AT&T Archives - Page 5 of 7

Posts

Three Theories Why the Section 215 Phone Dragnet May Have Been “Erroneous” from the Start

November 10, 2013/6 Comments/in FISA, PATRIOT /by emptywheel

Update, 1/6/14: I just reviewed this post and realize it’s based on the misunderstanding that the February 24 OLC opinion is from last year, not 2006. That said, the analysis of the underlying tensions that probably led to the use of Section 215 for the phone dragnet are, I think, still valid.

According to ACLU lawyer Alex Abdo, the government may provide more documents in response to their FOIA asking for documents relating to Section 215 on November 18. Among those documents is a February 24, 2006 FISA Court opinion, which the government says it is processing for release.

That release — assuming the government releases the opinion in any legible form — should solve a riddle that has been puzzling me for several weeks: whether the FISA Court wrote any opinion authorizing the phone dragnet collection before its May 24, 2006 order at all.

The release may also provide some insight on why former Assistant Attorney General David Kris concedes the initial authorization for the program may have been “erroneous.”

More broadly, it is important to consider the context in which the FISA Court initially approved the bulk collection. Unverified media reports (discussed above) state that bulk telephony metadata collection was occurring before May 2006; even if that is not the case, perhaps such collection could have occurred at that time based on voluntary cooperation from the telecommunications providers. If so, the practical question before the FISC in 2006 was not whether the collection should occur, but whether it should occur under judicial standards and supervision, or unilaterally under the authority of the Executive Branch.

[snip]

The briefings and other historical evidence raise the question whether Congress’s repeated reauthorization of the tangible things provision effectively incorporates the FISC’s interpretation of the law, at least as to the authorized scope of collection, such that even if it had been erroneous when first issued, it is now—by definition—correct. [my emphasis]

That “erroneous” language comes not from me, but from David Kris, one of the best lawyers on these issues in the entire country.

And the date of the opinion — February 24, 2006, 6 days before the Senate would vote to reauthorize the PATRIOT Act having received no apparent notice the Administration planned to use it to authorize a dragnet of every American’s phone records — suggests several possible reasons why the original approval is erroneous.

Possibility one: There is no opinion

The first possibility, of course, is that my earlier guess was correct: that the FISC court never considered the new application of bulk collection, and simply authorized the new collection based on the 2004 Colleen Kollar-Kotelly opinion authorizing the Internet dragnet. In this possible scenario, that February 2006 opinion deals with some other use of Section 215 (though I doubt it, because in that case DOJ would withhold it, as they are doing with two other Section 215 opinions dated August 20, 2008 and November 23, 2010).

So one possibility is the FISA Court simply never considered whether the phone dragnet really fit the definition of relevant, and just took the application for the first May 24, 2006 opinion with no questions. This, it seems to me, would be erroneous on the part of FISC.

Possibility two: FISC approved the dragnet based on old PATRIOT knowing new “relevant to” PATRIOT was coming

Another possibility is that the FISA Court rushed through approval of the phone dragnet knowing that the reauthorization that would be imminently approved would slightly different language on the “relevance” standard (though that new language was in most ways more permissive). Thus, the government would already have an approval for the dragnet in hand at the time when they applied to use it in May, and would just address the “relevance” language in their application, which we know they did.

In this case, the opinion would seem to be erroneous because of the way it deliberately sidestepped known and very active actions of Congress pertaining to the law in question.

Possibility three: FISC approved the dragnet based on new PATRIOT language even before it passed

Another possibility is that FISC approved the phone dragnet before the new PATRIOT language became law. That seems nonsensical, but we do know that DOJ’s Office of Intelligence Policy Review briefed FISC on something pertaining to Section 215 in February 2006.

