Dennis Blair’s Spokesperson: The Domestic Surveillance Program Violates the Fourth Amendment
I’ve already posted on the general contents of Lichtblau and Risen’s seemingly quarterly report that illegal wiretapping is still going on–including the eye-popping news that Bill Clinton’s emails were illegally accessed. But I wanted to focus on one really critical passage of the story.
The N.S.A. declined to comment for this article. Wendy Morigi, a spokeswoman for Dennis C. Blair, the national intelligence director, said that because of the complex nature of surveillance and the need to adhere to the rules of the Foreign Intelligence Surveillance Court, the secret panel that oversees surveillance operation, and “other relevant laws and procedures, technical or inadvertent errors can occur.”
“When such errors are identified,” Ms. Morigi said, “they are reported to the appropriate officials, and corrective measures are taken.” [my emphasis]
The DNI is basically blaming its "technical or inadvertent errors" [no word about Clinton’s emails, which can’t be inadvertent] on "the need to adhere to the rules of FISC and other relevant laws and procedures."
Not only does this not make sense, but it completely undercuts any claim that this program is legal under the Fourth Amendment.
In one of the most important posts of mine that few people ever read, I explained why. I showed that the FISA Court of Review understood the Protect America Act (and I believe the same holds true for the FISA Amendment Act program) does not, by itself, comply with the Fourth Amendment. Rather, the FISCR explicitly said that the wiretap program only complied with the Fourth Amendment’s probable cause requirement through the application of a provision in Executive Order 12333 that requires only that the Attorney General "determine" that surveillance is directed against an agent of a foreign power. And the PAA program (and, I assume, the FAA program) only complies with the Fourth Amendment’s requirement for particularity through a set of procedures not mandated by PAA or FAA, and not shared with the telecoms handing over their customer data.
The FISCR explained:
The petitioner’s arguments about particularity and prior judicial review are defeated by the way in which the statute has been applied. When combined with the PAA’s other protections, the [redacted] procedures and the procedures incorporated through the Executive Order are constitutionally sufficient compensation for any encroachments.
The [redacted] procedures [redacted] are delineated in an ex parte appendix filed by the government. They also are described, albeit with greater generality, in the government’s brief. [redacted] Although the PAA itself does not mandate a showing of particularity, see 50 USC 1805b(b), this pre-surveillance procedure strikes us as analogous to and in conformity with the particularity showing contemplated by Sealed Case. [my emphasis]
These are precisely the procedures, I suspect, that the DNI’s office is now blaming for the "inadvertent" review of US person emails.
And you can see why, from the rest of the article. Knowing that these procedures are the only thing fulfilling the Fourth Amendment’s requirement for particularity, read this passage, which appears to describe precisely the procedures in question.
He said he and other analysts were trained to use a secret database, code-named Pinwale, in 2005 that archived foreign and domestic e-mail messages. He said Pinwale allowed N.S.A. analysts to read large volumes of e-mail messages to and from Americans as long as they fell within certain limits — no more than 30 percent of any database search, he recalled being told — and Americans were not explicitly singled out in the searches.
The former analyst added that his instructors had warned against committing any abuses, telling his class that another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton.
Well, no wonder the procedures don’t prevent the "inadvertent" access of emails!!! The procedures start by allowing analysts to review 30% of every database search!! So already, a US person has a 30% chance that her emails will get swept up and reviewed by someone at NSA!! And the NSA is relying on just those procedures to prevent someone from giving into natural curiosity to access, say, the ex-President’s emails, if they happen to be among the 30% of emails he accesses.
And then there’s the possibility that the NSA will just happen to suck up and review an extra thousand emails in its search.
“Say you get an order to monitor a block of 1,000 e-mail addresses at a big corporation, and instead of just monitoring those, the N.S.A. also monitors another block of 1,000 e-mail addresses at that corporation,” one senior intelligence official said. “That is the kind of problem they had.”
A thousand extra email addresses here and a thousand extra email addresses there, and pretty soon you’ve thrown all claim to particularity out the window. (Incidentally, the people serving as sources for this story aren’t fucking around–the surest way to get people concerned about domestic surveillance is to tell them their business emails are being monitored.)
So here’s what we know about our nation’s domestic surveillance program:
- The FISA Court of Review has revealed that the only thing that fulfills the Fourth Amendment’s particularity requirement is a set of secret procedures
- The DNI has suggested that those procedures don’t work
Call me crazy, but between the DNI and the FISCR, I think they’ve made the case that their own program is illegal.
Holy crap!
ditto
This is beyond explaining. Somebody must be held accountable.
not quite on topic but I thought it would be of interest to you and bmaz
Lawyers Charged with Criminal Conspiracy for Legal Opinions
No, it’s not about Yoo and Bybee, but might it not apply?
O/T, or back to Panetta and all that (hope it’s not a duplicate)
So, that’s why:
“Panetta had one other strong qualification: he was close to Rahm Emanuel, the new chief of staff. During the Clinton Administration, Emanuel, serving as the White House political director, was suspected by former First Lady Hillary Clinton and others of leaking information, and was very nearly fired. Emanuel entered what he calls his “wilderness period.” When Panetta became chief of staff, however, he reinstated Emanuel as a top aide. “I thought he had a lot of street smarts and good political sense,” Panetta told me.”
And much more
THE SECRET HISTORY
Can Leon Panetta move the C.I.A. forward without confronting its past?
by Jane Mayer
http://www.newyorker.com/repor…..ntPage=all
Uh, yeah, it’s a duplicate of a post that came out days ago.
Sorry. I had missed the detail about Rahm, whose tentacles seem to be most everywhere.
I hear each of his tentacles only has a middle finger. LOL
The real lede is buried at the end of the story. The Ashcroft hospital confrontation was about email. I will come back later to explain, but this tells us a lot about what was going on and how little the DOJ knew.
