Posts

Those Cable Landings Chelsea Manning Didn’t Leak

Oman Cable LandingsYesterday, The Register published what it claims is the story that led GCHQ to destroy the Guardian’s hard drives: the location of a key GCHQ base in the Middle East and its relationships with British Telecom and Vodaphone.

While the BT/Vodaphone details are worth clicking through to read, I’m particularly interested in the focus on the base in Oman. (See an interactive map of the cable landings here.)

The secret British spy base is part of a programme codenamed “CIRCUIT” and also referred to as Overseas Processing Centre 1 (OPC-1). It is located at Seeb, on the northern coast of Oman, where it taps in to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf. Seeb is one of a three site GCHQ network in Oman, at locations codenamed “TIMPANI”, “GUITAR” and “CLARINET”. TIMPANI, near the Strait of Hormuz, can monitor Iraqi communications. CLARINET, in the south of Oman, is strategically close to Yemen.

British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.

The Brits would have you believe — and I have no reason to doubt them — that this cable landing in Oman is one of the key points in their surveillance infrastructure.

I raise this because of a cable listing the globe’s critical infrastructure — and fearmongering surrounding it — that Chelsea Manning leaked to Wikileaks. As I noted at the time, while the cable lists a slew of cable landings as critical infrastructure sites — including the Hibernia Atlantic undersea cable landing in Dublin, which gets mentioned in the Register story — it does not list a single cable landing site in the Middle East.

NEAR/MIDDLE EAST

Djibouti:
Bab al-Mendeb: Shipping lane is a critical supply chain node

Egypt:
‘Ayn Sukhnah-SuMEd Receiving Import Terminal
‘Sidi Kurayr-SuMed Offloading Export Terminal
Suez Canal

Iran:
Strait of Hormuz
Khark (Kharg) Island Sea Island Export Terminal
Khark Island T-Jetty

Iraq:
Al-Basrah Oil Terminal

Israel:
Rafael Ordnance Systems Division, Haifa, Israel: Critical to Sensor Fused Weapons (SFW), Wind Corrected Munitions Dispensers (WCMD), Tail Kits, and batteries

Kuwait:
Mina’ al Ahmadi Export Terminal

Morocco:
Strait of Gibraltar
Maghreb-Europe (GME) gas pipeline, Morocco

Oman:
Strait of Hormuz

Qatar:
Ras Laffan Industrial Center: By 2012 Qatar will be the largest source of imported LNG to U.S.

Saudi Arabia:
Abqaiq Processing Center: Largest crude oil processing and stabilization plant in the world
Al Ju’aymah Export Terminal: Part of the Ras Tanura complex
As Saffaniyah Processing Center
Qatif Pipeline Junction
Ras at Tanaqib Processing Center
Ras Tanura Export Terminal
Shaybah Central Gas-oil Separation Plant

Tunisia:
Trans-Med Gas Pipeline

United Arab Emirates (UAE):
Das Island Export Terminal
Jabal Zannah Export Terminal
Strait of Hormuz

Yemen:
Bab al-Mendeb: Shipping lane is a critical supply chain node

Note, Bahamas’ telecom, which recent reporting has also noted is critical to NSA’s spying, also gets no mention.

That’s not surprising in the least. The cable (and the list) is classified Secret. NSA and GCHQ’s prime collection points are (as the Register notes) classified several levels above Top Secret.

And while the list provided some indication of what sites were significant by their absence, it’s likely that the sites that were listed were the relatively unimportant sites.

At trial, Manning’s lawyers repeatedly point out that she had chosen not to leak stuff from JWICS, which would be classified at a higher level. The stuff she leaked, which she got on SIPRNET, was by definition less sensitive stuff.

I don’t mean to suggest this reflects on the relative value of what either Edward Snowden or Chelsea Manning leaked. I think it is a good indication, though, of how unfounded a lot of the fear mongering surrounding this particular leaked cable was.

Verizon VP: Company-Based Transparency Reports Don’t Help Consumers

There was a fascinating panel of Telecom execs and bloggers discussing human rights at RightsCon yesterday. Among others, Verizon Executive Vice President and General Counsel Randal Milch spoke.