After passage of the Reauthorization Act on March 9, 2006, combination orders became unnecessary for subscriber information and [one line redacted]. Section 128 of the Reauthorization Act amended the FISA statute to authorize subscriber information to be provided in response to a pen register/trap and trace order. Therefore, combination orders for subscriber information were no longer necessary. In addition, OIPR determined that substantive amendments to the statute undermined the legal basis for which OIPR had received authorization [half line redacted] from the FISA Court. Therefore, OIPR decided not to request [several words redacted] pursuant to Section 215 until it re-briefed the issue for the FISA Court. 24

24 OIPR first briefed the issue to the FISA Court in February 2006, prior to the Reauthorization Act. [two lines redacted] [my emphasis]

Still, this passage seems to reflect an understanding, at the time DOJ briefed FISC and at the time that the FISC opinion was written that the law was changing in significant ways (some of which made it easier for the government to get IDs along with the Internet metadata it was collecting using a Pen Register).

This would seem to be erroneous for timing reasons, in that the judge issued an opinion based on a law that had not yet been signed into law, effectively anticipating Congress.

The looming threat of Hepting v. AT&T and Mark Klein’s testimony

Which brings me to why. The 2009 Draft NSA IG Report describes some of what went on in this period.

After the New York Times article was published in December 2005, Mr. Potenza stated that one of the PSP providers expressed concern about providing telephone metadata to NSA under Presidential Authority without being compelled. Although OLC’s May 2004 opinion states that NSA collection of telephony metadata as business records under the Authorization was legally supportable, the provider preferred to be compelled to do so by a court order.

As with the PR/TT Order, DOJ and NSA collaboratively designed the application, prepared declarations, and responded to questions from court advisors. Their previous experience in drafting the PRTT Order made this process more efficient.

The FISC signed the first Business Records Order on 24 May 2006. The order essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had under the PSP. And, unlike the PRTT, there was no break in collection at transition.

But the IG Report doesn’t explain why the telecom(s) started getting squeamish after the NYT scoop.

It doesn’t mention, for example, that on January 17, 2006, the ACLU sued the NSA in Detroit. A week after that suit was filed, Attorney General Alberto Gonzales wrote the telecoms a letter giving them cover for their cooperation.

On 24 January 2006, the Attorney General sent letters to COMPANIES A, B, and C, certifying under 18 U.S.C. 2511 (2)( a)(ii)(B) that “no warrant or court order was or is required by law for the assistance, that all statutory requirements have been met, and that the assistance has been and is required.”

Note, this wiretap language pertains largely to the collection of content (that is, the telecoms had far more reason to worry about sharing content). Except that two issues made the collection of metadata particularly sensitive: the data mining of it, and the way it was used to decide who to wiretap.

More troubling still to the telecoms, probably, came when EFF filed a lawsuit, Hepting, on January 31 naming AT&T as defendant, largely based on an LAT story of AT&T giving access to the its stored call records.

But I’m far more interested in the threat that Mark Klein, the AT&T technician who would ultimately reveal the direct taps on AT&T switches at Folsom Street, posed. Read more →

Did CIA Take Its Phone Dragnet Business to AT&T When FISC Enforced the Rules?

November 7, 2013/2 Comments/in FISA, PATRIOT /by emptywheel

One important takeaway from Charlie Savage’s report that the CIA pays AT&T $10 million for phone records to hunt (the story goes, though I don’t buy it) terrorists is that CIA can replicate part of what the NSA’s phone dragnet does by working with just one company.

The C.I.A. supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said. The company has a huge archive of data on phone calls, both foreign and domestic, that were handled by its network equipment, not just those of its own customers.

[snip]

Most of the call logs provided by AT&T involve foreign-to-foreign calls, but when the company produces records of international calls with one end in the United States, it does not disclose the identity of the Americans and “masks” several digits of their phone numbers, the officials said.

Still, the agency can refer such masked numbers to the F.B.I., which can issue an administrative subpoena requiring AT&T to provide the uncensored data.

Granted, this program primarily gets foreign and only with minimization foreign to US call records (the Section 215 dragnet gets foreign to US and US to US, but we know from some of the 2009 violations that it also collects foreign to foreign under other programs). AT&T’s switches may not carry enough of the domestic traffic to provide US to US calls. But it does seem to accomplish what the I Con say is the primary purpose of the phone dragnet: to identify if Americans are talking to terrorists overseas and if so, who they are.

