Posts

Sadness in the NSA-Telecom Bromance

In his report on an interview with the new Director of NSA, Admiral Mike Rogers, David Sanger gets some operational details wrong, starting with his claim that the new phone dragnet would require an “individual warrant.”

The new phone dragnet neither requires “warrants” (the standard for an order is reasonable suspicion, not probable cause), nor does it require its orders to be tied to “individuals,” but instead requires “specific selection terms” that may target facilities or devices, which in the past have been very very broadly interpreted.

All that said, I am interested in Rogers’ claims Sanger repeats about NSA’s changing relationship with telecoms.

He also acknowledged that the quiet working relationships between the security agency and the nation’s telecommunications and high technology firms had been sharply changed by the Snowden disclosures — and might never return to what they once were in an era when the relationships were enveloped in secrecy.

Oh darn!

Sadly, here’s where Sanger’s unfamiliarity with the details makes the story less useful. Publicly, at least, AT&T and Verizon have had significantly different responses to the exposure of the dragnet (though that may only be because Verizon’s name has twice been made public in conjunction with NSA’s dragnet, whereas AT&T’s has not been), and it’d be nice if this passage probed some of those details.

Telecommunications businesses like AT&T and Verizon, and social media companies, now insist that “you are going to have to compel us,” Admiral Rogers said, to turn over data so that they can demonstrate to foreign customers that they do not voluntarily cooperate. And some are far more reluctant to help when asked to provide information about foreigners who are communicating on their networks abroad. It is a gray area in the law in which American courts have no jurisdiction; instead, the agency relied on the cooperation of American-based companies.

Last week, Verizon lost a longstanding contract to run many of the telecommunications services for the German government. Germany declared that the revelations of “ties revealed between foreign intelligence agencies and firms” showed that it needed to rely on domestic providers.

After all, under Hemisphere, AT&T wasn’t requiring legal process even for domestic call records. I think it possible they’ve demanded the government move Hemisphere under the new phone dragnet, though if they have, we haven’t heard about it (it would only work if they defined domestic drug dealer suspects as associated with foreign powers who have some tie to terrorism). Otherwise, though, AT&T has not made a peep to suggest they’ll alter their decades-long overenthusiastic cooperation with the government.

Whereas Verizon has been making more audible complaints about their plight, long before the Germans started ending their contracts. And Sprint — unmentioned by Sanger — even demanded to see legal support for turning over phone data, including, apparently, turning over foreign phone data under ECPA;s exception in 18 U.S.C. § 2511(2)(f)‘s permitting telecoms to voluntarily provide foreign intelligence data. 

Given that background — and the fact ODNI released the opinions revealing Sprint’s effort, if not its name — I am curious whether the telecoms are really demanding process. If courts really had no jurisdiction then it is unclear how the government could obligate production

Though that may be what the Microsoft’s challenge to a government request for email held in Ireland is about, and that may explain why AT&T and Verizon, along with Cisco and Apple — for the most part, companies that have been more reticent about the government obtaining records in the US — joined that suit. (In related news, EU Vice President Viviane Reding says the US request for the data may be a violation of international law.)

Well, if the Microsoft challenge and telecom participation in the request for data overseas is actually an effort to convince the Europeans these corporations are demanding legal process, Admiral Rogers just blew their cover.

Admiral Rogers said the majority of corporations that had long given the agency its technological edge and global reach were still working with it, though they had no interest in advertising the fact.

Dear Ireland and the rest of Europe: Microsoft — which has long been rather cooperative with NSA, up to and including finding a way to obtain Skype data — may be fighting this data request just for show. Love, Microsoft’s BFF, Mike Rogers.

Verizon in the Cloud

As a number of people have noted, Germany canceled its contract with Verizon for network services provided to the government.

The German government on Thursday said it would end a contract with Verizon Communications Inc. because of concerns about network security, one of the most concrete signs yet that disclosures about U.S. spying were hurting American technology companies overseas.

Germany will phase out Verizon’s existing business providing communications services to government agencies by 2015, the Interior Ministry said. The winner in the decision:Deutsche Telekom, Verizon rival and German phone giant, which will take on those services.

[snip]

The U.S. telecom giant has been trying to head off a Snowden backlash from overseas customers since at least last fall, when its U.S. staff created NSA talking points for its offshore sales team, two people familiar with the matter said. The talking points included assertions the U.S. government didn’t have direct access to Verizon’s offshore data centers, that Verizon obeys local laws in whatever country it operates and that NSA data requests go through American judicial review, the people said.

For it’s part, Verizon offered non-denial denials to questions about whether the US demanded foreign data from Verizon.

Detlef Eppig, head of Verizon’s German unit Verizon Germany said on Thursday: “Verizon Germany is a German company and we comply with German law.”

Verizon did not receive any demands from Washington in 2013 for data stored in other countries, the company said.

“The U.S. government cannot compel us to produce our customers’ data stored in data centres outside the U.S., and if it attempts to do so, we would challenge that attempt in a court,” it added.

The firm declined to comment on whether there had been requests in previous years.

Remember, starting in 2009, the phone dragnets specifically state that Verizon should not turn over foreign data under the phone dragnet (presumably in part, other details suggest, because obtaining the data under Section 215 would impose closer controls on the data).

This is interesting on its face.

But I’m most interested in how this is going to affect Verizon’s stance towards US dragnets going forward. Already, it has been probably the most reluctant of the telecoms since Snowden’s leaks started. I even suspect that may have been one reason to split with Vodaphone.

There’s reason to believe USA Freedumber primarily serves to obtain all of Verizon’s cell data, which is the most important cell provider. And in a recent hearing, Verizon pushed back hard against being asked to retain their data, even while Senators seemed inclined to require it.

The phone dragnet debate is, to a significant extent, a negotiation between Verizon and the government.

And it just got put into the same position as all the PRISM providers –the cloud providers — where it is losing international business because of US demands. Which means, for the first time (even since 2008, where Internet companies tried to deny the telecoms which had been stealing from them immunity), a telecom has increasing reason to push back against the inevitable momentum toward crappy legislation.

