“Linking” Procedures in the Yahoo Opinion

As I mentioned earlier, Yahoo is finally releasing the documents pertaining to its challenge of Protect America Act directives in 2008. The LAT has loaded the Yahoo documents in an easy to access page.

This post will look primarily at the FISCR opinion.

As you’ll recall, this opinion was previously released in 2009 (and in fact, the previous list has names of some of the DOJ people who are redacted with this release unredacted).

The four main new disclosures I noted are:

  • A discussion of differences between the definition of foreign power in EO 12333 and FISA
  • Concerns Yahoo raised about how inaccurate the first directives it had received (the Court appears to misunderstood the seriousness of the inaccuracies)
  • Discussion of a parting shot — this supplemental brief makes it clear the largely redacted discussion pertains to US person data collected overseas; I’ll probably return to this, but it appears Yahoo’s concerns were born out and led to the addition of Sections 703-5 in FISA Amendments Act.
  • Reference to “linking” procedures which were part of what FISCR used to deem the collection constitutional

That last item — the “linking” procedures — is what was redacted in this post I did when the memo was first released. As I noted then, the procedures were what the FISCR used to meet particularity requirements.

The following passage starts on page 23:

The linking procedures — procedures that show that the [redacted] designated for surveillance are linked to persons reasonably believed to be overseas and otherwise appropriate targets — involve the application of “foreign intelligence factors” These factors are delineated in an ex parte appendix filed by the government. They also are described, albeit with greater generality, in the government’s brief. As attested by affidavits  of the Director of the National Security Agency (NSA), the government identifies [redacted] surveillance for national security purposes on information indicating that, for instance, [big redaction] Although the FAA itself does not mandate a showing of particularity, see 50 U.S.C. § 1805(b). This pre-surveillance procedure strikes us as analogous to and in conformity with the particularly showing contemplated by Sealed Case.

I’ll need to look more closely to find this brief — if it was released. But I suspect that this shows more closely how the metadata dragnets and the content collection are linked. They collect the metadata to mine for “proof” of meaningful connection, then use that to unlock the content. That’s not surprising — it’s what I had been speculating since days after Risen first broke this — but it’s important to flesh out. Because, of course, all this not-a-search metadata really is, because it leads directly to the content.

As I noted in my post in 2009, Russ Feingold released a statement with the release of the opinion, basically arguing that Yahoo could have won this if they had had access to the procedures related to the program (Mark Zwillinger made the same point when he testified to PCLOB).

The decision placed the burden of proof on the company to identify problems related to the implementation of the law, information to which the company did not have access.  The courtupheld the constitutionality of the PAA, as applied, without the benefit of an effective adversarial process.  The court concluded that “[t]he record supports the government.  Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse in the circumstances of the instant case.”  However, the company did not have access to all relevant information, including problems related to the implementation of the PAA.  Senator Feingold, who has repeatedly raised concerns about the implementation of the PAA and its successor, the FISA Amendments Act (“FAA”), in classified communications with the Director of National Intelligence and the Attorney General, has stated that the court’s analysis would have been fundamentally altered had the company had access to this information and been able to bring it before the court.

There’s no reason to believe the “linking” procedures are what Feingold was referring to. After all, there still are details of the minimization and targeting procedures that raise big constitutional issues. Plus, we know foreign collection has always been a big concern of Feingold’s. But I am wondering whether part of the problem was that their contact chaining was not very good, and therefore they were collecting people who really weren’t linked to the targets in question.

Which might explain why Yahoo was experiencing so many dud directives in the first months of its operation.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Remember Joseph Nacchio?

Yahoo just announced that it will shortly be releasing the docket from its 2008 effort to challenge a Protect America Act order.

In a report on the release, WaPo notes that the government threatened Yahoo with a $250,000 day fine for not complying with the Protect America Act order (appreciate the irony of that law’s name!).

The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user data that the company believed was unconstitutional, according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the NSA’s controversial PRISM program.

Umph. That kind of fine would add up quickly.

Which got me thinking about Joseph Nacchio, the Qwest CEO who claims the real source of his insider trading scandal arose from government retaliation when he refused to do something — in January 2001, before NineElevenChangedEverything — that he considered illegal.

According to Nacchio, his troubles can be traced back to a meeting at the NSA’s Fort Meade, Md., headquarters on Feb. 27, 2001. The agency asked that Qwest participate in a surveillance program, but Nacchio considered the proposed action to be illegal.

Nacchio was unable to explain the exact nature of the request, which remains classified. However, contrary to news reports, he said discussions with the NSA at the February 2001 meeting didn’t involve turning over telephone records.

“I found that request to be peculiar. I didn’t think it was legal. I asked for legal justification. We never got it, and therefore we never did it,” said Nacchio, who completed his prison sentence in September. “That was the moment things turned down for me.”

The former AT&T (T) executive resigned from his post at Qwest in 2002 after the Securities and Exchange Commission launched an insider-trading investigation. In 2007, he was charged with 42 counts of insider trading.

Nacchio was ultimately convicted on 19 counts for selling stock between April and May 2001, leading to the forfeiture of $44.6 million and a $19 million fine. He was sentenced to six years in jail, but his time was reduced to 70 months.