Uh, we knew that. Ken Weinstein (who I strongly suspect is one of the former federal officials cited in this) has already said that (as stated in teh article).
And, as I’ve pointed out, that FISCR almost certainly pertained to an email provider.
Yeah, we knew what Wainstein said (I remain skeptical of Mr. Wainstein) and we knew that the FISCR decision was about an email provider, but look at the last two paragraphs in the article:
If this report is accurate, James Comey didn’t have a clue as to what was really going on. He was worried about “meta-data” when the real issue was data. From late 2001 until at least 2006, they were building a gigantic database of mostly domestic email by sucking up both in transit and stored email. I say that with confidence because it’s totally impractical to acquire email metadata without the accompanying data (the text of the message). And, as is obvious by the quotes from the NSA analyst, they didn’t do any minimization at all. It’s not going to come as a big shock to anybody here, but that also means that the “changes” were made in response to the great revolt were completely meaningless. There’s no reason to believe that the database of email ever went away. I’m not even convinced they stopped sucking it all up, but I’m willing to allow for that possibility. They’ve been pulling a bait and switch with surveillance vs. stored data that is totally meaningless.
I’m sorry, I have to disagree with this technical part of your comment. I’ve used code libraries that make this sort of thing trivial.
The NSA employs lots of Computer Science types who could easily implement saving only metadata. When they grabbed the entire email, it’s because they wanted to, not because it was impractical.
It’s my contention that the main practical limitation was the storage requirement.
Thanks for your comments. I have a question for both you and WO…
When I read EW’s figure of 30% I automatically thought about 30% of all useful email. WO mentioned spam though, and at least for me, I think maybe 30% of the email I receive is not spam. In other words, the NSA could hoover up all of my email, keep 30%, and end up having everything of value.
How do you two figure the NSA filters spam? And what does this imply for storage requirements?
Probably the same way most everybody else does, Bayesian filtering. They might even deliberately get rid of a lot of what you consider non-spam the same way. For example, I have a group of friends that probably 90% of the email we exchange is to arrange our monthly D&D game. Once that pattern is recognized, the NSA wouldn’t really be interested in that traffic. My emails to Marcy, on the other hand, might be of interest to them.
The spam question goes to the heart of the intent of the database. All the talk of filtering spam got me thinking about hiding information in spam, and then I find that the section Alleged usage by terrorists in Wikipedia’s entry for Steganography opens with a paragraph on hiding information in spam. By discarding the spam one is making a big assumption about the sophistication of the targets. (As does the assumption of the utility of queries against non-spam messages with attachments containing steganographically-encoded content.)
Senderbase shows that for the last month spam has been about 85% of the total email count.
The 30% isn’t about what’s stored in the database, it’s about how many US emails can be read by an analyst per query:
The 30% is the lame minimization which as we learned tonight, hasn’t prevented analysts from reading emails from girlfriends and wives.
What I was trying to say in my #16 is that I don’t see how the 30% per query limit can lead to EW’s statement
Pardon me for saying this, but I don’t think it’s correct.
Thanks to you and WO for answering my spam question. This has been a fascinating thread — thanks to all!
You’re missing my point. Sure, it’s easy to extract the metadata once you have the whole thing. But, you really can’t get at that metadata without first acquiring the whole thing. You have to be intentional about not storing the messages and we know that’s not what was going on. We know they were storing messages and it really doesn’t matter (legally) whether it was some of them or all of them. In fact, it was against the law to collect and store the metadata. The point I’m making is that they were lying to the DOJ (or the DOJ just didn’t understand the technology).
I agree with you, and I’d emphasize what I’d like to think is an even more important point.
Storing of “just” email metadata would prove worthless.
Yes, it would provide the means to show relationships between email senders and receivers, but it wouldn’t tell you what they were saying.
And the relationships that email metadata shows provide no meaning to the kind of relationships.
So what if KSM emailed his tailor at Brooks Brothers? He wanted a suit with light grey pinstripes. This does not mean that Brooks Brothers was part of al-Qaeda.
Only by keeping the messages would the analysts be able to analyze the content for “meaning”.
Having just the email metadata as I said at the top would prove to be essentially worthless unless the NSA also kept the email message content.
Except that the NSA call database has these same issues and evidently it’s not worthless.
It would be if you wanted to know “what” the conversation actually was.
Don’t get me wrong Civlibertarian, I’m hope I’m not giving you the impression that you haven’t made some good points.
Email metadata, if that was all one had, would be good for establishing “relationships”. Determining just what those “relationships” consisted of however, couldn’t really be understood by just metadata.
And my bigger point was that the NSA, CIA, and FBI would want to determine what those “relationships” were in order to take the next step.
Having the content of those email messages would likely be of prime importance to analyzing the import or not of the metadata “relationships”.
MadDog, thanks, no, you’re not giving me the wrong impression at all. I agree with what you’re saying, I’m mostly playing devils advocate with the email metadata because the call database metadata is claimed to be of value. We should keep alert for any claims from defenders that email metadata alone wouldn’t be of value since those claims also apply to the call metadata which is being kept.
And of course it’s only for technical reasons that call content is not saved too — the audio files would be huge and machine transcription isn’t yet practical (despite much funding, I think) so the content isn’t searchable.
i suggest two databases: one for metadata, another for content. database 1 could be searched much faster for patterns of communication, and once an interesting pattern appears, search database 2 for the content.
of course, there are ways to defeat these searches, and even the most dense high school student could defeat detection.
if i know this, the NSA must have known it for several years. i conclude that the purpose of these searches is something other than capturing terrorists. i wonder what it could be?
Correcto-mundo!
