EPIC

Judge in WikiLeaks FOIA Cites “Events that Have Transpired,” Government Claims FOIA Is “Improper”

Back in 2011, the Electronic Privacy Information Center sued to enforce a FOIA for documents on FBI’s investigation of WikiLeaks supporters. In response, the government cited an ongoing investigation exemption. But they also cited a statutory exemption, claiming some law prevented them from releasing the records on investigations into WikiLeaks supporters. Unusually, DOJ refused to name the law in question. For that reason, and because my suspicions of how Section 215 gets used suggested it would make a spectacular tool for investigating a group of WikiLeaks supporters, I suggested that the statute was likely Section 215.

Since then, we’ve seen indications of NSA involvement in the investigation into WikiLeaks, though without any details from before EPIC’s FOIA.

And until March 11, that’s where things stood, with the government claiming it couldn’t release records about its investigation into completely innocent supporters of a publishing outlet and the judge (who had been newly assigned to the case in April 2013) doing nothing with the government’s motion for summary judgement.

On March 11, however, Judge Barbara Jacobs Rothstein ordered DOJ and EPIC to submit briefs updating her on the status of the investigation into WikiLeaks and with it the government’s ongoing investigation exemption, but not its claimed statutory exemption.

The Court takes judicial notice that events have transpired during that time that may cause the government’s position to to have changed. Therefore, the Court instructs the government to update its position regarding Plaintiff’s FOIA request, particularly with respect to the government’s invocation of exemption 7(A).

The language of her order suggests two things. First, if Rothstein is asking whether the 7(A) ongoing investigation exemption remains active, it suggests she’s may not accept the government’s statutory exemption 3 to completely withhold these documents. And she doesn’t say what the “events” that “have transpired” are, but it’s probably not any developments in the WikiLeaks investigation, as that’s what she says she doesn’t know. That makes it likely the Snowden leaks and related official disclosures have made the exemption 3, the basis for which she knows about from classified declarations, moot.

That’s all tea leaf reading. And even if I’ve read the tea leaves correctly, it doesn’t mean I’m right about Section 215. After all, back door searches on collection targeted at Julian Assange (who, as a foreign citizen and alleged spy, would be a legal target under Section 702 or even generally) would be a useful investigation into WikiLeaks supporters as well, though there’s abundant reason to believe dragnet queries serve as the basis for back door searches. Still, I think it’s likely that something that has been released and declassified since last April has mooted the government’s secret statutory claims.

The government, having sat on Judge Rothstein’s April 11 deadline from March 11 until Tuesday, is now stalling for time. (h/t JG; links to come shortly) On Tuesday, the lawyer who inherited this case claimed she has another case that prevents her from writing 10 pages on the status of the WikiLeaks investigation. But also that she needs more time to consult with the “defendant agencies.”

In addition, the draft supplemental brief will require review within the Department of Justice and defendant agencies before it may be filed.

EPIC’s not buying it, citing from the judge’s previous orders warning against extensions and stating clearly that business in other matters is not a good excuse. EPIC also described DOJ’s sleazy post-business hours effort to provide notice. and noted this is precisely the kind of thing Judge Rothstein had said would get a motion summarily denied.

Ms. Zeidner Marcus also did not timely notify Plaintiff’s counsel of her plans to file this Motion for Extension of Time. Ms. Zeidner Marcus first contacted Ms. McCall on April 8, 2014, the date that the filing was due, after ordinary business hours. Ms. Zeidner Marcus first emailed Ms. McCall on April 8, 2014 at 5:01 PM and followed up at approximately 5:30 PM that day with a telephone call. This did not give Ms. McCall sufficient time to consider Ms. Zeidner Marcus’ request or to consult with Ms. McCall’s co-counsel ,Mr. Rotenberg, regarding that request. Ms. Zeidner Marcus then filed her Motion for Extension of Time at 11:23 PM on the same day (April 8, 2014).

To which DOJ responded by accusing EPIC of filing an “improper” FOIA.

This case involves plaintiff’s attempts to improperly use the Freedom of Information Act to seek information about ongoing criminal investigations.