Obviously, the size of Yahoo’s fine — for a congressionally authorized, even if unconstitutional program — lends far more credibility to the claim that the government retaliated by setting Nacchio up for an insider trading prosecution. (See also this post which tracks some interesting discrepancies in the stories, which is one of a number of reasons I believe the NSA IG report on the illegal dragnet is itself incorrect.)

It also makes me wonder about two other companies — an Internet company, and what is probably something like Cisco — that refused to cooperate with the illegal dragnet.

There really isn’t a lot of rule of law surrounding the government’s spying.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Pew-Related Headlines Should Read: Americans More Scared of ISIS than Real Attack

Pew released a new poll yesterday that has led to some remarkably bad reporting. The most problematic I’ve seen is the WaPo declaring the “Post-Snowden Era” that suggests the concern for civil liberties purportedly sparked by Edward Snowden’s disclosures has shifted in light of the “real fear” Americans have of ISIS.

We’re now just 15 months removed from Edward Snowden’s first bombshell revelation about the United States’ massive surveillance apparatus. But with Islamic extremists putting down roots in Syria and Iraq, Americans are very much reverting to a pre-Snowden attitude toward civil liberties.

Or perhaps we should call it “post-Snowden.”

While the Snowden revelations led to a lot of American soul-searching when it came to just how much of our civil liberties we want to yield in the name of protecting ourselves from terrorism, the soul-searching has largely come to an end, according to a new poll.

[snip]

Given that very real fear, it’s perhaps not surprising to see people willing to cash in some of their civil liberties in exchange for peace of mind when it comes to their safety. But it also suggests the shift toward civil libertarianism and the criticism of the National Security Agency in the aftermath of all the Snowden revelations — of which more could certainly come and change things again– were very temporary.

Before I get into why this is so bad, first, look at what the report said. Amidst reporting that people are increasingly worried about “Islamic extremism,” Pew claims,

The survey also finds a shifting balance between concerns about civil liberties and protection from terrorism. In a reversal from last year after Edward Snowden’s NSA leaks, 50% today say they are more concerned that government anti-terrorism policies have not gone far enough to protect the country, while 35% are more concerned that the policies have gone too far in restricting civil liberties.

It claims to be reporting on a “balance” between “government anti-terrorism policies” and “restricting civil liberties.” But here’s what they actually asked: “What concerns you more about the government’s anti-terrorism policies?” In addition to picking either “They have gone too far in restricting the average person’s civil liberties” or “They have not gone far enough to adequately protect the country,” people apparently answered “Both,” “neither,” “approve of policies” (9% of respondents in this poll answered one of those things; the number has varied from 8% to 13% since Pew started doing this question in July 2004), or “don’t know” or “refused” (6% in this poll, which is the all-time low, with the number ranging up to 13%). So around 10% of respondents have consistently rejected the structure of the question.

I’d say there’s a good reason for that: because there is not necessarily any reason to believe there is a balance between counterterrorism and civil liberties. Not to mention, there are plenty of other legitimate concerns about our counterterrorism policy that Pew didn’t poll. What would the polling look like, for example, if it included “Our anti-terrorism policies have involved far too many illegal wars launched against Muslim countries”?

In other words, Pew is asking people to choose, but it doesn’t actually ask respondents to “balance” these two things. Thus by reporting this as a balance, Pew is imposing its own judgment that it is a balance, a belief which its question isn’t designed to measure. Pew just assumes it is so and reports it as such.

Let me interject and say that I am not doubting the polls reflect a very real change in attitudes in recent weeks. Nor am I doubting that a lot of people do believe this is a balance. Nor do I doubt that some of the poll movement is satiation with a civil liberties focus or even a belief that we do have to double down on the dragnet.

It would be very interesting to measure those things, if someone actually asked questions designed to measure them. I am not doubting Pew’s numbers, just what we can conclude from them.

Now let’s go back to the WaPo. It claimed, in part, that polls reflected people choosing to “cash in some of their civil liberties in exchange for peace of mind.” That adopts the same unjustified “balance” interpretation that Pew did (perhaps because Pew used that language in its report). Some people likely are thinking in terms of cashing in their civil liberties, but this poll didn’t actually measure that.

The WaPo reporting is even worse with respect to its claims that Edward Snowden is the sole explanation for higher support for civil liberties last year. Not only does it have a correlation/causation problem, it doesn’t even have correlation.

Pew and WaPo compare — correctly for measurement purposes — last week’s results with the results from a poll taken in the same series July 2013 (though WaPo gets the timing of that poll wrong), just a month after Snowden’s leaks started. It is true that July was — in Pew’s poll — the high point for civil liberties support in its poll, and that an October 2013 poll showed the beginning of a decline in concern for civil liberties and a rise in concern about protecting the country. Therefore it is true that support for civil liberties since a month after the Snowden leaks first started appearing has declined.

Also Pew did a different series of polls tracking opinion about what Snowden disclosed, which is a fair measurement about changes in perception of spying since Snowden’s leaks. That measured a real decline in support for what Pew inaccurately described in questions as NSA’s counterterrorism spying that persisted at least as late as January. In that series, Pew also presumed factually false details about the dragnet. So a flawed series of polls had actually shown increasing disapproval of the dragnet the last time it was released, but we don’t know how that data has changed in the 8 months since it was polled.