Interestingly, the story suggests that CIA has its own program because it is more efficient — precisely the reason NSA says it needs its own database.

The C.I.A. program appears to duplicate work performed by the N.S.A. But a senior American intelligence official, while declining to address whether the AT&T alliance exists, suggested that it would be rational for the C.I.A. to have its own program to check calling patterns linked to overseas terrorism suspects.

With on-the-ground operatives abroad seeking to disrupt terrorist activities in “time-sensitive threat situations,” the official said, the C.I.A. requires “a certain speed, agility and tactical responsiveness that differs” from that of other agencies. “That need to act without delay is often best met when C.I.A. has developed its own capabilities to lawfully acquire necessary foreign intelligence information,” the official said. [my emphasis]

If AT&T is so efficient at this function, then why can’t the NSA just rely on it?

Though it’s not clear whether AT&T offers more speed to CIA because CIA can get it directly, without having to go through oversight mechanisms the NSA must comply with, or because AT&T is just quicker than the NSA.

The few details about the history of the program may provide a hint.

The history of the C.I.A. program remains murky. It began sometime before 2010, and was stopped at some point but then was resumed, according to the officials.

“Sometime before 2010” may well be 2009, when Judge Walton stopped the practice by which both FBI and CIA were accessing phone dragnet results directly. That is, what we may be seeing is CIA replicating its own program, without FISA oversight, in response to losing more direct access under a program inadequately overseen (before 2009) by FISC.

Finally, let’s go back to the claim that CIA uses this solely to find terrorists. In his no comment comment in the story, CIA spokesperson Dean Boyd reminds that CIA also serves a counterintelligence function. So at a minimum, I’d be they’re using this to find potential spies in the US, in addition to terrorists.

But CIA’s mission is far broader than terrorism. And the phone dragnet program is limited — if however expansively — to use with counterterrorism targets. So one other reason CIA may do this (and probably FBI and NSA, in their own forms) is to target other kinds of targets.

Note, too, that by having AT&T do this analysis rather than NSA, CIA may also be able to conduct kinds of analysis on the call records that NSA can’t do with the phone dragnet (though the 2009 files make it clear it can with its non Section 215 collection).

At the very least, this story presents new challenges to I Con claims that it can’t accomplish its objectives without holding a database of every phone based relationship in the US.

But it also reminds us that the spooks will find other ways of getting the information they want, many of which have even less oversight than the phone dragnet.

The Smartest European Blowback In the World

October 31, 2013/3 Comments/in FISA /by emptywheel

For the record, I think European and Brazilian efforts to crack down on US cloud companies — especially Google — are mostly just an effort to gain further access to the data themselves and create more competitive conditions for their countries’ own companies (see an interesting development on the Google front here), here is the kind of development that will slow the expansion of the US dragnet.

AT&T Inc.’s ambitions to expand in Europe have run into unexpected hurdles amid the growing outcry across the region over surveillance by the National Security Agency. German and other European officials said any attempt by AT&T to acquire a major wireless operator would face intense scrutiny, given the company’s work with the U.S. agency’s data-collection programs.

Resistance to such a deal, voiced by officials in interviews across Europe, suggests the impact of the NSA affair could extend beyond the diplomatic sphere and damage U.S. economic interests in key markets. AT&T Chief Executive Randall Stephenson has signaled repeatedly in recent months that he is interested in buying a mobile-network operator in Europe, highlighting the potential for growth on the continent at a time when the U.S. company faces headwinds at home.

On Wall Street, many bankers, investors and analysts expect AT&T to make a bid for Vodafone Group PLC, which owns cellphone networks across Europe, as early as the first half of next year.

No matter what other efforts other countries put into place to limit the US dragnet, until they take away access to the telecom backbone and/or until private companies dramatically improve their own security, the US government is just going to take what it wants (Indeed, I have been wondering whether the US push to privatize telecoms starting as early as the 1980s served, in part, to make it easier to find “partners” in access data signals).

