Posts

FBI Is Not “Surveilling” WikiLeaks Supporters in Its Never-Ending Investigation; Is It “Collecting” on Them?

/8 Comments/in , , , , /by

The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)

In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.

2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.

I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.

In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.

First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.

Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.

I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.

Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.

All  of which brings me to the remaining interesting subtext of this ruling.

Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.

While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)

Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).

In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.

Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.

Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.

[snip]

In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.

I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.

The FBI PRTT Documents: Combined Orders

/5 Comments/in /by

As I noted the other day, I’m working through documents submitted in EPIC’s FOIA for PRTT documents (see all of EPIC’s documents on this case here).

In addition to the documents released (the reports to Congress, the extensive reporting on the Internet dragnet), the government submitted descriptions of what appear to be two (possibly three) sets of documents withheld: documents pertaining to orders combining a PRTT and Section 215 order, and documents pertaining to a secret technique, which we’ll call the Paragraph 31 technique. In this post I’ll examine the “combined order” documents.

The Vaughn Index for this FOIA made it clear that a number of the documents Withheld in Full (WIF) pertained to orders combing the Pen Register and Section 215 (Business Record) authorities, as does this list from David Hardy’s second declaration.

Screen Shot 2014-11-30 at 11.46.30 AM

Footnotes 3, 4, and 5 all note that these documents have already been successfully withheld in the EFF’s FOIA for Section 215 documents, and by comparing the page numbers in that Vaughn Index in that case, we can guess with some confidence that these orders are the following documents and dates:

  • Document 16 is EFF 89D, dated  2/17/2006, 17 pages
  • Document 17 is EFF 89K,  dated 2/24/2006, 8 pages

As I’ll show, this correlates with what we can glean from the DOJ IG Reports on Section 215.

I’m less certain about Document 12. Both the EFF and ACLU Vaughn Indices show a 10/31/06 document (it is 82C in the EFF Vaughn) that is the correct length, 4 pages, that is linked with another 10/31/06 document (see 82B and 84, for example). For a variety of reasons, however, I think we can’t rule out Document 89S which appears only in the EFF FOIA (but not the ACLU FOIA), which is dated December 16, 2005 (intriguingly, the day after NYT exposed Stellar Wind), in which case the withheld portion might be the relevant 4 pages of a longer 16 page order.

Read more

The Congressional PRTT Reports

/2 Comments/in , /by

Screen Shot 2014-11-28 at 11.29.07 AM

In addition to liberating the document dump pertaining to the Internet dragnet program. (See my working threads: onetwothreefourfive.), EPIC has been fighting several other parts of the FOIA for the PRTT documentation to Congress. I’m going to have three more posts on these materials. This post will comment on the reports to Congress, all of which (except the December 2006 one, which I’ll ask them to fix) are available here.

Here’s a summary of the changes from report to report.

