Posts

The Government Spoliationing for a Fight with EFF

/2 Comments/in , /by

On November 6, 2007, Judge Vaughn Walker issued a preservation order in EFF’s challenge to what we now know to be Stellar Wind, the Shubert case (which would be applied to the Jewel case after that). Nevertheless, in spite of that order, in 2009 the NSA started destroying evidence that it had collected data outside of the categories Judge Colleen Kollar-Kotelly authorized way back in 2004.

Also in 2009, NSA shifted records showing 3,000 people — which highly likely included CAIR’s staff and clients — had been dragnetted without the First Amendment review mandated by Section 215 (CAIR wasn’t a plaintiff on EFF’s earlier suits but they are on EFF’s phone dragnet suit, First Unitarian United). When they did, the government even appeared to consider the existing protection order in the EFF case; I have FOIAed their deliberations on that issue, but thus far have been stonewalled.

Finally, in 2011, NSA destroyed — on very little notice and without letting their own IG confirm the destruction of data that came in through NSA’s intake process — all of its Internet dragnet data.

In other words, on three known occasions, the NSA destroyed data covered by the protection order in Northern California, one of them even after admitting a protection order might cover the data in question. In two of those cases, we know the data either exceeded FISA’s orders or violated the law.

In fact, it wasn’t until 2014, when the government started asking Judge Reggie Walton for permission to destroy the phone dragnet data and EFF complained mightily, that NSA started complying with the earlier protection order. Later that same year, it finally asked FISC to keep the Protect America Act and FISA Amendments Act data also included under that order in its minimization procedures.

These posts provide more background on this issue: postpost, post, post.

In other words, on three different occasions (even ignoring the content collection), NSA destroyed data covered by the protection order. spoiling the evidence related to EFF’s lawsuits.

Which is why I find this claim — in the January 8 filing I’ve been waiting to read, but which was just posted on March 4 (that is, 5 days after the NSA would have otherwise had to destroy everything on February 29 under USA Freedom Act).

The Government remains concerned that in these cases, absent relief from district courts or explicit agreement from the plaintiffs, the destruction of the BR Metadata, even pursuant to FISC Order, could lead the plaintiffs to accuse the Government of spoliation. In Jewel, the plaintiffs have already moved for spoliation sanctions, including an adverse inference against the Government on the standing issue, based on the destruction of aged-off BR Metadata undertaken in accordance with FISC Orders. See Jewel Pls.’ Brief Re: the Government’s Non-compliance with the Court’s Evidence Preservation Orders, ECF No. 233.

Gosh, after destroying data on at least three different occasions (again, ignoring at least two years of content they destroyed), the government is worried that if it destroyed more it might get in trouble? Please!

Elsewhere, the strategy in this filing seems to be to expand the possible universe they’d have to set aside under the three cases (plus Klayman) for which there is a protection order as to make it virtually impossible to set it aside so as to destroy the rest. In addition, having let the time when they could have set aside such data easily pass because they were still permitted to access the data (say, back in 2014, when they got caught violating their protection order), they now claim that the closure of the dragnet makes such a search virtually impossible now.

It’s a nifty gimmick. They can’t find a way to destroy the data because they already destroyed even legally suspect data. And we learn about it only now, after the data would otherwise be destroyed, but now can’t be because they didn’t find some better resolution 2 years ago.

DOJ’s Multiple Authorities for Destroying Evidence

/5 Comments/in , /by

It seems like aeons ago, but just a week ago, EFF and DOJ had a court hearing over preserving evidence in the EFF lawsuits (Shubert, Jewel, and First Unitarian Church v. NSA). As I noted in two posts, a week ago Monday DOJ surprised EFF with the news that it had been following its own preservation plan, which it had submitted ex parte to Vaughn Walker, rather than the order Walker subsequently imposed. As a result, it has been aging off data in those programs (notably the PATRIOT-authorized Internet and phone dragnets) authorized by law, as opposed to what it termed Presidential authorization. DOJ’s behavior makes it clear that it is  trying to justify treating some data differently by claiming it was collected under different authorities.

