Posts

Judge Reggie Walton Is Pissed that Government Is Making Material Misstatements to FISC, Again

/11 Comments/in /by

FISA Court Chief Judge Reggie Walton just issued a rather unhappy order requiring the government to explain why it materially misstated the facts about whether any plaintiffs had protection orders that governed the phone dragnet.

Generally, he wants to know why the government didn’t tell him that EFF had protection orders in the Jewel and Shubert cases. More specifically, he wants to know why they didn’t tell him that — as I reported here — the EFF had asked the government how they could claim there was no protection order when they had one in their suits of the larger dragnet.

A review of the E-mail Correspondence indicates that as early as February 26, 2014, the day after the government filed its February 25 Motion, the plaintiffs in Jewel and First Unitarian indeed sought to clarify why the preservation orders in Jewel and Shubert were not referenced in that motion. E-mail Correspondence at 6-7. The Court’s review of the E-mail Correspondence suggests that the DOJ attorneys may have perceived the preservation orders in Jewel and Shubert to be immaterial to the February 25 Motion because the metadata at issue in those cases was collected under what DOJ referred to as the “President’s Surveillance Program” (i.e., collection pursuant to executive authority), as opposed to having been collected under Section 215 pursuant to FISC orders — a proposition with which plaintiffs’ counsel disagreed. Id at 4. As this Court noted in the March 12 Order and Opinion, it is ultimately up to the Northern District of California, rather than the FISC, to determine what BR metadata is relevant to the litigation pending before the court.

As the government is well aware, it has a heightened duty of candor to the Court in ex parte procedings. See MODEL RULES OF PROF’L CONDUCT R. 3.3(d) (2013). Regardless of the government’s perception of the materiality of the preservation orders in Jewel and Shubert to its February 25 Motion, the government was on notice, as of February 26, 2014, that the plaintiffs in Jewel and First Unitarian believed that orders issued by the District Court for the Northern District of California required the preservation of the FISA telephony metadata at issue in the government’s February 25 Motion. E-mail Correspondence at 6-7. The fact that the plaintiffs had this understanding of the preservation orders–even if the government had a contrary understanding–was material to the FISC’s consideration of the February 25 Motion. The materiality of that fact is evidenced by the Court’s statement, based on the information provided by the government in the February 25 Motion, that “there is no indication that nay of the plaintiffs have sought discovery of this information or made any effort to have it preserved.” March 7 Opinion and Order at 8-9.

The government, upon learning this information, should have made the FISC aware of the preservation orders and of the plaintiffs’ understanding of their scopre, regardless of whether the plaintiffs had made a “specific request” that the FISC be so advised. Not only did the government fail to do so, but the E-mail Correspondence suggests that on February 28, 2014, the government sought to dissuade plaintiffs’ counsel from immediately raising this issue with the FISC or the Northern District of California. E-mail Correspondence at 5.

In a number of places, Walton provides an out for the government, suggesting they might just be stupid and not obstructing (those are my words, obviously). He even goes so far as to suggest that DOJ might have an internal communication problem between the Civil Division, which is litigating the EFF suits, and the National Security Division, which works with FISC.

But then he notes that both Civil AAG Stuart Delery and Acting NSD AAG John Carlin submitted the filings to him.

The government’s failure to inform the FISC of the plaintiffs’ understanding that the prior preservation orders require retention of Section 591 telephony metadata may have resulted from imperfect communication or coordination within the Department of Justice rather than from deliberate decision-making.4 Nonetheless, the Court expects the government to be far more attentive to its obligations in its practice before this Court.

4 Attorneys from the Civil Division of the Department of Justice participated in the E-Mail Correspondence with plaintiffs’ counsel. As a general matter, attorneys from the National Security Division represent the government before the FISC. The February 25 Motion, as well as the March 13 Response, were submitted by the Assistant Attorney General for the Civil Division and the Acting Attorney General for the National Security Division.

Frankly, I hope Walton ultimately tries to learn why he wasn’t told about these protection orders in more detail years ago, when the government was deciding whether or not to destroy evidence of lawbreaking that Walton first identified in 2009. I also hope he gets to the bottom of why Deputy Attorney General James Cole had to intervene in this issue. But for now, I’m happy to see DOJ taken to the woodshed for misinforming the Court.

Update: Meanwhile, on the other coast, Judge Jeffrey White issued a protection order that is far broader than the government would prefer it to be. The government had implied that the First Unitarian Church suit only covered Section 215; earlier this week (I’ve got a post half written on it), EFF argued they’re challenging the dragnet, irrespective of what authorization the government used to collect it. Nothing in White’s order limits the protection order to Section 215 and this passage seems to encompass the larger dragnet.

