The Intercept has published their long-awaited story profiling a number of Muslim-American leaders who have been targeted by the FBI and NSA. It shows that:
In other words, the leaders of a number of different Muslim civil society organizations were wiretapped for years under a program that should require a judge agreeing they represent agents of a foreign power.
But they probably weren’t just wiretapped. They probably were also used as seeds for the phone and Internet dragnets, resulting in the associational mapping of their organizations’ entire structure.
On August 18, 2006, the phone dragnet primary order added language deeming “telephone numbers that are currently the subject of FISA authorized electronic surveillance … approved for meta data querying without approval of an NSA official due to the FISA authorization.”
Given the way the phone and Internet dragnet programs parallel each other (and indeed, intersect in federated queries starting at least by 2008), a similar authorization was almost certainly included in the Internet dragnet at least by 2006.
That means as soon as these men were approved for surveillance by FISA, the NSA also had the authority to run 3-degree contact chaining on their email and phone numbers. All their contacts, all their contacts’ contacts, and all their contacts’ contacts’ contacts would have been collected and dumped into the corporate store for further NSA analysis.
Not only that, but all these men were surveilled during the period (which continued until 2009) when the NSA was running automated queries on people and their contacts, to track day-to-day communications of RAS-approved identifiers.
So it is probably reasonable to assume that, at least for the period during which these men were under FISA-authorized surveillance, the NSA has an associational map of their organizations and their affiliates.
Which is why I find it interesting that DOJ refused to comment on this story, but told other reporters that FBI had never had a FISA warrant for CAIR founder Nihad Awad specifically.
The Justice Department did not respond to repeated requests for comment on this story, or for clarification about why the five men’s email addresses appear on the list. But in the weeks before the story was published, The Intercept learned that officials from the department were reaching out to Muslim-American leaders across the country to warn them that the piece would contain errors and misrepresentations, even though it had not yet been written.
Prior to publication, current and former government officials who knew about the story in advance also told another news outlet that no FISA warrant had been obtained against Awad during the period cited. When The Intercept delayed publication to investigate further, the NSA and the Office of the Director of National Intelligence refused to confirm or deny the claim, or to address why any of the men’s names appear on the FISA spreadsheet.
Awad’s organization, CAIR, is a named plaintiff in the EFF’s suit challenging the phone dragnet. They are suing about the constitutionality of a program that — the EFF suit also happens to allege — illegally mapped out associational relations that should be protected by the Constitution.
CAIR now has very good reason to believe their allegations in the suit — that all their relationships have been mapped — are absolutely correct.
Update: EFF released this statement on the Intercept story, reading, in part,
Surveillance based on First Amendment-protected activity was a stain on our nation then and continues to be today. These disclosures yet again demonstrate the need for ongoing public attention to the government’s activities to ensure that its surveillance stays within the bounds of law and the Constitution. And they once again demonstrate the need for immediate and comprehensive surveillance law reform.
We look forward to continuing to represent CAIR in fighting for its rights, as well as the rights of all citizens, to be free from unconstitutional government surveillance.
EFF represents CAIR Foundation and two of its regional affiliates, CAIR-California and CAIR-Ohio, in a case challenging the NSA’s mass collection of Americans’ call records. More information about that case is available at: First Unitarian Church of Los Angeles v. NSA.
Remember “the wall” that used to separate intelligence from criminal investigations and was used as an excuse for intelligence agencies not sharing intelligence they were permitted to share before 9/11?
It was demolished in 2001 — when the PATRIOT Act explicitly permitted what had been permitted before, sharing of intelligence information with the FBI – and 2002 — when the FISA Court of Review overruled presiding FISA Judge Royce Lamberth’s efforts to sustain some Fourth Amendment protections in criminal investigations using minimization procedures.
Nevertheless, the specter of a wall that didn’t prevent the Intelligence Committee from discovering 9/11 rising again is one of the things lying behind PCLOB’s weak recommendations on back door searches in its report on Section 702.
Of particular note, that’s what the Center for Democracy and Technology’s James Dempsey cites in his squishy middle ground recommendation on back door searches.