Remember, there are at least five different legal regimes involved in the metadata dragnet:

  • EO 12333 authority for data going back to at least 1998
  • Stellar Wind authority lasting until 2004, 2006, and 2007 for different practices
  • PATRIOT-authorized authorities for Internet (until 2011) and phone records (until RuppRoge or something else passes)
  • SPCMA, which is a subset of EO 12333 authority that conducts potentially problematic contact chaining integrating US person Internet metadata
  • Five Eyes, which is EO 12333, but may involve GCHQ equities or, especially, ownership of the data

At the hearing and in their motions, EFF argued that their existing suits are not limited to any particular program (they didn’t name all these authorities, but they could have). Rather, they are about the act of dragnetting, regardless of what authority (so they’ll still be live suits after RuppRoge passes, for example).

EFF appears to have at least partly convinced Judge Jeffrey White, because on Friday he largely sided with EFF, extending the preservation order and — best as I can tell — endorsing EFF’s argument that their suits cover the act of dragnetting, rather than just the Stellar Wind, FISA Amendments Act, or phone and Internet dragnets.

With that as background, I want to look at a few things from the transcript of last Wednesday’s hearing. Read more

The October 30, 2009 Statement of Authorities: The EFF Document Fight Could Get Very Interesting

/4 Comments/in , /by

If the Chief FISC Judge accuses the government of material misrepresentations but no one but a dirty fucking hippie blogger reports it, did it happen?

On Friday, I reported on Judge Reggie Walton’s cranky opinion asking for an explanation about why the government didn’t tell him EFF believed they had a protection order in cases relevant to the dragnets. And while it overstates the resounding silence to say that only your esteemed DFH host reported it — TechDirt had a good reportsome of the other reporting on it thus far seems to have missed the whole material misrepresentation judgement in Walton’s order.

But I think it’s not yet clear — to anyone — how interesting this document fight could get.

Just as one example of why (I’ll develop some of the others over the next couple of days, I hope), consider the October 30, 2009 statement of authorities.

Earlier this month, I noted that EFF had submitted a list of filings that the government had not released in spite of what they believed to be Judge Jeffrey White’s order to declassify everything.

  • April 9, 2007 notices indicating FISC Judge rejected early bulk orders
  • October 25, 2007 government challenge to motion to protect evidence, with ex parte NSA official declaration submitted in Shubert
  • April 3, 2009 supplemental memorandum in Jewel
  • October 30, 2009 supplemental memorandum on points of authority in Shubert
  • November 2012

In last Wednesday’s hearing, the government claimed they didn’t have to release these because they engaged in a colloquy limiting White’s orders to the state secrets declarations. And for the moment, I’ll take that as accurate.

But since then, the government has released one of these — the October 25, 2007 challenge to the protection motion — as part of their filing on Monday fighting a protection order in EFF’s phone dragnet suit. And that document was pretty stunning. Not only did it show the government had redefined the Multidistrict Litigation suits so as to exclude any of the FISA-authorized metadata dragnets that EFF of course had no way of knowing about yet. But in the filing, the government revealed that because of this filing and in defiance of Vaughn Walker’s November 2007 protection order, it has been destroying the metadata dragnet data in the interim.

In other words, the government is withholding these filings because they’re fairly damning.

Which got me thinking about the timing and significance of the October 30, 2009 supplemental memorandum on points of authority supporting a motion to dismiss the Shubert suit based on sovereign immunity and state secrets.

At one level, the memorandum is not all that suspicious. As you can see above, the government filed what is presumably roughly the same filing at the analogous time in Jewel, just as it was making its state secrets bid.

But I find the timing of the October 30 filings in Shubert to be of particular interest. That’s because a 2011 NSA training program seems to indicate that the Internet dragnet shut down at almost precisely that time, as it indicates that Internet dragnet data collected prior to November 2009 requires some sort of special treatment.

In addition, in the source information at the end of the line, the SIGAD [redacted] BR data can be recognized by SIGADs beginning with [redacted] For PR/TT, data collected after October 2010 is found [redacted] For a comprehensive listing of all the BR and PR/TT SIGADs as well as information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert.

Remember, Shubert was suing for illegal wiretapping. And while Judge John Bates did not fully assess what NSA was doing — which appears to be collecting data that counts as content in the guise of collecting metadata — until the following year (some time between July and October 2010), when he did so, he implied the government had to comply with the laws in which they were claiming, in 2009, they had sovereign immunity. And the government had to know by that point they had serious legal problems with the Internet dragnet.

