Administration Feeds Journalists Hints of More Secret Law … Journalists Instead Parrot “Russian Roulette” Line

/17 Comments/in , /by

Back in January, Charlie Savage revealed that in 2007 the FISC approved a secret interpretation of the Roving Wiretap provision, one of the provisions due to sunset Sunday night. To support a domestic content collection order targeting al Qaeda targets overseas, Judge Roger Vinson rubber-stamped DOJ’s argument that — because Congress had let it wiretap individual targets without naming each of the phones they were using, that also meant it could target al Qaeda as a target — without naming each of the phones and email addresses it was targeting until after tasking them [this sentence updated for accuracy].

Judge Vinson ruled that this procedure was a legitimate interpretation of FISA because of a provision Congress had added to the surveillance law in the Patriot Act. The provision created so-called roving wiretap authority, which allows the F.B.I. to get orders to swiftly follow targets who switch phones, telling the court about the new numbers later.

Public discussion of the purpose and meaning of roving wiretap authority has focused on targeting individual terrorists or spies who seek to evade detection. But Judge Vinson accepted a Justice Department proposition that the target could be Al Qaeda in general, so if the N.S.A. learned of a new Qaeda suspect, it could immediately collect his communications and get after-the-fact approval.

The government stopped using this particular application as it transitioned to Protect America Act (though it even grandfathered some of the existing targets tasked under the prior argument). But the premise — that DOJ can target entire communication nodes based on the argument that a specific target is using unknown accounts passing through that node — surely remains on the books.

This secret interpretation of the law may not be as outrageous as FISC’s redefinition of the word “relevant” to mean “all,” but it is nevertheless a fairly breathtaking argument, with potentially dangerous ongoing implications.

Yet, in spite of the fact that a top journalist (not some dirty hippie like me!) revealed this secret interpretation, the journalists who transcribed Administration claims that sunsetting PATRIOT would amount to playing “national security Russian roulette” have also transcribed Administration claims that they’re only using Roving Wiretaps individually.

A second tool is the “roving wiretap,” which enables the FBI to use one warrant to wiretap a spy or terrorist suspect who is constantly switching cellphones. Those two in particular are of “tremendous value,” the first official said.

We don’t know they’re using Roving Wiretaps to tap entire circuits anymore. But we know they can. That detail should be included in any description before a journalist parrots the Administration claim this is an “uncontroversial” authority. If it’s not controversial, it should be.

Ditto the Lone Wolf provision.

Reporters are reporting something that — 11 years after passage of the Lone Wolf provision — ought to raise serious questions (note: Lone Wolf was actually not part of the PATRIOT Act; it was passed in 2004 as part of the Intelligence Reform and Terrorism Prevention Act).

A third tool allows the FBI to surveil a “lone wolf” suspect who cannot be tied to a foreign terrorist group such as al-Qaeda. It has never been used, but officials said it is a valuable authority they do not want to lose.

That provision has been on the book for 11 years, and the FBI still says they have never used it but even though they have never used it is a valuable authority. It was not used in cases — such as that of Khalid Ali-M Aldawsari — that solidly fit the definition of a Lone Wolf. Even if the FBI found someone who they thought was an international terrorist but didn’t know to what group he belonged, they could get an emergency wiretap to help them find evidence.

So what “value” does the Lone Wolf provision have, if it’s not to authorize the wiretapping of Lone Wolves?

I think there’s increasing reason to ask whether this, like the Roving Wiretap, serves to justify some other secret law, allowing the government to spy on people against whom it has no evidence of ties to al Qaeda or any other terrorist group, but on whom it nevertheless wants to use its terrorist authorities against.

We’re on the fifth or so reauthorization debate where FBI has said “we don’t use this thing but we find it very valuable anyway.” At some point, we need to start assuming that when they say they haven’t “used” it, they only mean in the literal sense, and they’re using it to support some secret, unintended purpose.

Rather than parroting Administration claims of “Russian roulette,” shouldn’t journalists be asking why, after 11 years, their claims of necessity make no sense?

DOJ IG Issues Yet Another Classified Report that Should Be Public Before Congress Votes on PATRIOT Act

/in , /by

DOJ’s Inspector General just announced it completed its draft report on the use of Pen Register/Trap and Trace between 2007 and 2009 15 months ago, but the Intelligence Community only finished its classification review last month. It has now issued a classified version of that report to the Judiciary and Intelligence Committees.

Department of Justice Inspector General Michael E. Horowitz today issued a classified report entitled, The Federal Bureau of Investigation’s Use of Pen Register and Trap and Trace Devices under the Foreign Intelligence Surveillance Act in 2007 through 2009. The Department of Justice (DOJ) Office of the Inspector General (OIG) completed a draft of this report in February 2014. At that time, we provided the draft report to DOJ, the Federal Bureau of Investigation (FBI), and the Intelligence Community to conduct factual accuracy and classification reviews. In May 2014, we circulated an updated draft report that reflected minor revisions made in response to the factual accuracy comments we received. We did not receive the final results of the classification reviews until April 30, 2015.