Remember, the underlying issue here is that DOJ shouldn’t be investigating innocent supporters of a publishing outlet. But DOJ believes trying to learn how and why they are doing so is an improper FOIA.

Meanwhile, DOJ sources admitted last November that they can’t really charge Assange without charging the NYT as well.

Justice officials said they looked hard at Assange but realized that they have what they described as a “New York Times problem.” If the Justice Department indicted Assange, it would also have to prosecute the New York Times and other news organizations and writers who published classified material, including The Washington Post and Britain’s Guardian newspaper, according to the officials, who spoke on the condition of anonymity to discuss internal deliberations.

Which, I guess, explains the rudeness and urgent need for one more month. Because if the government loses both its ongoing investigation and its statutory exemptions, they might have to explain why they used national security tools against people exercising free speech.

Update: The Judge gave the government half the extension they requested, to April 25.

In light of the fact that the motion was not timely filed and that press of business is not an adequate reason for an extension, the Court will not grant the request for a thirty day extension. Instead, the Court will grant an extension to and including April 25, 2014. Plaintiff’s opposition shall be filed on or before May 12, 2014. The reply shall be file on or before May 19, 2014. In the future, the Court expects the parties to comply with the terms of the Standing Order in this case.

Between Two Ends of the WikiLeaks Investigation: Parallel Constructing the FBI’s Secret Authorities

Two pieces of news on the government’s investigation of WikIleaks came out yesterday.

At the Intercept, Glenn Greenwald reported:

  • In 2010, a “Manhunting Timeline” described efforts to get another country to prosecute what it called the “rogue” website
  • In a targeting scenario dating to July 25, 2011, the US’ Targeting and General Counsel personnel responded to a question about targeting WikiLeaks’ or Pirate Bay’s server by saying they’d have to get back to the questioner
  • In 2012, GCHQ monitored WikiLeaks — including its US readers — to demonstrate the power of its ANTICRISIS GIRL initiative

Screen Shot 2014-02-19 at 9.42.54 AM
Also yesterday, Alexa O’Brien reported (and contextualized with links back to her earlier extensive reporting):

  • The grand jury investigation of WikiLeaks started at least as early as September 23, 2010
  • On January 4, 2011 (21 days after the December 14, 201 administrative subpoena for Twitter records on Appelbaum and others), DOJ requested Jacob Appelbaum’s Gmail records
  • On April 15, 2011, DOJ requested Jacob Appelbaum’s Sonic records

Now, as O’Brien lays out in her post, at various times during the investigation of WikiLeaks, it has been called a Computer Fraud and Abuse investigation, an Espionage investigation, and a terrorism investigation.

Which raises the question why, long after DOJ had deemed the WikiLeaks case a national security case that under either the terrorism or Espionage designation would grant them authority to use tools like National Security Letters, they were still using subpoenas that were getting challenged and noticed to Appelbaum? Why, if they were conducting an investigation that afforded them all the gagged orders they might want, were they issuing subpoenas that ultimately got challenged and exposed?

Before you answer “parallel construction,” lets reconsider something I’ve been mulling since the very first Edward Snowden disclosure: the secret authority DOJ and FBI (and potentially other agencies) used to investigate not just WikiLeaks, but also WikiLeaks’ supporters.

Back in June 2011, EPIC FOIAed DOJ and FBI (but not NSA) for records relating to the government’s investigation of WikiLeaks supporters.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

In their motion for summary judgment last February, DOJ said a lot of interesting things about the records-but-not-lists they might or might not have and generally subsumed the entire request under an ongoing investigation FOIA exemption.

Most interesting, however, is in also claiming that some statute prevented them from turning these records over to EPIC, they refused to identify the statute they might have been using to investigate WikiLeaks’ supporters.

All three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

Invoking a statutory exemption but refusing to identify the statute was, as far as I’ve been able to learn, unprecedented in FOIA litigation.

The case is still languishing at the DC District.

I suggested at the time that the statute in question was likely Section 215; I suspected at the time they refused to identify Section 215 because they didn’t want to reveal what Edward Snowden revealed for them four months later: that the government uses Section 215 for bulk collection.

