Comments/in , /by

Screen shot 2013-09-26 at 5.01.04 PMThe Senate Intelligence Committee hearing on NSA changes just finished.

It was about what you’d expect: Dianne Feinstein and Saxby Chambliss claimed they were making changes that don’t amount to much, at least four Senators filibustered themselves so they wouldn’t have to ask any questions (and therefore betray ignorance).

And of course, Ron Wyden and Mark Udall tried to ask questions.

The problem is, Dianne Feinstein had already deviated from normal Senate policy by giving Senators just 5 minutes to ask questions (that is the practice in the House, which is why House hearings are so much more stupid than Senate ones, generally).

Which meant that when Ron Wyden asked his first question — about geolocation — General Keith Alexander knew he could filibuster. As he did.

Now with respect to questions, let me start with you Director Alexander, and, as you all know, I will notify you in advance so that there won’t be any surprise about the types of issues we are going to get into. And Director Alexander, Senators Udall, Heinrich and I and about two dozen other senators have asked in the past whether the NSA has ever collected or made any plans to collect Americans’ cell-site information in bulk. What would be your response to that?

Gen. Keith Alexander (Alexander): Senator, on July 25, Director Clapper provided a non-classified written response to this question amongst others, as well as a classified supplement with additional detail. Allow me to reaffirm what was stated in that unclassified response. Under section 215, NSA is not receiving cell-site location data and has no current plans to do so. As you know, I indicated to this committee on October 20, 2011, that I would notify Congress of NSA’s intent to obtain cell-site location data prior to any such plans being put in place. As you may also be aware, —

Wyden: General, if I might. I think we’re all familiar with it. That’s not the question I’m asking. Respectfully, I’m asking, has the NSA ever collected or ever made any plans to collect Americans’ cell-site information. That was the question and we, respectfully General, have still not gotten an answer to it. Could you give me an answer to that?

Alexander: We did. We sent that — as you’re also aware I expressly reaffirmed this commitment to the committee on June 25, 2013. Finally, in the most recent and now declassified opinion renewing this program, the FISA court made clear in footnote number five that notice to the court in a briefing would be required if the government were to seek production of cell-site location information as part of the bulk production of call detail records. Additional details were also provided in the classified supplement to Director Clapper’s July 25th response to this question. So what I don’t want to do, Senator, is put out in an unclassified forum anything that’s classified there so I’m reading to you exactly. So we sent both of these to you. I saw what Director Clapper sent and I agree with it.

Wyden: General, if you’re responding to my question by not answering it because you think that’s a classified matter that is certainly your right. We will continue to explore that because I believe this is something the American people have a right to know whether the NSA has ever collected or made plans to collect cell-site information. I understand your answer. I’ll have additional questions on the next round. Thank you, Madam Chair. [my emphasis]

Wyden deferred his further questions to the second round.

But when the first round ended, DiFi said they didn’t have time for a second one, because they had to move onto the two non-governmental witnesses, Ben Wittes and Tim Edgar. Wyden tried to just ask his questions quickly, but Susan Collins objected.

Wittes — who recently admitted that he is an NSA apologist, according to the dictionary definition of the term — had an unfettered (and unsworn) opportunity to read his statement, which seemed to take up far more than the 5 minutes Wyden got to exercise oversight (the entire statement, with admittedly long footnotes, was 13 pages, though I’m not certain he read it all).

Effectively, then, Wittes’ mere presence served as a means to silence people asking real questions about NSA. DiFi claimed she had invited James Clapper and Keith Alexander to set the facts straight, but then made sure they’d be able to filibuster any effort to liberate a stray fact or two.

Next time he accuses Congress of being NAKED!, I do hope he remembers that his very presence has been used to prevent elected members of Congress from asking the questions Wittes is so sure the government is forthcoming in answering.

By “Secret Law” Did They Mean “Not Written Down”?

/12 Comments/in , /by

For years, Ron Wyden and Mark Udall have been calling the secret interpretation of Section 215 “secret law.”

I’ve always thought they meant that figuratively. The law got made by the FISA Court in secret, but there’s an opinion there somewhere, laying out the interpretation of the law. It’s just secret.

Ever since the release of the first documents responsive to the EFF/ACLU FOIAs, I’ve begun to wonder. What we’ve seen include:

Neither of those were comprehensive. And the “supplemental opinion” would seem to suggest it supplemented … something.