We are providing today’s classified report to the relevant Congressional oversight and intelligence committees, as well as to DOJ leadership offices. We recently submitted a short unclassified Executive Summary of the report to DOJ, the FBI, and the Intelligence Community for review. We will publicly release the Executive Summary as soon as that review is completed.

This is another report that should have been released long before the current debate on the PATRIOT Act. While PRTT is not among the authorities that sunsets on Sunday, the issues surrounding the shut-down of the bulk Internet program in (around) October 2009 are central to the debate about the dragnet going forward, because “call” records are increasingly Internet records.

Moreover, the USA F-ReDux calls for “privacy guidelines” that I believe are still inadequate to protect US persons’ privacy in the ways the IC is likely using PRTT today. Plus, PRTT is likely used for applications — such as tower dumps and Stingrays — that affect the privacy of many people not otherwise targeted. Congress should have details about that before they legislate.

In addition, Richard Burr’s bill actually adopts a definition of “content” — excluding Dialing, Routing, Addressing, and Signaling data from the definition of content — that responds directly to the issues behind the Internet dragnet shutdown in 2009.

Last week, much of DC discovered for the first time — because of the delayed release of DOJ IG’s report on Section 215 — what I had been reporting for months: that the bulk of Section 215 orders actually collect bulky Internet data. That report also disclosed that, at least as used up until 2009 (that is, as FBI just started using 215 for that Internet collection), Section 215 wasn’t all that useful.

It is highly likely that the 15-month old PRTT report DOJ’s IG just released would have information that is equally important to this debate.

But the public is not going to have access to it.

Edward Snowden Richard Burr Exposes IP Address Dragnet on Senate Floor

/12 Comments/in , /by

Update: As I show in this post, the transcription of Burr’s speech in the Congressional record removed the reference to IP addresses. 

Update: While Burr’s office did not respond to my request for comment, they did respond to Buzzfeed (which sadly didn’t ask the obvious follow-up questions). His office claims he misspoke, though apparently didn’t explain why he would confuse Section 215 and PRTT, why he would tie the Internet dragnet to phone calls, or why, if the current dragnet doesn’t collect Internet data but USA F-ReDux would, why that would not then be a welcome return for the Senator given his stated desire to track such collection. I have asked for comment again from Burr’s office on those questions. 

Since last summer, I have been emphasizing that the bulk of Section 215 orders collect Internet data, not phone records under the phone dragnet. I pointed to evidence that that production included data flows and noted FBI claims they use it to conduct hacking investigations.   But I have assumed that was primarily bulky collection, not bulk collection.

Not so. Earlier today, noted whistleblower Edward Snowden Senate Intelligence Chair Richard Burr revealed that there is also an IP address bulk collection program. (h/t Andrew Blake, after 2:15)

Now what’s bulk data? Bulk data is storing telephone numbers and IP addresses — we have no idea who they belong to — that are domestic. And the whole basis behind this program is that as a cell phone is picked up in Syria, and you look at the phone numbers that phone talked to, if there’s some in the United States we’d like to know that — at least law enforcement would like to know it — so that we can understand if there’s a threat against us here in the homeland [sic] or somewhere else in the world. So Section 215 allows the NSA to collect in bulk telephone numbers and IP addresses with no identifier on it. We couldn’t tell you who that American might be.

I thought when you leaked details like this it helped our enemies? I thought if you did such things you were a traitor, deserving of an orange jumpsuit at Gitmo?

Apparently not.

So it appears it’s the IP dragnet, and not the phone dragnet, that the Republicans are trying to save?

It’s a little late for that, though, given that the Second Circuit just ruled such dragnets illegal.

emptywheel Coverage of USA F-ReDux, or, PRISM for Smart Phones

/10 Comments/in , /by

This post will include all my coverage on USA F-ReDux.

Ten Goodies USA F-ReDux Gives the Intelligence Community 

USA F-ReDux’s boosters often suggest the bill would be a big sacrifice for the Intelligence Community. That’s nonsense. This post lists just 10 of the goodies the IC will get under the bill, including chaining on Internet calls, a 2nd super-hop, emergency provisions ripe for abuse, and expansions of data sharing.

2nd Circuit Decision Striking Down Dragnet Should Require Tighter “Specific Selection Term” Language in USA F-ReDux 

The 2nd Circuit just ruled that the phone dragnet was not authorized by Section 215. The language in the opinion on DOJ’s misinterpretation of “relevant to” ought to lead Congress to tighten the definition of “Specific Selection Term” in the bill to better comply with the opinion.

USA F-ReDux: Chaining on “Session Identifying Information” that Is Not Call Detail Records 

As I correctly predicted a year ago, by outsourcing “connection chaining” to the providers, the Intelligence Community plans to be able to chain on session identifying information (things like location and cookies) that is probably illegal.