It is imperative not to re-erect the wall limiting discovery and use of information vital to the national security, and nothing in the Board’s recommendations would do so. The constitutionality of the Section 702 program is based on the premise that there are limits on the retention, use and dissemination of the communications of U.S. persons collected under the program. The proper mix of limitations that would keep the program within constitutional bounds and acceptable to the American public may vary from agency to agency and under different circumstances. The discussion of queries and uses at the FBI in this Report is based on our understanding of current practices associated with the FBI’s receipt and use of Section 702 data. The evolution of those practices may merit a different balancing. For now, the use or dissemination of Section 702 data by the FBI for non-national security matters is apparently largely, if not entirely, hypothetical. The possibility, however, should be addressed before the question arises in a moment of perceived urgency. Any number of possible structures would provide heightened protection of U.S. persons consistent with the imperative to discover and use critical national security information already in the hands of the government.546
546 See Presidential Policy Directive — Signals Intelligence Activities, Policy Directive 28, 2014 WL 187435, § 2, (Jan. 17, 2014) (limiting the use of signals intelligence collected in bulk to certain enumerated purposes), available at http://www.whitehouse.gov/the-press-office/2014/01/17/presidential-policy-directive-signals-intelligence-activities. [my emphasis]
Dempsey situates his comments in the context of the “wall.” He then suggests there are two possible uses of back door searches: “national security matters,” and non-national security matters, with the latter being entirely hypothetical, according to what the FBI self-reported to PCLOB.
Thus, he’s mostly thinking in terms of “possible structures [that] would provide heightened protection of US. persons,” to stave off future problems. He points to President Obama’s PPD-28 as one possibility as a model.
But PPD-28 is laughably inapt! Not only does the passage in question address “bulk collection,” which according to the definition Obama uses and PCLOB has adopted has nothing to do with Section 702. “[T]he Board does not regard Section 702 as a ‘bulk’ collection program,” PCLOB wrote at multiple points in its report.
More troubling, the passage in PPD-28 Dempsey cites permits bulk collection for the following uses:
(1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
(2) threats to the United States and its interests from terrorism;
(3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
(4) cybersecurity threats;
(5) threats to U.S. or allied Armed Forces or other U.S or allied personnel;
(6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section;
Ultimately, this represents — or should — an expansion of permissible use of Section 702 data, because its discussion of terrorism and cybersecurity do not distinguish between those with an international nexus and those without. And the discussion of transnational crime might subject any petty drug dealer selling dope from Mexico to foreign intelligence treatment.
That this is what passes for the mushy middle on PCLOB is especially curious given that Dempsey was one of the first PCLOB member to express concern about back door searches. He did so in November’s Section 215 hearing, and even suggested limiting back door searches to foreign intelligence purposes (which is not the standard for FBI, in any case) was inadequate. Nevertheless, in last week’s report, he backed only very weak protections for back door searches, and did so within the context of national security versus non-national security, and not intelligence versus crime.
Now, I don’t mean to pick on Dempsey exclusively — I’ll have a few more posts on this issue. And to be clear, Dempsey does not represent CDT at PCLOB; he’s there in his private capacity.
But I raised his affiliation with CDT because in that capacity, Dempsey was part of an amicus brief, along with representatives from ACLU, Center for National Security Studies, EPIC, and EFF, submitted in the In Re Sealed Case in 2002, in which the FISA Court of Review reversed Lamberth and permitted prosecutor involvement in FISA warrants. That brief strongly rebuts the kind of argument he adopted in last week’s PCLOB report.
Citing the significant public interest and past overclassification, the judge in EFF’s side of the Section 215 FOIA has ordered DOJ to cough up 5 (actually, I believe it is 6) orders, so she can review them in camera to see whether the government should release them.
The orders — with my speculation about what they are — are:
FISC opinion dated 8/20/2008 (6 pages)
I wrote about this opinion here. Two days before the order, the government submitted information on how it correlates different phone selectors for further chaining, which leads me to believe that’s the topic of the opinion. The government doesn’t want to release it because it is still using this “method,” which leads me to believe it would offer some insight on what it means that the automatic queries approved in 2012 and the connection-based chaining envisioned under the reformed program.
(2) FISC order dated 10/31/2006 (19 pages);
I believe this is actually two orders, one of 15 and one of 4 pages. If these pertain to the phone dragnet, one might pertain to compensation, another might either deal with violations the program was already experiencing (the next primary order imposed new regular reviews).
But it’s just as likely that these orders approve bulk collection for something else — perhaps financial records, for example.
(5) FISC orders dated 12/16/2005 (16 pages)
(3) FISC orders dated 2/17/2006 (17 pages)
(4) FISC orders dated 2/24/2006 (8 pages)
Given the timing (I’ve retained Judge Yvonne Gonzales Rogers’ numbering but adjusted order to match timing), I suspect these deal with the illegal wiretapping program. After all the first of these three orders was approved the day after the program was disclosed, during the period when PATRIOT Authority was extended after an true extension was filibustered.
Mind you, these are not supposed to deal with bulk collection. It may be they dealt with extending existing programs, providing feedback about what would not be acceptable bulk collection, or simply smaller orders affecting the most important part of the production.