To allow AT&T — one of NSA’s longest, most willing partners — to become a big player in Europe would simply provide that access.

I’m mildly sorry for Google and Yahoo, particularly because they’ve had their signals stolen for years and have resisted in the NSA various ways, only some of which have been effective.

But if AT&T gets locked out of overseas expansion because it is effectively just an arm of the NSA, I will applaud.

The “Voluntary” Cooperation that Comes from Coercion of Licensing Agreements?

October 25, 2013/6 Comments/in FISA /by emptywheel

The Guardian today describes how hard GCHQ worked to prevent its intercepts from being discoverable in trials. It did so for two reasons: to prevent a political firestorm about the extent of the collection.

A briefing memo prepared for the board of GCHQ shortly before the decision was made public revealed that one reason the agency was keen to quash the proposals was the fear that even passing references to its wide-reaching surveillance powers could start a “damaging” public debate.

Referring to the decision to publish the report on intercept as evidence without classification, it noted: “Our main concern is that references to agency practices (ie the scale of interception and deletion) could lead to damaging public debate which might lead to legal challenges against the current regime.”

And to protect the telecoms, some of whose cooperation (I’m guessing British Telecom and Vodaphone, based on other reporting, but that is a wildarsed guess) goes beyond the requirements of the law.

In an extended excerpt of “the classified version” of a review prepared for the Privy Council, a formal body of advisors made up of current and former cabinet ministers, the document sets out the real nature of the relationship between telecoms firms and the UK government.

“Under RIPA [the Regulation of Investigatory Powers Act 2000], CSPs in the UK may be required to provide, at public expense, an adequate interception capability on their networks,” it states. “In practice all significant providers do provide such a capability. But in many cases their assistance – while in conformity with the law – goes well beyond what it requires.

The story references back to its earlier coverage on Tempora, the UK collection off cables, largely to note how different this description of the telecoms’ cooperation is from what they claimed back in June.

But given this description of their extensive cooperation, this detail from the original Tempora story sure looks more interesting.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

“There’s an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice.”

Back in June, an anonymous source said the telecoms cooperate because their licensing depends on it. Now we learn that the government considers their cooperation voluntary, some of it beyond what is required.

I don’t know whether telecom law operates in the UK like in the US, but if the government premises licensing based on cooperation, it might get to the question I raised here, when I noted how the government reserved getting Department of Commerce involved in cases where companies didn’t provide the “voluntary” cooperation with cyberdefense the government demanded.

I think it’s quite possible the government (possibly both the US and UK) is/are demanding “voluntary” cooperation from the companies they license (on threat of losing their licenses). But remember, on a lot of this stuff, the government has held that companies can “voluntarily” turn over data (especially stuff facetiously called “foreign” based on false claims about the transit of data) without process if they want to.

So coerce the telecoms (and possibly, broadband) to cooperate under threat of licensing problems, then claim that this “voluntary” cooperation permits data sharing that otherwise would require legal process.

And in doing so, conduct a dragnet so vast that no judge would ever approve it.

Is that how it works?

The Common Commercial Services OLC Memo and Zombie CISPA

October 22, 2013/12 Comments/in Cybersecurity, FISA /by emptywheel

Some time last summer, Ron Wyden wrote Attorney General Holder, asking him (for the second time) to declassify and revoke an OLC opinion pertaining to common commercial service agreements. He said at the time the opinion “ha[d] direct relevance to ongoing congressional debates regarding cybersecurity legislation.”

That request would presumably have been made after President Obama’s April 25, 2012 veto threat of CISPA, but at a time when several proposed Cybersecurity bills, with different information sharing structures, were floating around Congress.

Wyden asked for the declassification and withdrawal of the memo again this January as part of his laundry list of requests in advance of John Brennan’s confirmation. Then, after having been silent about this request for 8 months (at least in public), Wyden asked again on September 26.