USA F-ReDux: Dianne Feinstein Raises the Data Handshake Again (Latest post)

Some months ago, Bob Litt emphasized USA Freedom would only work if the telecoms retained enough data for pattern analysis (which may or may not back my worry the government plans to outsource such pattern analysis to the telecoms). Nevertheless, no one seems to want to discuss whether and if so how USA F-ReDux will ensure providers do keep data. Except Dianne Feinstein, who today once again suggested there is a kind of “data handshake” whereby the telecoms will retain our data without being forced.

Unlike the Existing Phone Dragnet, USA F-ReDux Does Not Include “Telephony” in Its Definition of Call Detail Record 

The definition of Call Detail Record that will be adopted under USA F-ReDux is closely related to the definition currently used in the phone dragnet — though the USA F-ReDux does not require CDRs to be comprehensive records of calls as the existing phone dragnet does. The big difference, however, is that USA F-ReDux never specifies that calls include only telephony calls.

Congress’s Orwellian spying “reforms”: Why the government wants to outsource its surveillance to your Internet provider 

At Salon, I explain more about why the IC wants to create PRISM for Smart Phones with USA F-ReDux.

Google Applauds USA F-ReDux Because It “Modernizes” Surveillance 

Neither Google nor any of the other providers are admitting they’ll be getting expansive immunity to help spy on their users if USA F-ReDux passes. But Google does reveal they consider this move “modernization,” not reform. Is that because they’ll once again get a monopoly on spying on their users?

Read more

FBI’s Pen Registers without Any Call Records

/in , /by

There’s one more aspect of the transparency procedures in USA F-ReDux I find notable (in addition to the IC’s sudden unwillingness to share the scope of Section 702 and the fact that FBI will get all the returns from CDR searches, as opposed to a tiny subset as happens now).

As under the Leahy version of USA Freedom Act, the bill only requires the government to count communications collected pursuant to the Pen Register statute.

(3) the total number of orders issued pursuant to title IV and a good faith estimate of—

(A) the number of targets of such orders; and

(B) the number of unique identifiers used to communicate information collected pursuant to such orders;

Location tracking does not count as a communication (and there may be other loopholes in the new, undefined language). So to the extent they’re using PRTTs primarily to conduct location tracking, that won’t show up.

Remarkably (and in good news, maybe, but who knows?), the FBI exemption they give to everything interesting only applies to non telephone and email identifiers.

(B) ELECTRONIC MAIL ADDRESS AND TELEPHONE NUMBERS.—Paragraph (3)(B) of subsection (b) shall not apply to orders resulting in the acquisition of information by the Federal Bureau of Investigation that does not include electronic mail addresses or telephone numbers.

(Bob Litt, didn’t your Yale professors ever tell you not to use a double negative if you wanted to avoid confusing people?)

Again, perhaps this means the FBI is exclusively using PRTT for location data (but even there, to claim they weren’t collecting it, they’d have to claim a device identifier was different than a phone number, which it is, but jeebus are they that cynical?). But we know they’ve got their PCTDD production, which ought to be based off a traditional pen register which ought to collect emails and telephone numbers.

To be honest, I’m confused. I can’t imagine how any of the FBI exemptions do anything but hide some of the most interesting collection, which may be the case if they’re only using PRTT for location. But still, it doesn’t seem to make sense…

One more point of interest. The bill adds to reporting to the oversight committees a requirement that the government list all of the agencies that have been using PRTT.

(4) each department or agency on behalf of which the Attorney General or a designated attorney for the Government has made an application for an order authorizing or approving the installation and use of a pen register or trap and trace device under this title; and

Nine Members of Congress Vote to Postpone the Fourth Amendment

/7 Comments/in /by

Broadcast live streaming video on Ustream

John Conyers, Jim Sensenbrenner, Darrell Issa, Steve Cohen, Jerry Nadler, Sheila Jackson Lee, Trey Gowdy,  John Ratcliffe, Bob Goodlatte all voted to postpone the Fourth Amendment today.

At issue was Ted Poe’s amendment to the USA Freedom Act (USA F-ReDux; see the debate starting around 1:15), which prohibited warrantless back door searches and requiring companies from inserting technical back doors.

One after another House Judiciary Committee member claimed to support the amendment and, it seems, agreed that back door searches violate the Fourth Amendment. Though the claims of support from John Ratcliffe, who confessed to using back door searches as a US Attorney, and Bob Goodlatte, who voted against the Massie-Lofgren amendment last year, are suspect. But all of them claimed they needed to vote against the amendment to ensure the USA Freedom Act itself passed.

That judgment may or may not be correct, but it’s a fairly remarkable claim. Not because — in the case of people like Jerry Nader and John Conyers — there’s any question about their support for the Fourth Amendment. But because the committee in charge of guarding the Constitution could not do so because the Intelligence Committee had the sway to override their influence. That was a point made, at length, by both Jim Jordan and Ted Poe, with the latter introducing the point that those in support of the amendment but voting against it had basically agreed to postpone the Fourth Amendment until Section 702 reauthorization in 2017.