As a reminder, there are 3 other known dragnet orders — from during the period when FISC was working through the violations in 2009 — the government didn’t even disclose to EFF. I wrote about those here.
Later that day, EFF Legal Director Cindy Cohn emailed her contact at DOJ, Marcia (Marcy) Berman, saying,
Jewel plaintiffs are okay with [a deadline extension] if the government can assure us that no additional information will be destroyed in the meantime.
As you can see, we went ahead and filed [the motion on spoliation].
The following Monday, after Cohn asked Berman, “Does that mean no additional information will be destroyed in the meantime?” Berman answered,
What it means is that we have already explained in our opening brief that we are in compliance with our preservation obligations and do not feel that we should have to make any further assurances or undertakings to accommodate plaintiffs’ need for additional time.
Later that day, Cohn reminded Berman that the Temporary Restraining Order covering destruction of information “including but not limited to … telephone metadata” remained in place. Cohn continued,
You appear to be saying that routine destruction of post-FISC material is continuing to occur regardless of the TRO; please confirm whether this is correct.
Berman responded, obliquely, yes.
The Court is presently considering whether the Government must preserve material obtained under Section 702 of FISA in the context of the Jewel/Shubert litigation. In the meantime, pending resolution of the preservation issues in this case, we have been examining with our clients how to address the preservation of data acquired under the Section 702 program in light of FISC imposed data retention limits (even though we disagree that the program is at issue in Jewel and Shubert).
Hoffman wrote a bunch more about “technical” “classified” blah blah blah, which I’ll return to, because I think it’s probably significant.
I can’t think of a more relevant NSA practice to a suit that relies significantly on Mark Klein’s whistle-blowing about the room where AT&T diverted and copied large amounts of telecom traffic than upstream 702 collection, in which AT&T and other telecom providers divert and copy large amounts of telecom traffic. While I’m not certain this evidence pertains to upstream — and not PRISM — EFF suggests that is included.
In communications with the government this week, plaintiffs learned to their surprise that the government is continuing to destroy evidence relating to the mass interception of Internet communications it is conducting under section 702 of the Foreign Intelligence Surveillance Act. This would include evidence relating to its use of “splitters” to conduct bulk interceptions of the content of Internet communications from the Internet “backbone” network of AT&T, as described in multiple FISC opinions and in the evidence of Mark Klein and J. Scott Marcus, ECF Nos. 84, 85, 89, 174 at Ex. 1
If it is, then it seems all the more damning, given that upstream collection is the practice that most obviously violates the ban on wiretapping Americans in the US.
EFF filed a motion accusing the government of illegally destroying evidence. And the government’s response was to destroy more evidence.
Update: The government has asked for an emergency stay of the Court’s June 5 order (which is actually a March 10 order, but the government doesn’t admit that) because NSA says so.
Undersigned counsel have been advised by the National Security Agency that compliance with the June 5, 2014 Order would cause severe operational consequences for the National Security Agency (NSA’s) national security mission, including the possible suspension of the Section 702 program and potential loss of access to lawfully collected signals intelligence information on foreign intelligence targets that is vital to NSA’s foreign intelligence mission
There’s something funky here — perhaps that some of this actually belongs to GCHQ? I dunno — which is leading the government to be so obstinate. Let’s hope we learn what it is.
Update: And EFF objected to DOJ’s request for a stay, pointing out what I did: that what they’re really asking for is blessing for ignoring the March 10 order.
The ACLU and EFF FOIAs for Section 215 documents are drawing to a head. Later this week, EFF will have a court hearing in their suit. And last Friday, the government renewed its bid for summary judgment in the ACLU case.
Both suits pivot on whether the government’s past withholdings on Section 215 were in good faith. Both NGOs are arguing they weren’t, and therefore the government’s current claims — that none of the remaining information may be released — cannot be treated in good faith. (Indeed, the government likely released the previously sealed NSA declaration to substantiate its claim that it had to treat all documents tying NSA to the phone dragnet with a Glomar because of the way NSA and DOJ respectively redact classification mark … or something like that.)
But the government insists it is operating in good faith.
Instead, the ACLU speculates, despite the government’s declarations to the contrary, that there must be some non-exempt information contained in these documents that could be segregated and released. In an attempt to avoid well-established law requiring courts to defer to the government’s declarations, especially in the area of national security, the ACLU accuses the government of bad faith and baldly asserts that the government’s past assertions regarding segregability—made before the government’s discretionary declassification of substantial amounts of information regarding its activities pursuant to Section 215— “strip the government’s present justifications of the deference due to them in ordinary FOIA cases.” ACLU Br. at 25. The ACLU’s allegations are utterly unfounded. For the reasons set forth below, the government’s justifications for withholding the remaining documents are “logical and plausible,”
EFF and ACLU have focused closely on a August 20, 2008 FISC order describing a method to conduct queries; I have argued it probably describes how NSA makes correlations to track correlations.