But the real problem with WaPo’s proclamation of a post-Snowden era is it doesn’t cite any polling from before the Snowden stories started (Pew’s previous poll in the civil liberties or counterterrorism series was way back in 2010). To make a claim about how much Snowden influenced civil liberties support, you’d have to cite the same poll from before and from after those stories started. WaPo doesn’t do that at all; it just assumes the record high support for civil liberties was caused by Snowden.

Now I wish Pew had polling from just before the Snowden leaks, because they might show something really remarkable.

Consider this CNN poll, taken (from a much smaller sample) on April 30, 2013, just two weeks after the first successful terrorist attack targeted at civilians since the anthrax attacks. It showed a somewhat elevated level of concern that the respondent or a family member might be the victim of a terrorist attack. (It also showed an all time high in that series — 63% — believing that terrorists would always find a way to attack.)

But the most remarkable part of that poll — one which got a lot of coverage at the time — was this question:

Screen shot 2014-09-11 at 2.20.51 PM

Again, this can’t be compared with the Pew poll; the questions and polling methodology are different. Though to the extent they might be comparable, it would support an interpretation of a decline in relative support for civil liberties. It would also, however, raise real questions about whether Snowden was responsible for all or even most of Americans’ heightened support for civil liberties.

But what a poll taken two weeks after an actual terrorist attack and a month before Snowden’s stories started being reported showed that Americans were far more worried that the response to the attack would be a crackdown on civil liberties than they were about needing new anti-terror policies. Americans already showed a remarkably high degree of support for civil liberties.

Now I agree with the WaPo: a slew of polls do show Americans peeing their pants about perceived threats. As the WaPo notes, this NBC/WSJ poll shows more Americans feel less safe now than they have since 9/11 — almost a 20 point spike from this time last year, a year when terrorists actually succeeded in attacking the US.

Screen shot 2014-09-11 at 2.38.04 PM

 

 

And I’d love to know what’s behind the numbers on whether changes have been more good than bad. Are so many people peeing their pants because a general malaise has the susceptible to fear-mongering? Does that mean they like or hate the dragnet? Or just the President?

But here’s the thing.

If there is a tie between the way America is peeing its pants and support or not for civil liberties, this is not about actual threats. Here’s what President Obama said last night.

So ISIL poses a threat to the people of Iraq and Syria, and the broader Middle East — including American citizens, personnel and facilities.  If left unchecked, these terrorists could pose a growing threat beyond that region, including to the United States.  While we have not yet detected specific plotting against our homeland, ISIL leaders have threatened America and our allies.

This is not to say ISIS is not a threat or — more accurately, a very dangerous entity that is currently focused far away from the US. But the President, at least, doesn’t think they’re about to attack Boston.

13 years after 9/11 the American people are far more afraid after a month of fearmongering about an inflated threat than they were last year, weeks after terrorists succeeded in attacking.

But all this seems to be saying that Americans are far more afraid of the fearmongering images than of the actual threat of terrorism. If Americans have changed their relative concern about civil liberties because they are afraid, it’s not the actual threats that are causing that change.

Perhaps Pew should start a new series: Are you more afraid of terrorism, or of what your country will do by inflating the threat of terrorism?

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Every Senator Who Supports USA Freedom May Be Affirmatively Ratifying a Financial Dragnet

Now that I’ve finally got around to reading the so-called transparency provisions in Patrick Leahy’s USA Freedom Act, I understand that one purpose of the bill, from James Clapper’s perspective, is to get Congress to ratify some kind of financial dragnet conducted under Section 215.

As I’ve laid out in detail before, there’s absolutely no reason to believe USA Freedom Act does anything to affect non-communications collection programs.

That’s because the definition of “specific selection term” permits (corporate) persons to be used as a selector, so long as they aren’t communications companies. So Visa, Western Union, and Bank of America could all be used as the selector; Amazon could be for anything not cloud or communications-related. Even if the government obtained all the records from these companies — as reports say it does with Western Union, at least — that would not be considered “bulk” because the government defines “bulk” as collection without a selector. Here, the selector would be the company.

And as I just figured out yesterday, the bill requires absolutely no individualized reporting on traditional Section 215 orders that don’t obtain communications. Here’s what the bill requires DNI to report on traditional 215 collection.

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—
(i) the number of targets of such orders;
(ii) the number of individuals whose communications were collected pursuant to such orders; and
(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

The bill defines “individuals whose communications were collected” this way:

(3) INDIVIDUAL WHOSE COMMUNICATIONS WERE COLLECTED.—The term ‘individual whose communications were collected’ means any individual—
(A) who was a party to an electronic communication or a wire communication the contents or noncontents of which was collected; or
(B)(i) who was a subscriber or customer of an electronic communication service or remote computing service; and
(ii) whose records, as described in subparagraph (A), (B), (D), (E), or (F) of section 2703(c)(2) of title 18, United States Code, were collected.

Thus, the 215 reporting only requires the DNI to provide individualized reporting on communications related orders. It requires no individualized reporting at all on actual tangible things (in the tangible things provision!). A dragnet order collecting every American’s Visa bill would be reported as 1 order targeting the 4 or so terrorist groups specifically named in the primary order. It would not show that the order produced the records of 310 million Americans.