While they may well have used Section 215 (particularly to collect records, if they did collect them, from Visa, MasterCard, and PayPal — but note FBI, not NSA, would have wielded the Section 215 orders in that case), they couldn’t have used the NSA phone dragnet to identify supporters unless they got the FISC to approve WikiLeaks as an associate of al Qaeda (update: Or got someone at NSA’s OGC to claim there were reasons to believe WikiLeaks was associated with al Qaeda). They could, however, have used Section 215 to create their own little mini WikiLeaks dragnet.

Continue reading

US Isn’t Collecting Only Electronic Data On You — Huge Biometric Database Under Construction, Too

Edward Snowden’s revelations have shed much light on how secret government programs are collecting huge amounts of telephone, email and other electronic data generated by every US citizen even though, as Marcy has shown repeatedly, claims that collecting all of this data have enabled the capture of terrorists turn out to be significantly overblown. Sadly, it’s not just records of our communications that the government is collecting. The FBI is taking the lead in putting together what it calls Next Generation Identification. This program will expand the conventional FBI fingerprint database to include significant amounts of biological, or biometric data. From the FBI’s own description:

The future of identification systems is currently progressing beyond the dependency of a unimodal (e.g., fingerprint) biometric identifier towards multimodal biometrics (i.e., voice, iris, facial, etc.). The NGI Program will advance the integration strategies and indexing of additional biometric data that will provide the framework for a future multimodal system that will facilitate biometric fusion identification techniques. The framework will be expandable, scalable, and flexible to accommodate new technologies and biometric standards, and will be interoperable with existing systems. Once developed and implemented, the NGI initiatives and multimodal functionality will promote a high level of information sharing, support interoperability, and provide a foundation for using multiple biometrics for positive identification.

Wait. See that “etc.” in the “voice, iris, facial, etc”? Given the government’s behavior on electronic data, throwing in an “etc.” on biometric data is pretty unnerving. Impressive work is being done by the Electronic Privacy Information Center to shed light on just what the government is up to with Next Generation Identification. Here is their description of the program:

The Federal Bureau of Investigation is developing a biometric identification database program called “Next Generation Identification” (NGI). When completed, the NGI system will be the largest biometric database in the world. The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database. Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Drivers license photos and other biometric records collected by civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. There are an estimated 30 million surveillance cameras in the United States. The NGI system will be integrated with CCTV cameras operated by public agencies and private entities.

So just as the government has moved far beyond tapping communications only with a warrant to include the communications of innocent civilians, biometric identifiers of innocent civilians will be included in NGI alongside identifiers of known criminals. And what could possibly go wrong with our information being assembled in this way? Here’s how EPIC says the database will be built and maintained: Continue reading

The James Clapper Stall Declaration

On Thursday July 25, the ACLU met the government for a hearing in their suit to stop the Section 215 dragnet (which I’ll call ACLU Injunction for this post). While there, the government handed the judge a filing for ACLU’s Section 215 FOIA, asking for more time (until September 15, or maybe longer) before respond in that case; they sent ACLU a redacted copy by letter the next day.

The filing includes a James Clapper declaration written way back on July 7 meant to apply to four or five cases asking for a two month delay on FOIA or related litgation; as far as is publicly known, however, the declaration had not yet been submitted in any of those cases.

The filing (and its redactions) are interesting for several reasons:

It suggests one ongoing case pertains to Section 215 and/or Section 702 surveillance in a way that is not publicly known.

As I said, this declaration pertains to four or five cases. Three of those are named:

  • EFF v. DOJ (12-1441): EFF’s FOIA suit to get the FISA Court opinion deeming Section 702 to have violated the Fourth Amendment (EFF FISC Opinion FOIA)
  • EFF v. DOJ (4:11-5221): EFF’s FOIA suit to get a limited number of documents pertaining to Section 215 (EFF 215 FOIA)
  • ACLU v. FBI (11-7562): ACLU’s FOIA suit to get a broader range of documents pertaining to Section 215 (ACLU 215 FOIA)

But after referencing those suits, the Clapper declaration redacts over a line describing at least one other case.