The government is refusing to identify 3 orders it has already identified
But — unless I am badly mistaken, or unless the government mistakenly believes it has turned over some of these orders, which is possible! — I think there are three other documents being withheld (ones the government hasn’t even formally disclosed to EFF, even while pretending they’ve disclosed everything to EFF) that raise questions about the government’s good faith even more readily: the three remaining phone dragnet Primary Orders from 2009. All three have been publicly identified, yet the government is pretending they haven’t been. They are:
BR 09-09, issued on July 8, 2009. Not only was this Primary Order identified in paragraph 3 of the next Primary Order, but it was discussed extensively in the government’s filing accompanying the end-to-end report. In addition, the non-approval of one providers’ metadata (I increasingly suspect Sprint is the provider) for that period is reflected in paragraph 1(a) of that next Primary Order.
BR 09-15, issued on October 30, 2009. The docket number and date are both identified on the first page of this supplemental order.
BR 09-19, issued on December 16, 2009. It is mentioned in paragraph 3 of the next Primary Order. The docket number and the date are also referred to in the documents pertaining to Sprint’s challenge recently released. (See paragraph 1 and paragraph 5 for the date.)
Thus, the existence of all three Primary Orders has been declassified, even while the government maintains it can’t identify them in the context of the FOIAs where they’ve already been declassified.
The government has segregated a great deal of the content of BR 09-09
The government’s withholding of BR 09-09 is particularly ridiculous, given how extensively the end-to-end motion details it. From that document, we learn:
Significant parts of at least 13 pages of the Primary Order (the next Primary Order is 19 pages long) have already been deemed segregable and released. Yet the government now appears to be arguing, while claiming it is operating in good faith, that none of these items would be segregable if released with the order itself!
Wildarse speculation about why the government is withholding these orders
Which raises the question of why. Why did the government withhold these 3 orders, alone among all the known regular Primary Orders from the period of EFF and ACLU’s FOIAs? (See this page for a summary of the known orders and the changes implemented in each.)
The reason may not be the same for all three orders. BR 09-09 deals with two sensitive issues — the purging of credit card information and tech personnel access — that seem to have been resolved with that order (at least until the credit card problems returned in March 2011).
But there are two things that all three orders might have in common.
First, BR 09-09 deals closely with dissemination problems — the ability of CIA and FBI to access NSA results directly, and the unfettered sharing of information within NSA. BR 09-15 lays out new dissemination rules, with the supplement in November showing NSA to still be in violation. So it’s likely all 3 orders deal with dissemination violations (and therefore with poison fruit of inappropriate dissemination that may still be in the legal system), and that the government is hiding one of the more significant aspects of the dragnet violations by withholding those orders.
I also think it’s possible the later two (potentially all three, but more likely the later two) orders combine the phone and Internet dragnets. That’s largely because of timing: A June 22, 2009 order — the first one to deal with the dissemination problems formally addressed in BR 09-09 — dealt with both dragnets. There is evidence the Internet dragnet data got shut down (or severely restricted) on October 30, 2009, the date of BR 09-15. And according to the 2010 John Bates Internet dragnet opinion, NSA applied to restart the dragnet in late 2009 (so around the time of BR 09-19). So I think it possible the later orders, especially, deal with both programs, thereby revealing details about the legal problems with PRTT the government would like to keep suppressed. (Note, if BR 09-15 and BR 09-19 are being withheld because they shut down Internet production, it would mean all three orders shut down some production, as BR 09-09 shut down one provider’s telephone production.)
Another possibility has to do with the co-mingling of EO 12333 and Section 215 data. These three orders all deal with the fact that providers (at least Verizon, but potentially the other two as well) had included foreign-to-foreign phone records along with the production of their domestic ones.That’s the reason production from one provider got shut down in BR 09-09. And immediately after the other withheld records, the Primary Orders always included a footnote on what to do with EO 12333 data turned over pursuant to BR FISA orders (see footnote 7 and footnote 10 for examples). Also, starting in March 2009, the Orders all contain language specifically addressing Verizon. So we know the FISC was struggling to come up with a solution for the fact that NSA had co-mingled data obtainable under EO 12333 and data the telecoms received PATRIOT Act orders from. (I suspect this is why Sprint insisted on legal cover, ultimately demanding the legal authorization of the program with the December order.) So it may be that all these orders reveal too much about the EO 12333 dragnet — and potential additional violations — to be released.