Verizon Counsel Speaks Out Against “Outsourcing” Intelligence

One of the concerns I’ve raised about HR 3361 — AKA USA Freedumber — regards who will do some of the data analysis that the NSA “data integrity analysts” currently do before the contact-chaining stage. As I’ve noted, the most privacy protective thing would be to have the telecoms do it, but that would put them in an inappropriate role of performing analysis for the intelligence community.

Apparently, Verizon agrees with that. As part of Verizon Associate General Counsel Michael Woods’ testimony to the Senate Intelligence Committee the other day, he emphasized how inappropriate it would be for the telecoms to serve as surrogates for the intelligence community. (He emphasized this in his answers as well.)

Included in the reform discussions has been the idea that the collection, searching, and perhaps even analysis, of potentially relevant data is best done not by the government, but by the private holders of that data. One recommendation that garnered particular attention was that bulk collection of telephony metadata might be replaced by a system in which such metadata is held instead either by private providers or by a private third party.

This proposal opens a very complex debate, even when that debate is restricted to just traditional telephony, but the bottom line is this: national security is a fundamental government function that should not be outsourced to private companies.

Verizon is in the business of providing communications and other services to our customers. Data generated by that process is held only if, and only for long as, there is a business purpose in doing so. Outside of internal business operations, there typically is no need for companies to retain data for extended periods of time.

If a company is required to retain data for the use of intelligence agencies, it is no longer acting pursuant to a business purpose. Rather, it is serving the government’s purpose. In this context, the company has become an agent or surrogate of the government. Any Constitutional benefit of having the data held by private entities is lost when, by compelling retention of that data for non-business purposes, the private entity becomes a functional surrogate of the government. Public trust would exist to the extent that companies are believed to be truly independent of the government. When the companies are seen as surrogates for intelligence agencies, such trust will dissipate.

Nor would outsourcing offer any promise of efficiency. Technology is changing too rapidly — telecommunications networks are evolving beyond traditional switched telephony. Voice over Internet Protocol (VoIP) technologies handle voice traffic over the Internet (as opposed to the public switched telephone networks) and already account for a substantial portion of voice traffic. Even more dramatic has been the rise of “over-the-top” applications that use peer to peer or other technologies to establish direct connections between users over the Internet. In 2012, one such application accounted for 34% of all international voice calling minutes. VoIP and over-the-top applications traverse IP networks as Internet traffic and thus do not generate CDRs or similar telephony business records. U.S. intelligence agencies would need to approach application owners to establish access equivalent to the CDRs they obtain under the existing program. The technical difficulties multiply if the intelligence agencies were to eventually seek the same sort of access to IP metadata from Internet Service Providers.

Finally, the commercial effect on U.S. companies of outsourcing collection ought to be considered. No company will be eager to undertake the increased responsibility, scrutiny, and liability entailed by having its employees become surrogates for the government in the collection of intelligence. More troubling for large companies is the negative effect in the international market of overt association with a U.S. intelligence agency.

H.R. 3361 does not include any provisions which would require data retention by telecommunications companies. For all the foregoing reasons, that is a good thing. A framework under which intelligence agencies retain and analyze data that has been obtained from telecommunications companies in a “arms length” transaction compelled by a FISA order should continue. [my emphasis]

I quote this in full not to make you laugh at the prospect of Verizon balking at “becoming” a surrogate of the government.

I think this statement was clearly meant to lay out some clear principles going forward (and I suspect Verizon is by far the most important player in USA Freedumber, so Congress may well listen). Whatever Verizon has done in the past — before Edward Snowden and after him, ODNI exposed it, alone among the telecom companies, as turning over all our phone records to the government — it has made several efforts, some half-hearted and some potentially more significant to establish some space between it and the government. If Verizon has decided it’s time to set real boundaries in its cooperation with the government I’m all in favor of that going forward.

Much of this statement is just a clear warning that Verizon won’t abide by requests to extend their data retention practices, which it terms acting as an agent of the government. That will, by itself, limit the program. As Woods explained, they don’t really need Call Detail Records that long (and I assume they need smart phone data even less). What they keep the required 18 months is just billing records, which doesn’t provide the granular data the government would want. So if Verizon refuses to change its data retention approach, it will put a limit on what the government can access.

That said, that’s clearly what a number of Senators would like to do — mandate the retention of CDRs 18 months, which would in turn significantly raise the cost of this (about which more in a later post). So this could actually become a quite heated battle, aside from what privacy activists do.

There are a few more details of this I’m particularly intrigued by (aside from Woods’ warning that the records of interest will all be Internet-based calls within very short order).

Note that Woods admits there has been some discussion of having telecoms do “analysis” (and I assume he’s not talking just about me). Given his statements, it seems Verizon would refuse that too (good!). But remember: the last round of USA Freedumbing included compensation and immunity for Booz-type contractors in addition to the telecoms, so NSA may still be outsourcing this analysis, just to other contractors (and given that this was a late add, it may have come in response to Verizon’s reluctance to do NSA’s analysis for it).

When Woods claims this is difficult, “even when that debate is restricted to just traditional telephony,” he suggests the debate may not be restricted to traditional telephony. Obviously, Verizon must still be involved in upstream production. And it either is or may well be asked to resume its involvement in Internet metadata collection, because USA Freedumber doesn’t hide the intent to return to Internet dragnet collection. Then there’s the possibility Mark Warner’s questions elicited, that the telecoms will be getting hybrid orders asking for telephony metadata as well as other things, not limited to location.

When we talk about the various ways the NSA may try to deputize the telecoms, the possibilities are very broad — and alarming. So I’m happy to hear that Verizon, at least, is claiming to be unwilling to play that role.

Why Is DOJ Hiding Three Phone Dragnet Orders in Plain Sight?

The ACLU and EFF FOIAs for Section 215 documents are drawing to a head. Later this week, EFF will have a court hearing in their suit. And last Friday, the government renewed its bid for summary judgment in the ACLU case.