Screen shot 2013-07-28 at 10.16.40 AM

 

The letter accompanying this declaration includes a footnote explaining,

Some redactions in the declaration include information that, in isolation, may be unclassified but, in the context of the discussion in the declaration, could tend to reveal information that is still classified in other settings.

Given the other redactions — which largely refer to still unacknowledged or undisclosed aspects of the Section 215 and Section 702 surveillance, along with one probable reference to CIA — the name of these case(s) are probably one of those redactions that would be unclassified in other circumstances.

That suggests that it may be the relevance to this issue — the role of Section 215 or Section 702 — that makes the reference to the case classified.

My first guess about what case(s) might be included in that redaction is EPIC’s FOIA suit for materials pertaining to the investigation of supporters of WikiLeaks. As I have described, the government not only withheld everything under an “ongoing investigation” exemption, it also invoked “protected by statute.” But it didn’t say what statute prohibited it from releasing the materials, an unheard of FOIA practice. That suit is awaiting the judges decision on motions to dismiss.

Continue reading

An EPIC Effort to Combat the Dragnet

The Electronic Privacy Information Center has filed a writ of mandamus to SCOTUS to overturn the Section 215 order turning over all of Verizon’s call records to the NSA.

Let me be clear: this is a moon shot. I’m doubtful it’ll work. A really helpful post at SCOTUSblog on the effort emphasizes how unusual this is.

EPIC’s move is the boldest of a number of legal challenges to NSA that have been filed around the country by privacy defenders in the wake of Snowden’s public disclosure of some of the details of NSA surveillance.  EPIC filed under a Supreme Court rule that permits “extraordinary” filings directly in the Supreme Court, without first making a trip through a lower court, when “exceptional circumstances warrant the exercise of the Court’s discretionary powers” and an adequate remedy cannot be obtained “from any other court.”  The history of such Rule 20 requests shows that few are granted.  The Court’s own rules say that the power to grant such pleas is “sparingly exercised.”

All that said, IMO the filing is very well crafted, and worth reading with attention.

Name check the key Justices

I first got sucked in by the way the introduction invokes two recent cases on these issues.

The records acquired by the NSA under this Order detail the daily activities, interactions, personal and business relationships, religious and political affiliations, and other intimate details of millions of Americans. “Awareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.” United States v. Jones, 132 S. Ct. 945, 956 (2012) (Sotomayor, J., concurring). As Justice Breyer has recently noted, “the Government has the capacity to conduct electronic surveillance of the kind at issue.” Clapper v. Amnesty Int’l, USA, 133 S.Ct. 1138, 1158- 59 (2013) (citing, inter alia, Priest & Arkin, A Hidden World, Growing Beyond Control, Wash. Post, July 19, 2010, at A1 (reporting that the NSA collects 1.7 billion e-mails, telephone calls and other types of communications daily)). And because the NSA sweeps up judicial and Congressional communications, it inappropriately arrogates exceptional power to the Executive Branch.

Sotomayor is the one Justice who “gets” the implications of this dragnet; her opinion in Jones summarized where an ideal SCOTUS would be on these issues. If this is going to work Sotomayor is going to need to hold the hands of the other Justices and walk them through this risk. And Breyer is a key swing, a vote likely to support law and order without a good argument to the contrary.

And notice the way EPIC slipped in the separation of powers argument right there?

The motion also name checks two more crucial Justices, Republicans who have supported civil liberties issues on key cases in the past. Most importantly, it invokes Scalia’s recent warning against a panopticon in Maryland v. King (the DNA case).

Even admirable ends do not justify the creation of a panopticon. See Maryland v. King, 569 U.S. __, 133 S.Ct. 1958, 1989 (2013) (Scalia, J., dissenting) (“Solving unsolved crimes is a noble objective, but it occupies a lower place in the American pantheon of noble objectives than the protection of our people from suspicionless lawenforcement searches.”).