Whatever the reason, there is already so much data in the public domain, especially on BR 09-09, it’s hard to believe withholding it is entirely good faith.
I’ve written about these accusations in the past. EFF got a preservation order in its NSA lawsuits back in 2008. Only after the government asked for permission to destroy phone dragnet data earlier this year did they learn the government has been destroying data relevant to their various suits for years.
But now they’ve written an aggressive motion asking for sanctions.
There is now no doubt that the government defendants have destroyed evidence relevant to plaintiffs’ claims. This case concerns the government’s mass seizure of three kinds of information: Internet and telephone content, telephone records and Internet records. The government’s own declarations make clear that the government has destroyed three years of the telephone records it seized between 2006 and 2009; five years of the content it seized between 2007 and 2012; and seven years of the Internet records it seized between 2004 and 2011, when it claims to have ended those seizures.
By destroying this evidence, the government has hindered plaintiffs’ ability to prove with governmental evidence that their individual communications and records were collected as part of the mass surveillance, something the government has vigorously insisted that they must do, even as a threshold matter. Although plaintiffs dispute that the showing the government seeks is required, the government’s destruction of the best evidence that plaintiffs could use to make such a showing is particularly outrageous.
This is spoliation of evidence. A litigant has a clear legal duty to preserve evidence relevant to the facts of a case pending consideration by the court, and that duty requires preservation of all relevant evidence, defined as anything that is likely to lead to the discovery of admissible evidence. This duty is subject only to practical considerations, none of which the government has ever raised. Any private litigant who engaged in this behavior would be rightly sanctioned by the court; indeed many have been severely sanctioned for failure to preserve evidence in far less egregious circumstances.
This court has the power to order a broad range of remedies for spoliation, up to and including terminating sanctions. Plaintiffs here seek more modest relief: that the government be subject to an adverse inference that the destroyed evidence would have shown that the government has collected plaintiffs’ communications and communications records. Plaintiffs also request that the Court set a prompt hearing date on this matter in order to halt any ongoing destruction.
My favorite part — being a bit of a timeline wonk — is the timeline showing all the broad claims the government made to ensure state secrets would cover even activities authorized by FISA, interspersed with what data the NSA was destroying when.
Then there’s this lesson in warrantless wiretapping.
The government overreaches in trying to limit plaintiffs’ complaint. For example, the government tries to use the fact that plaintiffs often characterize the surveillance as “warrantless” as indicating that the complaint doesn’t reach surveillance conducted under the FISC. But this characterization is absolutely true even as to the FISC-authorized surveillance. Whatever the legal import of the FISC orders, they are unequivocally not full Fourth Amendment warrants, and the surveillance conducted under them is “warrantless.” Thus, this court was exactly correct in July 2013 when it stated that Plaintiffs’ claim is “that the federal government . . . conducted widespread warrantless dragnet communications surveillance of United States citizens following the attacks of September 11, 2001.”
Given all the things the government destroyed here — such as the US person phone data collected without requisite First Amendment review, the Internet metadata that included content, and the US person communications collected under upstream collection, the EO 12333 collected metadata mingled with the PATRIOT authorized data – they might well rather give EFF standing without all that data.
We shall see. But it does make some nice Friday afternoon reading.
Last week, I laid out the amazing coinkydink that DOJ provided Sprint a bunch of FISA opinions — including the December 12, 2008 Reggie Walton opinion finding that the phone dragnet did not violate ECPA — on the same day, January 8, 2010, that OLC issued a memo finding that providers could voluntarily turn over phone records in some circumstances without violating ECPA.
Looking more closely at what we know about the opinion, I’m increasingly convinced it was not a coinkydink at all. I suspect that the memo not only addresses FBI’s exigent letter program, but also the non-Section 215 phone dragnet.
As a reminder, we first learned of this memo when, in January 2010, DOJ’s Inspector General issued a report on FBI’s practice of getting phone records from telecom provider employees cohabiting at FBI with little or no legal service. The report was fairly unique in that it was released in 3 versions: the public unclassified but heavily redacted version, a Secret version, and a Top Secret/SCI version. Given how closely parallel the onsite telecom provider program was with the phone dragnet, that always hinted the report may have touched on other issues.
Roughly a year after the IG Report came out, EFF FOIAed the memo (see page 30). Over the course of the FOIA litigation — the DC Circuit rejected their appeal for the memo in January — DOJ provided further detail about the memo.