It appears that Wyden had intended to ask the question of one of the witnesses at an open Senate Intelligence Committee hearing (perhaps Deputy Attorney General James Cole), but — having had warning of his questions (because he sent them to the witnesses in advance) — Dianne Feinstein and Susan Collins ensured there would not be a second round of questions.

As it happens, Wyden made the request for the memo two days after DiFi told The Hill she was preparing to advance her version of CISPA, and the day after Keith Alexander started calling for cybersecurity legislation again.

In a brief interview with The Hill in the U.S. Capitol on Tuesday, Feinstein said she has prepared a draft bill and plans to move it forward.

The legislation would be the Senate’s counterpart to the Cyber Intelligence Sharing and Protection Act, known as CISPA, which cleared the House in April.

CISPA would remove legal barriers that prevent companies from sharing information with each other and the government about cyber attacks. It would also allow the government to share more information with the private sector.

Since then, Alexander has pitched new cybersecurity legislation in an “interview” with the NYT, admitting he needs to be more open about his places for cybersecurity.

Now, the Executive Branch’s unwillingness to actually share the law as it interprets it with us mere citizens prevents us from understanding precisely what relationship this OLC memo has with proposed cybersecurity legislation — but Wyden made it clear in January that it does have one. But here are some things we might surmise about the memo:

The Administration is currently relying on this memo. If it weren’t using it, after all, it wouldn’t need to be revoked. That means that since at least January 14, 2011 (before which date Wyden and Russ Feingold first asked it be revoked), the Administration has had a secret interpretation of law relating in some way to cybersecurity.
The interpretation would surprise us. As Wyden notes, “this opinion is inconsistent with the public’s understanding of the law” (he doesn’t say what that law is, but I’ll hazard a guess and say it pertains to information sharing). It’s likely, then, that some form of online provider has been sharing cyber-intelligence with the federal government under some strained interpretation of our privacy protections (and, probably, some kind of Attorney General assurances everything’s cool).

Let’s use the lesson we learned during the FISA Amendments Act where the telecoms were clambering for the legislation and the retroactive immunity, but the Internet companies were grateful for “clarity,” but explicitly opposed to retroactive immunity. When we learned the telecoms had been turning over the Internet companies metadata and content, this all made more sense. The Internet Companies wanted the telecoms to be punished for stealing their data.

In this case, in the first round of CISPA (which had broad immunity protections), Facebook and Microsoft were supporters. But in this go-around (which has still generous but somewhat more limited immunity), the big supporters consist of:

Telecoms (AT&T, Verizon; interestingly, Sprint did not sign a letter of support)
Broadband and other backbone providers (Boeing, Cisco, Comcast, TimeWarner, USTelecom)
Banks and financial transfer
Power grid operators and other utilities

Now, who knows with which of these entities the government is already relying on this common commercial services memo, which of our providers we believe have made some assurances to us but in fact they’ve made entirely different ones.

But I will say the presence of the telecoms, again, angling for immunity for information sharing, along with their analogues the broadband providers does raise questions. Especially considering Verizon Exec’s trash talking about consumer-centric Internet companies that don’t prioritize national security.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

After all, the telecoms have a history of willingly cooperating with the government, even if it bypassed the protections offered by Internet companies, even if it violated the law. Have they been joined by big broadband?

Well, DOJ could clear all this up by revoking and releasing the memo. Until they do, though, my wildarsed guess is that those operating the Toobz in the country — the telecom and broadband companies — have already started sharing consumers’ data that a plain reading of the law seemingly wouldn’t permit them to do.

Hundreds of Millions Lubricate the Telecoms

August 29, 2013/5 Comments/in FISA /by emptywheel

In the third of its budget stories today, the WaPo reveals the scale of the funds provided to telecoms to provide vast amounts of data to the government: $278 million this year, and $394 million in 2011, for doing things like leasing networks and circuits.

The budget documents obtained by The Post list $65.96 million for Blarney, $94.74 million for Fairview, $46.04 million for Stormbrew and $9.41 million for Oakstar. It is unclear why the total of these four programs amounts to less than the overall budget of $278 million.