Defendants’ searching of the telephone communications information of Plaintiffs is done without lawful authorization, probable cause, and/or individualized suspicion. It is done in violation of statutory and constitutional limitations and in excess of statutory and constitutional authority. Any judicial, administrative, or executive authorization (including any business records order issued pursuant to 50 U.S.C. § 1861) of the Associational Tracking Program or of the searching of the communications information of Plaintiffs is unlawful and invalid.

Update: fixed a typo in which I inadvertently said Walton caused rather than found the lawbreaking in 2009.

The Government Has a Festering EO 12333 Problem In Jewel/First Unitarian

/3 Comments/in , , /by

The government claims it does not have a protection order pertaining to the phone dragnet lawsuits because the suits with a protection order pertain only to presidentially-authorized programs.

The declaration made clear, in a number of places, that the plaintiffs challenged activities that occurred under presidential authorization, not under orders of the Foreign Intelligence Surveillance Court (FISC), and that the declaration was therefore limited to describing information collected pursuant to presidential authorization and the retention thereof.

Therefore, the government is challenging the EFF’s effort to get Judge Jeffrey White to reaffirm that the preservation orders in the Multidistrict Litigation and Jewel apply to the phone dragnet.

Fine. I think EFF can and should challenge that claim.

But let’s take the government at its word. Let’s consider what it would obliged to retain under the terms laid out.

The government agrees it was obliged, starting in 2007, to keep the content and metadata dragnets that were carried out exclusively on presidential authorization. Indeed, the declaration from 2007 they submitted describing the material they’ve preserved includes telephone metadata (on tapes) and the queries of metadata, including the identifiers used (see PDF 53). It also claimed it would keep the reports of metadata analysis.

That information is fundamentally at issue in First Unitarian Church, the EFF-litigated challenge to the phone dragnet. That’s true for three reasons.

First, the government makes a big deal of their claim, made in 2007, that the metadata dragnet databases were segregated from other programs. Whether or not that was a credible claim in 2007, we know it was false starting in early 2008, when “for the purposes of analytical efficiency,” a copy of that metadata was moved into the same database with the metadata from all the other programs, including both the Stellar Wind phone dragnet data, and the ongiong phone dragnet information collected under EO 12333.

And given the government’s promise to keep reports of metadata analysis, from that point until sometime several years later, it would be obliged to keep all phone dragnet analysis reports involving Americans. That’s because — as is made clear from this Memorandum of Understanding issued sometime after March 2, 2009 — the analysts had no way of identifying the source of the data they were analyzing. The MOU makes clear that analysts were performing queries on data including “SIGINT” (EO 12333 collected data), [redacted] — which is almost certainly Stellar Wind, BRFISA, and PR/TT. So to the extent that any metadata report didn’t have a clear time delimited way of identifying where the data came from, the NSA could not know whether a query report came from data collected solely pursuant to presidential authorization or FISC order. (The NSA changed this sometime during or before 2011, and now metadata all includes XML tags showing its source; though much of it is redundant and so may have been collected in more than one program, and analysts are coached to re-run queries to produce them under EO 12333 authority, if possible.)

Finally, the real problem for the NSA is that the data “alerted” illegally up until 2009 — including the 3,000 US persons watchlisted without undergoing the legally required First Amendment review — was done so precisely because when NSA merged its the phone dragnet data with the data collected under Presidential authorization — either under Stellar Wind or EO 12333 — it applied the rules applying to the presidentially-authorized data, not the FISC-authorized data. We know that the NSA broke the law up until about 5 years ago. We know the data from that period — the data that is under consideration for being aged off now — broke the law precisely because of the way the NSA mixed EO 12333 and FISC regulations and data.

The NSA’s declarations on document preservation — not to mention the declarations about the dragnets more generally — don’t talk about how the EO 12333 data gets dumped in with and mixed up with the FISC-authorized data. That’s NSA’s own fault (and if I were Judge White it would raise real questions for me about the candor of the declarants).

But since the government agreed to preserve the data collected pursuant to presidential authorization without modification (without, say, limiting it to the Stellar Wind data), that means they agreed to preserve the EO 12333 collected data and its poisonous fruit which would just be aging off now.

I will show in a follow-up post why that data should be utterly critical, specifically as it pertains to the First Unitarian Church suit.

But suffice it to say, for now, that the government’s claim that it is only obliged to retain the US person data collected pursuant to Presidential authorization doesn’t help it much, because it means it has promised to retain all the data on Americans collected under EO 12333 and queries derived from it.

The Clear Precedent for Carrie Cordero’s “Uncharted Territory” of Destruction of Evidence

/2 Comments/in , , /by

Shane Harris has a report on the government’s odd behavior in regards to preserving the phone dragnet data in light of the suits challenging its legality.

