Russ Feingold: Yahoo Didn’t Get the Info Needed to Challenge the Constitutionality of PRISM
The NYT has a story that solves a question some of us have long been asking: Which company challenged a Protect America Act order in 2007, only to lose at the district and circuit level?
The answer: Yahoo.
The Yahoo ruling, from 2008, shows the company argued that the order violated its users’ Fourth Amendment rights against unreasonable searches and seizures. The court called that worry “overblown.”
But the NYT doesn’t explain something that Russ Feingold pointed out when the FISA Court of Review opinion was made public in 2009 (and therefore after implementation of FISA Amendments Act): the government didn’t (and still didn’t, under the PAA’s successor, the FISA Amendments Act, Feingold seems to suggests) give Yahoo some of the most important information it needed to challenge the constitutionality of the program.
The decision placed the burden of proof on the company to identify problems related to the implementation of the law, information to which the company did not have access. The court upheld the constitutionality of the PAA, as applied, without the benefit of an effective adversarial process. The court concluded that “[t]he record supports the government. Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse in the circumstances of the instant case.” However, the company did not have access to all relevant information, including problems related to the implementation of the PAA. Senator Feingold, who has repeatedly raised concerns about the implementation of the PAA and its successor, the FISA Amendments Act (“FAA”), in classified communications with the Director of National Intelligence and the Attorney General, has stated that the court’s analysis would have been fundamentally altered had the company had access to this information and been able to bring it before the court.
In the absence of specific complaints from the company, the court relied on the good faith of the government. As the court concluded, “[w]ithout something more than a purely speculative set of imaginings, we cannot infer that the purpose of the directives (and, thus, of the surveillance) is other than their stated purpose… The petitioner suggests that, by placing discretion entirely in the hands of the Executive Branch without prior judicial involvement, the procedures cede to that Branch overly broad power that invites abuse. But this is little more than a lament about the risk that government officials will not operate in good faith.” One example of the court’s deference to the government concerns minimization procedures, which require the government to limit the dissemination of information about Americans that it collects in the course of its surveillance. Because the company did not raise concerns about minimization, the court “s[aw] no reason to question the adequacy of the minimization protocol.” And yet, the existence of adequate minimization procedures, as applied in this case, was central to the court’s constitutional analysis. [bold original, underline mine]
This post — which again, applies to PAA, though seems to be valid for the way the government has conducted FAA — explains why.
The court’s ruling makes it clear that PAA (and by association, FAA) by itself is not Constitutional. By itself, a PAA or FAA order lacks both probable cause and particularity.
The programs get probable cause from Executive Order 12333 (the one that John Yoo has been known to change without notice), from an Attorney General assertion that he has probable cause that the target of his surveillance is associated with a foreign power.
And the programs get particularity (which is mandated from a prior decision from the court, possibly the 2002 one on information sharing) from a set of procedures (the descriptor was redacted in the unsealed opinion, but particularly given what Feingold said, it’s likely these are the minimization procedures both PAA and FAA required the government to attest to) that give it particularity. The court decision makes it clear the government only submitted those — even in this case, even to a secret court — ex parte.
The petitioner’s arguments about particularity and prior judicial review are defeated by the way in which the statute has been applied. When combined with the PAA’s other protections, the [redacted] procedures and the procedures incorporated through the Executive Order are constitutionally sufficient compensation for any encroachments.
The [redacted] procedures [redacted] are delineated in an ex parte appendix filed by the government. They also are described, albeit with greater generality, in the government’s brief. [redacted] Although the PAA itself does not mandate a showing of particularity, see 50 USC 1805b(b), this pre-surveillance procedure strikes us as analogous to and in conformity with the particularity showing contemplated by Sealed Case.
In other words, even the court ruling makes it clear that Yahoo saw only generalized descriptions of these procedures that were critical to its finding the order itself (but not the PAA in isolation from them) was constitutional.
Incidentally, while Feingold suggests the company (Yahoo) had to rely on the government’s good faith, to a significant extent, so does the court. During both the PAA and FAA battles, the government successfully fought efforts to give the FISA Court authority to review the implementation of minimization procedures.