The NSA call database that Civlibertarian linked to over at Wiki is pretty explicit. It talks about being used for:
Meaning who are your friends, contacts, co-conspirators, etc. Not what you are talking about, but simply who are you talking to!
I’m guessing that as there is always going to be more potential targets than there are analysts/agent resources to investigate, the use of traffic and social network analysis has been sold to the government (by us techies, doncha know? *g*) as the high-tech solution to all their problems.
And of course, it is no such thing! Like most stuff, high-tech overpromises and underdelivers.
And who would know better than a techie? *g*
And Congress took away the former FISA requirement that the acquisition/interception had to be for the primary purpose of acquiring foreign power intelligence and instead made it a swinging door to go collect “whatever” and for “whichever” purposes, in situations where you can’t get a criminal probable cause warrant. SO now its open season to acquire for non-foreign intel purposes and hope to dragnet something worth having on any front – foreign intel, criminal,
blackmail,political gain,personal gain, etc.Don’t worry though, bc DiFi is manning the turret.
OMG, so true. And remember when Scott McNealy of Sun Microsystems said this?
Having worked in the tech field for 30 years, and at or with some of the biggest organizations in the world (AT&T and all their Baby Bell brethren, Citicorp, Boeing, Defense Logistics Agency, IT&T, CSC, Sumitomo Bank, Dresdner Bank, and many more), Scott McNealy was mucho late to the party.
But I ain’t willing to “get over it”, and given your non de plume, I’d bet neither are you!
We have only just begun to fight over privacy!
Interesting date on the article with the McNealy quote: Jan 1999. Hoovering — it’s bipartisan!
I’ll venture a guess. It’s not something that is needed now; it’s something being implemented now for a future application. Let’s say someone decides to make a dramatic power grab, including the dismantling of Congress, instituting martial law, etc. Naturally there is going to be a resistance, which undoubtedly goes undergound. Well guess what? Everything is in place to round up all traces of the opposition before it gets started.
reading your comments, and ondelette’s explanation of the very minimal cost of massive storage, i begin to think that maddog is right. with URLs, IP addresses, emails and voter registration databases, one could identify right- or left-wing ‘extremists.
This could all be ‘justified’ under FISA by telling the FISC that visitors / commentors were coming from foreign locations. if iran can throttle internet usage during their crisis, good old american know-how could accomplish so much more before / during / after a national ‘emergency’.
Sorry, I see your distinction. That was always what I understood–there is zero way you get the objections to Feingold’s amendments last year if the database goes away, or could go away.
The difference is in whether or not they take out US person email data before they actually wiretap people. DiFi’s comments make it quite clear, she has no problem with that database, and assumes that it’ll only implicate our email metadata.
Risen said tonight on Countdown that NSA analyst were warned not to read their wives and girlfriends emails. Hard to see why that warning would be necessary if the dragnet wasn’t pretty freaking broad.
That sure as hell wouldn’t be just metadata!
And another point I wanted to raise is the fact it does the government little good to capture and retain just today’s or just last month’s email content.
To be effective, they’ve got to have it all. Or at least as much as they can comfortably store and reasonably afford.
Yeah, I saw that. And it was quite clear that they didn’t always follow that rule as Risen indicated that there was just as much or more of that going on as analysts reading people like Bill Clinton’s emails.
Very reassuring, no?
Wow, new info, and quite damning. It can be watched here.
This is similar to the Sec. Serv. records of who visits the White House. It’s meta-data and doesn’t tell us what was discussed. Still, it’s important.
Do we say the list of who visits the WH is less important than who e-mails?
Well, you have blown up the particularity prong. Again. And now with more facts! But if we can agree that the discussed conduct constitutes a search and that there are no “exigent circumstances” or other accepted exceptions (I bet we can), then what about that other pesky prong, you know that part about the neutral and detached magistrate. I have never understood how these folks think their basket BS complies with either requirement of the 4th Amendment, particularity or magistrate. Let’s be real, it simply doesn’t and this “justification” for what they have been, and are, doing is a huge fraud.
Yeah – back when, when they were first trying to “bring the program under FISA” and the FISCt, DOJ gave this giddy-sounding conf call that TPM transcribed in part, all about how they had managed to get the FISCt to do *something* that had *never been done before* and it was real clear that it was to authorize mass surveillance without particularity. It’s all been pretty freakin sad, esp as Congress has taken the Caselaw standard of the purpose for warrantless surveillance needing to be non-criminal surviellance, the purpose of which was to monitor communications with a foreign power and now legislatively moving the ball to allowing non-specific mass surveillance on an AG’s thumbs up that can be for any purpose only one incidental one of which needs to have anything to do with foreign power communications.
Why is it that DiFi spewing out that to her knowledge, the NYT story has to be wrong, at least, ya know, based on the things she thinks she knows, not that anyone bothered to ever get anyone techno and legally competent for Congress to dig into the program, explain it all to members of Congress, and give teeth to the oversight. But still, to her knowledge, based on the things she personally knows and understands – heck, what firmer foundation could 4th Amendment protection have?
DiFi was full of it. I will say one thing for Lichtblau and Risen: they have not been perfect, but they have never oversold their story particularly, in fact, they seem to always be pretty cautious and conservative with what they let fly. They fully understand the stakes I think. Right now, at least, I would take them over DiFi. Easy.
Mary, I’m with you that this was, and is, the most egregious attack on the 4th Amendment’s requirement for probable cause.
It surely seems to me that the Courts, like many others, suffer from GWOT fever.
The analogy that keeps coming to mind goes something like this:
1. We’ve have no evidence, hence no probable cause, that terrorists live in your city.
2. We do however have “suspicions” that terrorists might be living in your city. These “suspicions” may be paranoia or might have validity. We can’t say, and we don’t know.