Among the possible costs covered by these amounts are “network and circuit leases, equipment hardware and software maintenance, secure network connectivity, and covert site leases,” the documents say. They also list in a separate line item $56.6 million in payments for “Foreign Partner Access,” although it is not clear whether these are for foreign companies, foreign governments or other foreign entities.

As former Global Crossing exec explains, it’s all about lubrication.

Former telecommunications executive Paul Kouroupas, a security officer who worked at Global Crossing for 12 years, said that some companies welcome the revenue and enter into contracts in which the government makes higher payments than otherwise available to firms receiving reimbursement for complying with surveillance orders.

[snip]

“It certainly lubricates the [surveillance] infrastructure,” Kouroupas said. He declined to say whether Global Crossing, which operated a fiber-optic network spanning several continents and was bought by Level 3 Communications in 2011, had such a contract.

Now, we have always known AT&T and Verizon were rather enthusiastic to cooperate with the government, whereas Google and Yahoo have both fought some of the dragnet requests. And–as WaPo notes–that goes back to years before 9/11 (which is one reason the telecoms cooperated in Cheney’s illegal collection for 4 years before they pushed for more extensive legal cover).

We just finally know what it takes to get the telecoms excited.

The New I Con: “Total Number of Orders and Targets”

August 29, 2013/1 Comment/in FISA, PATRIOT /by emptywheel

The I Con people, in another attempt to feign transparency, have announced they will release “new” numbers.

Consistent with this directive and in the interest of increased transparency, the DNI has determined, with the concurrence of the IC, that going forward the IC will publicly release, on an annual basis, aggregate information concerning compulsory legal process under certain national security authorities.

Specifically, for each of the following categories of national security authorities, the IC will release the total number of orders issued during the prior twelve-month period, and the number of targets affected by these orders:

FISA orders based on probable cause ( Titles I and III of FISA, and sections 703 and 704).

Section 702 of FISA

FISA Business Records (Title V of FISA).

FISA Pen Register/Trap and Trace ( Title IV of FISA)

National Security Letters issued pursuant to 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709.

Only, this is, as I Con transparency always is, less than meets the eye.

To start with, the I Cons already release much of this due to statutory requirements. It releases the number of FISA orders on probable cause (and the number rejected), the number of business records, and the National Security letters, as well as the number of US persons included in those NSLs.

If I understand this correctly, the only thing new they’ll add to this information is the number of people “targeted” under the Section 215. In other words, they’ll tell us they’ve used fewer than 300 selectors in the previous year to conduct up-to three hop link analysis which in reality mean thousands or even millions might be affected (to say nothing of the hundreds of millions whose communications might be affected by virtue of being collected). But they won’t tell us how many people got included in those two or three hops.

Furthermore, in the absence of knowing what else they’re using Section 215 for, the meaning of these numbers will be hidden — as it already was when the government told us (last year) it had submitted 212 Section 215 applications, without telling us several of those applications collected every American’s phone records.

The same is true of the Pen Register/Trap and Trace provision. The government has told us they’re no longer using it to collect the Internet metadata of all Americans. But what are they using it to do? Are they (in one theory posited since the Snowden leaks started) using it to collect key information from Internet providers? Given the precedents hidden at the FISA Court, we’re best served to assume there is some exotic use like this, meaning any number they show us could represent a privacy threat far bigger than the number might indicate.

Then, finally, there’s Section 702, which will be new information. The October 3, 2011 John Bates opinion tells the NSA collects 250 million communications a year under Section 702; the August 2013 Compliance Assessment seems to support (though it redacts the numbers) the NSA targeting 63,000 to 73,000 selectors on any given day. In other words, those numbers are big. But that doesn’t tell us, at all, how many US persons get sucked up along with the targeted selectors. That number is one the NSA refuses to even collect, though Ron Wyden has asked them for it. Usually, when the NSA refuses to count something, it is because doing so would demonstrate how politically (and potentially, Constitutionally) untenable it is.