Both suits pivot on whether the government’s past withholdings on Section 215 were in good faith. Both NGOs are arguing they weren’t, and therefore the government’s current claims — that none of the remaining information may be released — cannot be treated in good faith. (Indeed, the government likely released the previously sealed NSA declaration to substantiate its claim that it had to treat all documents tying NSA to the phone dragnet with a Glomar because of the way NSA and DOJ respectively redact classification mark … or something like that.)

But the government insists it is operating in good faith.

Instead, the ACLU speculates, despite the government’s declarations to the contrary, that there must be some non-exempt information contained in these documents that could be segregated and released. In an attempt to avoid well-established law requiring courts to defer to the government’s declarations, especially in the area of national security, the ACLU accuses the government of bad faith and baldly asserts that the government’s past assertions regarding segregability—made before the government’s discretionary declassification of substantial amounts of information regarding its activities pursuant to Section 215— “strip the government’s present justifications of the deference due to them in ordinary FOIA cases.” ACLU Br. at 25. The ACLU’s allegations are utterly unfounded. For the reasons set forth below, the government’s justifications for withholding the remaining documents are “logical and plausible,”

EFF and ACLU have focused closely on a August 20, 2008 FISC order describing a method to conduct queries; I have argued it probably describes how NSA makes correlations to track correlations.

The government is refusing to identify 3 orders it has already identified

But — unless I am badly mistaken, or unless the government mistakenly believes it has turned over some of these orders, which is possible! — I think there are three other documents being withheld (ones the government hasn’t even formally disclosed to EFF, even while pretending they’ve disclosed everything to EFF) that raise questions about the government’s good faith even more readily: the three remaining phone dragnet Primary Orders from 2009. All three have been publicly identified, yet the government is pretending they haven’t been. They are:

BR 09-09, issued on July 8, 2009. Not only was this Primary Order identified in paragraph 3 of the next Primary Order, but it was discussed extensively in the government’s filing accompanying the end-to-end report. In addition, the non-approval of one providers’ metadata  (I increasingly suspect Sprint is the provider) for that period is reflected in paragraph 1(a) of that next Primary Order.

BR 09-15, issued on October 30, 2009. The docket number and date are both identified on the first page of this supplemental order.

BR 09-19, issued on December 16, 2009. It is mentioned in paragraph 3 of the next Primary Order. The docket number and the date are also referred to in the documents pertaining to Sprint’s challenge recently released. (See paragraph 1 and paragraph 5 for the date.)

Thus, the existence of all three Primary Orders has been declassified, even while the government maintains it can’t identify them in the context of the FOIAs where they’ve already been declassified.

The government has segregated a great deal of the content of BR 09-09

The government’s withholding of BR 09-09 is particularly ridiculous, given how extensively the end-to-end motion details it. From that document, we learn:

  • Pages 5-7 approve a new group for querying. (see footnote 2)
  • Pages 9-10 require those accessing the dragnet be briefed on minimization procedures tied to the dragnet (see PDF 22); this is likely the language that appears in paragraph G of the subsequent order. This specifically includes technical personnel. (see PDF 49)
  • Pages 10-11 require weekly reporting on disseminations. (see PDF 23) This is likely the information that appears in paragraph H in the subsequent order.
  • Page 12 affirmatively authorizes the data integrity search to find “certain non user specific numbers and [redacted] identifiers for purposes of metadata reduction and management” (see footnote 19 and PDF 55)
  • Page 8 and 13-14 lay out new oversight roles, especially for DOJ’s National Security Division (see PDF 22); these are likely the requirements laid out in paragraphs M through R in subsequent orders. Those same pages also require DOJ to share the details of NSD’s meeting with NSA in new FISC applications. (see PDF 23)
  • BR 09-09 included the same reporting requirements as laid out in BR 09-01 and BR 09-06 (see PDF 5)
  • Pages 16 -17 also included these new reporting requirements: (see PDFs 6 and 29 – 30)
    • a full explanation of why the government has permitted dissemination outside NSA of U.S. person information in violation of the Court’s Orders in this matter;
    • a full explanation of the extent to which NSA has acquired call detail records of foreign-to-foreign communications from [redacted] pursuant to orders of the FISC, and whether the NSA’s storage, handling, and dissemination of information in those records, or derived therefrom, complied with the Court’s orders; and
    • either (i) a certification that any overproduced information, as described in footnote 11 of the government’s application [i.e. credit card information), has been destroyed, and that any such information acquired pursuant to this Order is being destroyed upon recognition; or (ii) a full explanation as to why it is not possible or otherwise feasible to destroy such information.
  • BR 09-09 specifically mentioned that NSA had generally been disseminating BR FISA data according to USSID 18 and not the more restrictive dissemination provisions of the Court’s Orders. (see footnote 12)
  • BF 09-09 approved Chief, Information Sharing Services, the Senior Operations Officer, the Signals Intelligence
    Directorate (So) Director, the Deputy Director of NSA, and the Director of NSA to authorize US person disseminations. (see footnote 22 and PDF 28)

Significant parts of at least 13 pages of the Primary Order (the next Primary Order is 19 pages long) have already been deemed segregable and released. Yet the government now appears to be arguing, while claiming it is operating in good faith, that none of these items would be segregable if released with the order itself!

Wildarse speculation about why the government is withholding these orders

Which raises the question of why. Why did the government withhold these 3 orders, alone among all the known regular Primary Orders from the period of EFF and ACLU’s FOIAs? (See this page for a summary of the known orders and the changes implemented in each.)

The reason may not be the same for all three orders. BR 09-09 deals with two sensitive issues — the purging of credit card information and tech personnel access — that seem to have been resolved with that order (at least until the credit card problems returned in March 2011).

But there are two things that all three orders might have in common.

First, BR 09-09 deals closely with dissemination problems — the ability of CIA and FBI to access NSA results directly, and the unfettered sharing of information within NSA. BR 09-15 lays out new dissemination rules, with the supplement in November showing NSA to still be in violation. So it’s likely all 3 orders deal with dissemination violations (and therefore with poison fruit of inappropriate dissemination that may still be in the legal system), and that the government is hiding one of the more significant aspects of the dragnet violations by withholding those orders.