As I noted in passing, Verizon published an update to their Transparency Report the other day. Particularly as compared to AT&T’s bogus report, the Verizon report was laudable for its explanation of what it couldn’t show, such as when it acknowledged that its report did not include the hundreds of millions of customers whose records got turned over under Section 215.

We note that while we now are able to provide more information about national security orders that directly relate to our customers, reporting on other matters, such as any orders we may have received related to the bulk collection of non-content information, remains prohibited.

It also acknowledged something obvious but that which should be explicit: when the government obtains content from Verizon, it sometimes gets metadata as well.

Some FISA orders that seek content also seek non-content; we counted those as FISA orders for content and to avoid double counting have not also counted them as FISA orders for non-content.

All this is useful information that lends the report itself credibility.

So when I first approached Milch, I thanked him for the quality of his report.

Which is why I was so surprised when he said the government should be in the business of transparency reports, not the providers. I challenged that, noting that an easy comparison of AT&T and Verizon’s reports strongly suggests that Verizon demands more legal process for requests than AT&T. He dismissed that, suggesting any differences arise from the different kind of client base the providers have.

Granted, Milch was talking about your average consumer, not … me.

But it seemed bizarre. Or perhaps it was a testament that Milch and Verizon generally don’t want to have to compete in this front.

Milch answered one other question of mine: I asked whether the Verizon/Vodaphone split affected Verizon’s obligations to the UK (that is, to GCHQ). He claims it didn’t affect it at all, that it was more an investment stake and that none of Verizon’s cell call records were in the UK. (No, I didn’t point out that the records are right where GCHQ wants them, in places accessible under Tempora).

So at least according to Milch’s claims, my theory laid out here is wrong.

Will NSA Lose Access to All Verizon Cell Metadata in 12 Days Time?

Last week, NSA selectively leaked a claim it only obtains 20 to 30% of US call data because it doesn’t collect some or all cell provider data. (WSJ, WaPo, LAT, NYT)

I believe the claim itself is true only in a narrow sense and the premises given to journalists underlying it are laughably false as presented (though have grains of truth).

I suspect this leaked propaganda campaign might better be explained by the possibility that NSA will lose some of its existing access to Verizon cell data on February 21, when the Vodaphone/Verizon split becomes legally official.

Some aspect of Verizon’s structure — and a good deal suggests it’s that dual-country ownership — has created problems in the metadata program since 2009. On May 29, 2009, Judge Reggie Walton started breaking out directions to Verizon’s Custodian of Records in its own paragraph of the Primary Order so as to clarify that it should only provide entirely domestic or one-end domestic calls under the Section 215 order, not entirely foreign calls. Then, in a July 9, 2009 Primary Order the government is still withholding, Walton actually shut down production from Verizon, apparently entirely. He restored production with the September 3, 2009 Primary Order, permitting retroactive collection of any records still in existence. We know Verizon was this provider because ODNI failed to redact Verizon’s name in the Verizon-specific paragraph in a recent document dump.

While we don’t know why including foreign production presented such a problem (that 3 month period is the only period I know of during which production of any part of the phone dragnet was shut down), it did.

But we do have hints of why Verizon’s international collection might be so sensitive. In August (a month before Verizon and Vodaphone agreed to split), Suddeutsche newspaper revealed that Verizon was among the 7 providers included in GCHQ’s Tempora program.

BT, Vodafone Cable, and the American firm Verizon Business – together with four other smaller providers – have given GCHQ secret unlimited access to their network of undersea cables. The cables carry much of the world’s phone calls and internet traffic.

In June the Guardian revealed details of GCHQ’s ambitious data-hoovering programmes, Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. It emerged GCHQ was able to tap into fibre-optic cables and store huge volumes of data for up to 30 days. That operation, codenamed Tempora, has been running for 20 months.

The Guardian explained that providers were compelled, under licensing requirements, to participate under the UK’s Telecom Act.

Telecoms providers can be compelled to co-operate with requests from the government, relayed through ministers, under the 1984 Telecommunications Act,

[snip]

Vodafone said it complied with the laws of all the countries in which its cables operate. “Media reports on these matters have demonstrated a misunderstanding of the basic facts of European, German and UK legislation and of the legal obligations set out within every telecommunications operator’s licence … Vodafone complies with the law in all of our countries of operation,” said a spokesman.

