Posts

The Government Has a Festering EO 12333 Problem In Jewel/First Unitarian

The government claims it does not have a protection order pertaining to the phone dragnet lawsuits because the suits with a protection order pertain only to presidentially-authorized programs.

The declaration made clear, in a number of places, that the plaintiffs challenged activities that occurred under presidential authorization, not under orders of the Foreign Intelligence Surveillance Court (FISC), and that the declaration was therefore limited to describing information collected pursuant to presidential authorization and the retention thereof.

Therefore, the government is challenging the EFF’s effort to get Judge Jeffrey White to reaffirm that the preservation orders in the Multidistrict Litigation and Jewel apply to the phone dragnet.

Fine. I think EFF can and should challenge that claim.

But let’s take the government at its word. Let’s consider what it would obliged to retain under the terms laid out.

The government agrees it was obliged, starting in 2007, to keep the content and metadata dragnets that were carried out exclusively on presidential authorization. Indeed, the declaration from 2007 they submitted describing the material they’ve preserved includes telephone metadata (on tapes) and the queries of metadata, including the identifiers used (see PDF 53). It also claimed it would keep the reports of metadata analysis.

That information is fundamentally at issue in First Unitarian Church, the EFF-litigated challenge to the phone dragnet. That’s true for three reasons.

First, the government makes a big deal of their claim, made in 2007, that the metadata dragnet databases were segregated from other programs. Whether or not that was a credible claim in 2007, we know it was false starting in early 2008, when “for the purposes of analytical efficiency,” a copy of that metadata was moved into the same database with the metadata from all the other programs, including both the Stellar Wind phone dragnet data, and the ongiong phone dragnet information collected under EO 12333.

And given the government’s promise to keep reports of metadata analysis, from that point until sometime several years later, it would be obliged to keep all phone dragnet analysis reports involving Americans. That’s because — as is made clear from this Memorandum of Understanding issued sometime after March 2, 2009 — the analysts had no way of identifying the source of the data they were analyzing. The MOU makes clear that analysts were performing queries on data including “SIGINT” (EO 12333 collected data), [redacted] — which is almost certainly Stellar Wind, BRFISA, and PR/TT. So to the extent that any metadata report didn’t have a clear time delimited way of identifying where the data came from, the NSA could not know whether a query report came from data collected solely pursuant to presidential authorization or FISC order. (The NSA changed this sometime during or before 2011, and now metadata all includes XML tags showing its source; though much of it is redundant and so may have been collected in more than one program, and analysts are coached to re-run queries to produce them under EO 12333 authority, if possible.)

Finally, the real problem for the NSA is that the data “alerted” illegally up until 2009 — including the 3,000 US persons watchlisted without undergoing the legally required First Amendment review — was done so precisely because when NSA merged its the phone dragnet data with the data collected under Presidential authorization — either under Stellar Wind or EO 12333 — it applied the rules applying to the presidentially-authorized data, not the FISC-authorized data. We know that the NSA broke the law up until about 5 years ago. We know the data from that period — the data that is under consideration for being aged off now — broke the law precisely because of the way the NSA mixed EO 12333 and FISC regulations and data.

The NSA’s declarations on document preservation — not to mention the declarations about the dragnets more generally — don’t talk about how the EO 12333 data gets dumped in with and mixed up with the FISC-authorized data. That’s NSA’s own fault (and if I were Judge White it would raise real questions for me about the candor of the declarants).

But since the government agreed to preserve the data collected pursuant to presidential authorization without modification (without, say, limiting it to the Stellar Wind data), that means they agreed to preserve the EO 12333 collected data and its poisonous fruit which would just be aging off now.

I will show in a follow-up post why that data should be utterly critical, specifically as it pertains to the First Unitarian Church suit.

But suffice it to say, for now, that the government’s claim that it is only obliged to retain the US person data collected pursuant to Presidential authorization doesn’t help it much, because it means it has promised to retain all the data on Americans collected under EO 12333 and queries derived from it.

The Clear Precedent for Carrie Cordero’s “Uncharted Territory” of Destruction of Evidence

Shane Harris has a report on the government’s odd behavior in regards to preserving the phone dragnet data in light of the suits challenging its legality.

It’s surprising on three counts. First, because he claims the legal back and forth has not previously been reported.

Now, that database will include phone records that are older than five years — not exactly the outcome that critics of the NSA program were hoping for. A dramatic series of legal maneuvers, which have not been previously reported, led the outcome.

It’s surprising not just because the “legal maneuvers” have in fact been reported before (though not the detail that James Cole got involved, though it’s not yet clear how his involvement affected the actual legal maneuvers rather than the internal DOJ communication issues). But also because Harris neglects to mention key details of those legal maneuvers — notably that EFF reminded DOJ, starting on February 26, that it had preservation orders that should affect the dragnet data, reminders which DOJ stalled and then ignored.