  • April 2001 (covering July 2000 to December 2000): US persons described in sketches provided at request of SSCI, some applications filed in 1999, numbers not broken out by USP,  CIA not included, PRTT explicitly only FBI
  • December 2001 (covering first half 2001): signed by Jay Bybee as Acting, US persons described in sketches provided at request of SSCI,  PRTT explicitly only FBI
  • April 2002 (covering second half 2001): signed by Larry Thompson as Acting, 7 applications filed after PATRIOT, includes descriptions of the investigations as well as of USPs,  CIA not included, PRTT explicitly only FBI
  • December 2002 (covering first half 2002): signed by Ted Olson as Acting,  CIA not included, PRTT explicitly only FBI
  • September 2003 (covering second half of 2002): stop providing sketch of each American targeted; signed by John Ashcroft,  CIA not included, PRTT explicitly only FBI
  • December 2003 (covering first half of 2003): signed by John Ashcroft. mostly-redacted delayed PRTT approval for one target, CIA not included, PRTT explicitly only FBI
  • September 2004 (covering second half 2003): transmittal letters not included, not mentioned, CIA not included, PRTT explicitly only FBI
  • December 2004 (covering first half 2004): transmittal letters signed by AAG, first modifications, CIA not included, PRTT explicitly FBI and NSA
  • June 2005 (covering second half 2004): transmittal letters not included, not mentioned, modifications, the following report says that this report described combined orders, but that part is redacted (there is one footnote with a 7E exemption), CIA not included, PRTT not explicitly FBI and NSA
  • December 2005 (covering first half 2005): transmittal by AAG, definition of aggregate to include corporation etc, “at least” aggregate number, combined orders, modifications, CIA not included, PRTT not explicitly FBI and NSA
  • July 2006 (covering second half 2005) transmittal by AAG, definition of aggregate, delay from flood, “at least” aggregate number, more explicit description of combined with anticipation of end per PATRIOT, language on “scope of FISC jurisdiction,” modifications, CIA not included, PRTT not explicitly FBI and NSA
  • December 2006 (covering first half 2006): transmittal by Acting AAG, definition of aggregate, “at least” aggregate number, more explicit break out of combined, modifications, CIA not included, PRTT not explicitly FBI and NSA
  • June 2007 (covering second half 2006): transmittal letters not included, language on modifications and explanation for rise in number, reorganization of OIPR, footnote on some people listed (probably under trad FISA) may be targets of PRTT, no USP numbers broken out, include all 3 agencies with NSA and FBI PRTT numbers combined, modifications
  • December 2007 (covering first half 2007): transmittal letters not included, “at least” number, modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2008 (covering second half 2007): transmittal letters not included, “at least” number, modifications, include all three agencies, with FBI and NSA combined for PRTT
  • December 2008 (covering first half 2008): transmittal letters not included, “at least” number, last modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2009 (covering second half 2008): transmittal letters not included, no more “at least” number, no modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • December 2009 (covering first half 2009): transmittal letters not included, supplemental order, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2010 (covering second half 2009): transmittal letters not included, adjust targeted number for previous period (perhaps without explanation), include all 3 agencies with FBI and NSA combined for PRTT
  • December 2010 (covering first half 2010): transmittal letters not included, note one not considered util following period, break out FBI application, no NSA application to FISC
  • June 2011 (covering second half 2010): transmittal letters not included, introduction of “named US persons” category, one NSA denied in part (probably July Bates opinion), one approved, mention of compliances meetings with telecoms
  • December 2011 (covering first half 2011): transmittal letters not included, redaction of number and “named” in US persons targeted in narrative section, 4 approved outside reporting period, 3 NSA PRTT approved
  •  June 2012 (covering second half 2011): transmittal letters not included, redaction of number and “named” in US persons targeted in narrative section, and numerical breakout, 4 earlier FBI applications approved, 1 NSA PRTT approved (somewhere something in 2011 must have been withdrawn, given the approved numbers)
  • December 2012 (covering first half 2012): transmittal letters not included, number and “named” unredacted (including for previous period), no NSA application submitted
  • June 2013 (covering second half 2012 and submitted after first Snowden leaks): transmittal letters not included, number and “named” unredacted, no NSA application submitted

Here’s an explanation of what I make of these details:

How you count US persons

Throughout this reporting requirement, DOJ has been obligated to include the number of US persons targeted. How it has done so has varied by period. Here’s how it breaks out by reporting period (I’m doing it this way so we can match it up to known techniques).

July 2000 through December 2001: US person subjects of investigation described by sketch but not broken out by number

January 2002 through June 2002: US person targets identified by number and sketch

July 2002 through December 2004: US person targets identified by number “who were targeted”; sketches replaced by general language about First Amendment review

January 2005 through June 2006: Orders include a definition of aggregate that includes corporations and other non-individual legal persons, these orders provided an “at least” aggregate number (with a footnote explaining why that is redacted). This method covers most of the reports during the “combined” period. Update: The DOJ IG Report on Section 215 use in 2006 may explain some of this: for 215 orders in this period, FBI did not count the requested records of non-subjects, which would likely apply to combined orders.

July 2006 through December 2006: This report includes no discernible US person breakout.