I also think it’s possible the later two (potentially all three, but more likely the later two) orders combine the phone and Internet dragnets. That’s largely because of timing: A June 22, 2009 order — the first one to deal with the dissemination problems formally addressed in BR 09-09 — dealt with both dragnets. There is evidence the Internet dragnet data got shut down (or severely restricted) on October 30, 2009, the date of BR 09-15. And according to the 2010 John Bates Internet dragnet opinion, NSA applied to restart the dragnet in late 2009 (so around the time of BR 09-19). So I think it possible the later orders, especially, deal with both programs,  thereby revealing details about the legal problems with PRTT the government would like to keep suppressed. (Note, if BR 09-15 and BR 09-19 are being withheld because they shut down Internet production, it would mean all three orders shut down some production, as BR 09-09 shut down one provider’s telephone production.)

Another possibility has to do with the co-mingling of EO 12333 and Section 215 data. These three orders all deal with the fact that providers (at least Verizon, but potentially the other two as well) had included foreign-to-foreign phone records along with the production of their domestic ones.That’s the reason production from one provider got shut down in BR 09-09. And immediately after the other withheld records, the Primary Orders always included a footnote on what to do with EO 12333 data turned over pursuant to BR FISA orders (see footnote 7 and footnote 10 for examples). Also, starting in March 2009, the Orders all contain language specifically addressing Verizon. So we know the FISC was struggling to come up with a solution for the fact that NSA had co-mingled data obtainable under EO 12333 and data the telecoms received PATRIOT Act orders from. (I suspect this is why Sprint insisted on legal cover, ultimately demanding the legal authorization of the program with the December order.) So it may be that all these orders reveal too much about the EO 12333 dragnet — and potential additional violations — to be released.

Whatever the reason, there is already so much data in the public domain, especially on BR 09-09, it’s hard to believe withholding it is entirely good faith.

Four Reasons USA Freedumber is Worse than the Status Quo

In the post-HR 3361 passage press conference yesterday, Jerry Nadler suggested the only reason civil libertarians oppose the bill is because it does not go far enough.

That is, at least in my case, false.

While I have concerns about unintended consequences of outsourcing holding the call data to the telecoms (see my skepticism that it ends bulk collection here and my concerns about high volume numbers here), there are a number of ways that USA Freedumber is worse than the status quo.

These are:

  • The move to telecoms codifies changes in the chaining process that will almost certainly expand the universe of data being analyzed
  • In three ways, the bill permits phone chaining for purposes outside of counterterrorism
  • The bill weakens minimization procedures on upstream collection imposed by John Bates, making it easier for the government to collect domestic content domestically
  • The bill guts the current controls on Pen Register authority, making it likely the government will resume its Internet dragnet

The NSA in your smart phone: Freedumber codifies changes to the chaining process

As I have described, the language in USA Freedumber makes it explicit that the government and its telecom partners can chain on connections as well as actual phone call contacts. While the new automatic search process approved by the FISA Court in 2012 included such chaining, by passing this bill Congress endorses this approach. Moreover, the government has never been able to start running such automatic queries; it appears they have to outsource to the telecoms to be able to do so (probably in part to make legal and technical use of location data). Thus, moving the phone chaining to the telecoms expands on the kinds of chaining that will be done with calls.

We don’t know all that that entails. At a minimum (and, assuming the standard of proof is rigorous, uncontroversially) the move will allow the government to track burner phones, the new cell phones targets adopt after getting rid of an old one.

It also surely involves location mapping. I say that, in part, because if they weren’t going to use location data, they wouldn’t have had to move to the telecoms. In addition, AT&T’s Hemisphere program uses location data, and it would be unrealistic to assume this program wouldn’t include at least all of what Hemisphere already does.

But beyond those two functions, your guess is as good as mine. While the chaining must produce a Call Detail Record at the interim step (which limits how far away from actual phone calls the analysis can get), it is at least conceivable the chaining could include any of a number of kinds of data available to the telecoms from smart phones, including things like calendars, address books, and email.

The fact that the telecoms and subsidiary contractors get immunity and compensation makes it more likely that this new chaining will be expansive, because natural sources of friction on telecom cooperation will have been removed.

Freedumber provides three ways for NSA to use the phone dragnet for purposes besides counterterrorism

As far as we know, the current dragnet may only be used for actual terrorist targets and Iran. But USA Freedumber would permit the government to use the phone dragnet to collect other data by:

  • Requiring only that selection terms be associated with a foreign power
  • Permitting the retention of data for foreign intelligence, not just counterterrorism, purposes
  • Allowing the use of emergency queries for non-terrorism uses

Freedumber permits searches on selection terms associated with foreign powers

On its face, USA Freedumber preserves this counterterrorism focus, requiring any records obtained to be “relevant to” an international terrorist investigation. Unfortunately, we now know that FISC has already blown up the meaning of “relevant to,” making all data effectively relevant.

The judicial approval of the specific selection term, however — the court review that should be an improvement over the status quo — is not that tie to terrorism, but evidence that the selection term is a foreign power or agent thereof.

Thus, the government could cite narcoterrorism, and use the chaining program to investigate Mexican drug cartels. The government could raise concerns that al Qaeda wants to hack our networks, and use chaining to investigate hackers with foreign ties. The government could allege Venezuela supports terrorism and investigate Venezuelan government sympathizers.

There are a whole range of scenarios in which the government could use this chaining program for purposes other than counterterrorism.

Freedumber permits the retention of any data that serves a foreign intelligence purpose

And once it gets that data, the government can keep it, so long as it claims (to itself, with uncertain oversight from the FISC) that the data has a foreign intelligence purpose.

At one level, this is a distinction without a difference from the language that USA Freedumb had used, which required the NSA to destroy the data after five years unless it was relevant to a terrorism investigation (which all data turned over to NSA would be, by definition). But the change in language serves as legislative approval that the use of the data received via this program can be used for other purposes.

That will likely have an impact on minimization procedures. Currently, the NSA needs a foreign intelligence purpose to access the corporate store, but can only disseminate data from it for counterterrorism purposes. I would imagine the changed language of the bill will lead the government to successfully argue that the minimization procedures permit the dissemination of US person data so long as it meets only this flimsy foreign intelligence purpose. In other words, US person data collected in chaining would be circulating around the government more freely.