Yesterday, we got what appears to be a (shoddy) comprehensive opinion.

That opinion cites an earlier opinion from the FISA Court that is not, however, cited in either the 2006 or 2008 opinions. That earlier opinion examines how bulk collection affects the Fourth Amendment.

Here, the government is requesting daily production of certain telephony metadata in bulk belonging to companies without specifying the particular number of an individual. This Court had reason to analyze this distinction in a similar context in [redacted]. In that case, this Court found that “regarding the breadth of the proposed surveillance, it is noteworthy that the application of the Fourth Amendment depends on the government’s intruding into some individual’s reasonable expectation of privacy.” Id. at 62. The Court noted that Fourth Amendment rights are personal and individual, see id. (citing Steagald v. United States, 451 U.S. 204, 219 (1981); Rakas v. Illinois, 439 U.S. 128, 133 (1978) (“‘Fourth Amendment rights are personal rights which … may not be vicariously asserted.,) (quoting Alderman v. United States, 394 U.S. 165, 174 (1969))), and that “[s]o long as no individual has a reasonable expectation of privacy in meta data, the large number of persons whose communications will be subjected to the … surveillance is irrelevant to the issue of whether a Fourth Amendment search or seizure will occur.” Id. at 63. Put another way, where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.

[snip]

Furthermore, for the reasons stated in [redacted] and discussed above, this Court finds that the volume of records being acquired does not alter this conclusion. [my emphasis]

Note while this pertains to metadata, there’s no indication it addressed phone metadata.

Later, it cites two earlier FISC cases.

This Court has previously examined the issue of relevance for bulk collections. See [6 lines redacted]

While those involved different collections from the one at issue here, the relevance standard was similar. See 50 U.S.C. § 1842(c)(2) (“[R]elevant to an ongoing investigation to protect against international terrorism …. “). In both cases, there were facts demonstrating that information concerning known and unknown affiliates of international terrorist organizations was contained within the non-content metadata the government sought to obtain. As this Court noted in 2010, the “finding of relevance most crucially depended on the conclusion that bulk collection is necessary for NSA to employ tools that are likely to generate useful investigative leads to help identify and track terrorist operatives.”  [my emphasis]

Both, apparently, relied on the Pen Register statute, not Section 215, and one was fairly recent (2010 — perhaps that’s the geolocation one?).

But it appears not to reference an earlier Section 215 phone metadata case, not even to lay out the rationale for relevance and bulk collection.

In addition to references to these earlier apparently non-215 phone data precedents, Eagan also cites the government’s 2006 Memorandum of Law.

Accompanying the government’s first application for the bulk production of telephone company metadata was a Memorandum of Law which argued that “[i]nformation is ‘relevant’ to an authorized international terrorism investigation if it bears upon, or is pertinent to, that investigation.” Mem. of Law in Support of App. for Certain Tangible Things for Investigations to Protect Against International Terrorism, Docket No. BR 06- 05 (filed May 23, 2006), at 13-14 (quoting dictionary definitions, Oppenheimer Fund, Inc. v. Sanders, 437 U.S. 340, 351 (1978), and Fed. R. Evid. 4012°).

Normally, a judge would cite a precedential opinion, showing that another judge had agreed with such definitions. Not here. Eagan cites the government’s own memorandum for the definition for relevant. (She cites that memorandum at least two more times in her opinion.)

Which seems to suggest this 2013 opinion — one written after widespread leaks of the program — constitutes the first opinion systematically rationalizing this program.

Well over 7 years after it started.

There’s one more detail that seems to support this conclusion. The White Paper describes how the Administration shared significant FISC materials with the Intelligence and Judiciary Committees.

Moreover, in early 2007, the Department of Justice began providing all significant FISC pleadings and orders related to this program to the Senate and House Intelligence and Judiciary committees. By December 2008, all four committees had received the initial application and primary order authorizing the telephony metadata collection. Thereafter, all pleadings and orders reflecting significant legal developments regarding the program were produced to all four committees.

So in 2007 DOJ started providing “all significant pleadings.” By the end of the following year — perhaps not coincidentally, the same month Walton wrote his supplemental opinion — the committees got “the initial application and primary order.”

The initial application (including, presumably, that same 2006 Memorandum of Law cited by Eagan) and the primary order, the same order we got last week. No mention of the initial opinion.

It appears there is no initial opinion.

