Why Would You Segregate the FISA Orders, But Not the Directives?

The FBI, according to Eli Lake, thinks someone besides Edward Snowden may be responsible for leaking the Section 215 order to Verizon ordering them to turn over the metadata on all their American customers’ calls. They claim to think so because digital copies of such orders exist in only two places: computers at the FISA Court and FBI’s National Security Division that are segregated from the Internet. (Note: where Lake says “warrant” in this passage, he means “order.”)

Those who receive the warrant—the first of its kind to be publicly disclosed—are not allowed “to disclose to any other person” except to carry out its terms or receive legal advice about it, and any person seeing it for those reasons is also legally bound not to disclose the order. The officials say phone companies like Verizon are not allowed to store a digital copy of the warrant, and that the documents are not accessible on most NSA internal classified computer networks or on the Joint Worldwide Intelligence Communications System, the top-secret internet used by the U.S. intelligence community.

The warrants reside on two computer systems affiliated with the Foreign Intelligence Surveillance Court and the National Security Division of the Department of Justice. Both systems are physically separated from other government-wide computer networks and employ sophisticated encryption technology, the officials said. Even lawmakers and staff lawyers on the House and Senate intelligence committees can only view the warrants in the presence of Justice Department attorneys, and are prohibited from taking notes on the documents.

Now, when the order first leaked, I actually suspected the leaker might be in this general vicinity. If that’s right, then I also suspect the FBI is interested in finding this person because he or she would be reacting to the FBI’s own wrong-doing on another matter. Heck, the FBI could conduct a manhunt in this general vicinity just for fun to make sure their own wrong-doing doesn’t get exposed.

Such is the beauty of secret counterintelligence investigations.

That said, Lake’s reporting is an example of something I suggested in the first day of this leak: we’re going to learn more about how the NSA works from leaks about the investigation of it than from the leaks themselves.

And this story provides a lot of evidence that the government guards its generalized surveillance plans more jealously than it guards it particularized surveillance targets. (See this post for a description of the difference between orders and directives specifying targets.)

Consider what kinds of documents the FISA Court produces:

  • Standing Section 215 orders such as the Verizon one in question
  • Particularized Section 215 orders; an example might be an order for credit card companies and Big Box stores to turn over details on all purchases of pressure cookers in the country
  • FISA Amendments Act orders generally mapping out the FAA collection (we don’t know how detailed they are; they might describe collection programs at the “al Qaeda” and “Chinese hacker” level, or might be slightly more specific, but are necessarily pretty general)
  • Particularized FISA warrants, targeted at individual US persons (though most of this spying, Marc Ambinder and others have claimed, is conducted by the FBI under Title III)

Aside from those particularized warrants naming US persons, FISA Court doesn’t, however, produce (or even oversee) lists of the great bulk of people who are being spied on. Those are the directives NSA analysts draw up on their own, without court supervision. Those directives presumably have to be shared with the service providers in some form, though all the reporting on it suggests they don’t see much of it. But, Lake’s remainder that Google’s list of surveillance targets had been hacked by China to identify which of its agents in the US we had identified and were surveilling makes it clear they do get the list in some form.

In April, CIO.com quoted Microsoft’s Dave Aucsmith, the senior director of the company’s Institute for Advanced Technology in Governments, saying a 2009 hack of major U.S. Internet companies was a Chinese plot to learn the targets of email and electronic surveillance by the U.S. government. In May, the Washington Post reported Chinese hackers had accessed a Google database that gave it access to years’ worth of federal U.S. surveillance records of counter-intelligence targets.

But the prior hack makes obvious something that has been apparent since the Verizon order leaked: China doesn’t have much use for information that shows NSA is compiling a database of all calls made in the US. It does, however, have a great use for the list of its spies we’ve identified.

What this report seems to suggest, among other things (including that the Congressional committees don’t have enough scrutiny over these orders because they’re not allowed to keep their own copy of them), is that details on the particularized spying is more widely dispersed, in part because it has to be. Someone’s got to implement that particularized spying, after all, and that requires communication that traverses multiple servers.

But the generalized stuff — the stuff the FISA Court actually oversees — is locked up in a vault like the family jewels.

