Coincidental Timing in NSA’s Telecom Switch Collection
We knew the government had “shut down” the Internet metadata in “late” 2011.
But I believe Friday’s filings are the first time they’ve specified publicly: they shut it down in December 2011.
That gives us the following chronology:
May 29, June 22, 2009: First Internet dragnet violations noticed as part of phone dragnet review
Around July 2009: NSA pilots new contact-chaining approach for Internet dragnet
Around November 2009: FISA Court does not re-approve Internet dragnet (see 15-16)
November 29, 2010: NSA signs directive allowing analysts to chain through US persons
January 3, 2011: Government rolls out new dragnet approach, providing
May 2, 2011: Government “clarifies” that upstream collection includes some US person data
October 3, 2011: John Bates finds some upstream dragnet illegal
Between October 3 and October 6, 2011: NSA General Counsel considers appeal
October 13, 2011: Government claims 1809(a)(2) does not apply — presumably to upstream collection
October 17, 2011: Draft training module advises analysts to talk to management or subject matter expert about Internet dragnet from prior to November 2009
November 22, 2011: Government still challenging applicability of 1809(a)(2) in upstream collection
Late 2011: Government starts dealing with upstream content
December 2011: Government halts Internet dragnet
That is, the government stopped collecting Internet metadata in the US within weeks of the discussion between John Bates and the government over whether or not Section 1809(a)(2) applied to NSA’s deliberate collection of US person content within the US via collection off telecom switches in the US — the same method of collection as used in the Internet dragnet.
That’s not to say the legal discussion influenced the decision. There are plenty of other explanations — including Google’s encryption by default (which made Google content inaccessible via US switches) and the earlier limits Bates imposed on US metadata collection, which may have made domestically-collected metadata less useful — for NSA to shut down that collection.
But I wonder whether Bates’ persistent focus on 1809(a)(2) had an influence.
I say that for two reasons — aside from the timing.
First, it is unusual for a training document to recommend asking a person for information about how to handle something, as the dragnet training instructed analysts, “for information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert,” as late as October 17, 2011. The data from this period involved overcollection (probably content collected in the guise of metadata) that, if known to be US person data, could not be circulated without violating 1809(a)(2). This kind of instruction should be written down, especially given the legal sensitivity surrounding it, not transmitted person-to-person. But it appears not to have been.
There are a lot of details about Bates’ resolution of the Internet metadata overcollection in 2010 that we don’t yet know. Unlike with the 2011 US opinion,we don’t see the follow-up discussion to see how that collection was handled.
But we do know how Bates enforced his 2011 opinion: by emphasizing that the government couldn’t use any of that US person upstream collection for submissions to the FISC.
Beginning late in 2011, the government began taking steps that had the effect of mitigating any Section 1809(a)(2) problem, including the risk that information subject to the statutory criminal prohibition might be used or disclosed in an application filed before this Court.
Given that the government uses metadata to select which content collection to translate, this restriction on submitting improperly collected data to the FISC might be even more restrictive with the Internet dragnet information than the upstream collection.
In October and November 2011, John Bates reiterated his assertion — first made the year earlier in conjunction with Internet dragnet collected via the same means that the NSA could be subject to 1809(a)(2) — in response to which, the government still tried to object. But then they stopped objected and started complying, at the same time they also stopped collecting Internet metadata from within the US.
Two years in a row the NSA’s collection off telecom switches was deemed to be illegal. As the second judgment got resolved (by imposing restrictions on the circulation of the data), the government moved the collection tied to the first judgment overseas.