I’m guessing this is not a mistake, which is why I’m so certain there’s a financial dragnet the government is trying to hide.

Under the bill, of course, Visa and Western Union could decide they wanted to issue a privacy report. But I’m guessing if it would show 310 million to 310,000,500 of its customers’ privacy was being compromised, they would be unlikely to do that.

So the bill would permit the collection of all of Visa’s records (assuming the government could or has convinced the FISC to rubber stamp that, of course), and it would hide the extent of that collection because DNI is not required to report individualized collection numbers.

But it’s not just the language in the bill that amounts to ratification of such a dragnet.

As the government has argued over and over and over, every time Congress passes Section 215′s “relevant to” language unchanged, it serves as a ratification of the FISA Court’s crazy interpretation of it to mean “all.” That argument was pretty dodgy for reauthorizations that happened before Edward Snowden came along (though its dodginess did not prevent Clare Eagan, Mary McLaughlin, and William Pauley from buying it). But it is not dodgy now: Senators need to know that after they pass this bill, the government will argue to courts that it ratifies the legal interpretations publicly known about the program.

While the bill changes a great deal of language in Section 215, it still includes the “relevant to” language that now means “all.” So every Senator who votes for USAF will make it clear to judges that it is the intent of Congress for “relevant to” to mean “all.”

And it’s not just that! In voting for USAF, Senators would be ratifying all the other legal interpretations about dragnets that have been publicly released since Snowden’s leaks started.

That includes the horrible John Bates opinion from February 19, 2013 that authorized the government to use Section 215 to investigate Americans for their First Amendment protected activities so long as the larger investigation is targeted at people whose activities aren’t protected under the First Amendment. So Senators would be making it clear to judges their intent is to allow the government to conduct investigations into Americans for their speech or politics or religion in some cases (which cases those are is not entirely clear).

That also includes the John Bates opinion from November 23, 2010 that concluded that, “the Right to Financial Privacy Act, … does not preclude the issuance of an order requiring the production of financial records to the Federal Bureau of Investigation (FBI) pursuant to the FISA business records provision.” Given that Senators know (or should — and certainly have the ability to — know) about this before they support USAF, judges would be correct in concluding that it was the intent of Congress to permit the government to collect financial records under Section 215.

So Senators supporting this bill must realize that supporting the bill means they are supporting the following:

  • The interpretation of “relevant to” to permit the government to collect all of a given kind of record in the name of a standing FBI terrorism investigation.
  • The use of non-communication company corporate person names, like Visa or Western Union, as the selector “limiting” collection.
  • The use of Section 215 to collect financial records.
  • Not requiring the government to report how many Americans get sucked up in any financial (or any non-communications) dragnet.

That is, Senators supporting this bill are not only supporting a possible financial dragnet, but they are helping the government hide the existence of it.

I can’t tell you what the dragnet entails. Perhaps it’s “only” the Western Union tracking reported by both the NYT and WSJ. Perhaps James Cole’s two discussions of being able to collect credit card records under this provision means they are. Though when Leahy asked him if they could collect credit card records to track fertilizer purchases, Cole suggested they might not need everyone’s credit cards to do that.

Leahy: But if our phone records are relevant, why wouldn’t our credit card records? Wouldn’t you like to know if somebody’s buying, um, what is the fertilizer used in bombs?

Cole: I may not need to collect everybody’s credit card records in order to do that.

[snip]

If somebody’s buying things that could be used to make bombs of course we would like to know that but we may not need to do it in this fashion.

We don’t know what the financial dragnet is. But we know that it is permitted — and deliberately hidden — under this bill.

Below the rule I’ve put the names of the 18 Senators who have thus far co-sponsored this bill. If one happens to be your Senator, it might be a good time to urge them to reconsider that support.


Patrick Leahy (202) 224-4242

Mike Lee (202) 224-5444

Dick Durbin (202) 224-2152

Dean Heller (202) 224-6244

Al Franken (202) 224-5641

Ted Cruz (202) 224-5922

Richard Blumenthal (202) 224-2823

Tom Udall (202) 224-6621

Chris Coons (202) 224-5042

Martin Heinrich (202) 224-5521

Ed Markey (202) 224-2742

Mazie Hirono (202) 224-6361

Amy Klobuchar (202) 224-3244

Sheldon Whitehouse (202) 224-2921

Chuck Schumer (202) 224-6542

Bernie Sanders (202) 224-5141

Cory Booker (202) 224-3224

Bob Menendez (202) 224-4744

Sherrod Brown (202) 224-2315

 

 

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

USA Freedom Act’s So-Called “Transparency” Provisions Enable Illegal Domestic Surveillance

I regret that I am only now taking a close look at the “transparency” provisions in Patrick Leahy’s version of USA Freedom Act. They are actually designed not to provide “transparency,” but to give a very misleading picture of how much spying is going on. They are also designed to permit the government to continue not knowing how much content it collects domestically under upstream and pen register orders, which is handy, because John Bates told them if they didn’t know it was domestic then collecting domestic isn’t illegal.

In this post, I’ve laid out the section of the bill that mandates reporting from ODNI, with my comments interspersed along with what the “transparency” report Clapper did this year showed.