It’s surprising on three counts. First, because he claims the legal back and forth has not previously been reported.

Now, that database will include phone records that are older than five years — not exactly the outcome that critics of the NSA program were hoping for. A dramatic series of legal maneuvers, which have not been previously reported, led the outcome.

It’s surprising not just because the “legal maneuvers” have in fact been reported before (though not the detail that James Cole got involved, though it’s not yet clear how his involvement affected the actual legal maneuvers rather than the internal DOJ communication issues). But also because Harris neglects to mention key details of those legal maneuvers — notably that EFF reminded DOJ, starting on February 26, that it had preservation orders that should affect the dragnet data, reminders which DOJ stalled and then ignored.

Harris’ piece is also surprising because of the implicit suggestion that NSA hasn’t been aging off data regularly, as it is supposed to be.

A U.S. official familiar with the legal process said the question about what to do with the phone records needn’t have been handled at practically the last minute. “The government was coming up on a five-year deadline to delete the data. Lawsuits were pending. The Justice Department could have approached the FISC months ago to resolve this,” the official said, referring to the Foreign Intelligence Surveillance Court.

There should be no “deadline” here — aside from the daily “deadline” that should automatically age off the five year old data. Now, the WSJ had previously reported that that’s not actually how age-off works.

As the NSA program currently works, the database holds about five years of data, according to officials and some declassified court opinions. About twice a year, any call record more than five years old is purged from the system, officials said.

But even assuming NSA only ages off data twice a year (in which case they should stop claiming they only “keep” data for 5 years because they already keep some of it for 5 1/2 years), most of these suits are well older than 6 months old, predating what might have been an August age-off, which means unless NSA already deviated from its normal pattern, it deleted data relevant to the suits.

By far the most surprising detail in Harris’ story, however, is this response from former DOJ National Security Division Counsel Carrie Cordero to the news that Deputy Attorney General James Cole has gotten involved. This is, Cordero claims, “uncharted territory.”

“This is all uncharted territory,” said Carrie Cordero, a former senior Justice Department official who recently served as the counsel to the head of the National Security Division. “Given the complexity and the novelty of this chain of events, it’s a good thing that the deputy attorney general is personally engaged, and it demonstrates the significant attention that they’re giving to it.”

To be more specific about Cordero’s work history, from 2007 to 2011, she was deeply involved in FISA-related issues, first at ODNI and then at DOJ’s NSD.

In 2009, I served as Counsel to the Assistant Attorney General for National Security at the Unit ed States Department of Justice, where I co – chaired an interagency group created by the Director of National Intelligence (DNI) to improve FISA processes. From 2007 – 2009, I served in a joint duty capacity as a Senior Associate General Counsel at the Office of the Director of National Intelligence, where I worked behind the scenes on matters relating to the legislative efforts that resulted in the FISA Amendments Act of 2008.

Given her position in the thick of FISA-related issues, one would think she was at least aware of the protection order Vaughn Walker issued on November 6, 2007 ordering the preservation of evidence, up to and including “tangible things,” in the multidistrict litigation issues pertaining to the dragnet.

[T]he court reminds all parties of their duty to preserve evidence that may be relevant to this action. The duty extends to documents, data and tangible things in the possession, custody and control of the parties to this action,

And Cordero presumably should be aware that Walker renewed the same order on November 13, 2009, extending it to cover the Jewel suit, which had an ongoing focus.

Cordero is presumably aware of two other details. First, there should be absolutely no dispute that the phone dragnet was covered by these suits. That’s because at least as early as May 25, 2007 (and again in a declaration submitted October 2009), Keith Alexander included the phone dragnet among the things he considered related to the EFF and other suits over which he claimed state secrets.

In particular, disclosure of the NSA’s ability to utilize the TSP (or, therefore, the current FISA Court-authorized content collection) in conjunction with contact chaining [redacted–probably relating to data mining] would severely undermine efforts to detect terrorist activities.

[snip]

To the extent that the NSA’s bulk collection and targeted analysis of communication meta data may be at issue in this case, those activities–as described in paragraphs 27 and 28 above–must also be protected from disclosure.

In paragraphs 27 and 28 and the following paragraphs, Alexander named the FISC Pen Register and Telephone Records Orders by name.

Thus, as far back as 2007, the NSA acknowledged that it used its content collection in conjunction with its metadata dragnets, including data obtained pursuant to the FISA dragnet orders.

Read more

FISA Court Finally Discovers a Limit to the Word “Relevant”

/5 Comments/in /by

A few weeks back I laughed that, in a probable attempt to score political points against those challenging the phone dragnet by asking to retain the phone dragnet longer than 5 years, DOJ had shown a rather unusual concern for defendant’s rights.