Continue reading

How David Addington Hid the Document Implicating George Bush in Illegal Wiretapping

On December 16 and December 20, 2005, respectively — just days after the NYT revealed its existence — EPIC and ACLU FOIAed DOJ for documents relating to George Bush’s (really, Dick Cheney’s) illegal wiretap program (National Security Archive also FOIAed, though more narrowly). Among other documents, they requested, “any presidential order(s) authorizing the NSA to engage in warrantless electronic surveillance.” Yet in spite of the fact that the ACLU was eventually able to get DOJ to cough up some of the OLC memos that provided a legal rationale for the program, no presidential order was ever turned over. I don’t believe (though could be mistaken) it was even disclosed in declarations submitted by Steven Bradbury in the suit.

There’s a very good (and, sadly, legal) reason for that. According to the 2009 NSC draft IG report the Guardian released yesterday, it’s not clear DOJ ever had the Authorization. The White House is exempt from FOIA, and it’s likely that NSA could have withheld the contents of the Director’s safe from any FOIA, which is where the hard copy of the Authorization was kept.

It’s worth looking more closely at how David Addington guarded the Authorization, because it provides a lesson in how a President can evade all accountability for unleashing vast powers against Americans, and how the National Security establishment will willingly participate in such a scheme without ensuring what they’re doing is really legal.

The IG report describes the initial Authorization this way:

On 4 October 2001, President George W. Bush issued a memorandum entitled “AUTHORIZATION FOR SPECIFIED ELECTRONIC ACTIVITIES DURING A LIMITED PERIOD TO DETECT AND PREVENT ACTS OF TERRORISM WITHIN THE UNITED STATES.” The memorandum was based on the President’s determination that after the 11 September 2001 terrorist attacks in the United States, an extraordinary emergency existed for national defense purposes.

[snip]

The authorization specified that the NSA could acquire the content and associated metadata of telephony and Internet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one communicant was engaged in or preparing for acts of international terrorism. In addition, NSA was authorized to acquire telephone and Internet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority.

And while the NSA IG report doesn’t say it, the Joint IG Report on the program (into which this NSA report was integrated) reveals these details:

Each of the Presidential Authorizations included a finding to the effect that an extraordinary emergency continued to exist, and that the circumstances “constitute an urgent and compelling governmental interest” justifying the activities being authorized without a court order.

Each Presidential authorization also included a requirement to maintain the secrecy of the activities carried out under the program.

David Addington’s illegal program

While the Joint report obscures all these details, the NSA IG report makes clear that Dick Cheney and David Addington were the braintrust behind the program.

The Counsel to the Vice President used [a description of SIGINT collection gaps provided by Michael Hayden] to draft the Presidential authorization that established the PSP.

Neither President Bush nor White House Counsel Alberto Gonzales wrote this Authorization. David Addington did. Continue reading

Has OLC Written Memos Authorizing Illegal Wiretapping Again?

Yesterday, CNet reported that, as part of an expanding cybersecurity effort, DOJ has immunized telecoms for violating wiretap laws.

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors’ Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

“The Justice Department is helping private companies evade federal wiretap laws,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. “Alarm bells should be going off.”

Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as “2511 letters,” a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books.

One of Obama’s first acts as leader of the Democratic party was to cave on immunity for telecoms that accepted Attorney General notes in lieu of warrants under Dick Cheney’s illegal wiretap program.

Those notes may be very similar to what they’re getting in this case, which may explain why the telecoms are squeamish about relying on AG notes again.

In CNet’s article, Paul Rosenzweig (also a Lawfare contributor) likens these notes to the torture memos.

Paul Rosenzweig, a former Homeland Security official and founder of Red Branch Consulting, compared the NSA and DOD asking the Justice Department for 2511 letters to the CIA asking the Justice Department for the so-called torture memos a decade ago. (They were written by Justice Department official John Yoo, who reached the controversial conclusion that waterboarding was not torture.)

“If you think of it poorly, it’s a CYA function,” Rosenzweig says. “If you think well of it, it’s an effort to secure advance authorization for an action that may not be clearly legal.”

But remember, before DOJ wrote those notes for Cheney’s program, they got John Yoo to write a series of OLC memos authorizing the practice.

Which reminded me of the January 8, 2010 memo OLC wrote to authorize telecoms to “voluntarily” hand over records on international calls with no legal process. The memo reinterpreted a different part of 18 USC 2511 than this one, one limited to foreign communications.