That would seem to suggest Verizon’s legal presence in the UK made it subject to orders to participate in Tempora. This requirement, which started as early as 2008, involves the massive collection of both phone and Internet metadata which gets stored for 30 days. The kind of metadata that last week’s propaganda campaign claimed NSA didn’t get access to.

Given Verizon’s role in Tempora, I suspect it is one of the corporate partners which accesses data (including, but no way limited to, cell location data) from the telephone links between networks under the FASCIA program.

A sigad known as STORMBREW, for example, relies on two unnamed corporate partners described only as ARTIFICE and WOLFPOINT. According to an NSA site inventory, the companies administer the NSA’s “physical systems,” or interception equipment, and “NSA asks nicely for tasking/updates.”

STORMBREW collects data from 27 telephone links known as OPC/DPC pairs, which refer to originating and destination points and which typically transfer traffic from one provider’s internal network to another’s. That data include cell tower identifiers, which can be used to locate a phone’s location.

The agency’s access to carriers’ networks appears to be vast.

“Many shared databases, such as those used for roaming, are available in their complete form to any carrier who requires access to any part of it,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “This ‘flat’ trust model means that a surprisingly large number of entities have access to data about customers that they never actually do business with, and an intelligence agency — hostile or friendly — can get ‘one-stop shopping’ to an expansive range of subscriber data just by compromising a few carriers.”

And as Blaze describes (Mindrayge describes some of why this is so in this comment), accessing data at these points would give Verizon access to everyone’s cell data, not just its own.

I believe that collection — because it was obligated by the UK, not the US, and because it took place offshore — would count as EO 12333 data, not Section 215 data. This is why I believe NSA does get comprehensive coverage of all cell data, just not under Section 215. NSA gets all the data it wants, just via GCHQ’s greater ability to obligate production than NSA’s. And it gets cell location data if it wants it too!

Or it did, so long as the joint corporate structure of Vodaphone and Verizon created the obligation behind that production.

Now, obviously, the hardware linking Verizon and Vodaphone won’t disappear in 12 days time. Verizon will still presumably operate the hardware where this massive data collection takes place. But if I’m understanding the legal leverage of the UK’s licensing law correctly, the UK and US’ collective ability to obligate production will change. As one possibility (there are others I’ll explain in a later post), NSA may have to rely on Section 215 to obligate production, rather than the UK’s more expansive law.

Which, I suspect, is the real logic behind last week’s propaganda campaign on cell data. For the first time, NSA may have to rely on Section 215 rather than UK licensing laws to access Verizon’s (and probably some other providers’) cell phone metadata. And that’s happening at a time when Verizon is the dominant cell provider in the US. But even as it will need to rely on Section 215, the FISC has narrowed the scope of its interpretation of the law, to specifically exclude the cell location data that has been included in this collection for years.

In other words, I believe the confluence of two events — the change in Verizon’s corporate structure and FISC’s effort to prohibit the application of Section 215 to location data — may have created significant new difficulties in maintaining what (I strongly believe) has always been comprehensive dragnet collection.

Update: On March 4, Verizon’s General Counsel said the Vodaphone/Verizon split will have no effect on their legal obligation.

The Faulty Premise of the 30% Call Data Claims: Legal Limits on Geolocation Data

In this post, I suggested that reports (WSJ, WaPo) that NSA collects only 20 to 30% of US phone records probably don’t account for the records collected under authorities besides Section 215.

So why did WSJ, WaPo, LAT, and NYT all report on this story at once? Why, after 8 months in which the government has taken the heat for collecting all US call records, are anonymous sources suddenly selectively leaking stories claiming they don’t get (any, the stories suggest) cell data?

There’s a tall tale the stories collectively tell that probably explains it.

None of the stories really explain why NSA didn’t start collecting cell data from the start, when, after all, it got no legal review. Nor did they note that, according to this WSJ article which a few of them cited, NSA does get cell data from AT&T and Sprint. But the stories collectively provide two explanations for why — as cell phones came to dominate US telecommunications — NSA didn’t add them to their Section 215 collection (which remember, is different from not including them in their EO 12333 collection).