Moreover, the government doesn’t, apparently plan to release the number Google and Yahoo would like it to release, numbers which likely show how much more enthusiastic the well-lubricated telecoms are about providing this material than the less-well lubricated Internet providers. That is, the government isn’t going to (or hasn’t yet agreed to) provide numbers that show corporations have some leeway on how much of our data they turn over to the government.

So, ultimately, this seems to be about providing two or three new numbers, in addition to what the government is legally obliged to provide, yet without providing any numbers on how many Americans get sucked into this dragnet.

They will provide the “total number of orders and targets.” But they’re not going to provide the information we actually want to know.

Are the Brits Trying to Protect British Telecom?

August 26, 2013/18 Comments/in FISA /by emptywheel

In addition to her latest stories describing the generalized spying the NSA and GCHQ engage in, Laura Poitras today also tells her side of the David Miranda story. In it, she reveals the hard drives destroyed at the Guardian included details on Tempora.

Included on those drives were documents detailing GCHQ’s massive domestic spying program called “Tempora.”

This program deploys NSA’s XKeyscore “DeepDive” internet buffer technology which slows down the internet to allow GCHQ to spy on global communications, including those of UK citizens. Tempora relies on the “corporate partnership” of UK telecoms, including British Telecommunications and Vodafone. Revealing the secret partnerships between spy agencies and telecoms entrusted with the private communications of citizens is journalism, not terrorism.

It seems she’s trying to suggest that the Brits are trying to protect this program, specifically. Which would protect not just a spying technique (collecting data off the switches), but also the involvement of BT and Vodafone.

Remember, that weird Independent story from last week (which Snowden made clear did not come from him) also included details about BT and Vodaphone’s roles in this spying.

The Government also demanded that the paper not publish details of how UK telecoms firms, including BT and Vodafone, were secretly collaborating with GCHQ to intercept the vast majority of all internet traffic entering the country. The paper had details of the highly controversial and secret programme for over a month. But it only published information on the scheme – which involved paying the companies to tap into fibre-optic cables entering Britain – after the allegations appeared in the German newspaper Süddeutsche Zeitung.

It makes sense. Even in the US, even in the materials released so far, both the Guardian and Washington Post have protected the role that AT&T and Verizon play in this process.

The Independent story also mentioned a secret British spying base in the Middle East that played a role in Tempora.

One of the areas of concern in Whitehall is that details of the Middle East spying base which could identify its location could enter the public domain.

The data-gathering operation is part of a £1bn internet project still being assembled by GCHQ. It is part of the surveillance and monitoring system, code-named “Tempora”, whose wider aim is the global interception of digital communications, such as emails and text messages.

[snip]

The Middle East station was set up under a warrant signed by the then Foreign Secretary David Miliband, authorising GCHQ to monitor and store for analysis data passing through the network of fibre-optic cables that link up the internet around the world.

That part of the story made me remember Reprieve’s claims from earlier this year that British Telecom played a role in drone targeting in Djibouti.

BT’s slogan used to be ‘it’s good to talk’, but when it comes to contracts with the US military ‘it’s best to keep your mouth shut’ might be more appropriate.

Earlier this year Reprieve obtained evidence that BT had been awarded a contract worth over $23 million by the US Defense Information Systems Agency to provide communications infrastructure connecting US-run RAF Croughton in Northamptonshire with the secretive Camp Lemonnier in Djibouti.

Read more →

Yahoo, the Law-Abiding Free Email Provider

June 29, 2013/34 Comments/in FISA, PATRIOT /by emptywheel

The FISA Court has officially agreed to declassify that Yahoo was the company that challenged a Protect Amendment Act order in 2007.

Once this PRISM slide was published, it was always pretty likely that Yahoo — or maybe Google — was the company in question. Yahoo started complying around the time the FISC decision was reached; Google joined in after the FISCR decision was unsealed.

Which leaves … Microsoft, which started cooperating before the law and then the FISA Court forced it to (though collection may not have begun until after PAA passed and, as Rayne has pointed out, Microsoft’s code was being exploited by the government for entirely different purposes in precisely that timeframe).