One more detail that I’ve mentioned, but bears mentioning again. The judge that appears to have allowed the government to start collecting the phone records of every American without laying out his legal rationale for allowing them to do so, Malcolm Howard? He served as Deputy Special Counsel in the Nixon-Ford White House, when a young Dick Cheney was learning the ropes as Assistant to the President and then Chief of Staff.

Perhaps they learned the ropes together?

Update: Remember how the White Paper had to dig up an outdated version of the OED to support its definition of “relevant”?

the Administration decided to use a 24-year old edition of the Oxford English Dictionary for this definition.

Standing alone, “relevant” is a broad term that connotes anything “[b]earing upon, connected with, [or] pertinent to” a specified subject matter. 13 Oxford English Dictionary 561 (2d ed. 1989).

Note, that appears to be the same one used in the 2006 Administration Memorandum of Law. There’s nothing that surprising about that — I suspect substantial parts of the White Paper were lifted from that Memorandum.

But it is the kind of thing both Malcolm Howard and Claire Eagan might have challenged — and an adversary probably would have.

It appears neither did. Which is just one measure of the degree to which those judges simply rubber stamped whatever the government put before them.

Wyden/Udall: If Intelligence Community Is Dumb Rather than Malicious, Why Should We Trust Them?

/16 Comments/in /by

Ron Wyden and Mark Udall just released a second statement on last week’s Section 215 dragnet document dump, taking the intelligence community’s excuse — that no one really knew what these programs were doing — at face value.

If the IC is dumb rather than malicious, they ask, why should we take their word on the value of the programs?

The intelligence community’s defense was that these violations were occurring because no one had a full grasp of how the bulk collection program actually worked.

If the assertion that ineptitude and not malice was the cause of these ongoing violations is taken at face value, it is perfectly reasonable for Congress and the American people to question whether a program that no one fully understood was an effective defense of American security at all. The fact that this program was allowed to operate this way raises serious concerns about the potential for blind spots in the NSA’s surveillance programs. It also supports our position that bulk collection ought to be ended.

The government’s misrepresentations inevitably led to the Foreign Intelligence Surveillance Court being consistently misinformed as it made binding rulings on the meaning of U.S. surveillance law. This underscores our concern that intelligence agencies’ assessments and descriptions about particular collection programs — even significant ones — are not always accurate. It is up to Congress, the courts and the public to ask the tough questions and require intelligence officials to back their assertions up with actual evidence. It is not enough to simply defer to these officials’ conclusions without challenging them. [my emphasis]

Though I get the feeling that Wyden and Udall aren’t buying this “dumb not malicious” line.

An Illegal Program Sanctioned with a Rubber Stamp Is Still That Same Illegal Program

/4 Comments/in , /by

Consider this anecdote from Barton Gellman’s story on the many violations of the NSA’s spying programs.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

[snip]

In the case of the collection effort that confused calls placed from Washington with those placed from Egypt, it is unclear what the NSA meant by a “large number” of intercepted calls. A spokesman declined to discuss the matter.

The NSA has different reporting requirements for each branch of government and each of its legal authorities. The “202” collection was deemed irrelevant to any of them. “The issue pertained to Metadata ONLY so there were no defects to report,” according to the author of the secret memo from March 2013.

Viewed against the background of the documents on the 2009 Section 215 dragnet problems, the anecdote tells us several things:

  • The phone metadata for Egypt and for DC were both accessible from the same user interface until at least 2008
  • US phone metadata was accessible by area code, not just by single phone identifier
  • Because it internally reported this incident, NSA was well aware of that fact
  • Among all the violations reported to Reggie Walton in 2009 (see my rough summary), it did not include this one (indeed, it appears NSA has never reported it to FISC, which may be why in response to this story Walton went on the record to complain that the FISA Court relies on the NSA’s self-disclosure)

That is, this violation undermines many of the stories the NSA told Walton during the 10 month period when they were purportedly coming clean on major problems with the dragnet, starting with the claim that these problems were a surprise not identified until after he wrote the first substantive opinion — 31 months after FISC first gave it sanction — authorizing the program. (I consider the 2006 opinion authorizing the dragnet a shockingly thin document, and Walton seems to have felt the need to lay out a more substantive case for the legality of it in 2008.)

But something else undermined that story: the pretense that the entire program arose from virgin birth in 2006.