You might ask yourself why the government would go to greater lengths to lock up the generalized stuff — the stuff that makes it clear the government is spying on Americans — and not the particularized stuff that has far more value for our adversaries.

Update: After the hearing today, Keith Alexander said Snowden is the source of the order, and he got it during training at Fort Meade.

Alexander told reporters after a House Intelligence Committee hearing that the man who’s acknowledged being the source of the recent leaks, Booz Allen Hamilton information technology specialist Edward Snowden, had access to the Foreign Intelligence Surveillance Court order and related materials during an orientation at NSA.

“The FISA warrant was on a web server that he had access to as an analyst coming into the Threat Operations Center,” Alexander said. “It was in a special classified section that as he was getting his training he went to.”

Which suggests the leaking about someone in the FISA Court may, as I thought, be an effort to impugn people in the vicinity of the court the FBI would like to shut up.

17 replies
  1. Frank33 says:

    Alert the Department of Justice! Eli Lake is revealing classified information. Lake is endangering lives. He should be stopped because he is helping terrorists. And Marc Ambinder is also aiding and abetting and facilitating terrorism.

    Unless, these are authorizied leaks of top secret information. In which case, the embedded reporters should use the “embedded tag”, /e.

  2. jerryy says:

    While you might be inclined to think this means that folks running this show could not find their own asses with both hands, an atlas of maps, and a dedicated team of Sherpa guides, consider the possiblity that this is more about controlling power and money than defense against foreign countries.

    Even if, oh say China or Russia or Bermuda wanted to ‘acquire the assets’ of the USA, they would not. It is too much trouble running a slave empire. No, the small remaining dictatorships have not caught on yet, but the larger ones have, (one reason why they do not spend masssive amounts of money on defense like we do — they use their military more and more as police — a practice we are turning toward.).

    Large prediuctive data sets are valuable to corporations.

    When the heads of state meet to accuse each other of ‘spying’ or ‘repression’, they may be discussing what works well versus what just annoys the populations.

  3. Phil Perspective says:

    You might ask yourself why the government would go to greater lengths to lock up the generalized stuff — the stuff that makes it clear the government is spying on Americans — and not the particularized stuff that has far more value for our adversaries.

    To protect the grift?

  4. Frank33 says:

    The NSA called me up and told me Marcy Wheeler and David Dayan are going to be on the radio. It could be a ruse.

  5. orionATL says:

    “..They claim to think so because digital copies of such orders exist in only two places: computers at the FISA Court and FBI’s National Security Division that are segregated from the Internet. (Note: where Lake says “warrant” in this passage, he means “order.”)…”

    ha ha ha ha

    did the fbi really believe that the nsa couldn’t/wouln’t spy on the courts or the fbi?

    ha ha ha ha

  6. orionATL says:


    you do mean that the nsa entered your mind and placed that message there, don’t you?

    phone calling a u.s. person is so 20th century :))

  7. Frank33 says:

    Brad Friedman has occupied the Ed Shultz show. And the NSA does control all electronic communication. However, I am confused. I thought Marcy Wheeler had been banned from any national broadcast.

  8. P J Evans says:

    First guess:
    The FISA orders may show that the directives don’t say what the NSA/FBI are telling us they say.

  9. orionATL says:

    president obama was quoted in the washington post today:

    “What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls, and the NSA cannot target your e-mails,” he added, before Rose interjected, “And have not.

    “And have not,” Obama reiterated. “They cannot and have not, by law and by rule, and unless they — and usually it wouldn’t be ‘they,’ it’d be the FBI — go to a court, and obtain a warrant, and seek probable cause, the same way it’s always been, the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause.”


    is this set of statements from the president not false, depending as it does on the weaselly “listen” and the equally weaselly “unless they get a warrant”?

    what has become clearer in the last 10 days is that

    when it comes to protecting an individual’s privacy, the fisa court is a a politician’s charade

    and its warrants a sham hiding nsa analysts’ unobstructed access to individuals’ calls and e-mails.

  10. scribe says:

    @orionATL: It has been scientifically proven that tinfoil hats actually amplify those secret radio waves being beamed into your head.

