May 22, 2014 / by emptywheel


Why USA Freedumber Doesn’t End (What You and I Think of as) Bulk Collection

I fear, reading this Kevin Drum post, that my explanations of why USA Freedumber will not end what you and I think of as bulk collection have not been clear enough. So I’m going to try again.

It is now, with the bill in current form, a 4-part argument:

  • The bill uses the intelligence community definition of bulk collection in its claim to end bulk collection, not the plain English language meaning of it
  • The bill retains the “relevant to” language that got us into this problem
  • The “selection terms” it uses to prevent bulk collection would permit the collection of vast swaths of innocent people’s records
  • Such a reading would probably not rely on any new FISA Court opinion; existing opinions probably already authorize such collection

The intelligence versus the plain English definition of bulk collection

This entire bill is based on the intelligence community definition of bulk collection, not the common English definition of it. As defined by President Obama’s Presidential Policy Directive on SIGINT, bulk collection means,

the authorized collection of large quantities of signals intelligence data which, due to technical or operational considerations, is acquired without the use of discriminants (e.g., specific identifiers, selection terms, etc.).

Bulk collection, as defined by the intelligence commonly, only means collection that obtains all of a particular type of record: all phone records, all Internet metadata, all credit card records. Anything that stops short of that — all 202 Area Code phone records, all credit card records buying pressure cookers, all Internet metadata for email sent to Yemen — would not count as bulk collection under this definition.

A more commonsense meaning of bulk collection would be the collection of large volumes of data, sweeping up the data of totally innocent people, on which to do further (sometimes technically intrusive) searches to find the data of interest. What we call “Big Data,” for example, would very often not qualify as bulk collection as the intelligence community defines it (perhaps its starts with the health data of everyone born after 1946, for example, or the purchase records from just one online store) but would qualify as bulk collection as you and I would define it.

As I explained in this post, the means USA Freedumber uses to ensure that it does not permit bulk collection is to require the collection start from a “selection term.” Thus, by definition, it cannot be bulk collection because the technical (but not commonsense) definition of bulk collection is that which uses a selection term.

And because they defined it that way, it means that every time some well-intentioned Congressman (it was all men, pushing this bill) boasted that this bill “ends bulk collection” they were only laying a legislative record that would prohibit the intelligence community definition of bulk collection, not the commonsense meaning.

The bill retains the “relevant to” language that gave us bulk collection in the first place

Man, Jim Sensenbrenner must have complained about the way the FISA Court reinterpreted the plain meaning of “relevant to” from the 2006 reauthorization of the PATRIOT Act three or four times in the post-passage press conference. He’s still angry, you see, that a court, in secret, defined the term “relevant to” to mean “any data that could possibly include.”

But this bill does nothing to change that erroneous meaning of the term.

Worse, it relies on it!

For most authorities — the Pen Register (PRTT) authority, the non-call record Section 215 authority, and all National Security Letter authorities –USA Freedumber leaves that language intact. It now requires the use of a selection term, but unlike the new call record language, those authorities don’t require that the selection term be “associated with a foreign power or an agent of a foreign power.” (You can compare the language for traditional Section 215 and the new call records Section 215 at b2B and b2C in this post.)  They don’t even require that the selection term itself be relevant to the investigation!

Thus, so long as there is a selection term — some term to ensure the NSA isn’t grabbing all of a certain kind of record — they’re going to still be able to get that data so long as they can argue that sorting through whatever data they get will yield useful information.

“Specific selection term” is too broad

Now, all that wouldn’t matter if the bill required specific selection terms to be tied to the individual or entity under investigation. Even the USA Freedumb bill didn’t require that.

But the language in USA Freedumber that got passed today makes things worse.

SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a discrete term, such as a term specifically identifying a person, entity, account, address, or device, used by the Government to limit the scope of the information or tangible things sought pursuant to the statute authorizing the provision of such information or tangible things to the Government.’

Again, note that the selection term only needs to limit the scope of production, not have a tie to the target of the investigation.