Freedumber’s emergency queries do not require any tie to terrorism

As I noted, the revisions USA Freedumber made to USA Freedumb explicitly removed a requirement that emergency queries be tied to a terrorism investigation.

(A) reasonably determines that an emergency situation requires the production of tangible things to obtain information for an authorized investigation (other than a threat assessment) conducted in accordance with subsection (a)(2) to protect against international terrorism before an order authorizing such production can with due diligence be obtained;

That’s particularly troublesome, because even if the FISC rules the emergency claim (certified by the Attorney General) was not legally valid after the fact, not only does the government not have to get rid of that data, but the Attorney General (the one who originally authorized its collection) is the one in charge of making sure it doesn’t get used in a trial or similar proceeding.

In short, these three changes together permit the government to use the phone dragnet for a lot more uses than they currently can.

Freedumber invites the expansion of upstream collection

When John Bates declared aspects of upstream collection to be unconstitutional in 2011, he used the threat of referrals under 50 USC 1809(a) to require the government to provide additional protection both to entirely domestic communications that contained a specific selector, and to get rid of domestic communications that did not contain that specific selector at all. The government objected (and considered appealing), claiming that because it hadn’t really intended to collect this data, it should be able to keep it and use it. But ultimately, that threat (especially threats tied to the government’s use of this data for ongoing FISA orders) led the government to capitulate.

The changes in Freedumber basically allow the government to adopt its old “intentional” claim, reversing Bates’ restrictions. Read more

David Barron’s ECPA Memo

Last week, I laid out the amazing coinkydink that DOJ provided Sprint a bunch of FISA opinions — including the December 12, 2008 Reggie Walton opinion finding that the phone dragnet did not violate ECPA — on the same day, January 8, 2010, that OLC issued a memo finding that providers could voluntarily turn over phone records in some circumstances without violating ECPA.

Looking more closely at what we know about the opinion, I’m increasingly convinced it was not a coinkydink at all. I suspect that the memo not only addresses FBI’s exigent letter program, but also the non-Section 215 phone dragnet.

As a reminder, we first learned of this memo when, in January 2010, DOJ’s Inspector General issued a report on FBI’s practice of getting phone records from telecom provider employees cohabiting at FBI with little or no legal service. The report was fairly unique in that it was released in 3 versions: the public unclassified but heavily redacted version, a Secret version, and a Top Secret/SCI version. Given how closely parallel the onsite telecom provider program was with the phone dragnet, that always hinted the report may have touched on other issues.

Roughly a year after the IG Report came out, EFF FOIAed the memo (see page 30). Over the course of the FOIA litigation — the DC Circuit rejected their appeal for the memo in January — DOJ provided further detail about the memo.

Here’s how OLC Special Counsel Paul Colborn described the memo (starting at 25):

The document at issue in this case is a January 8, 2010 Memorandum for Valerie Caproni, General Counsel of the Federal Bureau of Investigation (the “FBI”), from David J. Barron, Acting Assistant Attorney General for the Office of Legal Counsel (the “Opinion”). The OLC Opinion was prepared in response to a November 27, 2009 opinion request from the FBI’s General Counsel and a supplemental request from Ms. Caproni dated December 11, 2009. These two requests were made in order to obtain OLC advice that would assist FBI’s evaluation of how it should respond to a draft Report by the Office of Inspector General at the Department of Justice (the “OIG”) in the course of a review by the OIG of the FBI’s use of certain investigatory procedures.In the context of preparing the Opinion, OLC, as is common, also sought and obtained the views of other interested agencies and components of the Department. OIG was aware that the FBI was seeking legal advice on the question from OLC, but it did not submit its views on the question.

The factual information contained in the FBI’s requests to OLC for legal advice concerned certain sensitive techniques used in the context of national security and law enforcement investigations — in particular, significant information about intelligence activities, sources, and methodology.

Later in his declaration, Colborn makes it clear the memo addressed not just FBI, but also other agencies.

The Opinion was requested by the FBI and reflects confidential communications to OLC from the FBI and other agencies. In providing the Opinion, OLC was serving an advisory role as legal counsel to the Executive Branch. In the context of the FBI’s evaluation of its procedures, the general counsel at the FBI sought OLC advice regarding the proper interpretation of the law with respect to information-gathering procedures employed by the FBI and other Executive Branch agencies. Having been requested to provide counsel on the law, OLC stood in a special relationship of trust with the FBI and other affected agencies.

And FBI Record/Information Dissemination Section Chief David Hardy’s declaration revealed that an Other Government Agency relied on the memo too. (starting at 46)

This information was not examined in isolation. Instead, each piece of information contained in the FBI’s letters of November 27, 2009 and December 11, 2009, and OLC’s memorandum of January 8, 2010, was evaluated with careful consideration given to the impact that disclosure of this information will have on other sensitive information contained elsewhere in the United States intelligence community’s files, including the secrecy of that other information.

[snip]

As part of its classification review of the OLC Memorandum, the FBI identified potential equities and interests of other government agencies (“OGAs”) with regard to the OLC memo. … FBI referred the OLC Memo for consultation with those OGAs. One OGA, which has requested non-attribution, affirmatively responded to our consultation and concurs in all of the classification markings.

Perhaps most remarkably, the government’s response to EFF’s appeal even seems to suggest that what we’ve always referred to as the Exigent Letters IG Report is not the Exigent Letters IG Report!

Comparing EFF’s claims (see pages 11-12) with the government’s response to those claims (see pages 17-18), the government appears to deny the following:

  • The Exigent Letters IG Report was the 3rd report in response to reporting requirements of the USA PATRIOT reauthorization
  • FBI responded to a draft of the IG Report by asserting a new legal theory defending the way it had obtained certain phone records in national security investigations, which resulted in the January 8, 2010 memo
  • The report didn’t describe the exception to the statute involved and IG Glenn Fine didn’t recommend referring the memo to Congress
  • In response to a Marisa Taylor FOIA, FBI indicated that USC 2511(2)(f) was the exception relied on by the FBI to say it didn’t need legal process to obtain voluntary disclosure of phone records

Along with these denials, the government reminded that the report “contained significant redactions to protect classified information and other sensitive information.” And with each denial (or non-response to EFF’s characterizations) it “respectfully refer[red] the Court to the January 2010 OIG report itself.”