Judge Reggie Walton has just denied DOJ’s motion. In doing so he has found limits to the word “relevant” that otherwise seem unheard of at the FISC in recent memory.

For its part, the government makes no attempt to explain why it believes the records that are subject to destruction are relevant to the civil cases. The government merely notes that “‘[r]elevant’ in this context means relevant for purposes of discovery, … including information that relates to the claims or defenses of any party, as well as information that is reasonably calculated to lead to the discovery of admissible evidence.” Motion at 6. Similarly, the government asserts that “[b]ased on the issues raised by Plaintiffs,” the information must be retained, but it fails to identify what those issues are and how the records might shed light on them. Id. at 7. Finally, the motion asserts, without any explanation, that “[b]ased on the claims raised and the relief sought, a more limited retention of the BR metadata is not possible as there is no way for the Government to know in advance and then segregate and retain only the BR metadata specifically relevant to the identified lawsuits.” Id. Of course, questions of relevance are ultimately matters for the courts entertaining the civil litigation to resolve. But the government now requests this Court to afford substantial weight to the purported interests of the civil litigants in retaining the BR metadata relative to the primary interests of the United States persons whose information the government seeks to retain. The government’s motion provides scant basis for doing so.

Shew. Given the way FISC has been defining the word “relevant” since 2004 to mean “virtually all,” I had thought the word had become utterly meaningless.

At least we know the word “relevant” has some limits at FISC, even if they’re unbelievably broad.

Mind you, I’m not sure whether FISC or the government is right in this case, as I do have concerns about the data from the troubled period during 2009 aging off.

But I will at least take some Friday afternoon amusement that the FISC just scolded the government about the word “relevant.”

NSA’s Newfound Concern about Defendants’ Rights under FISA

/3 Comments/in , /by

As WSJ reported it was going to do, NSA has requested that the FISA Court permit it to retain call data beyond the 5 year age-off date because of all the lawsuits it faces.

[T]he Government requests that Section (3)E of the Court’s Primary Order be amended to authorize the preservation and/or storage of certain call detail records or “telephony metadata” (hereinafter “BR metadata”) beyond five years (60 months) after its initial collection under strict conditions and for the limited purpose of allowing the Government to comply with its preservation obligations, described below, arising as a result of the filing of several civil lawsuits challenging the legality of the National Security Agency (NSA) Section 215 bulk telephony metadata collection program.

It provides this introduction to a list of the suits in question.

The following matters, currently pending either before a United States District Court, or United States Court of Appeals, are among those in which a challenge to the lawfulness of the Section 215 program have been raised:

And lists:

  • ACLU v. Clapper
  • Klayman v. Obama
  • Smith v. Obama, an Idaho case
  • First Unitarian Church of LA, the EFF related case
  • Paul v. Obama
  • Perez v. Clapper, a Bivens suit out of West Texas I hadn’t known about before

It goes on to say,

The duty to preserve typically arises from the common-law duty to avoid spoilation of relevant evidence for use at trial;

[snip]

A party may be exposed to a range of sanctions not only for violating a preservation order,3 but also for failing to produce relevant evidence when ordered to do so because it destroyed information that it had a duty to preserve.

3 To date, no District Court or Court of Appeals has entered a specific preservation order in any of the civil lawsuits referenced in paragraph 4 but a party’s duty to preserve arises apart from any specific court order.

[snip]

When preservation of information is required, the duty to preserve supersedes statutory or regulatory requirements or records-management policies that would otherwise result in the destruction of the information.

[snip]

Based upon the claims raised and the relief sought, a more limited retention of the BR metadata is not possible as there is no way for the Government to know in advance and then segregate and retain only that BR metadata specifically relevant to the identified lawsuits.

[snip]

Congress did not intend FISA or the minimization procedures adopted pursuant to section 1801(h) to abrogate the rights afforded to defendants in criminal proceedings.4 For example, in discussing section 1806, Congress stated,

[a]t the outset, the committee recognizes that nothing in these subsections abrogates the rights afforded a criminal defendant under Brady v. Maryland, and the Jencks Act. These legal principles inhere in any such proceeding and are wholly consistent with the procedures detailed here.

[snip]

Although the legislative history discussed above focuses on the use of evidence against a person in criminal proceedings, the Government respectfully submits that the preservation of evidence in civil proceedings is likewise consistent with FISA.

4 By extension, this should also apply to section 1861(g) which, with respect to retention is entirely consistent with section 1801(h).

Now, if you’re not already peeing your pants in laughter, consider the following.

First, as EFF’s Cindy Cohn pointed out to the WSJ, Judge Vaughn Walker issued a retention order in EFF’s 2008 suit against the dragnet.

