Posts

21% of the Database Query Errors in NSA Report Involved the Phone Internet Dragnet Database

Screen shot 2013-08-16 at 12.39.09 PMUpdate: as Mindrayge notes, Marina appears in NSA slides as Internet, not phone metadata (and that’s how Ambinder refers to it here). There are some oddities, then, but I am changing this post accordingly.

As I noted in this post, the May 3, 2012 audit of NSA’s violations falsely suggests “roamer” problems were the cause of an increase in incidents, rather than database query errors, transit collection, and detask problems.

Database query errors are basically when an analyst collects too much data because she doesn’t exclude data that should be excluded, she ran a query believing it was appropriate because she had too little information on it, or she ignored standard operating procedures.

In addition to telling us how many database query problems there were, the report tells us which NSA databases they involved. As the figure above notes, 24 of those errors involved the MARINA database. There were actually 115 total query errors — 4 involved multiple databases — which means 21% of the database query errors involve MARINA.

As Marc Ambinder and others have reported, MARINA is the name of the Section 215 phone records dragnet database.

The telephone metadata is stored in a database called MARINA, which keeps these records for at least five years.

In other words, a fifth of the database query errors in the first quarter of 2012 were on the US phone Internet record dragnet database — the one the government has been claiming is so carefully guarded.

[If Mainway is just Internet metadata, then we don’t know the number of queries.]

Not only that, but we have a rough idea of how common query errors on this database are. The government has told us that queries were made on fewer than 300 identifiers in 2012. While it’s not a one-to-one comparison (some identifiers would have been run more than once), that means perhaps as many as 8% of the queries on the dragnet database involved some kind of error, including errors like not following procedures. And that’s assuming analysts didn’t keep making errors with the database at the same rate they did in the first quarter: if they kept up the same error pace, the error rate might be closer to 32%

But don’t worry, the government tells us, our phone record data are safe, even with a potential error rate of 32% accessing that data.

Update: LAT’s Ken Dilanian, who listened to a conference call NSA just had, just tweeted this:

NSA’s DeLong will not say how often NSA makes privacy errors when it queries US phone records database. But less than 30%, he says.

I asked is the rate between 8 and 30%, and he said 30% isn’t right. So, you may be on to something.

Less than 30%?!?!? That suggests it is probably far higher than even I imagined. Even if it was 8% it would be unacceptably high. But if it’s at the higher end of the possible range, it is unbelievably high.

Update: Ron Wyden and Mark Udall have issued a statement on this. Among other statements, they emphasize that Americans need to know about the phone and Internet dragnet violations.

Americans should know that this confirmation is just the tip of a larger iceberg.

[snip]

In particular, we believe the public deserves to know more about the violations of the secret court orders that have authorized the bulk collection of Americans’ phone and email records under the USA PATRIOT Act.

Given the potential numbers of phone dragnet violations, I should say so.

Update: Fixed “a fifth” for “a quarter.” Now I’m making NSA type simple math errors!

If by “New” IG Investigation You Mean 1,155 Days Old

Shane Harris reads the DOJ IG Report on its civil liberties related work and reports that it is investigating the use of Section 215 of the PATRIOT Act.

The Department of Justice Inspector General, which has issued several critical reports over the years about FBI surveillance, is again looking into the bureau’s use of powerful and secretive orders for information about Americans.

A new review is examining “any improper or illegal uses” of the FBI’s surveillance authorities under Section 215 of the Patriot Act. That’s the portion of the law that allows the government to collect Americans’ phone records en masse. And in what appears to be a first review of its kind, the IG will also look at the FBI’s use of pen register and trap-and-trace authority under the Foreign Intelligence Surveillance Act. These are the authorities that allow the bureau to track the metadata of communications made to and from phone numbers and email accounts.

Only this is not a new review. Now-retired DOJ IG Glenn Fine first laid out his plans for the investigation on June 15, 2010 in a letter to Pat Leahy. I reported on the April update on that investigation and the related back story here, 6 weeks ago.

By my math, that means this IG Investigation of abuses we know occurred in 2009 has been going on  1,155 days. And the investigation remains focused on abuses that happened 2 PATRIOT Act extensions ago, rather than what is going on with the program now.