The Exigent Letters IG Report is not what it seems, apparently.

With all that in mind, consider two more details. First, as David Kris (who was the Assistant Attorney General during this period) made clear in his paper on the phone (and Internet) dragnet, in addition to Section 215, the government obtained phone records from the telecoms under USC 2511(2)(f), the clause in question.

And look at how the chronology maps.

November 5, 2008: OLC releases opinion ruling sneak peak and hot number requests (among other things) impermissible under NSLs

December 12, 2008: Reggie Walton rules that the phone dragnet does not violate ECPA

Throughout 2009: DOJ confesses to multiple violations of Section 215 program, including:

  • An alert function that serves the same purpose as sneak peaks and also violates Section 215 minimization requirements
  • NSA treated Section 215 derived data with same procedures as EO 12333 data; that EO 12333 data included significant US person data
  • One provider’s (which I originally thought was Sprint, then believed was Verizon, but could still be Sprint) production got shut down because it included foreign-to-foreign data (the kind that, according to the OLC, could be obtained under USC 2511(2)(f)

Summer and Fall, 2009: Sprint meets with government to learn how Section 215 can be used to require delivery of “all” customer records

July 9, 2009: Sprint raises legal issues regarding the order it was under; Walton halts production from provider which had included foreign-to-foreign production

October 30, 2009: Still unreleased primary order BR 09-15

November 27, 2009: Valerie Caproni makes first request for opinion

December 11, 2009: Caproni supplements her request for a memo

December 16, 2009: Application and approval of BR 09-19

December 30, 2009: Sprint served with secondary order

January 7, 2010: Motion to unseal records

January 8, 2010: FISC declassifies earlier opinions; DOJ and Sprint jointly move to extend time when Sprint can challenge order; and OLC releases OLC opinion; FISC grants motion (John Bates approves all these motions)

January 11, 2010: DOJ moves (in a motion dated January 8) to amend secondary order to incorporate language on legality; this request is granted the following day (though we don’t get that order)

January 20, 2010: IG Report released, making existence of OLC memo public

This memo is looking less and less like a coinkydink after all, and more and more a legal justification for the provision of foreign-to-foreign records to accompany the Section 215 provision. And while FBI said it wasn’t going to rely on the memo, it’s not clear whether NSA said the same.

Golly. It’d sure be nice if we got to see that memo before David Barron got to be a lifetime appointed judge.

The “Other Authority” Footnote

For a variety of reasons, I want to track backward what appears to happen to a footnote in the phone dragnet that currently addresses dragnet records from other authorities, as it appears here in the July 18, 2013 Primary Order.

The Court understands that NSA receives certain call detail records pursuant to other authority, in addition to call records produced in response to this Court’s Orders. NSA shall store, handle, and disseminate call detail records produced in response to this Court’s Orders pursuant to this Order [3 lines redacted].

The footnote is currently the second footnote off of paragraph 3(c)(iii) about the timeline on RAS authorizations. The footnote was entirely redacted, but still 7 lines, in BR 13-80. It appears to be longer — perhaps 11 lines — in BR 11-107. It appears the same size, but split from the first of two footnotes, in BR 11-57 and BR 11-07; it appears a line or two longer in BR 10-70. The typeface is different but it appears equivalent in BR 10-49, and  BR 10-17.

The footnote in that position — now numbered footnote 7 — appears largely unredacted in BR 10-10. It reads:

The Court understands that call detail records of foreign-to-foreign communications provided by [redacted] pursuant to this Order will not be used to make chain summary records. Further, such records will be used solely for technical purposes, including use by NSA’s data integrity analysts to correctly interpret and extract contact information in [redacted] international records. In the event that an NSA analyst performs an authorized query that includes a search of the BR metadata, and the results of that query include information from [redacted] foreign-to-foreign call detail records, NSA shall handle and minimize the information in those records in accordance with the minimization procedures in this Order, regardless of the authority pursuant to which NSA obtained the record. In contrast, if the analyst’s query does not include a search of the BR metadata, and the results of that query include information from [redacted] foreign-to-foreign call detail records, then the minimization procedures in this Order shall not be applied to the information in those records.

Primary Orders BR 09-19 and 09-15 are two of three the government is withholding from that year. The footnote is entirely redacted in BR 09-13. BR 09-09 is the third Primary Order withheld from that year (that is the order that shuts down one provider’s production — presumed to be Verizon — because of the foreign-to-foreign inclusion). BR 09-06 doesn’t split out the custodian of the third provider, though includes foreign-to-foreign language; because the structure of this Order is different, it is impossible to tell whether the equivalent footnote appears. BR 09-01 doesn’t even include the foreign-to-foreign language.

Which is an elaborate way of surmising (though we can’t be sure with the redactions) that the footnote retains a related function between the time it maps out what to do with foreign-to-foreign data and the time it currently appears to say that BR FISA data must be treated according to BR FISA rules.

As I laid out here, that appears to stem from an issue dating to 2009 when Verizon turned over all its call records, including its foreign-to-foreign ones, under BR FISA (though the redactions in the BR 10-10 footnote are shorter — maybe 4-5 characters, so it’s possible this happened with a second provider as well). What appears to have happened is FISC shut down their production for a period, resumed it, then tried to deal with the problem with minimization procedures. Over time, the footnote dealing with that evolved into a more general footnote requiring that BR FISA data be treated with BR FISA rules, no matter what ever else happened. This would mean that if Verizon or another telecom provider made the same mistake, NSA would have access to its foreign data for a shorter period of time and subject to much narrower dissemination rules.

Sometime between 2009 and 2011, NSA started putting XML tags on each new piece of data, so it could track where the data came from, presumably to make this process easier, but also so it could run queries under whatever authority provided it with easier minimization rules. That XML system would permit the NSA to comply with the footnote in BR 10-10 easily, by tracking precisely where the data came from.