(f) Nothing contained in this chapter or chapter 121 or 206 of this title, or section 705 of the Communications Act of 1934, shall be deemed to affect the acquisition by the United States Government of foreign intelligence information from international or foreign communications, or foreign intelligence activities conducted in accordance with otherwise applicable Federal law involving a foreign electronic communications system, utilizing a means other than electronic surveillance as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, and procedures in this chapter or chapter 121 and the Foreign Intelligence Surveillance Act of 1978 shall be the exclusive means by which electronic surveillance, as defined in section 101 of such Act, and the interception of domestic wire, oral, and electronic communications may be conducted.

But it still authorized a very novel reading of the statute.

And yet here DOJ is, making an even more novel reading either of statute or prosecutorial function.

Did OLC authorize this reading too?

DOJ: We Can’t Tell Which Secret Application of Section 215 Prevents Us From Telling You How You’re Surveilled

As Mike Scarcella reported yesterday, the government has moved for summary judgment in an Electronic Privacy Information Center FOIA suit for details on the government’s investigation into WikiLeaks. EPIC first FOIAed these materials in June 2011. After receiving nothing, they sued last January.

The government’s motion and associated declarations would be worth close analysis in any case. All the more so, though, in light of the possibility that the government conducted a fishing expedition into WikiLeaks as part of its Aaron Swartz investigation, almost certainly using PATRIOT Act investigative techniques. The government’s documents strongly suggest they’re collecting intelligence on Americans, all justified and hidden by their never ending quest to find some excuse to throw Julian Assange in jail.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

At a general level, the government has exempted what files it has under a 7(A) (ongoing investigation) exemption, while also invoking 1 (classified information), 3 (protected by statute), 5 (privileged document), 6 (privacy), 7(C) (investigative privacy), 7(D) (confidential source, which can include private companies like Visa and Google), 7(E) (investigative techniques), and 7(F) (endanger life or property of someone) exemptions.

No one will say what secret law they’re using to surveil Americans

But I’m most interested in how all three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

By investigating a publisher as a spy, DOJ gets access to PATRIOT Act powers, including Section 215

There’s a very very large chance that the statute in question is Section 215 of the PATRIOT Act (or some other national security administrative subpoena). After all, the FOIA asked whether DOJ had collected business records on WikiLeaks supporters, so it is not unreasonable to assume that DOJ used the business records provision to do so.

Moreover, the submissions make it very clear that the investigation would have the national security nexus to do so. While the motion itself just cites a Hillary Clinton comment to justify its invocation of national security, both the FBI and the NSD declarations make it clear this is being conducted as an Espionage investigation by DOJ counterintelligence people, which — as I’ve been repeating for over two years – gets you the full PATRIOT Act toolbox of investigative approaches.

Media outlets take note: The government is, in fact, investigating a publisher as a spy. You could be next.

Continue reading

TSA’s Legal Justification for Gate Grope

The Electronic Privacy Information Center has been suing the Department of Homeland Security because it refused to engage in the public rule-making process before it adopted RapeAScan machines as part of the primary screening at airports. DHS responded to EPIC’s suit the other day. While I think their response will be largely successful as written, they’re playing games with the timing of EPIC’s suit so as to avoid doing any discussion or even administrative privacy assessment of giving passengers a choice between being photographed nude or having their genitalia fondled.

The key to this is that EPIC first requested a request for review of whether DHS should have engaged in rule-making on May 28, 2010, before TSA changed pat-down procedures. It then submitted its brief on November 1, 2010, after the enhanced pat-downs were being rolled out. But the issue still focuses on the machines and not the machines in tandem with the invasive pat-downs. So a central part of DHS’ argument is that passengers are given an alternative to the RapeAScan machines: pat-downs. But its filing never deals with the possibility that pat-downs are more invasive than even the RapeAScan machines.

TSA communicates and provides a meaningful alternative to AIT screening. TSA posts signs at security checkpoints clearly stating that AIT screening is optional, and TSA includes the same information on its website. AR 071.003. Those travelers who opt out of AIT screening must undergo an equal level of screening, consisting of a physical pat-down to check for metallic and nonmetallic weapons or devices. Ibid.