DOJ’s IG, at least under Fine, was very good at rooting out problems with intelligence programs. But we have yet to hear much from his replacement, Michael Horowitz (who has been on the job for 16 months after a long delay in both nominating and confirming him), to indicate one way or another whether he’ll be as good as Fine.

We do know he’s taking his sweet time reviewing problems that happened 4 years ago.

The White Paper’s Selective Forgetting on FCC Phone Record Retention History

In two different places, the White Paper justifying the Section 215 dragnet discusses the FCC’s requirements that telecoms retain phone records.

First, without describing what current requirements are or where they came from, it claims current requirements are insufficient to meet national security needs.

If not collected and held by the NSA, telephony metadata may not continue to be available for the period of time (currently five years) deemed appropriate for national security purposes because telecommunications service providers are not typically required to retain it for this length of time.

But then, later, it uses the FCC requirement that telecoms retain records for 18 months as part of its claim that it is no big deal that the government uses these orders to collect information prospectively.

Section 215 orders are not being used to compel a telecommunications service provider to retain information that the provider would otherwise discard, because the telephony metadata records are routinely maintained by the providers for at least eighteen months in the ordinary course of business pursuant to Federal Communications Commission regulations. See 47 C.F.R. § 42.6. In this context, the continued existence of the records and their continuing relevance to an international terrorism investigation will not change over the 90-day life of a FISC order.

It’s a pretty breathtaking selective reliance on FCC regulations. Because, as this post explains, the current 18-month retention requirement actually came about in response to a DOJ request in 1985 based, in part, on their need to access the records for the two purposes for which Section 215 can be used against Americans, terrorism and spying.

Not only does this federal regulation provide a legal retention obligation, but it is also unrelated to the “business purposes” of the telephone companies and in fact was promulgated by the FCC at the specific request of the DOJ in order to aid in terrorism investigations.  The retention period had previously been six months, but the DOJ petitioned the FCC to extend it precisely because such telephone records “are often essential to the successful investigation and prosecution of today’s sophisticated criminal conspiracies relating, for example, to terrorism . . . and espionage.” The FCC therefore extended the legal retention period for as long as the DOJ said was necessary.

DOJ/NSA/ODNI may believe that this regulation, which became effective in 1986, is outdated or no longer adequate, but pretending that it (and many similar state regulations) doesn’t exist or that those agencies couldn’t have done more to update or expand this regulation to suit the Executive branch’s current “needs” undermines their argument.

And, as the post further describes, at the precise moment when the government was rolling out the adoption of this use of Section 215 in 2006, the FCC asked but DOJ did not push for an extension of the retention requirements.

In fact, in early 2006, the FCC itself proactively solicited comments on the 18-month retention regulation and the DOJ submitted these comments which — in light of what we know now and the government’s current arguments — is rather remarkable.

First, the DOJ’s comments are dated April 28, 2006, which was reportedly just a month before the DOJ/FBI securedthe first Foreign Intelligence Surveillance Court order for bulk collection of U.S. telephone metadata for the NSA under the “business records” provision.

Second, while the DOJ noted problems with the regulation (including that “some” phone companies read it narrowly and argued it would not apply if certain billing methods were used) the DOJ nevertheless stressed the regulation’s continuing importance for counterterrorism, stating that telephone records were a “critical tool in the fight against global terrorism” that had “enabled . . . national security agencies to prevent terrorist acts and acts of espionage.” Moreover, the DOJ stressed its role in setting the legal retention period at 18 months.

Third, the DOJ in fact suggested — in a footnote, near the end — that the FCC “should explore” whether “the existing 18-month rule should be extended,” yet surprisingly the DOJ did not forcefully argue for such an extension.

Perhaps the second White Paper citation above reveals why: because, while DOJ didn’t want to simply extend the retention requirement to the 5-year period it claims it needs (because then it wouldn’t have an excuse to create its own database), it needed the existence of a retention requirement that was longer than its reauthorization period to justify the prospective collection of records (which is legally one of the most egregious parts of this practice).