Here’s how OLC Special Counsel Paul Colborn described the memo (starting at 25):
The document at issue in this case is a January 8, 2010 Memorandum for Valerie Caproni, General Counsel of the Federal Bureau of Investigation (the “FBI”), from David J. Barron, Acting Assistant Attorney General for the Office of Legal Counsel (the “Opinion”). The OLC Opinion was prepared in response to a November 27, 2009 opinion request from the FBI’s General Counsel and a supplemental request from Ms. Caproni dated December 11, 2009. These two requests were made in order to obtain OLC advice that would assist FBI’s evaluation of how it should respond to a draft Report by the Office of Inspector General at the Department of Justice (the “OIG”) in the course of a review by the OIG of the FBI’s use of certain investigatory procedures.In the context of preparing the Opinion, OLC, as is common, also sought and obtained the views of other interested agencies and components of the Department. OIG was aware that the FBI was seeking legal advice on the question from OLC, but it did not submit its views on the question.
The factual information contained in the FBI’s requests to OLC for legal advice concerned certain sensitive techniques used in the context of national security and law enforcement investigations — in particular, significant information about intelligence activities, sources, and methodology.
Later in his declaration, Colborn makes it clear the memo addressed not just FBI, but also other agencies.
The Opinion was requested by the FBI and reflects confidential communications to OLC from the FBI and other agencies. In providing the Opinion, OLC was serving an advisory role as legal counsel to the Executive Branch. In the context of the FBI’s evaluation of its procedures, the general counsel at the FBI sought OLC advice regarding the proper interpretation of the law with respect to information-gathering procedures employed by the FBI and other Executive Branch agencies. Having been requested to provide counsel on the law, OLC stood in a special relationship of trust with the FBI and other affected agencies.
And FBI Record/Information Dissemination Section Chief David Hardy’s declaration revealed that an Other Government Agency relied on the memo too. (starting at 46)
This information was not examined in isolation. Instead, each piece of information contained in the FBI’s letters of November 27, 2009 and December 11, 2009, and OLC’s memorandum of January 8, 2010, was evaluated with careful consideration given to the impact that disclosure of this information will have on other sensitive information contained elsewhere in the United States intelligence community’s files, including the secrecy of that other information.
As part of its classification review of the OLC Memorandum, the FBI identified potential equities and interests of other government agencies (“OGAs”) with regard to the OLC memo. … FBI referred the OLC Memo for consultation with those OGAs. One OGA, which has requested non-attribution, affirmatively responded to our consultation and concurs in all of the classification markings.
Perhaps most remarkably, the government’s response to EFF’s appeal even seems to suggest that what we’ve always referred to as the Exigent Letters IG Report is not the Exigent Letters IG Report!
Comparing EFF’s claims (see pages 11-12) with the government’s response to those claims (see pages 17-18), the government appears to deny the following:
Along with these denials, the government reminded that the report “contained significant redactions to protect classified information and other sensitive information.” And with each denial (or non-response to EFF’s characterizations) it “respectfully refer[red] the Court to the January 2010 OIG report itself.”
The Exigent Letters IG Report is not what it seems, apparently.
With all that in mind, consider two more details. First, as David Kris (who was the Assistant Attorney General during this period) made clear in his paper on the phone (and Internet) dragnet, in addition to Section 215, the government obtained phone records from the telecoms under USC 2511(2)(f), the clause in question.
And look at how the chronology maps.
November 5, 2008: OLC releases opinion ruling sneak peak and hot number requests (among other things) impermissible under NSLs
December 12, 2008: Reggie Walton rules that the phone dragnet does not violate ECPA
Throughout 2009: DOJ confesses to multiple violations of Section 215 program, including:
- An alert function that serves the same purpose as sneak peaks and also violates Section 215 minimization requirements
- NSA treated Section 215 derived data with same procedures as EO 12333 data; that EO 12333 data included significant US person data
- One provider’s (which I originally thought was Sprint, then believed was Verizon, but could still be Sprint) production got shut down because it included foreign-to-foreign data (the kind that, according to the OLC, could be obtained under USC 2511(2)(f)
Summer and Fall, 2009: Sprint meets with government to learn how Section 215 can be used to require delivery of “all” customer records
October 30, 2009: Still unreleased primary order BR 09-15
November 27, 2009: Valerie Caproni makes first request for opinion
December 11, 2009: Caproni supplements her request for a memo
December 16, 2009: Application and approval of BR 09-19
December 30, 2009: Sprint served with secondary order
January 7, 2010: Motion to unseal records
January 8, 2010: FISC declassifies earlier opinions; DOJ and Sprint jointly move to extend time when Sprint can challenge order; and OLC releases OLC opinion; FISC grants motion (John Bates approves all these motions)
January 11, 2010: DOJ moves (in a motion dated January 8) to amend secondary order to incorporate language on legality; this request is granted the following day (though we don’t get that order)
January 20, 2010: IG Report released, making existence of OLC memo public
This memo is looking less and less like a coinkydink after all, and more and more a legal justification for the provision of foreign-to-foreign records to accompany the Section 215 provision. And while FBI said it wasn’t going to rely on the memo, it’s not clear whether NSA said the same.