Indeed, we know (though the government hasn’t actually admitted it, even though Ron Wyden has asked them to) that the Section 215 dragnet is actually just a part of the Dick Cheney’s illegal surveillance program placed under court sanction. Here’s how the NSA’s own draft IG Report (which was completed right smack dab in the middle of the discussions between Walton and the NSA about these violations) describes some aspects of the program, including the alert program that was part of the initial “discovery” of the violations.

(TS//SII/OC/NF) Analysis. NSA used a variety of tools to conduct metadata analysis and view the results. NSA’s primary tool for conducting metadata analysis, for PSP and traditional SIGINT collection, was MAINWAY. MAINWAY was used for storage, contact chaining, and for analyzing large volumes of global communications metadata. At the beginning of the PSP, only the “SIGINT Navigator” tool was available to view MAINWAY output. Over time, new tools and new processes, such as automated chaining alerting, were created to improve analysts’ efficiency. To obtain the most complete results, analysts used data collected under PSP and non-PSP authorities. Typically, they analyzed networks with two degrees of separation (two hops) from the target. Analysts determined if resulting information was reportable.

(TS//SII/OC/NF) In addition, an automated chaining alert process was created to alert analysts of new potentially reportable selectors. Previously approved selectors were compared to incoming MAINWAY data authorized by the PSP, E.O. 12333, or the FISC. Alerts of direct contacts with approved selectors were reported to NSA analysts for further analysis and potential reporting to FBI and CIA.

And here’s where the IG Report admits this all became the Section 215 dragnet.

(TS//SV/NF) According to NSA General Counsel Vito Potenza, the decision to transition telephony metadata to the Business Records Order was driven by a private sector company. After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephony metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order. 11

(TS//SII/NF) As with the PR/TT Order, DoJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisers. Their previous experience in drafting the PR/TT Order made this process more efficient.

Read more

ACLU [and congress] Has Standing to Know What It Is Debating

/8 Comments/in , /by

It is fundraising week(ish) here at Emptywheel. If you can, please support the site

In superb news, the FISA Court has agreed to release to ACLU whatever Section 215 opinions are not already covered by a 2011 FOIA suit ACLU filed in Southern District of New York.

 In an important decision, the Foreign Intelligence Surveillance Court ordered the government to review for release the court’s opinions on the meaning, scope, and constitutionality of Section 215 of the Patriot Act. The ruling is on a motion filed by the American Civil Liberties Union, the ACLU of the Nation’s Capital, and Yale Law School’s Media Freedom and Access Information Clinic. Section 215, which authorizes the government to obtain “any tangible things” relevant to foreign-intelligence or terrorism investigations, is the claimed legal basis for the NSA’s mass phone records collection program.

“We are pleased that the surveillance court has recognized the importance of transparency to the ongoing public debate about the NSA’s spying,” said Alex Abdo, staff attorney with the ACLU National Security Project. “For too long, the NSA’s sweeping surveillance of Americans has been shrouded in unjustified secrecy. Today’s ruling is an overdue rebuke of that practice. Secret law has no place in our democracy.”

The decision was based on a determination that, since ACLU is so central in these debates, it has standing to make such a request.

The Court ordinarily would not look beyond information presented by the parties to find that a claimant has Article III standing. In this case, however, the ACLU’s active participation in the legislative and public debates about the proper scope of Section 215 and the advisability of amending that provision is obvious from the public record and not reasonably in dispute. 11 Nor is it disputed that access to the Section 215 Opinions would assist the ACLU in that debate. The Court therefore concludes that the ACLU has satisfied that requirement. See, Ohio Citizen Action v. City of Englewood, 671 F.3d 564, 579 (6th Cir. 2012). Accordingly, the Court finds that the withholding from the ACLU of the Section 215 Opinions constitutes a concrete and particularized injury in fact to the ACLU for purposes of Article III standing.

11 See e.g., Michelle Richardson, Legislative Counsel, ACLU Washington Legislative Office, Misdirection: The House Intelligence Committee’s Misleading Patriot Act Talking Points (June 20, 2013) (https://www.aclu.org/blog/national-security/misdirection-house-intelligencecommittees-misleading-patriot-act-talking); Testimony of Jameel Jaffer, Deputy Legal Director of the ACLU Foundation, and Laura W. Murphy, Director, Washington Legislative Office, ACLU, before the Senate Judiciary Committee Hearing on Strengthening Privacy Rights and National Security:

In truth, after Monday’s document dump, this decision may be more about precedent than expanded releases. Because it is limited to substantive decisions on Section 215 — and wouldn’t include every time a judge pulls more hair out upon being informed of yet another “violation” — there may not be many more decisions to release (unless, as I have wondered, there have been significant violations since 2009).