But now that we know how the timing all fits together, DOJ’s actions in response FCC’s invitation for a longer deadline repeat the Bush Administration’s earlier implementation of the illegal wiretap program even as Congress was legislating changes to FISA: it shows there were more appropriate means of accomplishing the desired objective that the government chose not to use.

Mind you, one more thing is almost certainly going on: with expanded use of VOIP, the phrase “telecommunications service provider” has expanded meaning over what it had in 1985, and VOIP providers presumably present an entirely different set of records collection issues. And FCC regulations apply very differently to cable providers than they do to telecom providers.

All that said, it’d be nice if DOJ would just commit to whether these FCC regulations exist for the precise purpose that DOJ has chosen instead to use Section 215 for.

Dictionary Arbitrage and Section 215: “Relevant”

There’s an odd footnote in the White Paper the Administration released to justify its Section 215 dragnet.

3 The word “tangible” can be used in some contexts to connote not only tactile objects like pieces of paper, but also any other things that are “capable of being perceived” by the senses. See Merriam-Webster Online Dictionary (2013) (defining “tangible” as “capable of being perceived especially by the sense of touch”) (emphasis added).

I’m interested in it because it seems to prepare us all to discover that the Administration has been getting things–like DNA, screen captures, and similar–with Section 215 that are absurd.

But I’m also interested because the Administration chose to use Merriam-Webster’s Online Dictionary. A good American dictionary — and the most up-to-date version!

Which is why I found it so suspicious that the Administration decided to use a 24-year old edition of the Oxford English Dictionary for this definition.

Standing alone, “relevant” is a broad term that connotes anything “[b]earing upon, connected with, [or] pertinent to” a specified subject matter. 13 Oxford English Dictionary 561 (2d ed. 1989).

To create this dragnet, after all, the Administration has had to blow up the meaning of “relevant” beyond all meaning. And they had to dig up an old British tome for this particular, all-important definition?

So I looked up how the American Merriam-Webster online dictionary defines “relevant.” Here are the first two definitions:

a : having significant and demonstrable bearing on the matter at hand

b : affording evidence tending to prove or disprove the matter at issue or under discussion <relevant testimony>

“Having significant and demonstrable bearing on the matter and hand.” Not, “possibly maybe having a teeny fraction bearing on the matter and hand.” But a “significant and demonstrable bearing” on a terrorist investigation, in context.

So the Administration apparently looked up “relevant,” discovered it proves our point — that their use of the term is totally ridiculous — and kept digging through old dictionaries until they could find one that proved their point. (Update: Read this entire comment from Adam Colligan for more on what the dictionaries say.)

The online Oxford dictionary, by the way, provides this as the first definition for “relevant:”

closely connected with the subject you are discussing or the situation you are thinking about

As with all absurd arguments in DC, it depends on what the definition of X is.

Is This Why Banksters Don’t Go to Jail for Laundering Terrorist Finances?

I’m in the middle of a deep dive in the Section 215 White Paper — expect plenty of analysis on it in coming attractions!

But I want to make a discrete point about this passage, which describes what happen to query results.

Results of authorized queries are stored and are available only to those analysts trained in the restrictions on the handling and dissemination of the metadata. Query results can be further analyzed only for valid foreign intelligence purposes. Based on this analysis of the data, the NSA then provides leads to the FBI or others in the Intelligence Community. For U.S. persons, these leads are limited to counterterrorism investigations.

The Primary Order released several weeks back calls these stored query results “the corporate store.” As ACLU laid out, the government can do pretty much whatever it wants with this corporate store — and their analysis of it is not audited.

All of this information, the primary order says, is dumped into something called the “corporate store.” Incredibly, the FISC imposes norestrictions on what analysts may subsequently do with the information. The FISC’s primary order contains a crucially revealing footnote stating that “the Court understands that NSA may apply the full range of SIGINT analytic tradecraft to the result of intelligence analysis queries of the collected [telephone] metadata.” In short, once a calling record is added to the corporate store, anything goes.

More troubling, if the government is combining the results of all its queries in this “corporate store,” as seems likely, then it has a massive pool of telephone data that it can analyze in any way it chooses, unmoored from the specific investigations that gave rise to the initial queries. To put it in individual terms: If, for some reason, your phone number happens to be within three hops of an NSA target, all of your calling records may be in the corporate store, and thus available for any NSA analyst to search at will.