(b) MANDATORY REPORTING BY DIRECTOR OF NATIONAL INTELLIGENCE.—

(1) IN GENERAL.—Except as provided in subsection (e), the Director of National Intelligence shall annually make publicly available on an Internet Web site a report that identifies, for the preceding 12-month period—

This language basically requires the DNI to post a report on I Con the Record every year. But subsection (e) provides a number of outs.

Individual US Person FISA Orders

(A) the total number of orders issued pursuant to titles I and III and sections 703 and 704 and a good faith estimate of the number of targets of such orders;

This language requires DNI to describe, in bulk, how many individual US persons are targeted in a given year (there were 1,767 orders and 1,144 estimated targets last year). But it only requires DNI to give a “good faith estimate” of these numbers (and that’s what they’re listed as in ODNI’s report from last year)! If there’s one thing DNI should be able to give a rock-solid number for, it’s individual USP targets. But … apparently that’s not the case.

Screen Shot 2014-09-10 at 10.29.15 AM

Section 702 Orders

(B) the total number of orders issued pursuant to section 702 and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders;

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language requires DNI to provide an estimate of the number of targets of Section 702 which includes both upstream and PRISM production. Last year, this was one order (ODNI doesn’t tell us, but there were at least 3 certificates –Counterterrorism, Counterproliferation, and Foreign Government) affecting 89,138 targets.

Screen Shot 2014-09-10 at 10.23.26 AM

The new reporting requires the government to come up with some estimate of how many communications are collected, as well as how many are located inside the US.

Except DNI is permitted to issue a certification saying that there are operational reasons why he can’t provide that last bit — how many are in the US. Thus, 4 years after refusing to tell John Bates how many Americans’ communications NSA was sucking up in upstream collection, Clapper is now getting the right to continue to refuse to provide that ratified by Congress. And remember — Bates also said that if the government didn’t know it was collecting that content domestically, then it wasn’t really in violation of 50 USC 1809(a). So by ensuring that it doesn’t have to count this, Clapper is ensuring that he can continue to conduct illegal domestic surveillance.

Don’t worry though. The bill includes language that says, even though this provision permits the government to continue conducting illegal domestic collection, “Nothing in this section affects the lawfulness or unlawfulness of any government surveillance activities described herein. ”

Back Door Searches

(iv) the number of search terms that included information concerning a United States person that were used to query any database of the contents of electronic communications or wire communications obtained through the use of an order issued pursuant to section 702; and

(v) the number of search queries initiated by an officer, employee, or agent of the United States whose search terms included information concerning a United States person in any database of noncontents information relating to electronic communications or wire communications that were obtained through the use of an order issued pursuant to section 702;

This language counts back door searches.

But later in the bill, the FBI — which we know does the bulk of these back door searches — is exempted from all of this reporting. As I noted in this post, effectively the Senate is saying it’s no big deal of FBI doesn’t track how many warrantless searches of US person content it does, even of people against whom the FBI has no evidence of wrongdoing.

In addition, note that odd limit to (v). DNI only has to report metadata searches “initiated by an officer, employee, or agent” of the United States. That would seem to exempt any back door metadata searches by foreign governments (it might also exempt contractors, but they should be included as “agents” of the US). Which, given that CIA doesn’t currently count its metadata searches, and given that CIA conducts a bunch of metadata searches on behalf of other entities, leads me to suspect that CIA may be doing metadata searches “initiated” by foreign governments. But that’s a guess. One way or another, though, this clause was written to not count some of these metadata searches. [Update: On reflection, that language may be designed to avoid counting automated processes as searches -- if they're initiated by a robot rather than an employee they're not counted!]

Pen Register Orders

C) the total number of orders issued pursuant to title IV and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This language counts how many Pen Register orders the government obtains, how many individuals get sucked up, and how many are in the US, both of which are additions on what ODNI reported this year.

Screen Shot 2014-09-10 at 10.50.08 AM

But that last bit — counting people in the US — is again a permissible exemption under the bill. Which is, as you’ll recall, the other way NSA has been known to engage in illegal domestic content collection. The only known bulk pen register is currently run by FBI, but in any case, the exemption has the same effect, of permitting the government from ever having to admit that it is breaking the law.

Traditional Section 215 Collection

(D) the total number of orders issued pursuant to applications made under section 501(b)(2)(B) and a good faith estimate of—

(i) the number of targets of such orders;

(ii) the number of individuals whose communications were collected pursuant to such orders; and

(iii) the number of individuals whose communications were collected pursuant to such orders who are reasonably believed to have been located in the United States at the time of collection;

This requires DNI to report on traditional Section 215 orders, but the entire requirement is a joke on two counts.

Screen Shot 2014-09-10 at 11.09.02 AM

First, note that, for a reporting requirement for a law permitting the government to collect “tangible things,” it only requires individualized reporting for “communications.” “Individuals whose communications were collected” are specifically defined as only involving phone calls and electronic communications.

So this “transparency” bill will not count how many individuals have their financial records, beauty supply purchases, gun purchases, pressure cooker purchases, medical records, money transfers, or other things sucked up, much of which we know to be done under this bill. And this is particularly important, because the law still permits bulk collection of these things. Thus, this “transparency” report creates the illusion that far less collection is done under Section 215 than actually is, it creates the illusion that bulk collection is not going on when it is.

But it gets worse!

Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

“Let’s Bomb Syria” Version 2 Is Working; Why Did Version 1 Fail?