But there is another part of this decision that may be even more important, from the standpoint of precedent. It gives this brief nod to the amici, calling out the Members of Congress specifically (the other amici were journalism organizations, which, like the third party with ACLU, Media Freedom and Information Access Clinic, might have been denied standing), for its claim to standing.

Assuming that there are such Section 215 Opinions that are not at issue in the FOIA litigation, movants and amici have presented several substantial reasons why the public interest might be served by their publication.

[snip]

Congressional amici emphasize the value of public information and debate in representing their constituents and discharging their legislative responsibilities.

Remember, the Congressional amici argued they can’t do their job without being able to discuss public FISC opinions.

Notwithstanding the compelling public interest in an open debate about the scope and propriety of government surveillance programs authorized under FISA, even the amici — Members of the U.S. Congress — cannot meaningfully participate in that public debate so long as this Court’s relevant decisions and interpretations of law remain secret. Read more

The New I Con: “Total Number of Orders and Targets”

/1 Comment/in , /by

The I Con people, in another attempt to feign transparency, have announced they will release “new” numbers.

Consistent with this directive and in the interest of increased transparency, the DNI has determined, with the concurrence of the IC, that going forward the IC will publicly release, on an annual basis, aggregate information concerning compulsory legal process under certain national security authorities.

Specifically, for each of the following categories of national security authorities, the IC will release the total number of orders issued during the prior twelve-month period, and the number of targets affected by these orders:

  • FISA orders based on probable cause ( Titles I and III of FISA, and sections 703 and 704).
  • Section 702 of FISA
  • FISA Business Records (Title V of FISA).
  • FISA Pen Register/Trap and Trace ( Title IV of FISA)
  • National Security Letters issued pursuant to 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709.

Only, this is, as I Con transparency always is, less than meets the eye.

To start with, the I Cons already release much of this due to statutory requirements. It releases the number of FISA orders on probable cause (and the number rejected), the number of business records, and the National Security letters, as well as the number of US persons included in those NSLs.

If I understand this correctly, the only thing new they’ll add to this information is the number of people “targeted” under the Section 215. In other words, they’ll tell us they’ve used fewer than 300 selectors in the previous year to conduct up-to three hop link analysis which in reality mean thousands or even millions might be affected (to say nothing of the hundreds of millions whose communications might be affected by virtue of being collected). But they won’t tell us how many people got included in those two or three hops.

Furthermore, in the absence of knowing what else they’re using Section 215 for, the meaning of these numbers will be hidden — as it already was when the government told us (last year) it had submitted 212 Section 215 applications, without telling us several of those applications collected every American’s phone records.

The same is true of the Pen Register/Trap and Trace provision. The government has told us they’re no longer using it to collect the Internet metadata of all Americans. But what are they using it to do? Are they (in one theory posited since the Snowden leaks started) using it to collect key information from Internet providers? Given the precedents hidden at the FISA Court, we’re best served to assume there is some exotic use like this, meaning any number they show us could represent a privacy threat far bigger than the number might indicate.

Then, finally, there’s Section 702, which will be new information. The October 3, 2011 John Bates opinion tells the NSA collects 250 million communications a year under Section 702; the August 2013 Compliance Assessment seems to support (though it redacts the numbers) the NSA targeting 63,000 to 73,000 selectors on any given day. In other words, those numbers are big. But that doesn’t tell us, at all, how many US persons get sucked up along with the targeted selectors. That number is one the NSA refuses to even collect, though Ron Wyden has asked them for it. Usually, when the NSA refuses to count something, it is because doing so would demonstrate how politically (and potentially, Constitutionally) untenable it is.

Moreover, the government doesn’t, apparently plan to release the number Google and Yahoo would like it to release, numbers which likely show how much more enthusiastic the well-lubricated telecoms are about providing this material than the less-well lubricated Internet providers. That is, the government isn’t going to (or hasn’t yet agreed to) provide numbers that show corporations have some leeway on how much of our data they turn over to the government.

So, ultimately, this seems to be about providing two or three new numbers, in addition to what the government is legally obliged to provide, yet without providing any numbers on how many Americans get sucked into this dragnet.

They will provide the “total number of orders and targets.” But they’re not going to provide the information we actually want to know.