But it’s even worse than that. The primary order prominently states that whenever the government accesses the wholesale telephone-metadata database, “an auditable record of the activity shall be generated.” It might feel fairly comforting to know that, if the government abuses its access to all Americans’ call data, it might eventually be called to account—until you read footnote 6 of the primary order, which exempts entirely the government’s use of the “corporate store” from the audit-trail requirement.

The passage from the White Paper seems to suggest there are limits (though it doesn’t explain where they come from, because they clearly don’t come from FISC).

This analysis must have a valid foreign intelligence purpose — which can include political information, economic information, espionage information, military information, drug information, and the like. Anything other countries do, basically.

But if the data in the corporate store pertains to US persons, the FBI can only get a lead “for counterterrorism purposes.”

At one level, this is (small) comfort, because it provides a level of protection on the dragnet use.

But it also may explain why HSBC’s US subsidiary didn’t get caught laundering al Qaeda’s money, or why JP Morgan always gets to self-disclose its support for Iranian “terrorism.” So long as the government chooses not to treat banks laundering money for terrorists as material support for terror, then they can consider these links (which surely they’ve come across in their “corporate store!) evidence of a financial crime, not a terrorist one, and just bury it.

I would be curious, though, whether the government has ever used the “corporate store” to police Iran sanctions. Does that count as a counterterrorism purpose? And if so, is that why Treasury “finds” evidence of international bank violations so much more often than it does American bank violations?

Obama’s Credibility Trap

President Obama just stood before the nation and said,

And if you look at the reports — even the disclosures that Mr. Snowden has put forward — all the stories that have been written, what you’re not reading about is the government actually abusing these programs and listening in on people’s phone calls or inappropriately reading people’s emails. What you’re hearing about is the prospect that these could be abused. Now, part of the reason they’re not abused is because these checks are in place, and those abuses would be against the law and would be against the orders of the FISC.

Even as he was speaking, his Administration released a document that said, in part,

Since the telephony metadata collection program under Section 215 was initiated, there have been a number of significant compliance and implementation issues that were discovered as a result of DOJ and ODNI reviews and internal NSA oversight. In accordance with the Court’s rules, upon discovery, these violations were reported to the FISC, which ordered appropriate remedial action. The incidents, and the Court’s responses, were also reported to the Intelligence and Judiciary Committees in great detail. These problems generally involved human error or highly sophisticated technology issues related to NSA’s compliance with particular aspects of the Court’s orders. The FISC has on occasion been critical of the Executive Branch’s compliance problems as well as the Government’s court filings. However, the NSA and DOJ have corrected the problems identified to the Court, and the Court has continued to authorize the program with appropriate remedial measures.

While (as I will show in a future post), Obama’s Administration has worked hard to prevent details of these violations from becoming public and delayed even the Judiciary Committees from being briefed, some of them may come out as part of the DOJ Inspector General review that the Administration tried to thwart in 2009.

Also, even as he was speaking, EFF announced the government will turn over a redacted copy of the October 3, 2011 FISA Court ruling that found the minimization procedures for Section 702 violated the Fourth Amendment. A new Guardian report suggests that ruling may pertain to the use of a backdoor to conduct warrantless searches on US person content already collected under Section 702. (While many commentators have insisted the Guardian report provides no evidence of abuse, NSA and DNI’s Inspectors General refused to count how often Americans have been searched in such a way, effectively refusing to look if it has been abused.)

As Shane Harris astutely describes, all of this kabuki is designed solely to make people feel more comfortable about these dragnets.

And the President’s message really boiled down to this: It’s more important to persuade people surveillance is useful and legal than to make structural changes to the programs.

“The question is, how do I make the American people more comfortable?” Obama said.

Not that Obama’s unwilling to make any changes to America’s surveillance driftnets — and he detailed a few of them — but his overriding concern was that people didn’t believe him when he said there was nothing to fear.

But the President just stood up and claimed the government hasn’t abused any of these programs.

It has, by its own admission, violated the rules for them.

Meanwhile, Ron Wyden has already released a statement applauding some of these changes while noting that Obama is still minimizing how bad the violations have been.