January 2007 through June 2008: These reports used an “at least” number to count US persons.

July 2008 through June 2010:This period included exact numbers for USP targets, and also no longer includes modifications (which often are minimization procedures).

July 2010 through December 2012: This period uses “named US persons” as a reporting category, and to the extent it’s relevant, breaks out the NSA orders.

Note, some of the differential reporting (such as the “aggregate” language for the period before Congress got briefed on the bulk PRTT) to be get around informing Congress of certain collections. Some–such as the apparently still-current “named USP” suggests there’s a lot of incidental collection the government doesn’t count (which would be likely in the use of stingrays, though the prior use of target could be done there too).

The Agencies

Note the variation in agencies named, with PRTT being listed as FBI only, then being listed as NSA and FBI, then all government, then both again, and finally, broken out by agency. This likely stems most significantly from efforts to hide that they were using PRTT for the dragnet, then incorporation of NSA into the FBI dragnet numbers.

The NSA numbers first get broken out for the December 2010 report, with a statement there were no NSA applications in the first half of 2010. That accords with the understanding that the Internet dragnet got shut down around October 30, 2009, then Bates approved it again in July 2010 (which would be the partial declination marked).

Who signs the transmittals

I was interested that John Ashcroft didn’t a bunch of reports during a period when DOJ provided narratives of the Americans targeted. Also, for the first few periods of Stellar Wind, the signee was not read into Stellar Wind. I’ve increasingly noticed AGs having someone else sign something as a workaround, and that may have been true here, too (remember that the government was obtaining Internet metadata even before Stellar Wind).

But then, to the extent we still got transmittal letters (they stopped entirely in June 2007), they were signed by the Congressional Liaison.

Judge in WikiLeaks FOIA Cites “Events that Have Transpired,” Government Claims FOIA Is “Improper”

/2 Comments/in , /by

Back in 2011, the Electronic Privacy Information Center sued to enforce a FOIA for documents on FBI’s investigation of WikiLeaks supporters. In response, the government cited an ongoing investigation exemption. But they also cited a statutory exemption, claiming some law prevented them from releasing the records on investigations into WikiLeaks supporters. Unusually, DOJ refused to name the law in question. For that reason, and because my suspicions of how Section 215 gets used suggested it would make a spectacular tool for investigating a group of WikiLeaks supporters, I suggested that the statute was likely Section 215.

Since then, we’ve seen indications of NSA involvement in the investigation into WikiLeaks, though without any details from before EPIC’s FOIA.

And until March 11, that’s where things stood, with the government claiming it couldn’t release records about its investigation into completely innocent supporters of a publishing outlet and the judge (who had been newly assigned to the case in April 2013) doing nothing with the government’s motion for summary judgement.

On March 11, however, Judge Barbara Jacobs Rothstein ordered DOJ and EPIC to submit briefs updating her on the status of the investigation into WikiLeaks and with it the government’s ongoing investigation exemption, but not its claimed statutory exemption.

The Court takes judicial notice that events have transpired during that time that may cause the government’s position to to have changed. Therefore, the Court instructs the government to update its position regarding Plaintiff’s FOIA request, particularly with respect to the government’s invocation of exemption 7(A).

The language of her order suggests two things. First, if Rothstein is asking whether the 7(A) ongoing investigation exemption remains active, it suggests she’s may not accept the government’s statutory exemption 3 to completely withhold these documents. And she doesn’t say what the “events” that “have transpired” are, but it’s probably not any developments in the WikiLeaks investigation, as that’s what she says she doesn’t know. That makes it likely the Snowden leaks and related official disclosures have made the exemption 3, the basis for which she knows about from classified declarations, moot.

That’s all tea leaf reading. And even if I’ve read the tea leaves correctly, it doesn’t mean I’m right about Section 215. After all, back door searches on collection targeted at Julian Assange (who, as a foreign citizen and alleged spy, would be a legal target under Section 702 or even generally) would be a useful investigation into WikiLeaks supporters as well, though there’s abundant reason to believe dragnet queries serve as the basis for back door searches. Still, I think it’s likely that something that has been released and declassified since last April has mooted the government’s secret statutory claims.