(1:37) Jordan: A vote for this amendment is not a vote to kill the bill. It’s not a vote for a poison pill. It’s not a vote to blow up the deal. It’s a vote for the Fourth Amendment. Plain and simple. All the Gentleman says in his amendment is, if you’re going to get information from an American citizen, you need a warrant. Imagine that? Consistent with the Fourth Amendment. And if this committee, the Judiciary Committee, the committee most responsible for protecting the Bill of Rights and the Constitution and fundamental liberties, if we can’t support this amendment, I just don’t see I it. I get all the arguments that you’re making, and they’re all good and the process and everything else but only in Congress does that trump — I mean, that should never trump the Fourth Amendment.

(1:49) Poe; We are it. The Judiciary Committee is it. We are the ones that are protecting or are supposed to protect, and I think we do, that Constitution that we have. And we’re not talking about postponing an Appropriations amount of money. We’re not talking about postponing building a bridge. We’re talking about postponing the Fourth Amendment — and letting it apply to American citizens — for at least two years. This is our opportunity. If the politics says that the Intel Committee — this amendment may be so important to them that they don’t like it they’ll kill the deal then maybe we need to reevaluate our position in that we ought to push forward for this amendment. Because it’s a constitutional protection that we demand occur for American citizens and we want it now. Not postpone it down the road to live to fight another day. I’ve heard that phrase so long in this Congress, for the last 10 years, live to fight another day, let’s kick the can down the road. You know? I think we have to do what we are supposed to do as a Committee. And most of the members of the Committee support this idea, they agree with the Fourth Amendment, that it ought to apply to American citizens under these circumstances. The Federal government is intrusive and abusive, trying to tell companies that they want to get information and the back door comments that Ms. Lofgren has talked about. We can prevent that. I think we should support the amendment and then we should fight to keep this in the legislation and bring the legislation to the floor and let the Intel Committee vote against the Fourth Amendment if that’s what they really want to do. And as far as leadership goes I think we ought to just bring it to the floor. Politely make sure that the law, the Constitution, trumps politics. Or we can let politics trump the Constitution. That’s really the decision.

Nevertheless, only Louie Gohmert, Raul Labrador, Zoe Lofgren, Suzan DelBene, Hakeem Jeffries, David Cicilline, and one other Congressman–possibly Farenthold–supported the amendment.

The committee purportedly overseeing the Intelligence Community and ensuring it doesn’t violate the Constitution has instead dictated to the committee that guards the Constitution it won’t be permitted to do its job.

Google Applauds USA F-ReDux Because It “Modernizes” Surveillance

/2 Comments/in , /by

Thus far, none of the Internet providers who have issued statements in support of the latest incarnation of USA Freedom Act (which I’m calling USA F-ReDux) have mentioned that they will be getting expansive immunity and compensation for helping the government spy on you.

Google didn’t mention it either.

Along with two other features, Google argues USA F-ReDux would,

[E]nd the bulk collection of communications metadata under various legal authorities. This not only includes telephony metadata collected under Section 215, but also Internet metadata that has been or could be collected under other legal authorities.

I find that an interesting way to describe the bill, particularly given that Google calls this “modernizing” surveillance, not limiting it.

Congress Has Only A Few Weeks Left to Modernize Surveillance Laws

Both the government and some providers used that same language — “modernize” — during the FISA Amendments Act, too. Sure, that was partly because it accommodated the law to growing Internet reliance. USA F-ReDux will do that too, to the extent it allows the government to obtain metadata for things like Google Meet-Ups and other VOIP calls and Internet messaging, which the government needs if it really wants dragnet coverage. FAA also involved deputizing Internet providers so that their data could not longer be collected in bulk by phone companies.

Modernizing surveillance, they called that.

And as I’ve just begun to lay out, this bill will set up a system similar in many respects to PRISM, where the government would go to the provider to get what they wanted on a target. Under PRISM, what the government wanted quickly expanded. Within 6 months of the roll-out of PRISM, the government was already asking for 9 different types of data from providers like Yahoo, apparently spanning Yahoo’s four business functions (meaning email, information services, data storage, and Yahoo internal functions).

Here, as with FAA, the government will go to providers to get what they want. And given that the bill permits the government to ask providers to chain on non-Call Detail Record session identifiers (things like cookies and location data), the government will benefit from, though not directly access, some of the same data that the government started obtaining under PRISM. And while I would hope the FISA Court would exert some oversight, I would also bet the government will make increasingly expansive claims about what constitutes a “session identifier” that can be used to chain (we know that, overseas, they chain on address books and photographs, for example).