Notably absent from President Obama’s speech was any mention of closing the backdoor searches loophole that potentially allows for the warrantless searches of Americans’ phone calls and emails under section 702 of the Foreign Intelligence Surveillance Act. I believe that this provision requires significant reforms as well and I will continue to fight to close that loophole. I am also concerned that the executive branch has not fully acknowledged the extent to which violations of FISC orders and the spirit of the law have already had a significant impact on Americans’ privacy.

Ultimately, details of these violations will come out, and are on their way out in some form already.

If this press conference was designed solely to make us feel better, wouldn’t Obama have been better advised to come clean about these violations than to pretend they don’t exist?

 

NSA-Speak — Timely: (Adj.) 2-Month Delay

For some reason, this Ellen Nakashima story covering parts of what CNNWired, and I have already reported is generating a lot of attention today.

While I’m grateful that more people are catching on to what I’ve been harping on for months — that NSA justifies its entire Section 215 metadata dragnet with a case involving the transfer of less than $10,000 to al-Shabaab — there’s one point that further demonstrates the absurdity of the claim that Nakashima didn’t cover.

She quotes government officials repeatedly talking about the importance of the 215 dragnet because it provides timely identification of numbers.

U.S. officials emphasize that those logs do not contain the names of customers or content — just “metadata,” which includes phone numbers and the times and dates of calls. They note that they need a “reasonable, articulable suspicion” that a number they wish to check in the database is linked to a foreign terrorist group.

And they say that without having all the calls in one place and easily searchable with a keystroke, finding links to suspicious numbers would be tedious and time-consuming.

[snip]

U.S. officials argue that Moalin’s number probably would not have surfaced — at least not in a timely fashion — had it not been for the database.

[snip]

Had the intelligence community known where Mihdhar and a co-conspirator were and detained them, the “simple fact of their detention could have derailed the plan,” the 9/11 Commission said. To close that gap, the government created the phone call database. The goal, the reports say, is to “rapidly identify any terrorist threats emanating from within the United States.”

The NSA could put together a more limited dataset by going to every phone company and asking for all the numbers that have been in contact with a target number. But that takes time, and if analysts want to examine secondary contacts, they would have to go back to the phone company, officials said. [my emphasis]

And Nakashima quotes Ron Wyden challenging the timeliness of all this.

If time was of the essence, he said, a different court order or administrative subpoena would allow for an emergency request for the records. Wyden noted that both Moalin and the subway plot co-conspirator were arrested “months or years after they were first identified” by mining the phone logs.

But there’s a further reason, if Moalin is the exemplar of the practice, to challenge the NSA’s claims that the dragnet gives them timeliness they wouldn’t get otherwise.

Because at least according to the public record, there was a 2-month delay between the time they found the number used to query the 215 database and when they wiretapped Moalin. (Note, I do have significant suspicions that the court record does not accurately reflect what happened, but if it is inaccurate that’s the government’s own damn fault.)

In a hearing before the House Judiciary Committee last month, FBI’s National Security Division Executive Assistant Director Stephanie Douglas provided more details on how they found (or refound) Moalin.

I’d like to also represent one case to you, specific to the Business Record 215 authority. In 2003, the FBI initiated a case on an individual identified as Bisaaly Moalin. It was based on anonymous tips that he was somehow connected to terrorism.

In 2004 the case was closed without sufficient information to move forward on the investigation. However, three years later in October 2007, NSA provided a phone number to the FBI with an area code which came back to an area consistent with San Diego. NSA found this phone number was in contact with an al-Qaida East African affiliated person.

Once provided to the FBI, we initiated an investigation, submitted a national security letter for the subscriber of the phone number and determined that it was Mr. Moalin, the subject of the previously closed case. Subsequent investigation led to the identification of others, and to date Moalin and three others have been convicted of material support for terrorism. [my emphasis]

The FBI got this lead in October 2007.

But an affidavit for a search warrant at the time Moalin was arrested claims that the government first wiretapped Moalin in December 2007.

In December 2007, the FBI began intercepting MOALIN’s cell phone.