  11. orionATL says:

    we learned today that one of the terrorist plots nsa spying was said to have “prevented” involved bombing the federal reserve bank/ny stock exchange

    with a bomb whose materials were obligingly supplied by our fbi.

  12. orionATL says:


    oh no!

    i cannot live without my tinfoil hat; i’d be nakt.

    plus, half the instructions my brain is receiving unbidden are in american english, but the other half are in mandarin chinese.

    what to do?

  13. scribe says:

    Actually, I think the idea that the NSA does not get a copy of the FISA orders is a crock of shit.

    Consider this: Go back to the text of the order. The order is sought by the FBI from the FISA court, to be served upon the telecom (in this example, Verizon) and directs the telecom to deliver a copy of all of its traffic to the NSA. So far, so good.

    Regardless of all the other implications of the practice, what the NSA is doing with everything it receives from the telecoms starts off as a huge exercise in running a file room. That is, they take all this stuff and put it in the electronic equivalent of a filing cabinet. (What happens after that is a sophisitcated exercise in shuffling files.) The problem is, the stuff the NSA receives is a long string of 1s and 0s and surely does not come in a banker’s box with a handy label on it, nor do the files within the data dump come with little Avery stick-on file labels telling the recipient what each of them is.

    So, how is the NSA to know what the hell they’re having dumped into their servers?

    Or, said another way, do you really think the NSA is going to accept a data dump without knowing the source they’re getting it from? And the authority of that source to dump the data into their system?

    These are bureaucrats and want a piece of (virtual) paper to cover everything they do and especially their asses. So, they get a copy of the order.

    So, I consider it highly implausible that the only people who have copies of these orders are the FBI and the FISA court. Maybe the telecoms just get to see the order, nod their assent, and do what they’re ordered to do. But, I do not see the NSA being inclined to so roll over and do as they’re told. If anything, they have the whip hand on the FBI.

    And, anyway, if the orders are being transmitted electronically, the NSA is capturing them regardless of whether the FBI or FISA court consent.

    No, I view this article as an outward justification for a massive witch (leaker) hunt within the FBI, FISA court and telecoms. The FBI cannot believe one 29 y/o sysop with superuser powers was able to jack their crown jewels, but I suspect he was. Unable to believe one guy did it, the FBI sees a conspiracy (big conspiracies make big cases make bigger careers) and now will spend lots of time and effort on trying to run down the conspirators (likely to be named among them, Glenn Greenwald, but journos need to expect that these days). This will likely be prime time for polygraphers putting everyone in the NSA and FBI on the box, but we expected that, too.

    I’m still hoping Snowden downloaded some of the intercepts of Obama discussing a touchy or embarrassing something or other on the phone, just to show the world that, at NSA, yes, he can.

  14. Hmmm says:

    “They cannot and have not, by law and by rule…”

    This is probably true, but fails to address the key concern it appears intended to address. It only says that when it is done, it breaks the law and breaks the rule. I think everyone would agree with that. But it provides zero assurance that it’s not technically possible, nor that it’s not being done despite its being illegal and against the rules. Snowden said nearly exactly the same thing when he said the only inhibition on doing it is policy. The difference is whether we agree that policy alone seems a wee bit flimsy as a barrier to anyone who wants to do it badly enough. The administration is going to have to provide an understandable and credible position on that if they hope to persuade, and it’s difficult to see how they can do that while maintaining the secrecy facade in its current mode.

  15. shekissesfrogs says:

    Politico: “UPDATE (Tuesday, 4:33 P.M.): This post has been updated to remove a reference to Snowden having access to the Verizon order during training at NSA Headquarters. Alexander said the training was at the Threat Operations Center, which is located in Hawaii.”

    Prolly wouldn’t like a trainee to use a thumb drive on a network at the NSA. Also can’t see them storing crown jewels on training network or letting a newb access a high security intranet.

    RW Nat’l Security professionals have already been pushing an angle to portray him as a chinese spy who infiltrated.

  16. P J Evans says:

    RW Nat’l Security professionals have already been pushing an angle to portray him as a chinese spy who infiltrated.

    Which makes them look even worse, since that implies their background checks missed important stuff. Or they’re lying to cover their own mistakes.

Comments are closed.