First, NSA was too busy responding to crises (their 2009 phone dragnet violations and the Snowden leaks) to integrate cell data.

WSJ:

The agency’s legal orders to U.S. phone companies don’t cover most cellphone records, a gap the NSA has been trying to address for years. The effort has been repeatedly slowed by other, more pressing demands, such as responding to criticisms from the U.S. court that oversees its operations, people familiar with the matter say.

WaPo:

Compounding the challenge, the agency in 2009 struggled with compliance issues, including what a surveillance court found were “daily violations of the minimization procedures set forth in [court] orders” designed to protect Americans’ call records that “could not otherwise have been legally captured in bulk.”

As a result, the NSA’s director, Gen. Keith Alexander, ordered an “end-to-end” review of the program, during which additional compliance incidents were discovered and reported to the court. The process of uncovering problems and fixing them took months, and the same people working to address the compliance problems were the ones who would have to prepare the database to handle more records.

The NSA fell behind, the former official said.

In June, the program was revealed through a leak of a court order to Verizon by former NSA contractor Edward Snowden, setting off an intense national debate over the wisdom and efficacy of bulk collection.

The same NSA personnel were also tasked to answer inquiries from congressional overseers and others about how the program and its controls worked. “At a time when you’re behind, it’s hard to catch up,” the former official said.

This claim is pretty ridiculous, given that we know (indeed, several of these reporters got selective leaks about this in October just before Keith Alexander admitted to it) NSA worked on geolocation from 2010 to 2011, which these reporters’ anonymous sources claim is the problem with cell data now. They were working on the problem, if indeed it was one.

The existence of that 2010 to 2011 pilot program also presents problems for the other explanation offered: that NSA is legally prohibited from receiving cell geolocation data.

WaPo:

Apart from the decline in land-line use, the agency has struggled to prepare its database to handle vast amounts of cellphone data, current and former officials say. For instance, cellphone records may contain geolocation data, which the NSA is not permitted to receive.

WSJ:

Moreover, the NSA has been stymied by how to remove location data—which is isn’t allowed to collect—from cellphone records collected in bulk, a U.S. official said.

[snip]

A key difficulty has been separating location data from cellphone records. NSA has an agreement with the secret Foreign Intelligence Surveillance court that it won’t collect location data from phones.

It is true that Alexander told Congress in October NSA would warn Congress and the FISC before they started collecting cell geolocation data again, but NSA still maintained it would be legal to do so.

And it is true that the intervening years since the pilot program, the Jones case presented challenges to the practice that even James Clapper admitted — back in 2012 — might force NSA to change its current practices (even while suggesting the rules were probably different for intelligence gathering as opposed to criminal investigation).

It’s also possible NSA’s delayed notice to Congress on its geolocation efforts — not even the House Judiciary Committee got notice before the Reauthorization of the PATRIOT Act in 2011 — has created problems for NSA’s collection of geolocation (and therefore, these stories claim, cell data).

Nevertheless, the record shows that DOJ and NSA believed the language of the existing Section 215 orders permitted NSA to collect cell location data at least through the end of 2011 and probably still believed it after Jones.

So that can’t be the explanation for why NSA hasn’t been collecting cell data (under Section 215, from Verizon and T-Mobile) all these years.

But the claim NSA is not permitted to collect geolocation data provides two of these stories reason to report that the purported legal prohibition on the collection of cell location has forced NSA to seek court orders for the cell data in question.

WaPo:

The government is taking steps to restore the collection — which does not include the content of conversations — closer to previous levels. The NSA is preparing to seek court orders to compel wireless companies that currently do not hand over records to the government to do so, said the current and former officials, who spoke on the condition of anonymity to discuss internal deliberations.

LAT:

The NSA aims to build the technical capacity over the next few years to collect toll records from every domestic land line and cellphone call, assuming Congress extends authority for Section 215 of the USA Patriot Act after it expires in June 2015.

Once the capacity is available, the agency would seek court orders to require telecommunications companies that do not currently deliver their records to the NSA to do so.