And a 2011 report summarizing a 2009 assessment (this is the source of Moalin’s Defense claims that the FBI had concluded he wasn’t trying to fund al-Shabaab per se) the Full Investigation into Moalin was initiated on December 18, 2007.

All that’s with hints from the government opposition to Moalin’s FISA challenge that at least some of this intelligence was collected under emergency authorization. (See, for example, the discussion on page 7, and footnote 22, which would probably be unnecessary unless the government did use emergency authorizations at some point in the process.)

In other words, even on the signature case using Section 215 — and with FBI’s use of a National Security Letter to pinpoint Moalin — it still took 2 months before they initiated the full investigation into him.

And yet they need to collect every Americans’ phone records so they can quickly get leads they take 2 months to open full investigations into.

US Justice: A Rotting Tree of Poisonous Fruit?

Saturday, the NYT reported that other agencies within government struggle to get NSA to share its intelligence with them.

Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and even copyright infringement complain that their attempts to exploit the security agency’s vast resources have often been turned down because their own investigations are not considered a high enough priority, current and former government officials say.

Of the 1,410 words in the article, 313 words are explicitly attributed to Tim Edgar, who used to work for ACLU but starting in 2006 worked first in the Office of Director of National Intelligence and then in the White House. Another 27 are attributed to “a former senior White House intelligence official,” the same description used to introduce Edgar in the article.

The article ends with Edgar expressing relief that NSA succeeded in withholding material (earlier he made a distinction between sharing raw data and intelligence reports) from agencies executing key foreign policy initiatives in the age of cyberwar and Transnational Criminal Organizations, and in so doing avoid a “nightmare scenario.”

As furious as the public criticism of the security agency’s programs has been in the two months since Mr. Snowden’s disclosures, “it could have been much, much worse, if we had let these other agencies loose and we had real abuses,” Mr. Edgar said. “That was the nightmare scenario we were worried about, and that hasn’t happened.”

Today, San Francisco Chronicle reminds that NSA does hand over evidence of serious criminal activities if it finds it while conducting foreign intelligence surveillance, and prosecutors often hide the source of that original intelligence.

Current and former federal officials say the NSA limits non-terrorism referrals to serious criminal activity inadvertently detected during domestic and foreign surveillance. The NSA referrals apparently have included cases of suspected human trafficking, sexual abuse and overseas bribery by U.S.-based corporations or foreign corporate rivals that violate the Foreign Corrupt Practices Act.

[snip]

“If the intelligence agency uncovers evidence of any crime ranging from sexual abuse to FCPA, they tend to turn that information over to the Department of Justice,” Litt told an audience at the Brookings Institution recently. “But the Department of Justice cannot task the intelligence community to do that.”

[snip]

“The problem you have is that in many, if not most cases, the NSA doesn’t tell DOJ prosecutors where or how they got the information, and won’t respond to any discovery requests,” said Haddon, the defense attorney. “It’s a rare day when you get to find out what the genesis of the ultimate investigation is.”

The former Justice Department official agreed: “A defense lawyer can try to follow the bouncing ball to see where the tip came from — but a prosecutor is not going to acknowledge that it came from intelligence.”

And (as bmaz already noted) Reuters reminds that the DEA has long had its own electronic surveillance capability, and it often hides the source of intelligence as well.

Although these cases rarely involve national security issues, documents reviewed by Reuters show that law enforcement agents have been directed to conceal how such investigations truly begin – not only from defense lawyers but also sometimes from prosecutors and judges.

The undated documents show that federal agents are trained to “recreate” the investigative trail to effectively cover up where the information originated, a practice that some experts say violates a defendant’s Constitutional right to a fair trial. If defendants don’t know how an investigation began, they cannot know to ask to review potential sources of exculpatory evidence – information that could reveal entrapment, mistakes or biased witnesses.

As bmaz also noted, none of this was very secret or new. The FISA sharing is clearly permitted by the minimization procedures. Litigation on it 11 years ago suggested it may be even more abusive than laid out under the law. And bmaz has personally been bitching about the DEA stuff as long as I’ve known him.

These articles suggesting there may be more sharing than the NYT made out on Saturday, then, are primarily reminders that when the fruits of this intelligence get shared, the source of the intelligence often remains hidden from those it is used against.