Verizon Loves Dragnet Reform

If there was any doubt that Verizon was the source of some of the difficulties behind the phone dragnet, this may address them.

Verizon supports the bipartisan USA Freedom Act because it will achieve the important goals of ending Section 215 bulk collection of communications data, heightening privacy protections and increasing transparency.  We thank the House Intelligence and Judiciary Committees for taking this bipartisan approach and look forward to working with the House and Senate leadership, along with the White House, to address remaining issues and enact the USA Freedom Act into law this year.

I’m curious what transparency Verizon thinks this adds — unless it means it can start reporting its real numbers?

Will the Dragnet Reform Criminalize Ordering Pizza?

There are two major problems with the phone dragnet, as it currently exists.

First, the government has a database of all the phone-based relationships in the United States, one they currently (as far as we know) do not abuse, but one that is ripe for unbelievable abuse.

But there is current abuse going on. The dragnet takes completely innocent people who are three (now two) degrees of separation from someone subjected to a digital stop-and-frisk, a very low standard, and puts them (by dint of at least one communication with someone who communicated with someone who might be suspicious) into the NSA’s analytical maw. Permanently. Those people can have their multiple IDs connected, including any online searches NSA happened to injest, they can be subjected to data mining, by dint of those conversations, they apparently can even have the content of their communications accessed without a warrant, they might even be targeted to become informants using the data available to NSA.

This may well be the digital equivalent of J Edgar Hoover’s subversives list, a collection of people who will always be subject to heightened scrutiny, including unbelievably invasive digital analysis, because of a three degree association years in the past.

According to PCLOB’s estimate, as many as 120 million people may have been — may still be! — subjected for this treatment.

Discussions of whether the House Judiciary and Intelligence Committee bills “reforming” the dragnet really fix it have almost entirely ignored this second abuse, the innocent people who will be subjected to the “full range of NSA’s analytical tradecraft” merely because of a potentially completely innocent association.

There are things that should be done — whether in the current dragnet or the “reformed” one — to mitigate this abuse. Those data ought to age off, which they currently don’t (and won’t, under the new program, as currently described). That analysis ought to be subject to audits, which they’re not currently. The FISC ought to get some sense of what happens in this corporate store, which it’s not clear it currently has. Criminal defendants ought to have some visibility into whether their prosecutions stemmed from such analysis.

But there are also things — as Congress crafts a dragnet replacement — that can affect the sheer number of new people who will be thrown into the corporate store, into NSA’s analytical pool. And those things have a lot to do with how this new scheme deals with what is called “data integrity.”

As I have written repeatedly, the number of results NSA (or the telecoms, under the new system) will get under a particular query depends on how many noisy numbers — things like telemarketers, voice mail numbers, and pizza joints — remain in the collection. As Jonathan Mayer showed, even in his 300 person dataset that included just 2 people who had ever called each other, 17% were connected at the second hop through T-Mobile’s voice mail number.

In spite of the fact that just 2 of its participants had called each other, the fact that so many people had called T-Mobile’s voicemail number connected 17% of participants at two hops.

Already 17.5% of participants are linked. That makes intuitive sense—many Americans use T-Mobile for mobile phone service, and many call into voicemail. Now think through the magnitude of the privacy impact: T-Mobile has over 45 million subscribers in the United States. That’s potentially tens of millions of Americans connected by just two phone hops, solely because of how their carrier happens to configure voicemail.

And from this, the piece concludes that NSA could get access to a huge number of numbers with just one seed.

But our measurements are highly suggestive that many previous estimates of the NSA’s three-hop authority were conservative. Under current FISA Court orders, the NSA may be able to analyze the phone records of a sizable proportion of the United States population with just one seed number.

We know NSA currently does significant work to pull those noisy numbers via a “data integrity” process both before new data is used for contact chaining and as new numbers are identified as “high volume numbers.” While we don’t get to assess the efficacy of that process, it can make the difference between hundreds of millions of Americans getting thrown into the NSA’s analytical pool, or just tens of thousands. But as the contact-chaining process gets outsourced to the telecoms, the question becomes more pressing.

As I see it, there are three possible ways this function might be done going forward:

  1. The telecoms do an initial sort of high volume numbers, taking out voice mail box and telemarketer calls, then pass the data onto NSA, which does a secondary sort to pull out things like pizza joints (which NSA might want to keep in the data set, but suppress in contact chaining until they have evidence a pizza joint might be a key hub in a terrorist attack). This plays to existing telecom strengths (most likely do similar analysis on their own use of the data now), but doesn’t require they make what are analytical intelligence decisions. Even though this is likely the best solution, it still means many completely innocent Americans may be subject to NSA’s analysis because they ordered pizza.
  2. The telecom does all the data integrity analysis, identifying all the high volume numbers. This would result in the fewest number (but still intolerably too many) of innocent Americans being dumped into NSA’s pot. But it would also turn the telecoms into an arm of US intelligence (well, even more than they already are!), because they’d be in the position of making analytical judgments about what data is useful for NSA’s intelligence purposes. Which may be one of the reasons the telecoms seem to be demanding immunity, again.
  3. NSA does the data integrity analysis at the telecoms, as seems to be envisioned by the HPSCI bill. This might achieve the current status quo, borrowing on 8 years of experience to strike the right balance. But it would also present the intolerable condition of NSA employees or contractors accessing and analyzing the raw data of private communications providers at the providers’ locales.

Read more

The Verizon Publicity Stunt, Mosaic Theory, and Collective Fourth Amendment Rights

On Friday, I Con the Record revealed that a telecom — Ellen Nakashima confirms it was Verizon — asked the FISA Court to make sure its January 3 order authorizing the phone dragnet had considered Judge Richard Leon’s December 16 decision that it was unconstitutional. On March 20, Judge Rosemary Collyer issued an opinion upholding the program.

Rosemary Collyer’s plea for help

Ultimately, in an opinion that is less shitty than FISC’s previous attempts to make this argument, Collyer examines the US v. Jones decision at length and holds that Smith v. Maryland remains controlling, mostly because no majority has overturned it and SCOTUS has provided no real guidance as to how one might do so. (Her analysis raises some of the nuances I laid out here.)