Now might be a good time to review what happened with the 7 companies the government asked to participate in an illegal wiretap program based solely on the President’s say-so. Per the 2009 NSA Draft IG Report, the companies are:

Telecoms A, B, and C (probably AT&T, Verizon, and — definitely– MCI, respectively, since they were the 3 telecoms working onsite at FBI’s direct access office under another program). These companies were approached by people from NSA’s Special Source Operations unit as soon as the program was approved, and they agreed to participate “voluntarily.” In 2003, MCI got cold feet and demanded a letter from John Ashcroft stating that the request was lawful, in which he “directed” them to comply with NSA’s requests.
Telecom E (Qwest). It was approached by SSO personnel in 2002, purportedly for collections related to the Olympics. After some discussion, Qwest’s General Counsel decided to not support the operation.
Internet Provider D (probably Microsoft). This company was approached by “NSA legal and operational personnel” (not SSO) in September 2002. In response, this company provided “minimal” support, spanning roughly from October 9, 2002 through just after September 11, 2003. No person at this company was ever cleared to store letters from the NSA.
Internet Provider F (probably Yahoo). This company was approached in October 2002 by NSA legal and operational personnel. In response to NSA’s request, Internet Provider F asked for a letter from Attorney General Ashcroft certifying the legality of the program. While in December 2002, NSA’s Commercial Technologies Group through Internet Provider F was participating, NSA’s GC says they did not because of corporate liability concerns.
Private Sector Company G. This company was approached in April 2003 by NSA legal and operational personnel. This company’s GC said he or she wanted to consult outside counsel. NSA chose to drop the request. I have no idea what company this would be (CISCO?); any thoughts?

Here’s what these companies provided:

This table tells us a great deal about the program–and also the legal problems behind it.

Internet provider D — the one of two that cooperated — only did so for 7 months in 2003, and only provided Internet content (probably primarily Hotmail emails), not metadata.

Which left the government to get the other Internet data off of AT&T and Verizon’s switches (we know C is MCI because February 2005 is when Verizon bought it, which explains why it started handing over Internet content and metadata then). As the IG Report explains,

A, B, and C provided access to the content of Al Qaeda and Al Qaeda-affiliate email from communication links they owned and operated.

[snip]

The last category of private sector assistance was access to Internet Protocol (IP) metadata associated with communications of al Qaeda (and affiliates) from data links owned or operated by COMPANIES A, B, and C.

In other words, Microsoft and Yahoo, the biggest free email providers, were not crazy about providing content (though one, probably Microsoft, did for a period). And they were completely unwilling to provide IP metadata.

So the government just went to AT&T and Verizon’s switches and took it there.

The Truth: The NSA Has Been Working on Domestic Spying for Ten-Plus Years

June 18, 2013/15 Comments/in Cybersecurity, Intelligence /by Rayne

[graphic: Electronic Frontier Foundation via Flickr]

The yapping of national security conservatives, whether self-identified as Republicans or Democrats, obscures the truth when they denigrate Edward Snowden’s flight to Hong Kong and subsequent attempts at whistleblowing.

The truth is this:

• Others before Snowden tried to go through so-called chain of command or proper channels to complain about the National Security Agency’s domestic spying, or to refuse the NSA’s efforts to co-opt them or their business. These efforts did not work.

• They were obstructed, harassed, or punished for their efforts. It did not matter whether they were insiders or outsiders, whistleblowers or plaintiffs, the results were the same for:

•  William Binney,
•  Thomas Drake,
•  Mark Klein,
•  Thomas Tamm,
•  Russell Tice,
•  and J. Kirk Wiebe,
•  as well as Joseph Nacchio.

• The effort to spy on Americans, violating their privacy and taking their communications content, has been underway since before the Bush administration. (Yes, you read that right: BEFORE the Bush administration.)

• Three presidents have either failed to stop it or encouraged it (Yes, including Bill Clinton with regard to ECHELON).

• The program has been growing in physical size for more than a decade.

One document in particular [PDF] described the challenge of the NSA , from which this excerpt is drawn: Read more →