Golly. It’d sure be nice if we got to see that memo before David Barron got to be a lifetime appointed judge.
Both the ACLU’s Jameel Jaffer and EFF have reviews of the government’s latest claims about Section 702. In response to challenges by two defendants, Mohamed Osman Mohamud and Jamshid Muhtorov, to the use of 702-collected information, the government claims our international communications have no Fourth Amendment protection.
Here’s how Jaffer summarizes it:
It’s hardly surprising that the government believes the 2008 law is constitutional – government officials advocated for its passage six years ago, and they have been vigorously defending the law ever since. Documents made public over the last eleven-and-a-half months by the Guardian and others show that the NSA has been using the law aggressively.
What’s surprising – even remarkable – is what the government says on the way to its conclusion. It says, in essence, that the Constitution is utterly indifferent to the NSA’s large-scale surveillance of Americans’ international telephone calls and emails:
The privacy rights of US persons in international communications are significantly diminished, if not completely eliminated, when those communications have been transmitted to or obtained from non-US persons located outside the United States.
That phrase – “if not completely eliminated” – is unusually revealing. Think of it as the Justice Department’s twin to the NSA’s “collect it all”.
In support of the law, the government contends that Americans who make phone calls or sends emails to people abroad have a diminished expectation of privacy because the people with whom they are communicating – non-Americans abroad, that is – are not protected by the Constitution.
The government also argues that Americans’ privacy rights are further diminished in this context because the NSA has a “paramount” interest in examining information that crosses international borders.
And, apparently contemplating a kind of race to the bottom in global privacy rights, the government even argues that Americans can’t reasonably expect that their international communications will be private from the NSA when the intelligence services of so many other countries – the government doesn’t name them – might be monitoring those communications, too.
The government’s argument is not simply that the NSA has broad authority to monitor Americans’ international communications. The US government is arguing that the NSA’s authority is unlimited in this respect. If the government is right, nothing in the Constitution bars the NSA from monitoring a phone call between a journalist in New York City and his source in London. For that matter, nothing bars the NSA from monitoring every call and email between Americans in the United States and their non-American friends, relatives, and colleagues overseas.
I tracked Feingold’s warnings about Section 702 closely in 2008. That’s where I first figured out the risk of what we now call back door searches, for example. But I thought his comment here was a bit alarmist.
As I’ve learned to never doubt Ron Wyden’s claims about surveillance, I long ago learned never to doubt Feingold’s.
As Charlie Savage reported this morning, Senators Ron Wyden and Mark Udall continue their ceaseless efforts to get NSA and DOJ to tell the truth. They (along with Martin Heinrich) wrote a letter to DOJ in November complaining about representations made in the Amnesty v. Clapper case. DOJ responded. And now Wyden and Udall have just written another response.
In addition to complaining about the government’s notice to defendants, Wyden and Udall claim DOJ improperly hid Section 702 upstream collection from SCOTUS by claiming the Amnesty plaintiffs could only be swept up in the dragnet if they communicated with a target.
These statements — if taken at face value — appear to foreclose the possibility of collection under section 702 intercepting any communications that are not to or from particular targets. In other words, the Justice Department indicated that communications that are merely “about” a target would not be collected. But recently declassified court opinions make it clear that legitimate communications about particular targets can also be intercepted under this authority. Since this fact was classified at the time, the plaintiffs did not raise it, but in our view this does not make these misleading statements acceptable.
The Justice Department’s reply also states that the “about” collection “did not bear upon the legal issues in the case.” But in fact, these misleading statements about the limits of section 702 surveillance appear to have informed the Supreme Court’s analysis. In writing for the majority, Justice Alito echoed your statements by the Court by stating that the “respondents’ theory necessarily rests on their assertion that the Government will target other individuals — namely their foreign contacts.” This statement, like your statements, appears to foreclose the possibility of “about” collection.
[W]hile the Justice Department may claim that the Amnesty plaintiffs’ arguments would have been “equally speculative” if they had referenced the “about” collection, that should be a determination for the courts, and not the Justice Department, to make.