The section of her opinion rejecting the “mosaic theory” that argues the cumulative effect of otherwise legal surveillance may constitute a search almost reads like a cry for help, for guidance in the face of the obvious fact that the dragnet is excessive and the precedent that says it remains legal.

A threshold question is which standard should govern; as discussed above, the court of appeals’ decision in Maynard and two concurrences in Jones suggest three different standards. See Kerr, “The Mosaic Theory of the Fourth Amendment,” 111 Mich. L. Rev. at 329. Another question is how to group Government actions in assessing whether the aggregate conduct constitutes a search.See id. For example, “[w]hich surveillance methods prompt a mosaic approach? Should courts group across surveillance methods? If so, how? Id. Still another question is how to analyze the reasonableness of mosaic searches, which “do not fit an obvious doctrinal box for determining reasonableness.” Id. Courts adopting a mosaic theory would also have to determine whether, and to what extent, the exclusionary rule applies: Does it “extend over all the mosaic or only the surveillance that crossed the line to trigger a search?”

[snip]

Any such overhaul of Fourth Amendment law is for the Supreme Court, rather than this Court, to initiate. While the concurring opinions in Jones may signal that some or even most of the Justices are ready to revisit certain settled Fourth Amendment principles, the decision in Jones itself breaks no new ground concerning the third-party disclosure doctrine generally or Smith specifically. The concurring opinions notwithstanding, Jones simply cannot be read as inviting the lower courts to rewrite Fourth Amendment law in this area.

As I read these passages, I imagined that Collyer was trying to do more than 1) point to how many problems overruling the dragnet would cause and 2) uphold the dignity of the rubber stamp FISC and its 36+ previous decisions the phone dragnet is legal.

There is reason to believe she knows what we don’t, at least not officially: that even within the scope of the phone dragnet, the dragnet is part of more comprehensive mosaic surveillance, because it correlates across platforms and identities. And all that’s before you consider how, once dumped into the corporate store and exposed to NSA’s “full range of analytic tradecraft,” innocent Americans might be fingerprinted to include our lifestyles.

That is, not only doesn’t Collyer see a way (because of legal boundary concerns about the dragnet generally, and possibly because of institutional concerns about FISC) to rule the dragnet illegal, but I suspect she sees the reverberations that such a ruling would have on the NSA’s larger project, which very much is about building mosaics of intelligence.

No wonder the government is keeping that August 20, 2008 opinion secret, if it indeed discusses the correlations function in the dragnet, because it may well affect whether the dragnet gets assessed as part of the mosaic NSA uses it as.

Verizon’s flaccid but public legal complaint

Now, you might think such language in Collyer’s opinion would invite Verizon to appeal this decision. But given this lukewarm effort, it seems unlikely to do so. Consider the following details:

Leon issued his decision December 16. Verizon did not ask the FISC for guidance (which makes sense because they are only permitted to challenge orders).

Verizon got a new Secondary Order after the January 3 reauthorization. It did not immediately challenge the order.

It only got around to doing so on January 22 (interestingly, a few days after ODNI exposed Verizon’s role in the phone dragnet a second time), and didn’t do several things — like asking for a hearing or challenging the legality of the dragnet under 50 USC 1861 as applied — that might reflect real concern about anything but the public appearance of legality. (Note, that timing is of particular interest, given that the very next day, on January 23, PCLOB would issue its report finding the dragnet did not adhere to Section 215 generally.)

Indeed, this challenge might not have generated a separate opinion if the government weren’t so boneheaded about secrecy.

Verizon’s petition is less a challenge of the program than an inquiry whether the FISC has considered Leon’s opinion.

It may well be the case that this Court, in issuing the January 3,2014 production order, has already considered and rejected the analysis contained in the Memorandum Order. [redacted] has not been provided with the Court’s underlying legal analysis, however, nor [redacted] been allowed access to such analysis previously, and the order [redacted] does not refer to any consideration given to Judge Leon’s Memorandum Opinion. In light of Judge Leon’s Opinion, it is appropriate [redacted] inquire directly of the Court into the legal basis for the January 3, 2014 production order,

As it turns out, Judge Thomas Hogan (who will take over the thankless presiding judge position from Reggie Walton next month) did consider Leon’s opinion in his January 3 order, as he noted in a footnote.

Screen Shot 2014-04-28 at 10.49.42 AM

And that’s about all the government said in its response to the petition (see paragraph 3): that Hogan considered it so the FISC should just affirm it.

Verizon didn’t know that Hogan had considered the opinion, of course, because it never gets Primary Orders (as it makes clear in its petition) and so is not permitted to know the legal logic behind the dragnet unless it asks nicely, which is all this amounted to at first.

Note that the government issued its response (as set by Collyer’s scheduling order) on February 12, the same day it released Hogan’s order and its own successful motion to amend it. So ultimately this headache arose, in part, because of the secrecy with which it treats even its most important corporate spying partners, which only learn about these legal arguments on the same schedule as the rest of us peons.

Yet in spite of the government’s effort to dismiss the issue by referencing Hogan’s footnote, Collyer said because Verizon submitted a petition, “the undersigned Judge must consider the issue anew.” Whether or not she was really required to or could have just pointed to the footnote that had been made public, I don’t know. But that is how we got this new opinion.

Finally, note that Collyer made the decision to unseal this opinion on her own. Just as interesting, while neither side objected to doing so, Verizon specifically suggested the opinion could be released with no redactions, meaning its name would appear unredacted.

The government contends that certain information in these Court records (most notably, Petitioner’s identity as the recipient of the challenged production order) is classified and should remain redacted in versions of the documents that are released to the public. See Gov’t Mem. at 1. Petitioner, on the other hand, “request[s] no redactions should the Court decide to unseal and publish the specified documents.” Pet. Mem. at 5. Petitioner states that its petition “is based entirely on an assessment of [its] own equities” and not on “the potential national security effects of publication,” which it “is in no position to evaluate.” Id.

I’ll return to this. But understand that Verizon wanted this opinion — as well as its own request for it — public.

Read more