And in one way, USA F-ReDux is worse than PRISM. Unlike FAA, USA F-ReDux will feature an added role for a Booz-type contractor compiling all this data, possibly in some cloud somewhere that would be about as safe as all the documents Edward Snowden took, to make it easier to chain across providers.

This is what Google celebrates as “modernization.”

But let’s go back to Google’s representation of this as ending bulk collection of, “Internet metadata that has been or could be collected under other legal authorities.”

We’ve long discussed the Section 215 dragnet as covering just calls made by phone companies (though Verizon’s Counsel, in a hearing last year, noted that the government would have to get VOIP if it wanted full coverage).

But that’s not true. As I reported the other day, at least one of the phone metadata dragnets was collecting VOIP metadata. Google’s VOIP metadata. In fact, the only known use of the DEA dragnet involved a US user subscribing to Google calls.

In other words, the Shantia Hassanshahi case is important not just because it led to us learning about the DEA dragnet, but because it revealed that (in addition to Google’s Internet metadata being collected under PRTT illegally for years), Google’s VOIP data also got sucked up in at least one phone dragnet.

Google doesn’t like other people being able to spy on its customers.

But now that USA F-ReDux will return it to the position of having the monopoly on spying on its customers, it calls this “modernization.”

Yes, Section 215 Might Be Used to Get Dick Pics — or Porn Searches and Dick Uploads

/10 Comments/in , /by

John Oliver did an interview with Edward Snowden that aired on his show last night. After showing Snowden that most random people stopped in Times Square didn’t know or care what Snowden had done (starting at 22:30), Oliver then showed that they would care if this were all about the government collecting dick pics.

So Snowden goes through and describes (after 28:00) what authorities the government might use to collect dick pics, focusing largely on different aspects of Section 702 and EO 12333. But (at 30:00), Snowden says the NSA (Oliver should have been asking about the government, not NSA) couldn’t use Section 215 to get dick pics, though they could use the phone dragnet to find out if you’ve been calling a penis enlargement center.

Not so fast, Ed!

It is, hypothetically, possible that the government (more likely FBI than NSA) could use Section 215 to get dick pics, provided there were some entity that had a collection of dick pics it was interested in. It would only 1) need to find that entity that had these dick pics as records, 2) come up with some reason why they needed the dick pics for either a counterterrorism or counterintelligence purpose, and 3) convince the rubber stamp FISA Court that these dick pics were “relevant to” a counterterrorism or counterintelligence FBI investigation (which we know FISC interprets unbelievably broadly) but that FBI wasn’t seeking the dick pics solely on the basis of the target’s First Amendment protected, um, speech. Hypothetically possible, at least, if unlikely. A dick pic is a tangible thing.

Furthermore, it is almost certain that the FBI (again, not the NSA, but if the FBI does it, it is more likely targeted at an American) is using Section 215 to get URL searches and data flows — along with fairly comprehensive online profiles — on users. So in addition to Snowden’s explanation of using the phone dragnet to see if you’ve called a penis enlargement center, the FBI may be using Section 215 to track a user’s porn watching habits and even if they’ve been uploading their own dick pics to some server. There likely are dick pics in this collection (though the FISC almost certainly requires minimization if the collection, so may limit the FBI’s ability to retain dick pics unless it can claim it needs them for an investigative purpose). (Though note, a recent Shane Harris story reveals NSA needs its own porn room because its analysts spend so much time analyzing what they collect.)

Again, Section 215 is far more than the phone dragnet, it is designed to support fairly creative collection of “tangible things” so long as there is an attenuated national security purpose to do so, and we know it supports a great deal of collection on users’ Internet use.

And while dick pics might be just a hypothetical case, far easier to imagine would be FBI using Section 215 to obtain DNA — perhaps from hospitals, perhaps from hotels where targets had stayed, obviously from cops (though they could get that through info sharing). DNA is, after all, a tangible thing. And we know that the government has a DNA database of Gitmo detainees, so they have been amassing DNA to positively ID both the targets but also family members of targets.

One more note. Several of the ways the NSA has gotten dick pics — via Yahoo video chats, stealing from Google servers overseas — may have become less accessible to the government overseas as companies move to encrypt more of their traffic. I assume they’ll find some new way to get these. But for the moment, the government may be ingesting fewer dick pics than they were in 2013.

The Precedent for Using Presidential National Emergency Proclamations to Expand Surveillance

/6 Comments/in , , /by

On September 14, 2001 — 3 days before signing an expansive Memorandum of Notification that would authorize a suite of covert operations against al Qaeda, and 4 days before signing an AUMF that would give those operations the appearance of Congressional sanction — President Bush declared a National Emergency in response to the 9/11 attack.

The following day, according to a 2002 motion to the FISC to be able to share raw FISA-derived information with CIA and NSA (this was liberated by Charlie Savage), FISC suspended its rules on sharing intelligence derived under FBI-obtained FISA warrants with criminal investigations (see page 26 of this paper for background).