Indeed, the government kept asking for extensions leading up to this filing — at the time they claimed it was because of DOJ’s whats-old-is-new state secrets policy. Altogether they got an extra 22 days to file this filing (which should have been substantially similar to the ones they filed in April). They were almost certainly having still-undisclosed problems with the phone dragnet (probably relating to dissemination of data), as the October 30, 2009 phone dragnet orders is one of the ones the government has withheld even though it is obviously responsive to ACLU and EFF’s FOIA. But the discussions on the Internet dragnet must have been even more contentious, given that the FISC (probably either Reggie Walton or John Bates) refused to reauthorize it. (Note, October 30, 2009 was a Friday, so if FISC formally didn’t approve the Internet dragnet in October 2009, it would have been that day).

And the thing is, from Keith Alexander’s state secrets declaration, submitted perhaps hours and almost certainly no more than a month before the Internet dragnet got shut down because it was illegally collecting metadata that was legally content, it’s not at all clear that the government fully disclosed details they knew about those legal problems with the dragnet. Look closely at ¶¶ 27 and 28, ¶¶48-56, ¶¶58-62 with footnotes.

The phone dragnet description hides the problems with ongoing dissemination problems (which the Administration hid from Congress, as well). It also makes no mention that the phone dragnet had US persons on an alert list without reviewing those selectors for First Amendment review, something that should be central to the suits against NSA (see in particular ¶60). And while there are redacted sentences and footnotes — 13 and 24 — which could include notice that the government was (and had been, since the inception of the FISC-authorized Internet dragnet) collecting metadata that counted as content, those are all very brief descriptions. Moreover, the unredacted descriptions clearly claim that the Internet dragnet program collects no content, which legally it almost certainly did. Moreover, note that the references to the Internet dragnet speak of it in the present tense: “Pursuant to the FISA Pen Register, …. NSA is authorized to collect in bulk.”But there doesn’t seem to be the parallel structure in ¶28 where you’d expect the government to confess that the program was imminently shutting down because it was illegally collecting Internet content.

Note, too, how the declaration refers to the reauthorizations. ¶59 describes the phone dragnet authority “continuing until October 30, 2009” and ¶58 describes the Internet dragnet “requires continued assistance by the providers through [redacted] 2009. They appear not to have known for sure whether the programs would be reauthorized that night! But they appear not to have explained why not.

Perhaps the most pregnant paragraph is ¶62, which in context appears to relate only to the phone dragnet, though I suspect the government would point to to claim their description of violations was not comprehensive:

NSA is committed to working with the FISC on this and other compliance issues to ensure that this vital intelligence tool works appropriately and effectively. For purposes of this litigation, and the privilege assertions now made by the DNI and by the NSA, the intelligence sources and methods described herein remain highly classified and the disclosure that [redacted] would compromise vital NSA sources and methods and result in exceptionally grave harm to national security.

By any measure, Alexander’s declaration falls short of what the government already knew at that time, demonstrably so in the case of the phone dragnet. He hid details — significantly, the watchlist of Americans that violated statute, and almost certainly that the NSA was collecting content in the name of metadata — that were material to the suits at hand.

Which brings me to the memo on authorities. Even as the government was hiding material violations of the statutes they were disclosing to Judge Walker, was it also making expansive Executive Authority claims it couldn’t (and still can’t) share with plaintiffs? Did the government, for example, make an Executive Authority claim that we have every reason to believe John Bates (especially) and Reggie Walton would rebut if they knew about it?

In any case, in addition to the watchlist data from those 3,000 US persons (which would have aged off last month otherwise), the last of the illegal Internet content-as-metadata data might be aged off as soon as April absent these stays.That data might well provide plaintiffs proof they were illegally wiretapped (note, the Internet dragnet was limited to certain switches, but Jewel was built around the Folsom Street switch which was almost certainly included in that). And that the government provided highly misleading descriptions to Vaughn Walker when bidding for a state secrets exemption.

And add in one more legal fight here: as I noted, DOJ is withholding the October 30, 2009 (as well as one later one from 2009) from both the ACLU and EFF (the EFF suit is before a different San Francisco judge). In addition, DOJ is refusing all push for expedited processing on FOIAs for the Internet dragnet filings.

Seeing how clearly manipulative their data release in these lawsuits is, it seems safe to suggest the government is also making FOIA decisions to prevent plaintiffs from obtaining information to really contest these suits. That shouldn’t surprise anyone. But I would hope it would piss off the judges.