The government, having sat on Judge Rothstein’s April 11 deadline from March 11 until Tuesday, is now stalling for time. (h/t JG; links to come shortly) On Tuesday, the lawyer who inherited this case claimed she has another case that prevents her from writing 10 pages on the status of the WikiLeaks investigation. But also that she needs more time to consult with the “defendant agencies.”

In addition, the draft supplemental brief will require review within the Department of Justice and defendant agencies before it may be filed.

EPIC’s not buying it, citing from the judge’s previous orders warning against extensions and stating clearly that business in other matters is not a good excuse. EPIC also described DOJ’s sleazy post-business hours effort to provide notice. and noted this is precisely the kind of thing Judge Rothstein had said would get a motion summarily denied.

Ms. Zeidner Marcus also did not timely notify Plaintiff’s counsel of her plans to file this Motion for Extension of Time. Ms. Zeidner Marcus first contacted Ms. McCall on April 8, 2014, the date that the filing was due, after ordinary business hours. Ms. Zeidner Marcus first emailed Ms. McCall on April 8, 2014 at 5:01 PM and followed up at approximately 5:30 PM that day with a telephone call. This did not give Ms. McCall sufficient time to consider Ms. Zeidner Marcus’ request or to consult with Ms. McCall’s co-counsel ,Mr. Rotenberg, regarding that request. Ms. Zeidner Marcus then filed her Motion for Extension of Time at 11:23 PM on the same day (April 8, 2014).

To which DOJ responded by accusing EPIC of filing an “improper” FOIA.

This case involves plaintiff’s attempts to improperly use the Freedom of Information Act to seek information about ongoing criminal investigations.

Remember, the underlying issue here is that DOJ shouldn’t be investigating innocent supporters of a publishing outlet. But DOJ believes trying to learn how and why they are doing so is an improper FOIA.

Meanwhile, DOJ sources admitted last November that they can’t really charge Assange without charging the NYT as well.

Justice officials said they looked hard at Assange but realized that they have what they described as a “New York Times problem.” If the Justice Department indicted Assange, it would also have to prosecute the New York Times and other news organizations and writers who published classified material, including The Washington Post and Britain’s Guardian newspaper, according to the officials, who spoke on the condition of anonymity to discuss internal deliberations.

Which, I guess, explains the rudeness and urgent need for one more month. Because if the government loses both its ongoing investigation and its statutory exemptions, they might have to explain why they used national security tools against people exercising free speech.

Update: The Judge gave the government half the extension they requested, to April 25.

In light of the fact that the motion was not timely filed and that press of business is not an adequate reason for an extension, the Court will not grant the request for a thirty day extension. Instead, the Court will grant an extension to and including April 25, 2014. Plaintiff’s opposition shall be filed on or before May 12, 2014. The reply shall be file on or before May 19, 2014. In the future, the Court expects the parties to comply with the terms of the Standing Order in this case.

Between Two Ends of the WikiLeaks Investigation: Parallel Constructing the FBI’s Secret Authorities

/19 Comments/in , , /by

Two pieces of news on the government’s investigation of WikIleaks came out yesterday.

At the Intercept, Glenn Greenwald reported:

  • In 2010, a “Manhunting Timeline” described efforts to get another country to prosecute what it called the “rogue” website
  • In a targeting scenario dating to July 25, 2011, the US’ Targeting and General Counsel personnel responded to a question about targeting WikiLeaks’ or Pirate Bay’s server by saying they’d have to get back to the questioner
  • In 2012, GCHQ monitored WikiLeaks — including its US readers — to demonstrate the power of its ANTICRISIS GIRL initiative

Screen Shot 2014-02-19 at 9.42.54 AM
Also yesterday, Alexa O’Brien reported (and contextualized with links back to her earlier extensive reporting):

  • The grand jury investigation of WikiLeaks started at least as early as September 23, 2010
  • On January 4, 2011 (21 days after the December 14, 201 administrative subpoena for Twitter records on Appelbaum and others), DOJ requested Jacob Appelbaum’s Gmail records
  • On April 15, 2011, DOJ requested Jacob Appelbaum’s Sonic records

Now, as O’Brien lays out in her post, at various times during the investigation of WikiLeaks, it has been called a Computer Fraud and Abuse investigation, an Espionage investigation, and a terrorism investigation.