Ms. Cohn also questioned why the government was only now considering this move, even though the EFF filed a lawsuit over NSA data collection in 2008.

In that case, a judge ordered evidence preserved related to claims brought by AT&T customers. What the government is considering now is far broader.

So, at least in her interpretation, it should already be retaining it.

Then, consider DOJ’s very serious citation of Congress’ intention that FISA not impair any defendant’s criminal rights. It basically says that that principle, laid out during debates about traditional FISA in 1978, should apply to other parts of FISA like the phone dragnet.

Of course, it was only 24 hours ago when DOJ was last caught violating that principle in Section 702, abrogating a defendant’s right to know where the evidence against him came from. And there are a whole slew of criminal defendants — most now imprisoned — whose 702 notice DOJ is still sitting on, whose rights DOJ felt perfectly entitled to similarly abrogate (we know this because back in June FBI was bragging about how many of them there were). So I am … surprised to hear DOJ suggest it gives a goddamn about criminal defendants’ rights, because for at least the last 7 years it has been shirking precisely that duty as it pertains to FISA.

Also, did you notice what pending case pertaining to the legality of the phone dragnet DOJ didn’t mention? Basaaly Moalin’s appeal of his conviction based off evidence collected pursuant to Section 215. What do you want to bet that NSA hasn’t retained the original phone records that busted him, which would have aged off NSA’s servers back in October 2012, well before DOJ told Moalin it had used Section 215 to nab him. That’s relevant because, according to recent reporting, NSA should not have been able to find Moalin’s call records given claims about limits on collection; if they did, they probably only did because AT&T was turning over other providers phone records. Moreover, we know that NSA was in violation of the dragnet minimization requirements in a slew of different ways at the time. Notably, that includes queries using selectors that had not been RAS-approved, as required, and dissemination using EO 12333’s weaker dissemination rules. Now that we know of these problems, a court might need that original data to determine whether the search that netted Moalin was proper (I presume NSA has the original query results and finished intelligence reports on it, but it’s not clear that would explain precisely how NSA obtained that data). Significantly, it was not until after 2009 that NSA even marked incoming data to show where it had been obtained.

So show us (or rather, Moalin’s lawyers) the data, NSA.

Ah well. If nothing else, this laughable motion should prove useful for defendants challenging their conviction because DOJ abrogated their rights!

In Sworn Declaration about Dragnet, NSA Changes Its Tune about Scope of “This Program”

/7 Comments/in , /by

I’ve been tracking the sudden effort on the part of NSA to minimize how much of the call data in the US it collects (under “this program,” Section 215).

That effort has, unsurprisingly, carried over to its sworn declarations in lawsuits.

Along with the response in the First Unitarian Church of Los Angeles v. NSA suit the government filed last Friday (this is the EFF-backed suit that challenges the phone dragnet on Freedom of Association as well as other grounds), NSA’s Signals Intelligence Director Theresa Shea submitted a new declaration about the scope of the program.

Ostensibly, Shea’s declaration serves to explain the “new” “changes” Obama announced last month, which the FISA Court approved on February 4. As I have noted, in one case the “change” simply formalized NSA”s existing practice and in the other it’s probably not a big change either.

In addition to her explanation of those “changes,” Shea included this language about the scope of the dragnet.

Although there has been speculation that the NSA, under this program, acquires metadata relating to all telephone calls to, from, or within the United States, that is not the case. The Government has acknowledged that the program is broad in scope and involves the collection and aggregation of a large volume of data from multiple telecommunications service providers, but as the FISC observed in a decision last year, it has never captured information on all (or virtually all) calls made and/or received in the U.S. See In re Application of the FBI for an Order Requiring the Production of Tangible Things from [Redacted], Dkt. No. BR13-109 Amended Mem. Op. at 4 n.5 (F.I.S.C. Aug. 29, 2013) (publicly released, unclassified version) (“The production of all call detail records of all persons in the States has never occurred under under this program.“) And while the Government has also acknowledged that one provider was the recipient of a now-expired April 23, 2013, Secondary Order from the FISC (Exhibit B to my earlier declaration), the identities of the carriers participating in the program (either now, or at any time in the past) otherwise remain classified. [my emphasis]

Shea appears to be presenting as partial a picture of the dragnet as she did in her prior declaration, where she used expansive language that — if you looked closely — actually referred to the entire dragnet, not just the Section 215 part of it.

Here, she’s selectively citing the declassified August 29, 2013 version of Claire Eagan’s July 19, 2013 opinion. The latter date is significant, given that the day the government submitted the application tied to that order, NSA General Counsel Raj De made it clear there were 3 providers in the program (see after 18:00 in the third video). These are understood to be AT&T, Sprint, and Verizon.

