June 15, 2013 / by emptywheel


PRISM: The Difference between Orders and Directives

The AP has a story that lays out the architecture of how PRISM fits in with the rest of the government surveillance programs. The short version is, as much prior reporting supports, it uses PRISM to target communications it has collected, as packets, from the telecom backbone. Like the Section 215 dragnet (and consistent with James Clapper’s metaphor that the dragnet serves as the Dewey Decimal system to direct the government were to find the conversations it wants) it seems to serve to tell the government where to look to get more content.

The story is most valuable, in my opinion, for the distinction it describes between orders — which courts approve — and directives — which courts don’t.

Every year, the attorney general and the director of national intelligence spell out in a classified document how the government plans to gather intelligence on foreigners overseas.

By law, the certification can be broad. The government isn’t required to identify specific targets or places.

A federal judge, in a secret order, approves the plan.

With that, the government can issue “directives” to Internet companies to turn over information.

While the court provides the government with broad authority to seize records, the directives themselves typically are specific, said one former associate general counsel at a major Internet company. They identify a specific target or groups of targets. Other company officials recall similar experiences.

I’ve seen some apologist reporting that conflates these two, suggesting that the courts approve individual targets.

The entire point of FISA Amendments Act is to have the courts approve broader targeting.

As Russ Feingold warned four years ago, there is less oversight of how you get from orders to the procedures that make them compliant with the Constitution.

AP goes on to explain the danger to this scheme, though: there’s far less oversight over individual targets. Which can — and in 2009, at least — led the NSA to take US person data.

A few months after Obama took office in 2009, the surveillance debate reignited in Congress because the NSA had crossed the line. Eavesdroppers, it turned out, had been using their warrantless wiretap authority to intercept far more emails and phone calls of Americans than they were supposed to.

Remember, this overcollection was self-reported by the Obama Administration at the time, not discovered by the FISA Court. Good for the Obama Administration, though we’re trusting them at their word that the overcollection was unintentional.

As part of a periodic review of the agency’s activities, the department “detected issues that raised concerns,” it said. [snip]

The overcollection problems appear to have been uncovered as part of a twice-annual certification that the Justice Department and the director of national intelligence are required to give to the Foreign Intelligence Surveillance Court on the protocols that the N.S.A. is using in wiretapping. That review, officials said, began in the waning days of the Bush administration and was continued by the Obama administration. It led intelligence officials to realize that the N.S.A. was improperly capturing information involving significant amounts of American traffic.

But that raises one of the problems with the program. The court oversight is removed from the specificity of the collection, and the law, by design, prevents the court from double-checking whether the government does at the directive level what it says it will do at the order level.

Trust us.

Back in 2009, Obama assured us they had fixed the problem with overcollection.

Justice Department officials then “took comprehensive steps to correct the situation and bring the program into compliance” with the law and court orders, the statement said.

But then 3 years later, the FISA Court identified practices that did not comply with the Fourth Amendment.

It is also true that on at least one occasion the Foreign Intelligence Surveillance Court held that some collection carried out pursuant to the Section 702 minimization procedures used by the government was unreasonable under the Fourth Amendment.

And this time (perhaps because of Obama’s four year assault on leakers in the interim) we didn’t get any reporting in the press. Indeed, Ron Wyden had to force this statement’s declassification to prove claims Dianne Feinstein made to support renewal of the FISA Amendments Act were not entirely correct.

Trust us, they said again, as they were hiding the truth that the Court had found they had violated the Fourth Amendment.

It seems that every 3 years, we’re going to be told that this structure doesn’t provide for adequate oversight of the program. And then we’ll go on doing roughly the same thing.

Copyright © 2013 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2013/06/15/prism-the-difference-between-orders-and-directives/