After laying this out, they conclude by accusing the Executive of making “misleading statements to the public, Congress and the courts.”
They don’t name all the Courts, though.
They might want to start collecting a list of all the courts DOJ and NSA have lied to, though. Because even as the Senators and DOJ were having this squabble in DC, NSA was continuing to misinform courts on the other side of the country.
Consider how then Acting NSA Deputy Director Frances Fleisch described upstream collection — and the collection of entirely domestic communications that FISC deemed illegal — in a then-sealed declaration in the EFF Jewel case submitted 4 days before DOJ responded to the Senators.
Once a target has been approved, the NSA uses two means to acquire the target’s electronic communications. First, it acquires such communications directly from compelled U.S.-based providers. This has been publicly referred to as the NSA’s PRISM collection. Second, in addition to collection directly from providers, the NSA collects electronic communications with the compelled assistance of electronic communications service providers as they transit Internet “backbone” facilities within the United States.
In an opinion issued on October 3, 2001, the FISC found the NSA’s proposed minimization procedures as applied to the NSA’s upstream collection of Internet transactions containing multiple communications, or “MCTs,” deficient. In response, the NSA modified its proposed procedures and the FISC subsequently determined that the NSA adequately remedied the deficiencies such that the procedures met the applicable statutory and constitutional requirements, and allowed the collection to continue.
That is, Fleisch doesn’t even hint that the problem on which Bates ruled — the MCTs — consisted of entirely domestic communications unrelated to those mentioning the “about” selector. She doesn’t even hint that in addition to those MCTs, upstream collection also includes over 4 times as many completely domestic communications — SCTs — as well. She doesn’t reveal that John Bates threatened NSA with sanctions over distributing illegally collected domestic person content. And all of these issues are central to the Jewel complaint, which has always focused on telecoms collecting US person content at circuits. (I believe earlier declarations to NDCA were even more incomplete or downright dishonest on this issue, though will need to show that in a later post.)
In fact, EFF complained about this omission its response to the government’s declarations, noting that upstream about collection is precisely what whistleblower Mark Klein revealed back in 2006.
Public disclosures over the past six months, however, provide substantially more information about these collection practices than the government’s passing references. In particular, the government has publicly released an opinion of the FISC confirming that “‘upstream collection’ refers to the acquisition of Internet communications as they transit the ‘internal backbone’ facilities” of telecommunications firms, such as AT&T. Mem. Op. at 26, Redacted, No. [Redacted] (FISC Sep. 25, 2012) (emphasis added) (Ex. 1).
These descriptions of upstream Internet surveillance are functionally identical to the surveillance configuration described by the [Mark] Klein evidence: a system designed to acquire Internet communications as they flow between AT&T’s Common Backbone Internet network to the networks of other providers.
The FISA Court ruled that NSA had been breaking the law and violating the Constitution for at least 3 years leading up to the 2011 decision. And neither DOJ nor NSA have bothered telling courts ruling on the legality of the program about that fact.
It’s pretty impressive that the Executive can mislead courts about the same subject in so many places at once.
But I guess that’s just the flip side of an omnipresent spying agency, that it can also serve as an omnipresent lying agency.
Along with the release of his book today, Glenn Greenwald has released a stash of documents, many of them new. One of them PDF 39) shows how much funding NSA gives some of its international partners.
The amounts involved aren’t huge — even Pakistan, the leading recipient, gets just $2.5 million, and most recipients get far less.
But Ethiopia is third on the list, receiving somewhere around $450,000. Not a ton, but not chicken scratch, either. Presumably, much of that targets Somalia.
Still, I think it significant, given that Ethiopia is getting sued in the US for spying on journalists based in the US.
A Washington area man with ties to Ethiopia’s political opposition sued that country’s government in federal court Tuesday, alleging that agents had used powerful spyware to hack into his computer and snoop on his private communications for more than four months.
The suit says that forensics experts found more than 2,000 files related to a spyware program called FinSpy, including evidence that it had accessed the plaintiff’s Skype calls, e-mails and Web-browsing history in violation of U.S. wiretapping laws.
The case is the latest sign that the government of Ethiopia, an American ally with a history of repressing political opponents, journalists and human rights activists, has used sophisticated Internet technology to monitor its perceived enemies, even when they are in other countries.
“The Ethiopian government appears to be doing everything it can to spy on members of the diaspora, especially those in contact with opposition groups,” said Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, a civil liberties group based in San Francisco that prepared the suit.
I imagine working closely with the NSA teaches you a lot about how better to target its dissidents overseas.