Harris’ piece is also surprising because of the implicit suggestion that NSA hasn’t been aging off data regularly, as it is supposed to be.

A U.S. official familiar with the legal process said the question about what to do with the phone records needn’t have been handled at practically the last minute. “The government was coming up on a five-year deadline to delete the data. Lawsuits were pending. The Justice Department could have approached the FISC months ago to resolve this,” the official said, referring to the Foreign Intelligence Surveillance Court.

There should be no “deadline” here — aside from the daily “deadline” that should automatically age off the five year old data. Now, the WSJ had previously reported that that’s not actually how age-off works.

As the NSA program currently works, the database holds about five years of data, according to officials and some declassified court opinions. About twice a year, any call record more than five years old is purged from the system, officials said.

But even assuming NSA only ages off data twice a year (in which case they should stop claiming they only “keep” data for 5 years because they already keep some of it for 5 1/2 years), most of these suits are well older than 6 months old, predating what might have been an August age-off, which means unless NSA already deviated from its normal pattern, it deleted data relevant to the suits.

By far the most surprising detail in Harris’ story, however, is this response from former DOJ National Security Division Counsel Carrie Cordero to the news that Deputy Attorney General James Cole has gotten involved. This is, Cordero claims, “uncharted territory.”

“This is all uncharted territory,” said Carrie Cordero, a former senior Justice Department official who recently served as the counsel to the head of the National Security Division. “Given the complexity and the novelty of this chain of events, it’s a good thing that the deputy attorney general is personally engaged, and it demonstrates the significant attention that they’re giving to it.”

To be more specific about Cordero’s work history, from 2007 to 2011, she was deeply involved in FISA-related issues, first at ODNI and then at DOJ’s NSD.

In 2009, I served as Counsel to the Assistant Attorney General for National Security at the Unit ed States Department of Justice, where I co – chaired an interagency group created by the Director of National Intelligence (DNI) to improve FISA processes. From 2007 – 2009, I served in a joint duty capacity as a Senior Associate General Counsel at the Office of the Director of National Intelligence, where I worked behind the scenes on matters relating to the legislative efforts that resulted in the FISA Amendments Act of 2008.

Given her position in the thick of FISA-related issues, one would think she was at least aware of the protection order Vaughn Walker issued on November 6, 2007 ordering the preservation of evidence, up to and including “tangible things,” in the multidistrict litigation issues pertaining to the dragnet.

[T]he court reminds all parties of their duty to preserve evidence that may be relevant to this action. The duty extends to documents, data and tangible things in the possession, custody and control of the parties to this action,

And Cordero presumably should be aware that Walker renewed the same order on November 13, 2009, extending it to cover the Jewel suit, which had an ongoing focus.

Cordero is presumably aware of two other details. First, there should be absolutely no dispute that the phone dragnet was covered by these suits. That’s because at least as early as May 25, 2007 (and again in a declaration submitted October 2009), Keith Alexander included the phone dragnet among the things he considered related to the EFF and other suits over which he claimed state secrets.

In particular, disclosure of the NSA’s ability to utilize the TSP (or, therefore, the current FISA Court-authorized content collection) in conjunction with contact chaining [redacted–probably relating to data mining] would severely undermine efforts to detect terrorist activities.

[snip]

To the extent that the NSA’s bulk collection and targeted analysis of communication meta data may be at issue in this case, those activities–as described in paragraphs 27 and 28 above–must also be protected from disclosure.

In paragraphs 27 and 28 and the following paragraphs, Alexander named the FISC Pen Register and Telephone Records Orders by name.

Thus, as far back as 2007, the NSA acknowledged that it used its content collection in conjunction with its metadata dragnets, including data obtained pursuant to the FISA dragnet orders.

Read more

The Government Tries to Quickly Force Feed Its Dog Its Phone Dragnet Homework

I have been following the government’s claims that it needs to make the phone dragnet plaintiffs look bad preserve evidence in the phone dragnet cases. I noted:

  1. NSA’s claim, on February 20, that it might need to preserve the phone dragnet information
  2. EFF Legal Director Cindy Cohn’s observation that NSA already should have been preserving phone dragnet data because of earlier orders in EFF cases
  3. NSA’s own claim, in 2009, that it was under a preservation order that might prevent it from destroying illegal alert information
  4. NSA’s own quickness to destroy 3,000 violative files in 2012 when caught retaining data in ways it shouldn’t have been
  5. NSA’s rather bizarre claim — given their abysmal track record on this point — that a great concern about defendants’ rights meant they had to keep the data
  6. The likelihood that, that claim of concern about defendants’ rights notwithstanding, NSA had probably already destroyed highly relevant data pertaining to Basaaly Moalin
  7. FISC’s equally bizarre — given their own destruction of any normal meaning of the word, “relevant” — order to force the government to continue destroying the dragnet data

That last bit — FISC’s order that the government go on destroying data in spite of existing protection orders to retain it — happened Friday.