On September 15, 2001, upon motion of the Government, the [FISA] Court suspended the “Court wall,” certification, and caveat requirements that previously had applied to Court-authorized electronic surveillance and physical search of [redacted] related targets, while directing that the FBI continue to apply the standard minimization procedures applicable in each case. As stated in the order resulting from that motion, the Court took this action in light of inter alia:

“the President’s September 14, 2001, declaration of a national emergency and the near war conditions that currently exist;”

“the personal meeting the Court had with the Director of the FBI on September 12, 2001, in which he assured the Court of the collection authority requested from this Court in the face of the nature and scope of the multi-faced response of the United States to the above-referenced attacks;

“the need for the Government to rapidly disseminate pertinent foreign intelligence information to appropriate authorities.”

Ten days after FISC dismantled its role in “the wall” between intelligence and criminal investigations in response to the Executive’s invocation of a National Emergency, on September 25, 2001, John Yoo finished an OLC memo considering the constitutionality of dismantling the wall by replacing “the purpose” in FISA orders with “a purpose.”

A full month later, on October 25, 2001, Congress passed the PATRIOT Act. For over 13 years, analysis of the PATRIOT Act has explained that it eliminated “the wall” between intelligence and criminal investigations by replacing language requiring foreign intelligence be “the purpose” of FISA wiretaps with language requiring only that that be “a significant purpose” of the wiretap. But the FISC suspension had already removed the biggest legal barrier to eliminating that wall.

In other words, the story we’ve been telling about “the wall” for over 13 years is partly wrong. The PATRIOT Act didn’t eliminate “the wall.” “The wall” had already been suspended, by dint of Executive Proclamation and a secret application with the FISC, over a month before the PATRIOT Act was initially introduced as a bill.

FISC suspended it, without congressional sanction, based on the President’s invocation of a National Emergency.

That’s not the only case where the Executive invoked that National Emergency in self-authorizing or getting FISC to authorize expansive new surveillance authorities (or has hidden the authorities under which it makes such claims).

Perhaps most illustratively, on May 6, 2004, Jack Goldsmith pointed to the National Emergency when he reauthorized most aspects of Stellar Wind.

On September 14, 2001. the President declared a national emergency “by reason of the terrorist attacks at the World Trade Center, New York, New York, and the Pentagon, and the continuing and immediate threat of further attacks on the United States.” Proclamation No. 7463, 66 Fed. Reg. 43, !99 (Sept. 14, 2001). The United States also launched a massive military response, both at home and abroad. In the United States, combat air patrols were immediately established over major metropolitan areas and were maintained 24 hours a day until April 2002, The United States also immediately began plans for a military response directed at al Qaeda’s base of operations in Afghanistan.

Only after invoking both the Proclamation and the immediate military response that resulted did Goldsmith note that Congress supported such a move (note, he cited Congress’ September 14 passage of the AUMF, not Bush signing it into law on September 18, thought that may be in part because Michael Hayden authorized the first expansions of surveillance September 14; also remember there are several John Yoo memos that remain hidden) and then point to an article on the friendly-fire death of Pat Tillman as proof that combat operations continued.

On September 14, 2001, both houses of Congress passed a joint resolution authorizing the President “to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks” of September I I. Congressional Authorization § 2(a). Congress also expressly acknowledged that the attacks rendered it “necessary and appropriate” for the United States to exercise its right “to protect United States citizens both at home and abroad,” and acknowledged in particular that the “the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the United States.” id. pmbl. Acting under his constitutional authority as Commander in Chief, and with the support of Congress, the President dispatched forces to Afghanistan and, with the cooperation of the Northern Alliance, toppled the Taliban regime from power Military operations to seek out resurgent elements of the Taliban regime and al Qaeda fighters continue in Afghanistan to this day. See, e.g., Mike Wise and Josh White, Ex-NFL Player Tillman Killed in Combat, Wash. Post, Apr. 24, 2004, at AI (noting that “there are still more than 10,000 U.S. troops in the country and fighting continues against remains of the Taliban and al Qaeda”).

That is, even in an OLC memo relying on the AUMF to provide legal sanction for President Bush’s systematic flouting of FISA for 2.5 years, Goldsmith relied primarily on the National Emergency Proclamation, and only secondarily on Congress’ sanction of such invocation with the AUMF.

The White Paper released in 2006 largely regurgitating Goldsmith’s opinion for more palatable consumption mentions the AUMF first in its summary, but then repeats Goldsmith’s emphasis on the Proclamation in the background section (see pages 2 and 4).

Paragraphs that may discuss such authorizations get redacted in the 2006 application to move content collection under FISC (see page 6). The entire background section (starting at page 5) of the initial Internet dragnet application is also redacted. While we can’t be sure, given parallel claims made in the same 2004 to 2006 period, it seems likely those memoranda also repeated this formula.

Such a formula was definitely dropped. The 2006 memorandum in support of using Section 215 to create a phone dragnet included no mention of authorities. The 2007 memorandum to compel Yahoo to fulfill Protect American Act orders cites PAA, not Emergency Declarations.