3. Therefore, we intend to search every home in your city.
4. If you don’t have any terrorists residing in your home, then you have nothing to worry about.
And with that, the 4th Amendment just vanished for us all.
Regardless of how Obama, Holder, our Congressional and Judicial busybodies want to slice it, they’ve eviscerated our 4th Amendment rights.
Probable cause flew out the door to be replaced by mere suspicions.
emptywheel for attorney general.
This if OT but wrt to seated sleep deprivation.
Found this description of the Shabach, which seems to correspond in detail to a low stool that is difficult to balance on if one falls asleep. (sorry if this has already be discussed)
From page 30 of 50 of the 8/1/2002 Bybee to WH Counsel Gonzales memo:
Bybee’s (Yoo’s?) take on this:
“While the Israeli Supreme Court concluded that these acts amounted to cruel, and inhuman treatment, the court did not expressly find that they amounted to torture.”
Apparently the defense they’re depending upon is that “torture” is at least partially defined by the desire for the person in control to WANT TO HARM the person being controlled and that in Gitmo their actions were to interrogate and they didn’t particularly WANT to harm. They seem to be saying that if harm happened it didn’t matter to the interrogators.
In other words, they want us to prove they had a desire or thought, knowing it can’t be done. They don’t want a prosecutor to simply specify what was done and then let a jury conclude that was obviously torture for the detainee.
Idiots.
You know sleep deprivation can cause seizures. Seizures can cause brain damage and even kill.
I am not a doctor but I know some about seizures.
Go EW you are my hero!
I was always shocked that the illegal domestic surveilance did not cause indictments or impeachment of our last president and his cabal.
“no wonder the procedures don’t prevent the “inadvertent” access of emails!!! The procedures start by allowing analysts to review 30% of every database search!!”
Precisely.
[and by the way, I not only read your Jan 18 piece, I posted seeing it for its value; the problem with its lack of response, I suspect, was related to the observation I made at the end: “expressing the sort of pain many feel on being jarred from complacency.” Keep shakin’ us up, Ms E — just don’t always expect appreciation.]
Oh, trust me, I read you comment with attention this morning, LD.
Oop – shoulda figured that out; it’s just that you’re way out in front of me on things like clarity an’ stuff.
The width of the review process is what lets them advertantly/inadvertantly read anybody’s mail that they want to. Most likeky on purpose.
any e-mails from Monica?
Be careful here. The chance of someone having emails reviewed depends on two things: the nature and specificity of the database query and the completeness of the database.
We can discern a few things about the query system. One is that there doesn’t seem to be a barrier preventing queries based on names or email addresses, since it may have allowed Bill Clinton’s email to be improperly accessed (another possible interpretation below). There is probably a way after-the-fact to review queries performed, but we don’t know if the wrist-slap (investigation) came as a result of automatic controls on queries or something more mundane, like a report of someone saying “Hey, wanna see Clinton’s email”? My guess is that little to no effort has gone into automatic limits on access abuses, and that the “honor” system is used instead (snark intended, that such wide email snooping could be honorable).
Regarding query specificity: obviously a broad query for keywords in the email content could potentially return thousands, millions, or more records — so many that it’s quite impractical to review even 1 percent, never mind 30. Assuming my email were in the database (see below), the chance that an email of mine might be reviewed is quite low.
Change that to a specific query that includes as a search term my email address or one of my contacts, and it alters dramatically. Worst case, my email address as a search term would result in a 100% chance of at least one of my emails (to or from me) being reviewed, up to 30% of all my emails in the database per query. By ignoring the rules, or by making multiple queries with trivial changes if necessary to evade controls, all my emails in the database could be reviewed.
Basically, I don’t think you can calculate the chance of someone having their email reviewed since it’s likely the query system is flexible and we don’t know exactly how it’s being (ab)used.
As for the completeness of the database:
My interpretation of the use of the word “monitor” here is that it means that all emails to and from these addresses are collected and stored in the database and implies that other emails are not permanently stored.
While hard drive capacity has been increasing and NSA has a big budget, my hunch is that it continues to be impractical to store every email (with attachments) in a database. Real-time cursory scanning of all email seen by the equipment in locations like Room 641A is practical, and perhaps storage of metadata (as is being done with call metadata), but long-term storage of the entire content of every email, probably not.
This leads to the other possibility for how Bill Clinton’s email to be improperly accessed: if his email address was added to the list of those collected for storage in the database.
I’ve worked in IT including setting up and administering email servers so I can speak a bit about the technical issues. Of course much of the above is speculation and guesswork and thus could be completely wrong, so treat accordingly.
A few more things:
There will be a huge number of people with some emails in the database, even if their email addresses aren’t targeted for storage. They will have sent or receive email to an address targeted for storage, so those emails will end up in the database.
Given the specific reference to “blocks” of email addresses, this raises the possibility of targeting all addresses associated with particular organizations (including NGOs), or all customers of particular foreign ISPs.
We don’t know how many of Bill Clinton’s emails are in the database; it might be just a few to or from someone who is a member of a broadly-targeted group.
Finally, as I said in a comment in the earlier topic on this story:
You need to rethink how the NSA would set this system up. They’re aren’t going to do it the way you would on a corporate email server. They’re assimilating email from many disparate systems, so they’re going to be storing all this stuff in a database (either Oracle, which was originally developed for them, or one of their own devising). In the late 2001 to late 2006 timeframe, they had access to virtually all the email passing through the U.S., plus most of the emails stored on servers stored in the U.S. Once you subtract out all the spam and compress the message text, you have, for the NSA anyway, a reasonably tractable problem. Their goal during this time period was to develop a way to discover what we now call social networks. They would identify email addresses they were interested in and spider their way out to make connections in hopes of uncovering terrorist cells. This is a really dumb idea, but when you have vast computing resources and mountains of data, it sounds great.