Which brings me to this WSJ op-ed Edgar published last week. Read more

Stewart Baker’s User Interface and Edward Snowden’s Authorities

Former NSA Counsel Stewart Baker has been in an increasingly urgent froth since Edward Snowden’s leaks first became public trying to prove that the NSA should have more, not less, unchecked authority.

He outdid himself yesterday with an attempt to respond to Jack Goldsmith’s question,

How is the NSA Director Alexander’s claim that “we can audit the actions of our people 100%” (thus providing an important check against abuse) consistent with (a) stories long after Snowden’s initial revelations that the White House does not “know with certainty” what information Snowden pilfered, (b) reported NSA uncertainty weeks after the initial disclosure about what Snowden stole, (c) Alexander’s own assertion (in June) that NSA was “now putting in place actions that would give us the ability to track our system administrators”?

Baker’s totally inadequate response consists of pointing to certain features of XKeyscore revealed by the Guardian.

Take a close look at slide 7 of the latest leaked powerpoints.

It shows a sample search for a particular email address, including a box for “justification.” The sample justification (“ct target in n africa”) provides both the foreign intelligence reason for surveillance and the location of the target. What’s more, the system routinely calls for “additional justification.” All this tends to confirm NSA’s testimony that database searches must be justified and are subject to audits to prevent privacy abuses.

Now, I don’t know about Baker, but even without a drop-down menu, the average American high schooler is thoroughly adept at substituting a valid justification (“grandmother’s funeral,” “one day flu”) for an invalid one (“surfs up!” “first day of fishing season”). I assume the analysts employed by NSA are at least as adept at feeding those in authority the answers they expect. XKeyscore just makes that easier by providing the acceptable justifications in a drop-down menu.

More problematic for Baker, he commits the same error the Guardian’s critics accuse it of committing: confusing a User Interface like XKeyscore or PRISM with the underlying collections they access. (The Guardian has repeated Snowden and Bill Binney’s claims the NSA collects everything, without yet presenting proof that that includes US person content aside from incidental content collected on legitimate targets.)

That error, for Baker, makes his response to Goldsmith totally inapt to his task at hand, answering Goldsmith’s questions about what systems administrators could do, because he responds by looking at what analysts could do. Goldsmith’s entire point is that the NSA had insufficient visibility into what people with Snowden’s access could do, access which goes far beyond what an analyst can do with her drop-down menu.

And one of the few documents the government has released actually shows why that is so important.

The Primary Order for the Section 215 metadata dragnet, released last week, reveals that technical personnel have access to the data before it gets to the analyst stage.

Appropriately trained and authorized technical personnel may access the BR metadata to perform those processes needed to make it usable for intelligence analysis. Technical personnel may query the BR metadata using selection terms4 that have not been RAS-approved (described below) for those purposes described above, and may share the results of those queries with other authorized personnel responsible for these purposes, but the results of any such queries will not be used for intelligence analysis purposes. An authorized technician may access the BR metadata to ascertain those identifers that may be high volume identifiers. The technician may share the results of any such access, i.e., the identifers and the fact that they are high volume identifers, with authorized personnel (including those responsible for the indentification and defeat of high volume and other unwanted BR metadata from any of NSA’s various metadata respositories), but may not share any other information from the results of that access for intelligence analysis purposes. In addition, authorized technical personnel may access the BR metadata for purposes of obtaining foreign intelligence information pursuant to the requirements of subparagraph (3)(C) below.

[snip]

Whenever the BR metadata is accessed for foreign intelligence analysis purposes or using foreign intelligence analysis query tools, an auditable record of the activity shall be generated.

Note, footnote 4 describing these selection terms is redacted and the section in (3)(C) pertaining to these technical personnel appears to be too.

Now, I suspect the technical personnel who access the metadata dragnet are different technical personnel than the Snowdens of the world. They’re data crunchers, not network administrators. Which only shows there’s probably a second category of person that may escape the checks in this system.