Since Friday, the EFF has been busy.

First, it filed a motion for a Temporary Restraining Order to retain the records, pointing out that there have been two preservation order in effect for at least 5 years that should govern the phone dragnet.

There has been litigation challenging the lawfulness of the government’s telephone metadata collection activity, Internet metadata collection activity, and upstream collection activity pending in the Northern District of California continuously since 2006. The government has been under evidence preservation orders in those lawsuits continuously since 2007.

The first-filed case was Hepting v. AT&T, No. 06-cv-0672 (N.D. Cal). It became the lead case in the MDL proceeding in this district, In Re: National Security Agency Telecommunications Records Litigation, MDL No. 06-cv-1791-VRW (N.D. Cal). On November 6, 2007, this Court entered an evidence preservation order in the MDL proceeding. ECF No. 393 in MDL No. 06-cv- 1791-VRW. One of the MDL cases, Virginia Shubert, et al., v. Barack Obama, et al. No. 07-cv- 0603-JSW (N.D. Cal.), remains in litigation today before this Court, and the MDL preservation order remains in effect today as to that case.

In 2008, movants filed this action—Jewel v. NSA—and this Court related it to the Hepting action. This Court entered an evidence preservation order in Jewel. ECF No. 51. The Jewel evidence preservation order remains in effect as of today.

EFF also filed a similar motion with the FISA Court.

And it provided all the emailed reminders it sent the government, starting on February 26 after the government filed a motion with FISC to destroy the data, that it was already under a preservation order. On February 28, DOJ asked EFF to hold off until roughly March 5. But DOJ did nothing at that time, and EFF followed up again on March 7, after the order, asking how it was that the FISC didn’t know that existing preservation orders covered the phone dragnet. In response, DOJ’s Marcia (Marcy) Berman got dragged back into the case to give this convincing response.

[T]he Government’s motion fo the FISC, and the FISC’s decision today [March 7], addressed the recent litigation challenging the FISC-authorized telephony metadata collection under Section 215-litigation as to which there are no preservation orders. As we indicated last week, the Government’s motion did not address the pending Jewel (and Shubert) litigation because the district court had previously entered preservation orders applicable to those cases. As we also indicated, since the entry of those orders the Government has complied with our preservation obligations in those cases. At the time the preservation issue was first litigated in the MDL proceedings in 2007, the Government submitted a classified ex parte, in camera declaration addressing in detail the steps taken to meet our preservation obligations. Because the activities undertaken in connection with the President’s Surveillance Program (PSP) were not declassified until December 2013, we were not able to consult with you previously about the specific preservation steps that have been taken with respect to the Jewel litigation. However, the Government described for the district court in 2007 how it was meeting its preservation obligations, including with respect to the information concerning the PSP activities declassified last December. We have been working with our clients to prepare an unclassified summary of the preservation steps described to the court in 2007 so that we can address your questions in an orderly fashion with Judge White, if you continue to believe that is necessary.

After San Francisco Judge Jeffrey White ordered the government to explain itself, the government changed the timeline, suppressing the fact that they told EFF to hold off on making any filings. It also said it would just have to keep destroying data.

Therefore, in light of the FISC’s March 7 order, the Government currently remains subject to orders of the FISC—the Article II Court established by Congress with authority to issue orders pursuant to FISA and to impose specific minimization requirements—which orders require the destruction of call-details records collected by the NSA pursuant to Section 215 that are more than five years old.

In light of the obligations created by those orders, on March 7, 2014, upon receipt of the FISC’s decision, the Government filed a notice in First Unitarian and other cases challenging the legality of the Section 215 telephony metadata program of the Government’s intention, as of the morning of Tuesday, March 11, 2014, to comply with applicable FISC orders requiring the destruction of call-detail records at this time, absent a court order to the contrary.

Judge White was not impressed — he issued an order requiring the government to retain the data.

There are two things, even at first glance, that don’t make sense about all this.

First, there’s still one case that hasn’t been officially mentioned in any court discussion of retaining data I know of: Basaaly Moalin’s challenge to his dragnet identification, based off 2007 data that has probably already been destroyed but which almost certainly would reflect the many violations characteristic of the program at the time.

Then there’s the likelihood that one or both of the EFF cases was the case mentioned on February 17, 2009 — just over the 5 year age-off period at this point — regarding age-off requirements. If it was relevant then, why isn’t it now? Note, Reggie Walton is still presiding over the same decisions, so if that earlier case were an EFF one, Walton should know about it.

I would normally think this charade was just two sides lobbying for good press. Except that the phone dragnet data from just over 5 years ago — the stuff that would age off if the government followed FISC’s order — would show a great deal of violations, almost certainly constitutionally so.

So who is the entity in such a rush to destroy that data? DOJ? Or the FISC?