Polls taken almost exactly one year apart show a remarkable reversal in US opinion regarding the prospect of air strikes on Syria. Last year, in a poll conducted September 6-8, (pdf) there were a number of questions regarding action in Syria. By a margin of 59% to 39%, Americans overwhelmingly said they thought Congress should not pass the then pending resolution authorizing “military action for 60 to 90 days” that also banned use of US troops in a combat role. Further, 55% of those polled stated that even if Congress passed the resolution, they opposed US air strikes in Syria while only 43% favored them. In the hypothetical of no Congressional authorization, opposition to the air strikes rose to 71% with only 27% favoring them. Just one year later, those numbers have reversed. In a poll conducted September 4-7, 65% of Americans now say they support expanding US air strikes against the Sunni insurgents into Syria, while only 28% oppose them. Checking the crosstabs, support for the strikes jumps to 74% for Republicans but still is 60% for Democrats.

So why is this year’s Drum-Up-War week working, when last year’s failed?

Despite the heinous nature of last year’s sarin attack, it seems to me that most Americans did a good job of recognizing that what is underway in Syria is a civil war in which the US has no vital interest other than humanitarian concern for widespread death and displacement of citizens. Having failed to paint Bashar al-Assad as an evil-doer on the level of Saddam Hussein (or perhaps after Americans rejected such an obvious campaign to do so) Obama and his fellow war hawks now consider ISIS “the focus of evil in the modern world“.

The beheading of US journalists in Syria got huge play in the press. And yet, if we drill down a bit, the rate of journalists being killed in Syria is going down from its peak in 2012.

Somehow, Obama’s war gang has managed to convince ordinary Americans that ISIS represents a real threat to the US. That same poll that favors attacks on ISIS in Syria found that a staggering 91% of Americans find ISIS to be a serious threat to the US (59% said “very serious” and 31% said “somewhat serious”). Sadly, there is no reality behind this fear on the part of Americans. Even Time, in doing its best to support the hysteria, winds up undercutting the concept in a story today. In a piece creatively titled “Understanding the ISIS Threat to Americans at Home“, we learn:

On the one hand, Attorney General Eric Holder has said western fighters joining ISIS and returning home radicalized are the national security danger he worries about most. “We are seeing, I would say, an alarming rise in the number of American and European Union nationals who have been going to Syria to help extremist groups,” Holder told TIME last month. “This represents a grave threat to our security,” he said.

But in a thorough presentation on Sept. 3 at the Brookings Institution, outgoing director of the National Counterterrorism Center, Matthew Olsen, presented a less scary picture. ISIS has no cells in the U.S., Olsen said, “full stop.” Further, Olsen said, “we have no credible information” that the group “is planning to attack the U.S.” ISIS, Olsen said “is not al Qaeda pre-9/11.”

At most, the article concludes, quoting Obama in his “exclusive” with Chuck Todd, he needed “to launch air strikes to ensure that towns like Erbil were not overrun, critical infrastructure, like the Mosul Dam was protected, and that we were able to engage in key humanitarian assistance programs that have saved thousands of lives.”

The links Holder is hyping about ISIS and AQAP simply do not exist:

Holder says the danger comes from the combination of westerners joining ISIS and the expert bomb-makers working for the al Qaeda affiliate in Yemen, Al Qaeda in the Arabian Peninsula (AQAP). It is not clear what if any evidence exists of such collaboration yet. On the one hand, AQAP has issued statements in support of ISIS, and both groups are active in Syria and Iraq; on the other, al Qaeda and ISIS split in the last year after a debate over tactics and territory.

Several senior administration officials tell TIME they have seen no evidence of direct contact between individual members of AQAP and ISIS.

In the end, the article concludes, Obama’s war team has deduced that we must attack ISIS because at some point in the future, they will turn their sights on us. Never mind that in this case, attacking ISIS in Syria winds up helping Assad, whom we wanted to attack last year:

Jane Harman, the president of the Woodrow Wilson Center, said that while the Assad government was a major topic of discussion, she and other participants told Mr. Obama that he could order military action in Syria without fear of helping Mr. Assad, since ISIS was occupying ungoverned territory that his forces were unlikely to reconquer.

I guess that Harman and Obama know that Assad won’t be able to reconquer those once ISIS is gone because of the bang-up job we will do training and equipping our famousmoderate” rebels, but hey, what could go wrong on any of this?

In the end, though, the apparent support for this version of strikes on Syria seems to me to have come about because of the shift in focus on the “enemy” from a president oppressing the citizens of his country to an international terror group that we must fear and that represents true evil. As far as the average American is concerned, meddling in another country’s civil war is out of bounds, but when it comes to protecting the homeland against evil-doers, anything goes.

And it doesn’t even need Congressional approval.

 

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Tech Companies: Hurry Up and Give Us Immunity and Compensation

The tech industry has issued a letter urging the Senate to hurry up and give them immunity and compensation pass USA Freedom Act.

The letter is actually pretty funny. The letter claims:

The revelations about the U.S. government’s surveillance programs that began in June of 2013 have led to an erosion of public trust in the U.S. government and the U.S. technology sector. In an effort to begin restoring that trust, the USA FREEDOM Act will prevent the bulk collection of Internet metadata, call detail records, and other tangible things in a manner that both enhances privacy and protects national security.