What we hear are vague numbers with regard to intercepts. The Risen-Lichtblau article mentioned the possibility of millions of individuals affected but this is really just a placeholder for “very large number”. It is probable that the NSA tries to get its hands on as many messages (all types minus spam, foreign and domestic) as it can. If it doesn’t get all of them, it is not for want of trying.
If the NSA were trying to minimize its intrusions into domestic spying, it would be touting how few domestic messages it hoovers up (either in percentage or absolute terms), but this is information we never hear. This suggests that such minimization is not a feature of the program.
I can’t help seeing this as all kabuki. The NSA pretending that it is trying to minimize “inadvertent” domestic spying wrt the FISC and the public while in reality the opposite is true.
I think Comey did know that they were doing that – big archiving of data. I know I beat this to death, but I think that he knew and was OK with that, but the FISCt rulings required that, for those who were being illegally surveilled under the unconstitutional program (which I think had non-email aspects as well as the email loophole aspects) DOJ was required to make sure that no FISCt applications for legitimate surveillance was made re: those persons unless they were made to the Chief Judge and there with special recitations and handling to keep the illegally acquired info from being used in the FISCt applications.
They just didn’t bother to comply, FISCt found out that it was getting applications that were going to other judges and that didn’t firewall the illegally acquired info and the other judges didn’t know it was illegally acquired, and the Chief Judges were pissed. IMO, that’s what the showdown was really about. FISCt saying keep your damn records well enough that you comply with our orders – WH saying, ‘or what’ and Comey/Ashcroft not wanting to be the lawyers required to sign the FISCt applications and find out the “or what” IMO, that’s why they were so sure that they could fix things up (bc the only fix they wanted to make was being able to better check applications to keep from violating the court orders) and why their “fix” didn’t prevent Diggs-Taylor from saying the program was still, post-fix, unconstitutional.
I do think, though, with your (imo well placed) scepticism of Wainstein, you might want to listen to this:
http://www.abanet.org/natsecur….._30144.mp3
It is from an ABA luncheon last March with a panel of speakers. Wainstein admits the email aspect of the issue then, but he really tries to dress it up like a wolf playing Gramma for Red Riding Hood.
What if we capture a high level al-Qaeda terrorist overseas and we get his laptop too, and all his email treasure trove. What if we know he is involved in planning an attack on the US – we need to look at those emails!! But — butbutbutbutbut —- how do our guys in the field know from looking at email addresses whether or not they are to or from US residents? See— so obviously we need to be able to look through emails without warrants, cuz of that kinda thing, ya know?
We still have no one in Congress or the Obama admin having serious discussions about the whole issue of when, where, why, how, what, etc. there should be access to US citizen communications when there is no probable cause to believe that they are engaged in CRIMINAL acts (no criminal probable cause) and there is no warrant issued by an independent magistrate with PARTICULARITY.
re: example
On AQ laptop you assume they’re to AQ associates, regardless of where.
Duh.
The Israelis already have that.
OT:
Graham: White House agrees to protect abuse photos
More change we can believe in, although I have to say this could be contested in court. Political embarrassment is not much of a legal defense, last I heard.
Sometimes people sign petitions online. Twice I received a response from my Senator (abt 2004-2005?) about subjects I didn’t know anything about and don’t remember signing. Imagine the damage some one could do by harvesting our e-mail addresses and writing/forging masses of e-mails with our addy and sending to Gov officials or political organizations endorsing positions opposite what we would have endorsed. Some votes pols made really surprised me.
Nomi Prins is upstairs at the Mothership!
Obama’s Financial Overhaul — More Like a Tune-Up
WO – a little update on Wainstein’s input on that audio file. He says that unfortunately FISA was technology dependent and it was “never intended” that they should have to go to FISCt to get a warrant to target a foreign person.
Actually – he’s right and wrong. It was technology dependent bc of the determination of the degree of privacy evidence by the way the communications were carried. Wave communications that anyone could pluck from the air were not deemed to have the same kind of privacy protections. It was NOT intended that all kids of written communications like emails should ALWAYS be allowed to be captured without warrant and there was a hole in the legislation for that – the tech issue was interwoven with the privacy expectations issue.
So he tries to say that targeting all oversees communications (including Americans) were AOK to target and FISA didn’t “intend” for them to have to get warrants for that, but that isn’t the case. FISA was drafted in accorance with Sup Ct rulings, which specified that the warrant clause could only be disregarded for a foreign power surveillance situation that did not involve criminal issues.
Wainstein then says that the FISA requirement that someone had to be an “agent of a foreign power” (which came from case law) wsan’t really intended and it gives foreign terrorists “more protection” than US citizens who can be frisked by police (without being agents of foreign powers) All of whic is nonsense. Since a foreign terrorist is an agent of a foreign power and has been, that is nonsense. Wainstein says that the PAA just filled thse “gaps” that were not intended and made it clear that any communication that touched on any foreign element in any way was iup for grabs and that the “iIntelligence gap” was filled “within days” of PAA passing
He also says there was this really full and fair and broad “discussion” – a comprehensive process – even though hardly anyone in Congress was briefed on the program. Wainstein also certifies the telecom “good faith” (no one asks him if they were given the two FISCt Chief Judge determinations that hte program was unconstitutional and if not, why not)
Anyway – it ws interesting. He makes it sound as if it was a big, freakin hairy deal that the FISCt will be involved on the TARGETING OF AN AMERICAN OVERSEAs (even though there is no longer the requiremetn that the American overseas be an agent of a foreign power — which he pretendes wan’t a huge consittutional issue in light of the existing cases)
The questios at the end are when he bring up the emails issue.
Cathy Martin is really good IMO on the panel.