Shea selectively focuses on language that describes some limits on the dragnet. She could also note that Eagan’s opinion quoted language suggesting the dragnet (at least in 2011) collected “substantially all” of the phone records from the providers in question, but she doesn’t, perhaps because it would present problems for her “virtually all” claim.

Moreover, Shea’s reference to “production of all call detail records” appears to have a different meaning than she suggests it has when read in context. Here’s what the actual language of the opinion says.

Specifically, the government requested Orders from this Court to obtain certain business records of specified telephone service providers. Those telephone company business records consist of a very large volume of each company’s call detail records or telephony metadata, but expressly exclude the contents of any communication; the name, address, or financial information of any subscriber or customer; or any cell site location information (CSLI). Primary Ord. at 3 n.l.5

5 In the event that the government seeks the production of CSLI as part of the bulk production of call detail records in the future, the government would be required to provide notice and briefing to this Court pursuant to FISC Rule 11. The production of all call detail records of all persons in the United States has never occurred under this program. For example, the government [redacted][my emphasis]

In context, the reference discusses not just whether the records of all the calls from all US telecom providers (AT&T, Sprint, and Verizon, which participated in this program on the date Eagan wrote the opinion, but also T-Mobile and Cricket, plus VOIP providers like Microsoft, owner of Skype, which did not) are turned over, but also whether each provider that does participate (AT&T, Sprint, and Verizon) turns over all the records on each call. The passage makes clear they don’t do the latter; AT&T, Sprint, and Verizon don’t turn over financial data, name, or cell location, for example! And since we know that at the time Eagan wrote this opinion, there were just those 3 providers participating, clearly the records of providers that didn’t use the backbone of those 3 providers or, in the case of Skype, would be inaccessible, would be missed. So not all call detail records from the providers that do provide records, nor records covering all the people in the US. But still a “very large volume” from AT&T, Sprint, and Verizon, the providers that happen to be covered by the suit.

And in this declaration, instead of using the number De used last July, Shea instead refers to “multiple telecommunications service providers,” which could be 50, 4, 3, or 2, or anywhere in between. Particularly given her “either now, or at any time in the past” language, this suggests the number of providers participating may have changed since July.

Which brings me to the two other implicit caveats in her statement.

First, she suggests (ignoring the time ODNI revealed Verizon’s name a second time) that the only thing we can be sure of is that Verizon provided all its domestic data for the 3 months following April 23, 2013.

Actually, we can be fairly sure that at least until January 3, Verizon still participated. That’s because the Primary Order approved on that date still includes a paragraph that — thanks to ODNI’s earlier redaction fail — we know was written to ensure that Verizon didn’t start handing over its foreign call records along with its domestic ones.

Screen Shot 2014-02-25 at 9.33.00 AM

Though curiously, the way in which DOJ implemented the Obama-directed changes — the ones that Shea’s declaration supposedly serves to explain — involved providing substitute language affecting a huge section of the Primary Order, without providing a new Primary Order itself. So we don’t know whether ¶1(B) — what I think of as the Verizon paragraph — still exists, or even whether it still existed on February 4, when Reggie Walton approved the change.

Which is particularly interesting given that Shea’s declaration just happened to be submitted on the date, February 21, when a significant change in Verizon’s structure may have affected how NSA gets its data. (That date was set in December by a joint scheduling change.)

One way or another, Shea’s claim that the dragnet doesn’t collect all or even virtually all phone records is very time delimited, certainly allowing the possibility that the scope of the dragnet has changed since the plaintiffs filed this suit on July 16, 3 days before Eagan explicitly excluded cell location data from the dragnet collection, which is the reason NSA’s leak recipients now give for limits on the scope of the program.

The claim is also — as claims about the Section 215 always are — very program delimited. In her statement claiming limits on how much data the NSA collects, Shea makes 2 references to “this program” and quotes Eagan making a third. She’s not saying the NSA doesn’t collect all the phone data in the US (I don’t think they quite do that either, but I think they collect more US phone data than they collect under this program). She’s saying only that it doesn’t collect “virtually all” the phone data in the US “under this program.”

Given her previously expansive declaration (which implicitly included all the other dragnet collection methods), I take this declaration as a rather interesting indicator of the limits to the claims about limits to the dragnet.

On the Definition of Dragnet “Identifier”

/in /by

Last month, I noted that ODNI failed to redact a reference to Verizon in one of the phone dragnet primary orders, which helped to confirm that Verizon was the provider ordered to provide only its domestic or one-end domestic call records to NSA under this order.

I’d like to look at another redaction fail (also, IIRC, pointed out to me Michael) from that document dump.

In the February 25, 2010 order, part of the footnote describing what identifiers NSA can use to contact chain was left unredacted.