Which raises the question why, long after DOJ had deemed the WikiLeaks case a national security case that under either the terrorism or Espionage designation would grant them authority to use tools like National Security Letters, they were still using subpoenas that were getting challenged and noticed to Appelbaum? Why, if they were conducting an investigation that afforded them all the gagged orders they might want, were they issuing subpoenas that ultimately got challenged and exposed?

Before you answer “parallel construction,” lets reconsider something I’ve been mulling since the very first Edward Snowden disclosure: the secret authority DOJ and FBI (and potentially other agencies) used to investigate not just WikiLeaks, but also WikiLeaks’ supporters.

Back in June 2011, EPIC FOIAed DOJ and FBI (but not NSA) for records relating to the government’s investigation of WikiLeaks supporters.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

In their motion for summary judgment last February, DOJ said a lot of interesting things about the records-but-not-lists they might or might not have and generally subsumed the entire request under an ongoing investigation FOIA exemption.

Most interesting, however, is in also claiming that some statute prevented them from turning these records over to EPIC, they refused to identify the statute they might have been using to investigate WikiLeaks’ supporters.

All three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

Invoking a statutory exemption but refusing to identify the statute was, as far as I’ve been able to learn, unprecedented in FOIA litigation.

The case is still languishing at the DC District.

I suggested at the time that the statute in question was likely Section 215; I suspected at the time they refused to identify Section 215 because they didn’t want to reveal what Edward Snowden revealed for them four months later: that the government uses Section 215 for bulk collection.

While they may well have used Section 215 (particularly to collect records, if they did collect them, from Visa, MasterCard, and PayPal — but note FBI, not NSA, would have wielded the Section 215 orders in that case), they couldn’t have used the NSA phone dragnet to identify supporters unless they got the FISC to approve WikiLeaks as an associate of al Qaeda (update: Or got someone at NSA’s OGC to claim there were reasons to believe WikiLeaks was associated with al Qaeda). They could, however, have used Section 215 to create their own little mini WikiLeaks dragnet.

Read more

US Isn’t Collecting Only Electronic Data On You — Huge Biometric Database Under Construction, Too

/9 Comments/in , /by

Edward Snowden’s revelations have shed much light on how secret government programs are collecting huge amounts of telephone, email and other electronic data generated by every US citizen even though, as Marcy has shown repeatedly, claims that collecting all of this data have enabled the capture of terrorists turn out to be significantly overblown. Sadly, it’s not just records of our communications that the government is collecting. The FBI is taking the lead in putting together what it calls Next Generation Identification. This program will expand the conventional FBI fingerprint database to include significant amounts of biological, or biometric data. From the FBI’s own description:

The future of identification systems is currently progressing beyond the dependency of a unimodal (e.g., fingerprint) biometric identifier towards multimodal biometrics (i.e., voice, iris, facial, etc.). The NGI Program will advance the integration strategies and indexing of additional biometric data that will provide the framework for a future multimodal system that will facilitate biometric fusion identification techniques. The framework will be expandable, scalable, and flexible to accommodate new technologies and biometric standards, and will be interoperable with existing systems. Once developed and implemented, the NGI initiatives and multimodal functionality will promote a high level of information sharing, support interoperability, and provide a foundation for using multiple biometrics for positive identification.