This is the point of these stories: to prepare us for the argument, in advance of next year’s PATRIOT Act reauthorization, that Section 215 must be expanded to include cell data these reporters claim NSA doesn’t collect (they imply, under any authority) now. NSA told these reporters a story about how meager its (Section 215-based) collection is to prepare for a debate that it needs to expand authority, not curtail it.

That said, even as obviously facetious as are the claims that NSA believed it was prohibited from collecting geolocation data even as it was doing so, there have been at least two intervening events, in addition to the Jones decision, that I suspect have changed NSA’s views on cell location data. These may explain why NSA is telling this tall tale now.

First, whereas before July 19, 2013 (indeed, for the entire period when it was testing cell location data), NSA had no guidance on whether Section 215 covered cell location, in July, in the wake of Snowden’s leaks, Claire Eagan explicitly excluded Cell Location Site Identifier information from the order (though that is not the only way to get cell location).

Furthermore, this Order does not authorize the production of cell site location information (CSLI).

That is, the Executive no longer operated at the full expanse of its authority on cell geolocation, because a court bound its authority, at least for Section 215 collection.

In addition, as of about two weeks ago and for the first time in 14 years, Verizon Wireless is no longer partially foreign owned. Verizon Wireless and Vodaphone announced plans to split up back in September and on January 28, the board approved the deal. The split will be final on February 21.

I suspect (this is speculation, but I will explain in a future post why my confidence on this point is very very high) that the reason NSA is telling this tall tale right now has nothing to do (as some of the stories suggested) with the fact that some of America’s key cell telecoms are partly foreign owned. Rather, I suspect any gap in cell data collection arises instead from the fact that the nation’s largest cell provider, Verizon, is no longer partly owned by a British company and therefore no longer subject to the collection agreements of GCHQ.

Say … am I really the only NSA beat writer who is wondering why it is taking ODNI so long to declassify the January 4 FISC reauthorization for the Section 215 dragnet as compared to the previous reauthorizations since the Snowden leak?

It Was Verizon, with the Fiber Cable, Under the Atlantic

Egads. Nate is right. The SZ report is old — from August. Folks were chatting about it, I think, in conjunction with the new attention on the 12333 collection overseas, which is why I pointed to it. Thanks for pointing it out.

Remember when former Verizon COO John Stratton accused the Internet companies of “grandstanding” for objecting to having their data stolen?

In a media briefing in Tokyo, Stratton, the former chief operating officer of Verizon Wireless, said the company is “compelled” to abide by the law in each country that it operates in, and accused companies such as Microsoft, Google, and Yahoo of playing up to their customers’ indignation at the information contained in the continuing Snowden leak saga.

Stratton said that he appreciated that “consumer-centric IT firms” such as Yahoo, Google, Microsoft needed to “grandstand a bit, and wave their arms and protest loudly so as not to offend the sensibility of their customers.”

“This is a more important issue than that which is generated in a press release. This is a matter of national security.”

Stratton said the larger issue that failed to be addressed in the actions of the companies is of keeping security and liberty in balance.

“There is another question that needs to be kept in the balance, which is a question of civil liberty and the rights of the individual citizen in the context of that broader set of protections that the government seeks to create in its society.”

Grandstand this, baby:

On Friday Germany’s Süddeutsche newspaper published the most highly sensitive aspect of this operation – the names of the commercial companies working secretly with GCHQ, and giving the agency access to their customers’ private communications. The paper said it had seen a copy of an internal GCHQ powerpoint presentation from 2009 discussing Tempora.

The document identified for the first time which telecoms companies are working with GCHQ’s “special source” team. It gives top secret codenames for each firm, with BT (“Remedy”), Verizon Business (“Dacron”), and Vodafone Cable (“Gerontic”). The other firms include Global Crossing (“Pinnage”), Level 3 (“Little”), Viatel (“Vitreous”) and Interoute (“Streetcar”). The companies refused to comment on any specifics relating to Tempora, but several noted they were obliged to comply with UK and EU law.

Not that we didn’t already know this. Mostly, I’m just surprised AT&T is not included in this list.

The Smartest European Blowback In the World

For the record, I think European and Brazilian efforts to crack down on US cloud companies — especially Google — are mostly just an effort to gain further access to the data themselves and create more competitive conditions for their countries’ own companies (see an interesting development on the Google front here), here is the kind of development that will slow the expansion of the US dragnet.