Screen Shot 2014-02-15 at 12.42.04 PM

The footnote starts on the previous page; this is the end of the description (the big redaction below it modifies one of the terms in the list of terror groups associations).

Given all the discussion about whether NSA does or does not collect cell phone data, I think it of particular interest that IMSI and IMEI — two ways to identify cell phone users — appear in this footnote. It’s actually not clear whether their inclusions mean they can or cannot be used as identifiers.

But there’s reason to believe the footnote says they can be used as identifiers.

The footnote first appeared in the March 5, 2009 order — the first written after Judge Reggie Walton started trying to clean up the dragnet mess. Screen Shot 2014-02-15 at 1.01.28 PM

By that point, NSA had informed Walton that an additional querying tool had regularly accessed the 215 dragnet to perform analysis of certain identifiers.

If an analyst conducted research supported by [redacted] the analyst would receive a generic notification that NSA’s signals intelligence (“SIGINT”) databases contained one or more references to the telephone identifier in which the analyst was interested; a count of how many times the identifier was present in SIGINT databases; the dates of the first and last call events associated with the identifier; a count of how many other unique telephone identifiers had direct contact with the identifier that was the subject of the analyst’s research; the total number of calls made to or from the telephone identifier that was the subject of the analyst’s research; the ratio of the count of total calls to the count of unique contacts; and the amount of time it took to process the analyst’s query.

But this was before NSA explained it treated all correlated identifiers for a particular RAS-approved person as RAS-approved,

The end-to-end review revealed the fact that NSA’s practice of using correlated selectors to query the BR FISA metadata had not been fully described to the Court. A communications address or selector, is considered correlated with other communications addresses when each additional address is shown to identify the same communicant(s) as the original address.

Though it had provided some kind of description of this practice in an August 18, 2008 filing that almost certainly served as back-up for the August 19, 2008 order that first started specifically ordering IMSI and IMEI data.

A description of how [redacted] is used to correlate [redacted] was included in the government’s 18 August 2008 filing to the FISA Court, While NSA previously described to the FISC the ractice of using correlated selectors as seeds, the FISC never addressed whether [redacted] correlated selectors met the RAS standard when any one of the correlated selectors met the RAS standard. A notice was filed with the FISC can this issue on 15 June 2009.

 

All of which is to say that several of the items discussed during the 2009 review pertained to how NSA tracked identities over time, particularly phone-based identities that spanned multiple cell phones.

Which would explain why it would want to track both phone numbers themselves, but especially the handset and SIM identifiers (though in the case of burner phone “correlation,” those details wouldn’t help to make a match).

None of this should be surprising. As I said, it would be shocking if the nation’s counterterrorism professionals accepted a dragnet with less functionality than the one available to DEA under AT&T’s Hemisphere program, and a key part of that program involves matching cell phone identities (though remember, Hemisphere at least used to permit tracking of geolocation, too).

But assuming that footnote defining “identifier” affirmatively includes IMSI and IMEI as potential identifiers, which would seem logical, it’s yet one more data point showing how central the use of cell phones is to the dragnet.

That still doesn’t mean the NSA collected cell phone data, or collected it from providers besides AT&T and Sprint. But it sure seems to indicate an priority on such data.

Omaha! Omaha! The Alert that Won’t Alert

/5 Comments/in /by

The FISA Court just released the January 3, 2014 phone dragnet order, DOJ’s motion to amend it to meet Obama’s new dragnet terms, and the approval for that.

But those changes are of the least interest in these documents. I’ll explain the loophole to the changes tomorrow.

For now, consider that the NSA reportedly can’t get its automated chaining program to work. In the motion to amend, footnote 12 — which modifies part of some entirely redacted paragraphs describing its new automated alert approved back in 2012 — reads:

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

PCLOB describes this automated alert this way.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. The database places the results of these queries together in a repository called the “corporate store.”

It has been 15 months since FISC approved this alert, but NSA still can’t get it working.

I suspect this is the root of the stories claiming NSA can only access 30% of US phone records.

And I think it probably does have to do with cell data and what they get from other programs — just not in the way the reports said it did.

I’ll explain that in a follow-up.

Will NSA Lose Access to All Verizon Cell Metadata in 12 Days Time?

/14 Comments/in /by

Last week, NSA selectively leaked a claim it only obtains 20 to 30% of US call data because it doesn’t collect some or all cell provider data. (WSJ, WaPo, LAT, NYT)

I believe the claim itself is true only in a narrow sense and the premises given to journalists underlying it are laughably false as presented (though have grains of truth).

I suspect this leaked propaganda campaign might better be explained by the possibility that NSA will lose some of its existing access to Verizon cell data on February 21, when the Vodaphone/Verizon split becomes legally official.