The NYT story suggests that the ruling which found the program violated the Fourth Amendment pertained to FAA.
Last year, the FISA court said the minimization rules were unconstitutional, and on Wednesday, ruled that it had no objection to sharing that opinion publicly. It is now up to a federal court.
I’m not positive that applies to FAA, as distinct from the 215 dragnet or the two working in tandem.
But other reporting on PRISM has made one thing clear: the providers are still operating in the dark. The WaPo reported from an Inspector General’s report (I wonder whether this is the one that was held up until after FAA renewal last year?) that they don’t even have visibility into individual queries, much less what happens to the data once the government has obtained it.
But because the program is so highly classified, only a few people at most at each company would legally be allowed to know about PRISM, let alone the details of its operations.
[snip]
According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process. [my emphasis]
This gets to the heart of the reason why Administration claims that “the Courts” have approved this program are false. In a signature case where an Internet provider challenged it — which ultimately led the other providers to concede they would have to comply — the government withheld some of the most important information pertaining to constitutionality from the plaintiff.
The government likes to claim this is constitutional, but that legal claim has always relied on preventing the providers and, to some extent, the FISA Court itself from seeing everything it was doing.
“PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises…”
This SHOULD (but won’t) put an end to all the media hand-wring about why Google and others are denying that they are giving the government their data (except in response to specific requests). Clearly the government has installed plumbing at each company’s switch to tap directly into what goes and and what comes out. The plumbing was installed by government engineers with as little involvement by company employees as possible. Executives don’t even know what the plumbing does. There may be a couple of Snowden-types who do. The point of all this is to establish plausible deniability — and confuse the media.
I suspect there are only two tasking instructions: Spigot ON” and “Spigot OFF”. The packets are siphoned over to government servers where they are stored, at least until until the NSA engineers can develop the tools to parse the packets. Theoretically such tools could reach the point where they are able in real time to filter out useless stuff and keep and index the good stuff. At that point the tasking instruction would be “Spigot ON” permanently.
Gotta wonder whether Yahoo filed a petition for cert with the Supremes or whether they took the approach that the plaintiffs did in the al-Haramin case – deciding not to pursue cert because of the likelihood of making bad precedent with the current composition of the Court.
Where, oh where, has our little president gone?
Where oh where can he be?
With his eyes shut tight and his ears plugged up
Where oh where can he be?
Does the problem come down to this: there’s no system for ensuring the investigators EXECUTE the search warrant within the court’s understanding of what the warrant MEANS?
I recall, under the pre-PAA versions at least, a requirement for the executive branch to report to Congress, but only on total numbers so gross and vague as to be functionally meaningless (except to Sean Hannity, depending on which way he happens to be rolling); so that’s not really of any value. Then there’s situations where the government seeks to use intercepted content in the context of a court prosecution, or gets caught out relying on evidence derived from undisclosed interception (like in the al Haramain case); but those are extremely rare, measured against the total volume of actual content interceptions (leave aside the potential volume from orders for metadata).
If the investigators were required to report back to the FISA court on what they actually DID with the search warrants, that at least would give the court a reasonable amount of technical information from which to adjudicate future applications.
Totally parenthetical comment
Kicking myself right now. Just over a month ago I was going to go to a talk in Palo Alto by Senator Russ Feingold about why he voted against the Patriot Act.
I did go. But I had to leave later than I wanted to because I had to take my Mom to a few places, which was fine, I would’ve gotten there late, but I would have gotten there.
But the thing is, I got lost in Mountain View. I don’t know who designed those highway exchanges and signs on the 237, but they need to be retired or something. Completely missed the turnoff to the 101
Gah
@Michael Cromer: Also things go under different names. In the PRISM slides they indentify taps under a code designation not “PRISM” and if you note the comment from some of the companies such as facebook was initially framed as “we’ve never heard of PRISM.” Fine, perhaps they haven’t they only know about FAA2373 or something else which Just happens to be part of PRISM.