AT&T Inc.’s ambitions to expand in Europe have run into unexpected hurdles amid the growing outcry across the region over surveillance by the National Security Agency. German and other European officials said any attempt by AT&T to acquire a major wireless operator would face intense scrutiny, given the company’s work with the U.S. agency’s data-collection programs.

Resistance to such a deal, voiced by officials in interviews across Europe, suggests the impact of the NSA affair could extend beyond the diplomatic sphere and damage U.S. economic interests in key markets. AT&T Chief Executive Randall Stephenson has signaled repeatedly in recent months that he is interested in buying a mobile-network operator in Europe, highlighting the potential for growth on the continent at a time when the U.S. company faces headwinds at home.

On Wall Street, many bankers, investors and analysts expect AT&T to make a bid for Vodafone Group PLC, which owns cellphone networks across Europe, as early as the first half of next year.

No matter what other efforts other countries put into place to limit the US dragnet, until they take away access to the telecom backbone and/or until private companies dramatically improve their own security, the US government is just going to take what it wants (Indeed, I have been wondering whether the US push to privatize telecoms starting as early as the 1980s served, in part, to make it easier to find “partners” in access data signals).

To allow AT&T — one of NSA’s longest, most willing partners — to become a big player in Europe would simply provide that access.

I’m mildly sorry for Google and Yahoo, particularly because they’ve had their signals stolen for years and have resisted in the NSA various ways, only some of which have been effective.

But if AT&T gets locked out of overseas expansion because it is effectively just an arm of the NSA, I will applaud.

The “Voluntary” Cooperation that Comes from Coercion of Licensing Agreements?

The Guardian today describes how hard GCHQ worked to prevent its intercepts from being discoverable in trials. It did so for two reasons: to prevent a political firestorm about the extent of the collection.

A briefing memo prepared for the board of GCHQ shortly before the decision was made public revealed that one reason the agency was keen to quash the proposals was the fear that even passing references to its wide-reaching surveillance powers could start a “damaging” public debate.

 

Referring to the decision to publish the report on intercept as evidence without classification, it noted: “Our main concern is that references to agency practices (ie the scale of interception and deletion) could lead to damaging public debate which might lead to legal challenges against the current regime.”

And to protect the telecoms, some of whose cooperation (I’m guessing British Telecom and Vodaphone, based on other reporting, but that is a wildarsed guess) goes beyond the requirements of the law.

In an extended excerpt of “the classified version” of a review prepared for the Privy Council, a formal body of advisors made up of current and former cabinet ministers, the document sets out the real nature of the relationship between telecoms firms and the UK government.

“Under RIPA [the Regulation of Investigatory Powers Act 2000], CSPs in the UK may be required to provide, at public expense, an adequate interception capability on their networks,” it states. “In practice all significant providers do provide such a capability. But in many cases their assistance – while in conformity with the law – goes well beyond what it requires.

The story references back to its earlier coverage on Tempora, the UK collection off cables, largely to note how different this description of the telecoms’ cooperation is from what they claimed back in June.

But given this description of their extensive cooperation, this detail from the original Tempora story sure looks more interesting.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

“There’s an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice.”

Back in June, an anonymous source said the telecoms cooperate because their licensing depends on it. Now we learn that the government considers their cooperation voluntary, some of it beyond what is required.

I don’t know whether telecom law operates in the UK like in the US, but if the government premises licensing based on cooperation, it might get to the question I raised here, when I noted how the government reserved getting Department of Commerce involved in cases where companies didn’t provide the “voluntary” cooperation with cyberdefense the government demanded.

I think it’s quite possible the government (possibly both the US and UK) is/are demanding “voluntary” cooperation from the companies they license (on threat of losing their licenses). But remember, on a lot of this stuff, the government has held that companies can “voluntarily” turn over data (especially stuff facetiously called “foreign” based on false claims about the transit of data) without process if they want to.

So coerce the telecoms (and possibly, broadband) to cooperate under threat of licensing problems, then claim that this “voluntary” cooperation permits data sharing that otherwise would require legal process.

And in doing so, conduct a dragnet so vast that no judge would ever approve it.

Is that how it works?