I wanted to comment on this “30 percent” thingie. I’ve been chewing on its meaning all day.
As far as I can tell, it makes no sense at all. I’m of the opinion that either the reporters didn’t understand it and got it wrong, or the source didn’t understand it and got it wrong. Or both!
Any self-regarding idiot would understand that if you only examined 30 percent of your search results for terrorists, the likelihood was that the folks you were looking for were in the 70 percent you didn’t examine.
Instead, I think the “30 percent” thingie relates to database query weighting schemes. Though a techie, I am not a database expert, and heaven forbid that I should bore ya’ll, so I’ll be as simple as I can be.
Sophisticated database usage these days implies queries that return weighted values. The higher the weight of the value, the more likely it is the data you’re looking for.
For example, suppose you were in law enforcement and you needed to find a vehicle used in a crime. The vehicle used was a Blue 2005 Ford F-150 Truck with a license beginning with the digits ABC.
The database query you’d construct (just like a good Google search query) would search the database and ask for each one of these individual identifiers:
Blue
2005
Ford
F-150
Truck
ABC
You’d get a zillion hits on Blue. Another zillion hits on 2005, on Ford, on F-150, and on Truck. And a couple thousand on ABC.
If you’re using a sophisticated and capable database, a return of “Blue 2005 Ford F-150 Truck with a license beginning with the digits ABC” would come back at a higher weight than a return with only Blue 2005 Ford F-150 Truck”
Again, this is a simplistic description of the process, but I’ve got to imagine that “30 percent” thingie was more in line with this process than the estúpido analysis process that was described by the reporters/source.
and then tack on the “explicitly singled out” vs implicitly singled out – and oh yeah, the acquired primarily for purposes unrelated to any consideration of contact with a foreign power.
Baker on the mp3 does roll out all the different standards, statutes, etc. and he esp makes the point that Wainstein is full of it on the “tech” issues vs the LEGAL ISSUES – the WHO SHOULD APPROVE.
He also talks about the email issues
What I still question is how other countries are viewing, and accepting, a US approach that we can take control of telecom infrastructure whenever we want and use that infrastructure to collect ALL “foreign” to “foreign” emails. Think about that if you are a foreign nation with the telecoms operating there – I can’t believe that is legal under the laws of those countries. That ATT allows the US gov to hop on and pick up all French to German, or German to German, emails.
Cathy Martin makes the very imporatnt point that the net effect of the Senate bill, via theAG vs Court authorizations, is to say that instead of the Court telling the telecoms via order “turn over all your info on this and that” to the gov; you instead have a situation where now the AG and DNI can go to the telecoms and say, “turn over your access to all your facilities so that we can take everything we think is necessary for who we are targeting”
A big diff – not telecom being ordered to give access to xyz communications, but rather give access to the infrastructure. and one that has been discussed here several times, but she is right that no one really discussed that much in passing the “kill the Constitution” legislation.
Well, there’s a difference, and it explains the difference bewteen those (the telecoms) who wanted immunity and those (the email providers) who didn’t want immunity given.
By tapping into the circuits, the telecoms make any kind of data protection the email providers do moot. So of course the email providers wouldn’t want there to be immunity and the telecoms would–because the telecoms were (not really but sort of) ordered to steal some of trade value to the email providers.
This is in fact correct. In fact, the email providers would have no knowledge that their email had been vacuumed up, and therefore no need for immunity, and further, no legal standing to complain (see any of the recent State Secret Privilege cases).
Cutting the email providers out of the acquisition loop lowers the detection threshold by enterprising folks like journos, bloggers, etc., and keeps the shared “need-to-know” secret circle smaller.
It also has these additional government benefits:
1. Since email providers themselves have access to the entirety of their email systems, government requests for the same would “identify” the government targets. No email providers in the acquisition loop – no email providers “in the know”.
2. By going with the telco pipe providers for email acquisition, the government again limits the folks who can “identify” targets as well as limiting the folks who “need-to-know”. To the telco pipe providers, content is irrelevant to their primary function – i.e. providing the pipe.
I assume URL searches are also considered as MetaData?
Remember the suit Gmail had…
Ummm…yes and no. *g*
From what I remember, there was a big to-do about including the IP address of the searchers, and that it was rendered verboten unless accompanied by a warrant.
And if I’m remembering correctly, I think I got that from that EW post “that few people ever read”. *g*
Having re-read that post today, I gotta say you are absolutely correct in stating it was “one of the most important posts of mine”.
I can’t say that I had the same understanding/comprehension of the significance of your points then as I did today, so I will publicly apologize for being so slow on the uptake.
If at first you don’t suceed, try, try again!
Rock on Marcy!
Smartass.
Glad you like that post. How about this, from the post just before that one, in which…
If you go back and read that post, you’ll see how I think the govt snookered the FISCR, likely through a fancy definition of what the definition of “database” is. (But since Clinton’s emails are involved, that’s probably a fair parse.)
In any case, it’s BS, but it’s BS the construction of which might say something about how they’re doing this.
I think they have a new round of big trouble with FISC and risen intimated as much too. They have been playing a too cute by a half shell game with their descriptions and titles of programs and rhetoric on what the hell they were doing from the start. They have continued to lie to the FISC and likely still are. Sure wish Kollar-Kotelly was still chief judge instead of John Bates.
Well, if they had to admit they just happened upon Bill Clinton’s emails in the big database with EVERYONE’s email in it, they might be cranky.
I think the Dems have played the photo bill very dumb.
The way to handle it would have been to push to have Taguba appointed (if he’d take it, someone else with his credibility – if you can find it – if not) to investigate MI procedures durign the war and produce a report like he did for MP and to give him access to ALL the pics and photos and also give him the mandate with a DOJ or other crew if needed, to pursue all the abuses shown in the pics whether they are MI, Spec Forces, Contractors, CIA or other. Amend the DTA and MCA to dis-amnestyize anything in the pics (cuz of course Congress wouldn’t have given amnesty for war crimes documented in pictures before it while hanging a few MPs out to dry).