That’s because with their front-end manipulation of the dataset (though not the activities described under (3)(C)), these personnel are not conducting what are considered foreign intelligence searches of the database. The data they extract from the database is specifically prohibited (though, with weak language) from circulation as foreign intelligence information. That appears to mean their actions are not auditable. When Keith Alexander says the data is 100% auditable? You shouldn’t believe him, because his own document appears to say only the analytical side of this is audited. (The document also makes it clear that once the data has been queried, the results are openly accessible without any audit function; the ACLU had a good post on this troubling revelation.)

I suspect a lot of what these technical personnel are doing is stripping numbers — probably things like telemarketer numbers — that would otherwise distort the contact chaining. Unless terrorists’ American friends put themselves on the Do Not Call List, then telemarketers might connect them to every other American not on the list, thereby suggesting a bunch of harassed grannies in Dubuque are 2 degrees from Osama bin Laden.

But there’s also the reference to “other unwanted BR metadata.” As I’ll explain in a future post, I suspect that may be some of the most sensitive call records in the dataset.

Whatever call records get purged on the front end, though, it appears to all happen outside the audit chain that Keith Alexander likes to boast about. Which would put it well outside the world of drop-down menus that force analysts actions to conform with something that looks like foreign intelligence analysis.

In other words, even the document the government provided (with heavy redactions) to make us more comfortable about this program shows places where it probably has insufficient visibility on what happens to the data. And that’s well before you get into the ability of people who can override other technical checks on NSA behavior as system administrators.

Update: More froth from Stewart Baker. This response to my post seems to be an utter capitulation to Goldsmith’s point.

Wheeler thinks this is important because it means that the “justification” menus don’t guarantee auditability of every use of intercept data by every employee at NSA. Again, that may be true, but the important point about the “justification” menu isn’t that it offers universal protection against abuse; nothing does. [my emphasis]

Wyden: We Proved that “Unique” and “Vital” Information Wasn’t in 2011

I should have some analysis on the documents James Clapper released yesterday.

But it’s worth pointing to Ron Wyden’s analysis. He notes that the two documents on bulk collection programs — one from 2009 and one from 2011, both of which covered the Internet and phone metadata programs — both boasted of how unique and valuable the information was.

The briefing documents that were provided to Congress in December 2009 and February 2011 clearly stated that both the bulk email records and bulk phone records collection programs were “unique in that they can produce intelligence not otherwise available to NSA.” The 2009 briefing document went on to state that the two programs “provide a vital capability to the Intelligence Community,” and the 2011 briefing document stated that they provided “an important capability.”

The problem is, by the end of 2011, Wyden and Mark Udall had been able to prove that the Intelligence Community had oversold the value of the Internet metadata program, which led to its termination.

Senator Mark Udall and I have long been concerned about the impact of bulk collection on Americans’ privacy and civil liberties, and we spent a significant portion of 2011 pressing the Intelligence Community to provide evidence to support the claims that they had made about the bulk email records program. They were unable to do so, and the program was shut down due to a lack of operational value, as senior intelligence officials have now publicly confirmed.

This experience demonstrated that intelligence agencies’ assessments of the usefulness of particular collection programs – even significant ones – are not always accurate.

So while the government thought these documents would prove how controlled these programs are (aspects of them don’t), Wyden demonstrates that they show the IC lies about the usefulness of programs when they talk to Congress about them.

Which is, Patrick Leahy suggested in yesterday’s hearing, what the IC appears to be doing when invoking 54 plots to justify the 215 phone dragnet, which has only been tied to 12 plots.

Which is an interesting dynamic to proceed today’s meeting between Obama, Wyden, Udall, Dianne Feinstein, Saxby Chambliss, Bob Goodlatte, James Sensenbrenner, Dutch Ruppersberger, and Mike Rogers.

The presence of Sensenbrenner is key: to the extent they still exist, he’s a mainstream Republican. And he’s furious about the 215 program that he himself shepherded through Congress in 2006. So I would assume today’s meeting is an effort to develop the White House’s plan to phase out the dragnet.

All that said, Obama has clearly gamed the results, by inviting more of the surveillance champions than he did critics (and apparently House Democrats don’t count anymore).

Obama probably won’t see this through his bubble, but the day before this meeting Wyden demonstrated that the basis for the rosy tales DiFi and the other Gang of Four members are telling are claims from the IC that have since been discredited.