I mean, it’s not funny that the NSA has fucked with the tech companies’ business model. The funny part is the bill doesn’t do what the tech companies say it does!

It only limits the bulk collection of Internet metadata — to the extent it does do that — via the use of Pen Register or Section 215 authorities. It doesn’t do anything about the bulky collection of Internet metadata (and content) through PRISM. And it definitely doesn’t do anything to end the biggest part of bulk Internet metadata collection, which happens overseas. Hell, this doesn’t even give the Internet companies any more assurances they won’t have their data stolen overseas (though some at least are making that more difficult by encrypting their data).

Then the letter makes this claim.

As a result of the surveillance program revelations, U.S. technology companies have experienced negative economic implications in overseas markets. In addition, other countries are considering proposals that would limit data flows between countries, which would have a negative impact on the efficiencies upon which the borderless Internet relies. The transparency measures in the USA FREEDOM Act are designed to alleviate some of the concerns behind such actions by allowing companies to be more transparent about the orders they receive from the government to its surveillance authorities.

Now, it is true that the law tweaks the agreement the government previously made with the Internet companies so they can show more about what they do. That’s a good thing.

But the “transparency” provisions in the bill are actually designed to obscure key details about surveillance. They hide how many Americans will be exposed to most Section 215 orders (though will reveal the total people exposed) because FBI, which will get most of the orders, is exempted from that reporting. They hide the FBI’s use of “back door searches” of Internet metadata collected under PRISM. And it may (though I’m less sure about this) hide requests for PRISM metadata searches executed by the CIA for foreign governments.

All hidden right there in the “transparency” procedures.

Finally, I’m not sure why the tech companies think their foreign customers will be impressed with deceptive “transparency” provisions that leave the bulk (in all senses of the word) of the collection the US is doing against foreigners still hidden.

But hey! I can imagine why the tech companies want their absurdly broad immunity and compensation for spying, which this bill does give them.

Oddly, the letter doesn’t emphasize that part of it.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Keith Alexander Wants to Patent Having No Knowledge

Have you noticed that every time someone covers all the patents Keith Alexander is getting for his cybersecurity boondoggle, the number of patents grows?

In this installment, it is 10.

IronNet is working with lawyers to draft as many as 10 patent applications in which the NSA would have no stake. Alexander said the “real key” to the patents was a person who never worked for the agency.

[snip]

In addition to dispensing advice, IronNet is working with lawyers to draft as many as 10 patent applications that will include Alexander as co-inventor on one and “maybe a few others,” he said. 

Of course, no matter how many patents it will be, Alexander is still left with the problem of explaining either why this isn’t stuff taxpayers paid for at NSA, or why Alexander didn’t implement these whiz-bang solutions while in charge of NSA.

So he’s inching closer and closer to one that might work: he’s going to patent having no knowledge.

Current cybersecurity strategies assume the defender knows what threats are present, and can quickly identify them by their digital profile, known as their signature. Alexander said IronNet’s approach is to counter those attacks as quickly as possible, without that prior knowledge.

“All the patents and stuff that people work on today assume knowledge of the threat,” he said. “What it means is a new approach. Something that’s never been used.”

It’s surely a novel approach — attacking perceived threats before you’re sure what that threat is. I’m just not sure how well it’s going to work.

While Alexander is busy shoring up his 10, 11, 12 patents, I think I’ll rush to copyright my new novel, in which a hubristic cybersecurity profiteer takes down the entire banking system by attacking core finance functions he identifies as attacks.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Rand Paul and I Told You So

At least according to this snippet from WaPo, Jane Harman reported out after discussing war over “d’anjou pear salad and Chilean sea bass” that the President thinks he can rely on both his epistolary War Power Resolution letters and … the Iraq AUMF to wage war against ISIS. (h/t Lemon Slayer)

The president “thinks he has the legal authority he needs” to increase U.S. military engagement in both Iraq and Syria, said Jane Harman, president of the Woodrow Wilson International Center for Scholars, who attended the dinner with Obama. The White House’s belief that it has authority to act is based on the reports Obama has filed with Congress under the War Powers Act and the earlier congressional authorization for the war in Iraq. [my emphasis]

Back in 2011, Rand Paul had the batshit crazy idea that, since we were ending the war in Iraq, we ought to repeal the AUMF that authorized the war. You never know, after all, when someone might pull that cobwebby AUMF out of a drawer and start using it again.

Not many of Paul’s colleagues agreed with him about this basic matter of AUMF hygiene.

From time to time over the last several years, I’ve reminded people about that dusty old AUMF lying around like Chekhov’s gun.

In 2012, when Obama officially told Congress the, “responsible withdrawal … in accordance with the 2008 Agreement Between the United States of America and the Republic of Iraq on the Withdrawal of United States Forces from Iraq and the Organization of Their Activities during Their Temporary Presence in Iraq,” had been completed, I suggested maybe that marked a good time to repeal that AUMF.

When, last year, Obama said — referring exclusively to the 2001 Afghanistan AUMF –

–mindful of James Madison’s warning that “No nation could preserve its freedom in the midst of continual warfare.”

[snip]

I intend to engage Congress … in efforts to refine, and ultimately repeal, the AUMF’s mandate. 