Some aspect of Verizon’s structure — and a good deal suggests it’s that dual-country ownership — has created problems in the metadata program since 2009. On May 29, 2009, Judge Reggie Walton started breaking out directions to Verizon’s Custodian of Records in its own paragraph of the Primary Order so as to clarify that it should only provide entirely domestic or one-end domestic calls under the Section 215 order, not entirely foreign calls. Then, in a July 9, 2009 Primary Order the government is still withholding, Walton actually shut down production from Verizon, apparently entirely. He restored production with the September 3, 2009 Primary Order, permitting retroactive collection of any records still in existence. We know Verizon was this provider because ODNI failed to redact Verizon’s name in the Verizon-specific paragraph in a recent document dump.

While we don’t know why including foreign production presented such a problem (that 3 month period is the only period I know of during which production of any part of the phone dragnet was shut down), it did.

But we do have hints of why Verizon’s international collection might be so sensitive. In August (a month before Verizon and Vodaphone agreed to split), Suddeutsche newspaper revealed that Verizon was among the 7 providers included in GCHQ’s Tempora program.

BT, Vodafone Cable, and the American firm Verizon Business – together with four other smaller providers – have given GCHQ secret unlimited access to their network of undersea cables. The cables carry much of the world’s phone calls and internet traffic.

In June the Guardian revealed details of GCHQ’s ambitious data-hoovering programmes, Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. It emerged GCHQ was able to tap into fibre-optic cables and store huge volumes of data for up to 30 days. That operation, codenamed Tempora, has been running for 20 months.

The Guardian explained that providers were compelled, under licensing requirements, to participate under the UK’s Telecom Act.

Telecoms providers can be compelled to co-operate with requests from the government, relayed through ministers, under the 1984 Telecommunications Act,

[snip]

Vodafone said it complied with the laws of all the countries in which its cables operate. “Media reports on these matters have demonstrated a misunderstanding of the basic facts of European, German and UK legislation and of the legal obligations set out within every telecommunications operator’s licence … Vodafone complies with the law in all of our countries of operation,” said a spokesman.

That would seem to suggest Verizon’s legal presence in the UK made it subject to orders to participate in Tempora. This requirement, which started as early as 2008, involves the massive collection of both phone and Internet metadata which gets stored for 30 days. The kind of metadata that last week’s propaganda campaign claimed NSA didn’t get access to.

Given Verizon’s role in Tempora, I suspect it is one of the corporate partners which accesses data (including, but no way limited to, cell location data) from the telephone links between networks under the FASCIA program.

A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.”

STORMBREW collects data from 27 telephone links known as OPC/DPC pairs, which refer to originating and destination points and which typically transfer traffic from one provider’s internal network to another’s. That data include cell tower identifiers, which can be used to locate a phone’s location.

The agency’s access to carriers’ networks appears to be vast.

“Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This ‘flat’ trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one-stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.”

And as Blaze describes (Mindrayge describes some of why this is so in this comment), accessing data at these points would give Verizon access to everyone’s cell data, not just its own.

I believe that collection — because it was obligated by the UK, not the US, and because it took place offshore — would count as EO 12333 data, not Section 215 data. This is why I believe NSA does get comprehensive coverage of all cell data, just not under Section 215. NSA gets all the data it wants, just via GCHQ’s greater ability to obligate production than NSA’s. And it gets cell location data if it wants it too!

Or it did, so long as the joint corporate structure of Vodaphone and Verizon created the obligation behind that production.

Now, obviously, the hardware linking Verizon and Vodaphone won’t disappear in 12 days time. Verizon will still presumably operate the hardware where this massive data collection takes place. But if I’m understanding the legal leverage of the UK’s licensing law correctly, the UK and US’ collective ability to obligate production will change. As one possibility (there are others I’ll explain in a later post), NSA may have to rely on Section 215 to obligate production, rather than the UK’s more expansive law.

Which, I suspect, is the real logic behind last week’s propaganda campaign on cell data. For the first time, NSA may have to rely on Section 215 rather than UK licensing laws to access Verizon’s (and probably some other providers’) cell phone metadata. And that’s happening at a time when Verizon is the dominant cell provider in the US. But even as it will need to rely on Section 215, the FISC has narrowed the scope of its interpretation of the law, to specifically exclude the cell location data that has been included in this collection for years.

In other words, I believe the confluence of two events — the change in Verizon’s corporate structure and FISC’s effort to prohibit the application of Section 215 to location data — may have created significant new difficulties in maintaining what (I strongly believe) has always been comprehensive dragnet collection.

Update: On March 4, Verizon’s General Counsel said the Vodaphone/Verizon split will have no effect on their legal obligation.