Wait. See that “etc.” in the “voice, iris, facial, etc”? Given the government’s behavior on electronic data, throwing in an “etc.” on biometric data is pretty unnerving. Impressive work is being done by the Electronic Privacy Information Center to shed light on just what the government is up to with Next Generation Identification. Here is their description of the program:

The Federal Bureau of Investigation is developing a biometric identification database program called “Next Generation Identification” (NGI). When completed, the NGI system will be the largest biometric database in the world. The vast majority of records contained in the NGI database will be of US citizens. The NGI biometric identifiers will include fingerprints, iris scans, DNA profiles, voice identification profiles, palm prints, and photographs. The system will include facial recognition capabilities to analyze collected images. Millions of individuals who are neither criminals nor suspects will be included in the database. Many of these individuals will be unaware that their images and other biometric identifiers are being captured. Drivers license photos and other biometric records collected by civil service agencies could be added to the system. The NGI system could be integrated with other surveillance technology, such as Trapwire, that would enable real-time image-matching of live feeds from CCTV surveillance cameras. The Department of Homeland Security has expended hundreds of millions of dollars to establish state and local surveillance systems, including CCTV cameras that record the routine activities of millions of individuals. There are an estimated 30 million surveillance cameras in the United States. The NGI system will be integrated with CCTV cameras operated by public agencies and private entities.

So just as the government has moved far beyond tapping communications only with a warrant to include the communications of innocent civilians, biometric identifiers of innocent civilians will be included in NGI alongside identifiers of known criminals. And what could possibly go wrong with our information being assembled in this way? Here’s how EPIC says the database will be built and maintained: Read more

The James Clapper Stall Declaration

/3 Comments/in , /by

On Thursday July 25, the ACLU met the government for a hearing in their suit to stop the Section 215 dragnet (which I’ll call ACLU Injunction for this post). While there, the government handed the judge a filing for ACLU’s Section 215 FOIA, asking for more time (until September 15, or maybe longer) before respond in that case; they sent ACLU a redacted copy by letter the next day.

The filing includes a James Clapper declaration written way back on July 7 meant to apply to four or five cases asking for a two month delay on FOIA or related litgation; as far as is publicly known, however, the declaration had not yet been submitted in any of those cases.

The filing (and its redactions) are interesting for several reasons:

It suggests one ongoing case pertains to Section 215 and/or Section 702 surveillance in a way that is not publicly known.

As I said, this declaration pertains to four or five cases. Three of those are named:

  • EFF v. DOJ (12-1441): EFF’s FOIA suit to get the FISA Court opinion deeming Section 702 to have violated the Fourth Amendment (EFF FISC Opinion FOIA)
  • EFF v. DOJ (4:11-5221): EFF’s FOIA suit to get a limited number of documents pertaining to Section 215 (EFF 215 FOIA)
  • ACLU v. FBI (11-7562): ACLU’s FOIA suit to get a broader range of documents pertaining to Section 215 (ACLU 215 FOIA)

But after referencing those suits, the Clapper declaration redacts over a line describing at least one other case.

Screen shot 2013-07-28 at 10.16.40 AM

 

The letter accompanying this declaration includes a footnote explaining,

Some redactions in the declaration include information that, in isolation, may be unclassified but, in the context of the discussion in the declaration, could tend to reveal information that is still classified in other settings.

Given the other redactions — which largely refer to still unacknowledged or undisclosed aspects of the Section 215 and Section 702 surveillance, along with one probable reference to CIA — the name of these case(s) are probably one of those redactions that would be unclassified in other circumstances.

That suggests that it may be the relevance to this issue — the role of Section 215 or Section 702 — that makes the reference to the case classified.

My first guess about what case(s) might be included in that redaction is EPIC’s FOIA suit for materials pertaining to the investigation of supporters of WikiLeaks. As I have described, the government not only withheld everything under an “ongoing investigation” exemption, it also invoked “protected by statute.” But it didn’t say what statute prohibited it from releasing the materials, an unheard of FOIA practice. That suit is awaiting the judges decision on motions to dismiss.

Read more

An EPIC Effort to Combat the Dragnet

/8 Comments/in /by

The Electronic Privacy Information Center has filed a writ of mandamus to SCOTUS to overturn the Section 215 order turning over all of Verizon’s call records to the NSA.