@Orestes Ippeau: Right–that’s a big part of the problem. The “minimization procedures” are becoming the guts of targeting, but no one is checking NSA’s work on that front.
@JohnT: Ouch. Sorry to hear that–I’d love to hear him talk more about this.
@orionATL: You’re much too kind to our Nobel-Peace-Prize-winning, Constitution-expert president.
Great reporting, Marcy. The government’s preventing challengers (and courts) from seeing all the pertinent evidence is a key element. This needs to be at the forefront of the debate.
@Orestes Ippeau:
The fundamental value underlying the dilemma/deficiency you describe is that the spooky agencies and high government officials have an absolute right to secrify/classify anything, any thing their whim desires, any action or document.
There is no countervaling value that holds that secrecy classification is not the highest value, that secrecy may never make difficult or disrupt continuing evaluation of the moral, legal, and efficient aspects of a clandestine activity by outsiders to the spooky agency.
Personally, i doubt there is ANY spy activity undertaken by the nsa that is so important importantthat no outside, e.g., judge, congressional or presidential evaluator may know its details.
My view is that evaluation, aka, oversight is the superior value, far superior to the need for secrecy. That is another way of saying that our society’s need for moral, legal, and effectiveness information about a secret program trump any need for secrecy. It is amazing, though, how even the most stalwart sunshine advocates hasten to add exceptions supporting security secrecy or even to grovel before assertions of its need where national security is asserted.
This is connected to the problem of the rules of socially acceptable public speech from public officials, which rules are the breeding ground of much political pathology is this country.
I do not understand how or why courts are willing to base any decision on good (blind) faith. Nor do I understand why or how executive orders and memos are held to be so dear. Especially under the guise of so much secrecy and determined obfuscation.
Pure tyranny.
I think courts deserve much more scorn and ridicule than they seem to be getting this week. Certainly equal to the executive and legi branches.
Marcy,
Somebody posted this link somewhere the other day to the 7 years old USA Today story on NSA hoovering:
http://yahoo.usatoday.com/news/washington/2006-05-10-nsa_x.htm
I was blissfully unaware of the Qwest story back then, and in searching for more, found your post in 2007 on the trial:
http://www.emptywheel.net/2007/12/16/did-nacchio-lie-or-just-misunderstand/
Now here’s one of the advantages of Big Data — you get more clues with a bigger sample.
“One source is saying Nacchio’s lying, the other is saying Nacchio just misunderstood the ask.”
With what we think we know now, what if both of the NY Times sources were lying or, in the case of the prosecutor, misunderstood? What if Nacchio was telling the truth on this point, did understand, and maybe even did the right thing?
The Denver Post still has a lot of trial files on-line:
http://www.denverpost.com/nacchio
I downloaded these two filings on presenting a defense under the Classified Information Procedures Act (CIPA), and they’re not surprisingly unintelligible with all the deletions (at least 3 whole pages in one):
http://extras.mnginteractive.com/live/media/site36/2007/0307/20070307_031019_nacchiocipasubmission.pdf
http://extras.mnginteractive.com/live/media/site36/2007/0307/20070307_030832_govtcipabrief.pdf
As a side note, the government prosecutor in Nacchio’s trial was Christopher Stricklin, formerly a lead prosecutor in two Enron trials. He was personally vetted for his new job in Denver by . . . (drum roll) . . . Monica Goodling. Why would she choose someone who tried to put Kenny Boy behind bars?
http://www.denverpost.com/news/ci_10049267
Nacchio started out with a BSEE from NYU. I’d wager he had a reasonable understanding of the technology.
@omphaloscepsis:
iirc Marcy wrote a lot about Qwest around that time
@Eureka Springs:
Second the motion!!
Under the bush-obama doj’s assault on onthe constitution,
The federal judiciary’s conduct – from district court to appellate court to supreme court – has been cowardly, incompetent, contemptable, authoritarian, and self-protecting of the judiciary, in the extreme.
Potential judicial “hero” material does not get pass the senate these days – only the thuds and the duds that go to harvard law school or yale law school and become corporate lawyers first.
Great post EW. Award winning.