A physical pat-down is currently the only effective alternative method for screening individuals for both metallic and nonmetallic objects that might be concealed under layers of clothing. The physical pat-down given to passengers who opt out of AIT screening is the same as the pat-down given to passengers who trigger an alarm on a walk-through metal detector or register an anomaly during AIT screening. Passengers may request that physical pat-downs be conducted by same gender officers. AR 132.001. Additionally, all passengers have the right to request a private screening. Ibid. More than 98% of passengers selected for AIT screening proceed with it rather than opting out. AR 071.003.

And by focusing on this alternative with no real discussion of what it currently entails, DHS dodges the question of whether the two screening techniques together–RapeAScans and enhanced pat-downs–violate passengers’ privacy. Note, for example, how the filing boasts of two Privacy Impact Assessments TSA’s privacy officer did (plus an update just as EPIC was last complaining about this technology).

Pursuant to 6 U.S.C. § 142, DHS conducted Privacy Impact Assessments (“PIAs”) dated January 2, 2008, and October 17, 2008, to ensure that the use of AIT does not erode privacy protections. AR 011.001-.009, 025.001-.010. The second PIA was updated on July 23, 2009 and lays out several privacy safeguards tied to TSA’s use of AIT. AR 043.001-010.

Now, as a threshold matter, there’s something odd about DHS citing 6 U.S.C. § 142 here. Its requirement for PIAs reads:

The Secretary shall appoint a senior official in the Department to assume primary responsibility for privacy policy, including – (1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information; (2) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974 [5 U.S.C. 552a]; (3) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government; (4) conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and (5) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974 [5 U.S.C. 552a], internal controls, and other matters. [my emphasis]

See how it says the department has to do PIAs “of proposed rules”? That suggests the Privacy Officer treated the plan to use RapeAScans as a rule and did a PIA accordingly. But this entire filing–which explains why DHS refused to accede to EPIC’s request to conduct public rule-making on the use of RapeAScans–argues that the implementation of the machines did not constitute a rule. But they did a PIA as if it was a rule!

But there’s another thing this filing doesn’t say about PIAs: that Congress demanded TSA publish a PIA on the enhanced pat-downs.

In the absence of an Executive branch level Privacy and Civil Liberties Oversight Board that would evaluate decisions such as this, it was crucial that the Department of Homeland Security’s Privacy Officer and Office for Civil Rights and Civil Liberties thoroughly evaluate and publish written assessments on how this decision affects the privacy and civil rights of the traveling public. To date, the Department has not published either a Privacy Impact Assessment (PIA) nor a Civil Liberties Impact Assessment (CLIA) on the enhanced pat down procedures. Without a published PIA or CLIA, we cannot ascertain the extent to which TSA has considered how these procedures should be implemented with respect to certain populations such as children, people with disabilities, and the elderly. By not issuing these assessments, the traveling public has no assurance that these procedures have been thoroughly evaluated for constitutionality.

So while DHS boasts that it did PIAs on the RapeAScans before it rolled them out, it still does not appear to have done a PIA on the groping that serves as DHS’ much touted alternative to RapeAScans, much less a PIA on the two techniques offered together.

Now, DHS is using procedural complaints to object to EPIC’s inclusion of Nadhira Al-Khalili on the complaint, a lawyer with ties to the Muslim community. But their response to EPIC’s freedom of religion complaint seems to suggest they recognize they are vulnerable: suggesting that if a Muslim (or anyone else with documented reason to be opposed to having nude pictures taken and/or their genitalia groped by strangers) were to sue, the procedures would not hold up.

But for now, DHS is treating the RapeAScans separately from the groping so as to be able to argue that in conjunction with the “choice” of being groped, the RapeAScans present no big privacy problem.

What Did BushCo Hide By Not Revealing Surveillance Activities?

Via Threat Level, I see the EPIC has written a letter to Pat Leahy complaining about the Bush Administration’s failure to comply with requirements that it release details on the number of "pen register" and "trap and trace" orders.