Let me be clear: this is a moon shot. I’m doubtful it’ll work. A really helpful post at SCOTUSblog on the effort emphasizes how unusual this is.

EPIC’s move is the boldest of a number of legal challenges to NSA that have been filed around the country by privacy defenders in the wake of Snowden’s public disclosure of some of the details of NSA surveillance.  EPIC filed under a Supreme Court rule that permits “extraordinary” filings directly in the Supreme Court, without first making a trip through a lower court, when “exceptional circumstances warrant the exercise of the Court’s discretionary powers” and an adequate remedy cannot be obtained “from any other court.”  The history of such Rule 20 requests shows that few are granted.  The Court’s own rules say that the power to grant such pleas is “sparingly exercised.”

All that said, IMO the filing is very well crafted, and worth reading with attention.

Name check the key Justices

I first got sucked in by the way the introduction invokes two recent cases on these issues.

The records acquired by the NSA under this Order detail the daily activities, interactions, personal and business relationships, religious and political affiliations, and other intimate details of millions of Americans. “Awareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.” United States v. Jones, 132 S. Ct. 945, 956 (2012) (Sotomayor, J., concurring). As Justice Breyer has recently noted, “the Government has the capacity to conduct electronic surveillance of the kind at issue.” Clapper v. Amnesty Int’l, USA, 133 S.Ct. 1138, 1158- 59 (2013) (citing, inter alia, Priest & Arkin, A Hidden World, Growing Beyond Control, Wash. Post, July 19, 2010, at A1 (reporting that the NSA collects 1.7 billion e-mails, telephone calls and other types of communications daily)). And because the NSA sweeps up judicial and Congressional communications, it inappropriately arrogates exceptional power to the Executive Branch.

Sotomayor is the one Justice who “gets” the implications of this dragnet; her opinion in Jones summarized where an ideal SCOTUS would be on these issues. If this is going to work Sotomayor is going to need to hold the hands of the other Justices and walk them through this risk. And Breyer is a key swing, a vote likely to support law and order without a good argument to the contrary.

And notice the way EPIC slipped in the separation of powers argument right there?

The motion also name checks two more crucial Justices, Republicans who have supported civil liberties issues on key cases in the past. Most importantly, it invokes Scalia’s recent warning against a panopticon in Maryland v. King (the DNA case).

Even admirable ends do not justify the creation of a panopticon. See Maryland v. King, 569 U.S. __, 133 S.Ct. 1958, 1989 (2013) (Scalia, J., dissenting) (“Solving unsolved crimes is a noble objective, but it occupies a lower place in the American pantheon of noble objectives than the protection of our people from suspicionless lawenforcement searches.”).

Read more

How David Addington Hid the Document Implicating George Bush in Illegal Wiretapping

/24 Comments/in /by

On December 16 and December 20, 2005, respectively — just days after the NYT revealed its existence — EPIC and ACLU FOIAed DOJ for documents relating to George Bush’s (really, Dick Cheney’s) illegal wiretap program (National Security Archive also FOIAed, though more narrowly). Among other documents, they requested, “any presidential order(s) authorizing the NSA to engage in warrantless electronic surveillance.” Yet in spite of the fact that the ACLU was eventually able to get DOJ to cough up some of the OLC memos that provided a legal rationale for the program, no presidential order was ever turned over. I don’t believe (though could be mistaken) it was even disclosed in declarations submitted by Steven Bradbury in the suit.

There’s a very good (and, sadly, legal) reason for that. According to the 2009 NSC draft IG report the Guardian released yesterday, it’s not clear DOJ ever had the Authorization. The White House is exempt from FOIA, and it’s likely that NSA could have withheld the contents of the Director’s safe from any FOIA, which is where the hard copy of the Authorization was kept.

It’s worth looking more closely at how David Addington guarded the Authorization, because it provides a lesson in how a President can evade all accountability for unleashing vast powers against Americans, and how the National Security establishment will willingly participate in such a scheme without ensuring what they’re doing is really legal.