Then shove that back at Lindsey — if you don’t want pictures released so that people can see what it is we allowed and haven’t prosecuted, then your alternative is opting in on prosecutions.
That’s really the issue behind the photos – the nonprosecution of war crimes, not the public acess to the photos (which apparently have been pretty widely disseminated anyway). The problem is that Obama and Holder and Blair and the tarnished uniforms surrounding them don’t really invoke much confidence about who would be given charge of the investigations. Which is why I go back to Taguba – or give him a consultant/oversight position on who you do appoint maybe.
At least I commented on that post.
And based on my re-reading of Reggie’s ruling, FISCR got not only snookered, but played and taken to the cleaners too.
And when he/we woke up the next morning, our 4th Amendment was gone!
IIRC, they used the GOP pc’s for lots of stuff, including Ohio’s votes from the 04 election. And didn’t Rovey have non gov pc’s in the WH?
This could be a correct statement and maybe another question needs to be asked, were they kept in any other databases/pc’s.
Ah, yes, that immediate destruction of non-targeted US citizen info “incidentally” acquired is how the full transcript of Jane Harman’s donor call got circulated around and apparently held ont for so long.
See why everyone folded when she demanded it be released?
Oh, I think they would have standing; the question is whether they could prove it up in light of state secrets.
Your legal optimism is one of the reasons we like you.
Interested in a federal court appointment by any chance?
One technical issue though, which WilliamOckham @ 18 may have been alluding to as “stored email”, is that not all email traffic traverses the backbone. For example, an email from one customer to another customer of the same ISP never leaves the ISP’s network, and thus wouldn’t been slurped into a Room 641A.
While less common, the same issue can arise for traffic between two networks with a private peering arrangement, depending on the location and nature of the peering point.
It would be useful to know the locations of all the black rooms, since their presence at peering locations without overseas connections is a clear indication that domestic traffic is targeted.
Ahhh, but even within an ISP, the pipes they use to traverse the ISP’s “network” are provided by the telcos.
For example, I’m on Comcast in St. Paul. If I want to send an email to one of my siblings in St. Paul, who are also on Comcast, my email leaves my computer screen (actually a email webpage hosted by some Comcast email server) and traverses Comcast’s network.
Now while I don’t know the exact network path the message takes, I do know that Comcast has multiple data centers across the US that host their servers.
So it is quite likely that my email heads to someplace like Chicago and then back to my sibling here in St. Paul. And there is no reason to assume that the Comcast email server I am hosted on is the same one that one of my siblings is hosted on.
So though I’d grant you that a small amount of email might never hop onto a telco’s pipe, I’m guessing the vast majority does.
Additionally, I have zero doubt that foreign-to-US communication, the communications that the government is most interested in, does indeed travel on these telco pipes.
i think people need to start thinking up alternative possibilities as to who is actually running this country.
what percentage of the Obama administration’s policies are essentially the same as that of bush-cheney?
from my estimate, it looks like 85% or more
Adding pretty pink ribbons to BS policies doesn’t impress me either.
The same ol’ pig with brand new lipstick.
A very reasonable estimate.
does it really matter if a dem is elected over a rethug?
i mean, what does it matter who is in charge if all you get is the same plate of shit?
call it lieberman, call it specter, call it obama. it’s still just shit.
And she is CERTAIN it is all on the up and up.
I’ll just take myself as typical. I don’t get as much email as some, more than others, I have, and have had, more attachments than most, so myself as typical is probably reasonable. I just checked, my emails for the last 10 years comprise 449 MB. call it 450 MB. Times 150 million users in the country, would give 72 PetaBytes of data. A TeraByte of storage at my local computer store, two years ago, with RAID striping, cost $300 – $700 depending on how good you wanted the RAID to be. so take $700, times the 72K TB, gives $50 million give or take, with the NSA shopping retail at Fry’s. Or don’t take me as typical, raise the individual level to say 20 GB. Still folds well into a billion dollars of storage.
Store all the emails in the country? Sure, no problem.
When someone actually does her/his homework, it’s amazing how inexpensive removing the 4th Amendment is.
Very nice work estimating hardware costs to store the data. You beat me to it.
I think your calculations are on the low side, but since text is easily compressible, that’s ok. However, long-term storage is not the real technical hurdle. The real problem is writing all this data to storage in real-time. Or, more precisely, moving the data from the expensive devices that can to cheaper long-term storage. I would like to know the strategy they chose. It is a non-trivial problem.
I just did a quick calculation off of the 72 Petabyte number and made a (admittedly crappy) assumption that that was total data after 2 years (72 petabyte came from a 10 year storage number for an individual). It works out to about 1GB per second. (Did I do that right?)
Solidstate drives can write about 500MB/sec. I think regular hard drives are something around 100MB/sec. There are lots of technical problems to work out of course, but I don’t think getting the stuff persisted is a showstopper.
I found this under “Mass surveillance” in the US section. With cell phone # and email addresses they know where we are at any given time.
http://en.wikipedia.org/wiki/S…..al_complex
I also wanted to comment on this bit of silliness from a “senior intelligence official”.
From a techie’s perspective, this person is a Luddite with absolutely no clue about the technology he is babbling about.
Ummm…hey “senior intelligence official”, email systems don’t list email user accounts in the kind of blocks you are babbling about.
And no email provider would have a clue on what you’re requesting. As in: “Hey, email provider, gimme all the email from email accounts 6000 through 6999.”
Shorter email provider response: “Huh? WTF are you babbling about dude?”