As a reminder, "pen registers" are when the government collects the metadata from your telecom contacts–the phone numbers you call and the length of calls, as well as whom you email–to figure out who you’re talking to. And "trap and trace" orders are when the government figures out who is calling (or emailing) you. In addition, the EPIC letter explains that law enforcement has recently been using "hybrid" orders to pinpoint cell phone (and therefore, your) location.

Law enforcement agents use "hybrid" orders for cellular location information. Hybrid orders seek to determine a suspect’s past and future location based on non-content data transmitted by the suspect’s cellular phone. The government has engaged in this type of surveillance by invoking a combination of authorities under the Pen Register Act and the Stored Communications Act.

For pen registers and trap and trace, the government doesn’t have to get a warrant (the hybrid stuff is still up in the air). Instead, since 1986, DOJ has been required to report how much of this stuff is going on.

But, as EPIC explains, DOJ didn’t release the report publicly for the years 1999 through 2003, and only gave incomplete information to Congress at all in November 2004. And DOJ  appears not to have released reports at all since 2004.

You probably see where I’m going with this. 

We know, of course, that Bush’s illegal wiretap program involved some kind of data mining aspect.  It appears that they were doing pattern analysis based on things like length and recipient of call–precisely the kind of thing you get from pen registers–to determine whom to further wiretap.

Yet we have only incomplete information from the first three years of Bush’s illegal wiretap program. EPIC explains that DOJ did not include the suspected offenses that law enforcement officers were trying to investigatre, nor did it list which officers were doing the investigations.

And then we have nothing–no data–for the years after Jim Comey and Jack Goldsmith supposedly put the illegal wiretap program back on legal footing (and remember–the data mining aspect of the program was reportedly one of the things that Comey et al went crazy over). 

Continue reading

Emptywheel Twitterverse
JimWhiteGNV RT @SIGARHQ: Quarterly Report to Congress: Opium Production Poses Threat to Afghan Reconstruction http://t.co/DOba8lCL8l
23mreplyretweetfavorite
bmaz @thedailybeast @DrJenGunter That tweet is a lie. No enforceable court ordered quarantine yet. There may be, but not yet. #FearOverFacts
24mreplyretweetfavorite
emptywheel RT @glynco: Abdel Hakim Belhaj wins right to day in court over his kidnap rendition and #torture by MI6 and CIA #RDI program http://t.co/9E
27mreplyretweetfavorite
emptywheel @Krhawkins5 I blame my Irish in-laws when Irish in O's White House, CIA fuck-up (cause otherwise they'd get diasporic joy) @joshgerstein
46mreplyretweetfavorite
emptywheel @Krhawkins5 This is White House where drone czar can be likened to a Jesuit. Here, nodding to SSCI on torture is also holy @joshgerstein
47mreplyretweetfavorite
bmaz @maassive Actually, AZ's FOI law is relatively broad and good. However, there is no set time+a few agencies like @marcoattorney abuse that.
1hreplyretweetfavorite
bmaz RT @SLeasca: Looks like @AP is selling its tweets again... https://t.co/yaOGFeSVJ0
8hreplyretweetfavorite
JimWhiteGNV US Military Suddenly Decides to Classify Its Analysis of Afghan Troop Capability https://t.co/4uj7S7N870
8hreplyretweetfavorite
JimWhiteGNV RT @GatorZoneBB: What an ending to the baseball season! Now 107 days until the #Gators kick off 2015 at McKethan Stadium...#ItsGreatUF
9hreplyretweetfavorite
JimWhiteGNV He was the best ever in WS! No question. RT @armandodkos: Alright I'm starting to get pissed on behalf of Bob Gibson.
9hreplyretweetfavorite
JimWhiteGNV RT @armandodkos: Bumgarner was awesome but the greatest World Series pitching performance was Bob Gibson 1967. 3 CG wins ERA of 1.
9hreplyretweetfavorite
bmaz RT @JeffreyToobin: RT @PaulBegala: Between innings, Madison Baumgarner is developing a vaccine for Ebola. #WorldSeriesGame7
9hreplyretweetfavorite
October 2014
S M T W T F S
« Sep    
 1234
567891011
12131415161718
19202122232425
262728293031