The IG report describes the initial Authorization this way:

On 4 October 2001, President George W. Bush issued a memorandum entitled “AUTHORIZATION FOR SPECIFIED ELECTRONIC ACTIVITIES DURING A LIMITED PERIOD TO DETECT AND PREVENT ACTS OF TERRORISM WITHIN THE UNITED STATES.” The memorandum was based on the President’s determination that after the 11 September 2001 terrorist attacks in the United States, an extraordinary emergency existed for national defense purposes.

[snip]

The authorization specified that the NSA could acquire the content and associated metadata of telephony and Internet communications for which there was probable cause to believe that one of the communicants was in Afghanistan or that one communicant was engaged in or preparing for acts of international terrorism. In addition, NSA was authorized to acquire telephone and Internet metadata for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States. NSA was allowed to retain, process, analyze and disseminate intelligence from the communications acquired under the authority.

And while the NSA IG report doesn’t say it, the Joint IG Report on the program (into which this NSA report was integrated) reveals these details:

Each of the Presidential Authorizations included a finding to the effect that an extraordinary emergency continued to exist, and that the circumstances “constitute an urgent and compelling governmental interest” justifying the activities being authorized without a court order.

Each Presidential authorization also included a requirement to maintain the secrecy of the activities carried out under the program.

David Addington’s illegal program

While the Joint report obscures all these details, the NSA IG report makes clear that Dick Cheney and David Addington were the braintrust behind the program.

The Counsel to the Vice President used [a description of SIGINT collection gaps provided by Michael Hayden] to draft the Presidential authorization that established the PSP.

Neither President Bush nor White House Counsel Alberto Gonzales wrote this Authorization. David Addington did. Read more

Has OLC Written Memos Authorizing Illegal Wiretapping Again?

/6 Comments/in /by

Yesterday, CNet reported that, as part of an expanding cybersecurity effort, DOJ has immunized telecoms for violating wiretap laws.

The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors’ Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12.

“The Justice Department is helping private companies evade federal wiretap laws,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. “Alarm bells should be going off.”

Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as “2511 letters,” a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books.

One of Obama’s first acts as leader of the Democratic party was to cave on immunity for telecoms that accepted Attorney General notes in lieu of warrants under Dick Cheney’s illegal wiretap program.

Those notes may be very similar to what they’re getting in this case, which may explain why the telecoms are squeamish about relying on AG notes again.

In CNet’s article, Paul Rosenzweig (also a Lawfare contributor) likens these notes to the torture memos.

Paul Rosenzweig, a former Homeland Security official and founder of Red Branch Consulting, compared the NSA and DOD asking the Justice Department for 2511 letters to the CIA asking the Justice Department for the so-called torture memos a decade ago. (They were written by Justice Department official John Yoo, who reached the controversial conclusion that waterboarding was not torture.)

“If you think of it poorly, it’s a CYA function,” Rosenzweig says. “If you think well of it, it’s an effort to secure advance authorization for an action that may not be clearly legal.”

But remember, before DOJ wrote those notes for Cheney’s program, they got John Yoo to write a series of OLC memos authorizing the practice.

Which reminded me of the January 8, 2010 memo OLC wrote to authorize telecoms to “voluntarily” hand over records on international calls with no legal process. The memo reinterpreted a different part of 18 USC 2511 than this one, one limited to foreign communications.

(f) Nothing contained in this chapter or chapter 121 or 206 of this title, or section 705 of the Communications Act of 1934, shall be deemed to affect the acquisition by the United States Government of foreign intelligence information from international or foreign communications, or foreign intelligence activities conducted in accordance with otherwise applicable Federal law involving a foreign electronic communications system, utilizing a means other than electronic surveillance as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978, and procedures in this chapter or chapter 121 and the Foreign Intelligence Surveillance Act of 1978 shall be the exclusive means by which electronic surveillance, as defined in section 101 of such Act, and the interception of domestic wire, oral, and electronic communications may be conducted.

But it still authorized a very novel reading of the statute.

And yet here DOJ is, making an even more novel reading either of statute or prosecutorial function.

Did OLC authorize this reading too?