But the formula was retained in all discussions of the Administration’s illegal wiretap program in secret declarations submitted in court in 2006, 2007, and 2009, being repeated again in an unclassified 2013 declaration. While these declarations likely all derive, at least in part, from Goldsmith’s memo, it’s worth noting that the government has consistently suggested it could conduct significant surveillance programs without Congressional sanction by pointing to the that National Emergency Proclamation.

This is the precedent I meant to invoke when I expressed concern about President Obama’s expansive Executive Order of the other day, declaring a National Emergency because of cybersecurity.

Ranking House Intelligence Member Adam Schiff’s comment that Obama’s EO is “a necessary part of responding to the proliferation of dangerous and economically devastating cyber attacks facing the United States,” but that it will be “coupled with cyber legislation moving forward in both houses of Congress” only adds to my alarm (particularly given Schiff’s parallel interest in giving Obama soft cover for his ISIL AUMF while having Congress still involved).  It sets up the same structure we saw with Stellar Wind, where the President declares an Emergency and only a month or so later gets sanction for and legislative authorization for actions taken in the name of that emergency.

And we know FISC has been amenable to that formula in the past.

We don’t know that the President has just rolled out a massive new surveillance program in the name of a cybersecurity Emergency (rooted in a hack of a serially negligent subsidiary of a foreign company, Sony Pictures, and a server JP Morgan Chase forgot to update).

We just know the Executive has broadly expanded surveillance, in secret, in the past and has never repudiated its authority to do so in the future based on the invocation of an Emergency (I think it likely that pre FISA Amendments Act authorization for the electronic surveillance of weapons proliferators, even including a likely proliferator certification under Protect America Act, similarly relied on Emergency Proclamations tied to all such sanctions).

I’m worried about the Cyber Intelligence Sharing Act, the Senate version of the bill that Schiff is championing. But I’m just as worried about surveillance done by the executive prior to and not bound by such laws.

Because it has happened in the past.

Update: In his October 23, 2001 OLC memo authorizing the President to suspend the Fourth Amendment (and with it the First), John Yoo said this but did not invoke the September 14, 2001 proclamation per se.

As applied to the present circumstances, the [War Powers Resolution] signifies Congress’ recognition that the President’s constitutional authority alone enables him to take military measures to combat the organizations or groups responsible for the September 11 incidents, together with any governments that may have harbored or supported them, if such actions are, in his judgment, a necessary and appropriate response to the national emergency created by those incidents.

Update: Thanks to Allen and Joanne Leon for the suspend/suspect correction.

Is There a Programmatic Stingray?

/9 Comments/in , /by

The NYT yesterday had a story on the secrecy surrounding Stingrays including these admissions from an FBI affidavit to explain the secrecy.

A fuller explanation of the F.B.I.’s position is provided in two publicly sworn affidavits about StingRay, including one filed in 2014 in Virginia. In the affidavit, a supervisory special agent, Bradley S. Morrison, said disclosure of the technology’s specifications would let criminals, including terrorists, “thwart the use of this technology.”

“Disclosure of even minor details” could harm law enforcement, he said, by letting “adversaries” put together the pieces of the technology like assembling a “jigsaw puzzle.” He said the F.B.I. had entered into the nondisclosure agreements with local authorities for those reasons. In addition, he said, the technology is related to homeland security and is therefore subject to federal control.

In a second affidavit, given in 2011, the same special agent acknowledged that the device could gather identifying information from phones of bystanders. Such data “from all wireless devices in the immediate area of the F.B.I. device that subscribe to a particular provider may be incidentally recorded, including those of innocent, nontarget devices.”

But, he added, that information is purged to ensure privacy rights.

In response, a bunch of smart people had an interesting conversation today about why the government is so secretive about them (start at this tweet).

My wildarseguess is that they’re hiding some kind of programmatic Stingray program. I think so for three reasons:

  • Any programmatic Stingray program would (have) been hidden by carve-outs in USA Freedom Act’s transparency provisions
  • At least one of the liberated non-disclosure agreements suggests ongoing obligations between localities and the FBI
  • FISC appears to have permitted more expansive versions of criminal PRTT programs

In past legislative debates the Intelligence Community revealed secret programs by defending them

I believe one of the best ways to see vague outlines of undisclosed domestic surveillance is to watch where the Intelligence Community is most intransigent on legislation.

When Michaels Mukasey and McConnell wrote a transparently bullshit response to a Russ Feingold effort to segregate incidentally collected  US person data under FISA Amendments Act in early 2008, I guessed they were doing back door searches of that data. 4 and 5 years later (with the report on the reauthorization and Snowden disclosures, respectively), that was proven correct.