On a few occasions, I have indeed seen organizations that utilize their employees’ “employee number” as part of their email account, but there would be no way for the government to rationally request a block of said email accounts because there’d be no set of defined characteristics that they could use to segregate such email accounts.
For the “senior intelligence official” to state that they were doing this is nonsense. I’m guessing this “senior intelligence official” is related to former Alaska Repug Senator Ted “Toobz” Stevens.
Pinwale is listed here as a possible intelligence database. Other databases listed include:
ANCHORY
GISTER
HARMONY
WRANGLER
There, that should increase your unwanted traffic. *g*
GISTER looks like it might be a semantic/association web database where you can check out if you are truly 6 degrees away from Kevin Bacon.
On the technical mail meta-data discussion above I fall in the sniffing and snarfing along the backbone camp. For one thing, I run a couple of mail MTAs and nobody has accessed those servers or asked me for logs. But more importantly, is just not practical for that to be the approach. There are SO MANY mail servers and you would have to request all those operators for their data.
There is a bit of metadata in the mail server logs which would or could identify from/to and IP addresses and maybe a bit more. But like I said, you would have to contact thousands or perhaps tens of thousands of people to get all that stuff just from log files of the mail transfer transactions.
So its probably sniffing and snarfing along the highways and arterials of the info-highway. But if you think about it (and someone mentioned this above) you don’t catch the brighter of your would-be targets. There are so many things that can be set up. SSH into a US hosted server and mail from there to a US recipient. So maybe you want to know more than just the traffic going to port 25 (what happens when you click the send button on a standalone mail client). I say port 25 because that is what you would look for if you are snarfing on the backbone. TCP connections going to port 25. But in the SSH scenario you would want to correlate that to a TCP connection to port 25 after an incoming connection to port 22 from an out-of-the country IP address. Anyway, thats kind of boring…
So if you are snarfing the TCP connections (perhaps selectively based on IPs and ports) I have to agree that all the message (”meta data” included) is being captured. Now that isn’t to say that the raw data isn’t post processed and put into pinwale. Probably is the case. However, you can be damn sure that the original data is remaining in archive with pointers back to it from the database record. And explaining how the meta data is the only “searchable” part has probably caused a lot of confusion in the committees where this was explained – if it was.
If pinwale is the database where the email info is stored I’m going to guess that one of those other databases are where the query data goes for “fusion”. The 30% number from the article makes zero sense technically. Unless its just a warning about causing an out of memory error or getting a data set too large to upload to the fusion database. But I would be stunned if “30%” had anything to do a minimization procedure.
Stepping back a bit… its almost certain that pinwale was outsourced as a contract to one of the big data technology vendors. The other vendors probably don’t like having there emails sitting on the winning contractors servers. *g*
Well in that case, I’ll call and raise you $100 – from The Atlantic’s Marc Ambinder:
Charles Armstrong moved to St. Agnes for a year and studied how information traveled amongst the Islands 72 inhabitants that had no tech toys like cells phones and pc’s.
http://74.125.93.132/search?q=…..#038;gl=us
Thanks. The Enron thing is fun.
From CNN
I’m guessing that if Rahmbo twists Nancy’s arm (though even that may not be necessary), she will at least bring up the Senate’s “no photos” bill, and all the Repugs will vote for it with sufficient Dems to pass it.
For Congresscritters, cowardice is a feature, not a bug, doncha know?
This country is led by some of the most candy assed cowards imaginable. I ought to be immune by now, but it keeps shocking me. Unanimous consent voice vote. Unfuckingbelievable.
Where were Feingold and Whitehouse and… Oh forget it.
NYT editorial not big on collecting those emails.
Just a couple of more before toddling off to bed…
It looks like Wayne got this one right. (Pinwale) So if there are any other nuggets in his article they might not be pyrite.
Did you catch Risen on Olberman? Saying that the more common problem is analysts checking up on girlfriends and wives? I’m sure they are just checking out those overseas IP addresses.
52, 97 and in between
How is it we don’t have a headline, “Al-Qaeda Dating NSA?”
Ok – so do I have this right or not?
Pinwale is not really the “classified code word” for a “program” but is instead a non-classified name for NSA’s proprietary data mining software. HOwever, Pinwale’s applications include using it on classified databases that are the unconstitutionally acquired and stored US communications (email “meta data” and/or [more likely and] content, text messages, Web searches, etc.)
Is “Pinwale” likely what they would use for real time searches too, once they have taken control of infrastructure? I’m not techie, but that would seem to be a different kind of software application and isn’t that, the real time searches, where some of the techies originally indicated it might be that gov wasn’t just using telecom infrastructure but also their proprietary software for some of the unconstitutional surveillance?
You’re right, data mining software would not be used for real-time monitoring.
Hmm, do you have a cite for that? I’m not sure what you’re referring to.
Thank you.
I don’t have a link to the discussions, they were quite some time ago but I recall that the commenters here who know tech stuff (I obviously don’t) were mentioning this option in connection with one of the surveillance cases and the telecoms – that the telecoms had their own proprietary software that might be easier to catch a ride on than to try to replicate, and that this might be one of the ways they provided assistance and if so they probably got paid pretty well for that. I think it was in conection with some info that made it look like telecom techs were being co-opted into the program. Wish I could find the discussions and don’t rely on me for having remembered them correctly, bc I’m out of my depth on any of the tech stuff.
The program below sounds like it is doing a good thing. But think how dangerous a program like this in the wrong hands could be used.
http://www.treehugger.com/file…..idling.php
There are actually many of these Distributed computing projects.
Unfortunately networks of computers are already in the wrong hands — with the advent of broadband and computers in people’s homes left running and connected to the internet, a new goal of viruses and malicious software is to take control of people’s computers for incorporation into botnets.