I suggested maybe we could do a twofer and actually repeal both the Afghan and Iraq AUMFs at once.

Earlier this year, people started catching on, and Caitlin Hayden even claimed to Yahoo that they wanted to repeal the Iraq War.

It looked, for a brief period, like Obama might prove Paul and I wrong.

Nope.

Chekhov knew a fair bit about narrative. And you just can’t leave a loaded AUMF lying around before some tragic person picks it up and shoots it.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Did Afghan and Pakistani ISIS Recruits Really Expect to Travel Length of Iran?

The red marker for Bandar Abbas falls close to a projected flight path, and more than halfway from Bagram (Kabul) to Dubai. Note that travelers entering Iran along the Pakistan border would need to traverse entire country to reach Iraq.

The red marker for Bandar Abbas falls close to a projected flight path, and more than halfway from Bagram (Kabul) to Dubai. Note that travelers entering Iran along the Pakistan border would need to traverse entire country to reach Iraq.

Disclaimer: There is a very good chance that my thinking here is so off-target as to make it total bullshit, but it is still a fun exercise in trying to make sense of recent events. –JW

Long-time readers will be familiar with my strange hobby of noting interesting events taking place along the border between Pakistan and Iran. We have a new entry in that category, and this time the information we have is quite cryptic. The initial report came from IRNA, dated September 8:

Minister of the Interior Abdolreza Rahmani Fazli said here on Monday Afghan and Pakistan nationals, who were trying to cross Iranian borderlines to join the Islamic State of Iraq and the Levant (also known as Daesh) terrorists in Iraq, have been arrested.

Speaking in a local gathering, Rahmani Fazli underscored that the Iranian military forces and residents of the border areas are fully vigilant against Daesh plots to counter potential threats.

He added that Iranian forces are on full alert, as the Daesh terrorist group is failing in Iraq.

Note that Fazli does not state where or when these arrests took place. Mehr News expanded slightly on the IRNA story:

Iran’s Interior Minister Abdolreza Rahmani Fazli in a meeting of the country’s deputy governors for political, social and security affairs said that a number of Afghans and Pakistanis who were passing through Iran seeking to join ISIL in Iraq were arrested.

Rahmani Fazli added that the country had already prevented some other Afghans and Pakistanis to enter Iran.

“ISIL terrorists have not succeeded in recruitment of fans inside the country; however, this is not to deny they promote their ideology, since they are active in the cyberspace, connecting to the possible candidates for recruitment,” the minister said.

He asserted that there is no fear of any danger of this terrorist group for the country because the residents of Iranian border provinces are smart enough and the security forces are completely dominant over the borders.

Hmm. Last October those security forces weren’t exactly “completely dominant” when fourteen Iranian border guards were killed. But mostly, it does seem to me that Sunni fighters wishing to make their way to the front lines to aid ISIS in Iraq or Syria would be ill-advised to try to make their way across the longest part of Shia-controlled Iran from Pakistan.

News outlets in both Pakistan and Afghanistan have noted Iran’s announcement of the arrests but add no new information on how many militants were arrested or the loacation or date of the arrests.

This event stood out to me because I had been intrigued by Friday’s strange episode where a plane transporting coalition military contractors from Kabul to Dubai made an unscheduled landing in Iran: Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone

Emptywheel Twitterverse

JimWhiteGNV Tragic: "2 adults, six children dead in Gilchrist shootings" - via @GainesvilleSun http://t.co/icorlFfx0N
13mreplyretweetfavorite
JimWhiteGNV RT @ionacraig: Sporadic gunfire and very tense by tv station. Gunmen behind sand bags on one side of road, soldiers on other. #Yemen
16mreplyretweetfavorite
emptywheel @jilliancyork And domestically, the dragnet is equally designed to coerce informants.
23mreplyretweetfavorite
bmaz Today Maricopa County Attorney @MontgomeryforCA @marcoattorney proves himself an ignorant Islamophobic hateful bigot http://t.co/b7tAohI841
24mreplyretweetfavorite
bmaz @BeckyPallack Excellent job tweet covering it.
6hreplyretweetfavorite
bmaz RT @kasie: Hey, America -- if you're unhappy with Washington, maybe look to the Scots and try voting in huge numbers. #rights #ScotlandDeci
7hreplyretweetfavorite
bmaz @robertcaruso Congress will give him the authority, they are too chicken not to, just go ahead and do it right.
7hreplyretweetfavorite
bmaz @robertcaruso Tired of separation of powers being eroded
7hreplyretweetfavorite
bmaz @robertcaruso @nytimesworld And if that is Obama's tact, he should be impeached on the spot.
7hreplyretweetfavorite
bmaz @Will_Bunch Wow. I blew that off (yeah, Bai, you know) before seeing your tweet. Glad I read it. And you're right about the end. Jeez.
7hreplyretweetfavorite
bmaz RT @Will_Bunch: Don Spirit has killed 4X as many Americans as ISIS
8hreplyretweetfavorite
bmaz @JoshMBlackman @mucha_carlos Actually, my understanding is Virginia Seitz left OLC at least partially over the targeted killing of citizens.
8hreplyretweetfavorite
September 2014
S M T W T F S
« Aug    
 123456
78910111213
14151617181920
21222324252627
282930