When the IC repeatedly and successfully defeated efforts to require some real connection between a target and the records collected using Section 215 in 2009 all while boasting they had used it in the Najibullah Zazi investigation, I guessed they were using Section 215 to collect bulky data. I even guessed that they had migrated Bush’s illegal wiretap program to Section 215 and PRTT (though a former prosecutor friend soon dissuaded me from pushing my PRTT analysis because, she pointed out, there was no way in hell PRTT could authorize a dragnet).

There were 3 parts of the USA Freedom Act which struck me as particularly notable in the same way. First, the government’s insistence on expanding the chaining process to include “connections” in addition to contacts; I strongly believe that indicates they ask cell companies to match up the various identities with a particular handset.

Then there were two kinds of programmatic collection that would not only not be shut down by the prohibition on bulk collection in the bill, but which were specifically excluded from individualized transparency reporting (in addition to back door searches and upstream domestic collection, but we already knew about both of those), because transparency in the bill only covered “communications.” The first is any kind of dragnet tied to a non-communication corporate name, such as a financial dragnet or hotel records. See this post for an explanation. USAF would not require individualized reporting on this collection at all. Particularly given that the bill would permit using corporate names as identifiers and would exclude that from transparency, I think reasonable people should assume that kind of bulky collection would continue unabated.

More interesting, though, the transparency provisions also appear to exempt tracking device collection from individualized reporting, because those aren’t considered “communications” from individualized transparency reporting (I believe it would also exempt cloud data but I don’t understand what this is yet). I don’t think the government could use “Harris Corporation” as a identifier (they wouldn’t need to anyway, because the FBI would be using the tool not collecting all of Harris’ data). But they could collect the tracking data on 310 million people and only need to report targets (which currently number in the hundreds, though there already is some gaming of the required US person target reporting).

Like a Stingray, which looks for one phone, but obtains the records of everyone in a cell area.

Which is why I love this quote from the NYT article:

Christopher Allen, an F.B.I. spokesman, said “location information is a vital component” of law enforcement. The agency, he said, “does not keep repositories of cell tower data for any purpose other than in connection with a specific investigation.”

The government currently collects phone records of some significant subset of 310 million Americans for the purposes of “specific investigations.” It’s just that they consider enterprise investigations to be “specific” and therefore every American to be “relevant.” The same may well apply to location data.

FBI’s non-disclosure agreement(s) suggests ongoing cooperation between local and federal law enforcement

We’ve already seen plenty of evidence that local law enforcement retain their ties and obligations to federal law enforcement, largely in the demands the Marshal service puts on secrecy.

But as I lay out in this post, that seems to involve ongoing cooperation using the Stingray. An NDA liberated in MN specifically requires deconfliction of missions, indicating that multiple entities would use one Stingray at once.

That all seems to suggest a key part of this top-down hierarchical non-disclosure requirement involves that kind of mission-sharing.

Which is another way of saying that FBI probably relies on these local Stingrays.

FISC appears to permit more expansive PRTT programs than in criminal context

In this post and this one, I showed that the FISC-authorized use of PRTT relates the criminal context but may not be bound by it. That’s significant, because we know where the government has obtained permission for Stingray use in the criminal context, they’ve often relied on PRTT.

In both the use of combined PRTT/215 orders to get location data and in the collection of Post-Cut Through Dialed Digits, FISC has reconsidered PRTT orders after magistrates challenged similar criminal uses. At least in the latter example, FISC permitted FBI to continue a more expansive collection even after it was prohibited in the criminal context, requiring only that FBI comply with Fourth Amendment protections using minimization (as I’ll show when I finally write up the remainder of the FISC opinions, this practice has early foundation in other FISC applications).

What becomes clear reviewing the public records (these reports say this explicitly) is that the 2002 DOJ directive against retaining PCTDD applies to the criminal context, not the FISA context. When judges started challenging FBI’s authority to retain PCTDD that might include content under criminal authorities, FBI fought for and won the authority to continue to treat PCTDD using minimization procedures, not deletion. And even the standard for retention of PCTDD that counts as content permits the affirmative investigative use of incidentally collected PCTDD that constitutes content in cases of “harm to the national security.”

Whateverthefuck that is.

Which is, I guess, how FBI still has 7 uses of PCTDD, including one new one since 2008.

In other words, the Stingray use we see glimpses of in the criminal and fugitive context may be far short of what FISC has permitted in the national security context, if it tracks other practice. And accused terrorists (or spies) would not get notice of any such PRTT use so long as it wasn’t entered into a criminal proceeding (there have been several instances where the government has seemed to suggest PRTT was used, but evidence from it not entered into evidence).

All of this, of course, is speculative.

But there’s some reason the government is insisting on its expansive NDAs even while more and more people are discussing them. Hiding a more comprehensive program targeted at national security targets (terrorists and spies) might explain why the government is increasingly willing to forgo prosecutions of alleged criminals to keep what they’re doing with dragnets secret.

Update: Meanwhile, in NY, a judge has ordered the Erie County Sheriff to come clean on its Stingray use.

image_print