And while I actually find comfort from some of these terms — I’d be happy if the financial NSLs could only search on a specific account and the toll record NSL could only get phone records of a specific device (though FBI does use NSLs to get 2 degree separation, so this would return more than just that device’s records). As I’ve said in the past, “entity” is far too broad. It could include al Qaeda — allowing the NSA to obtain all data that might have al Qaeda data within it — or VISA — allowing the NSA to obtain all of that credit card entity’s data.

Then there’s the “basis for” language. The NSA gets to determine precisely what data must be acquired to fulfill the delivery for a particular term. In the past, for example, they’ve successfully argued that some subset of the telecom switches carrying international telecom data could be tapped to find the al Qaeda data (this particular construction is preserved in the PRTT language in the statute).

Finally, though, USA Freedumber adds “such as” to this definition, making it clear these are only some of the possible kinds of selection terms. The intelligence community has already been abusing this construction. For example, at a hearing in March, it told PCLOB it uses selectors “such as telephone numbers or email addresses that will produce foreign intelligence falling within the scope of the [Section 702] certifications.” But in addition to telephone numbers and email, NSA also uses malware code, something witnesses didn’t mention the 9 or so times they described selectors at that hearing, and malware code happens to present a unique set of legal issues. So based on actual past practice, we have reason to assume that when the intelligence community uses “such as,” it is only providing the most innocuous examples of the meaning of a term, and hiding the more troubling ones.

In other words, this bill uses “specific selection term” as the primary means to prohibit bulk collection, but then puts almost no limits on what they can use as a selection term.

Existing court precedents already permit the use of selectors to get bulk data

In their presser today, the bill champions promised that a requirement that FISC inform Congress of any new interpretations of “specific selection term” would ensure the intelligence community doesn’t abuse this structure.

But the IC will be able to get bulk data (using the commonsense definition of the term) using the existing precedents.

There’s the 2004 opinion that blew up the meaning of “relevant to,” which I’ve already discussed.

In 2006 or 2007 (the decision went into effect in January 2007, but I believe it has a 2006 docket number), the FISA Court approved a claim that an entire telecom switch could represent a “facility” under traditional FISA definitions. That decision was modified somewhat in May of that year (in docket 07-449), to hold that “communications containing a reference to a targeted selector are reasonably likely to contain foreign intelligence information,” which is what permits the NSA to have telecoms search the content of 75% of the country’s telecom data to find those selection terms. We have reason to believe that FISC has also approved searches on common beauty supplies — hydrogen peroxide and acetone, albeit probably in high but not abnormally high volumes — as relevant to al Qaeda. And there is presumably some precedent that allows the government to collect significant amounts of financial records under Section 215.

All those are already in place. So long as the IC uses some selection term piggybacking on those decisions, they’ll still be able to get great amounts of data and still claim it is not engaging in “bulk collection.”

The limits on the phone dragnet

There’s one more way bill champions confuse the issue here: by pretending the changes to the phone dragnet affect all the rest of the collection methods.

As I’ve noted above, not only does the new phone dragnet require the use of a “specific selection term,” but it also requires that “that such specific selection term is associated with a foreign power or an agent of a foreign power.” For the phone dragnet, and the phone dragnet only (and USA Freedumber explicitly envisions using Section 215 to obtain phone records outside of this scheme!), the specific selection term has to actually have some tie to a foreign power (though not necessarily a terrorist!).

Now, the intelligence community wants to outsource the querying on phone records to the telecoms for other reasons anyway, so they would use this system in any case. But when bill supporters say this bill ends bulk collection, it does mean it ends bulk phone record collection — as both you and I would define it, and as the IC would (except for that weird language allow them to bypass this provision).

That’s the only collection under Section 215 we’ve seen. That’s the bulk collection we know about. So by stating that this bill would end the current system — and it would — supporters confuse you into believing something similar is going on with all the other large volume collection programs.

It’s not.

As Mike Rogers made clear even before these most recent changes, this bill was not envisioned to change any of the other programs.

So this bill (probably) ends bulk collection of phone records (according to the meaning you and I would use). But there is absolutely no reason to believe it ends other bulk — using the commonsense definition — collection.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @