What Was the Purpose of the Exigent Letter Program?

/7 Comments/in , /by

I’m aiming to have some rough guesses about what kind of bulk collection the FBI might use National Security Letters for (spoiler alert: my wildarseguess is that they’re getting subscriber lists from the same telecoms they’re getting phone dragnet data from).

But first, I want to return to the exigent letter program and consider how it may have complemented the dragnet during the period the dragnet had no court sanction.

As a reminder, starting in 2002, the FBI started getting phone calling records on individual users directly from telecoms using “exigent letters” — basically letters saying they needed the records urgently and promising some kind of legal documentation in the future. In 2003, representatives of the telecoms started moving onsite, so FBI Agents could ask for this information while looking over the representatives’ shoulders. As part of it, the FBI got “community of interest” data (basically, the 3-degrees information the phone dragnet provides) and “hot number” data (an alert when a number was used, which also became part of the phone dragnet). The program spun out of control because FBI often would never go back and provide that paperwork (and also they used it for improper purposes).

In 2006, at the same time the the phone dragnet from the illegal wiretap program was moving to Section 215 orders, FBI was trying to clean up the exigent letter problems with “blanket National Security Letters.” FBI issued the first blanket NSL on May 12, 2006; FISC approved the first Section 215 order on May 24. And while it took until January 2008 for the last telecom personnel to move out of FBI digs, FBI started phasing out the program by imposing new restrictions in 2006.

There’s a lot we don’t know yet about the exigent letters program — and the actions of those telecom personnel camping out at the FBI. That the 2010 IG Report on was produced in TS/SCI, classified, and unclassified versions (the other two NSL IG Reports (2007, 2008) came in classified and unclassified versions) suggests it had some tie to more sensitive counterterrorism programs, quite likely the illegal program.

And to some degree, the onsite telecom personnel were duplicating what we understand NSA to have been doing with phone call records in the illegal wiretap program: tracking activity and establishing 3-degree-of-separation maps around phone identifiers of interest. At least for those FBI Agents who knew of the illegal dragnet, they could get the same information from the NSA, though for FBI Agents it was likely more immediate to go directly to the telecom person and provide requests on post-it notes (as sometimes occurred). Moreover, the FBI could and did quickly check whether queries would be fruitful before they formally queried a number. That means they could use the telecom presence to run contact-chaining on people who were not yet formally identified as terrorist suspects (though that seems to have been possible with the NSA program at that point too).

But the duplicative nature of the program suggests the possibility (particularly given that it started in earnest in May 2003, after the illegal program had gotten started) that the telecom presence was used to launder results back through the telecoms to make them usable for both FISC and other Title III Courts.

One more thing of interest, given my spoiler alert. As far as I understand, the FBI would have access not just to a number’s community of interest, but also to the name of a phone subscriber (or, alternately, immediately be able to learn if a telecom served a particularly person or number). That is, the onsite telecom program provided the FBI with something that the current dragnet, as publicly understood, did not: easy access to contact-chaining, with identities attached.

As I have noted before, DOJ’s Inspector General has said he may be limited in what he presents in his 1,297-day old study of the use of Section 215 through 2009, started under his predecessor (who authored all the other reports), Glenn Fine, unless DOJ will declassify the earlier NSL and Section 215 reports. So there’s clearly a tie between what was done with Section 215 as it moved under FISC review and what had been done earlier with NSLs.

One thing I’m wondering about is whether FBI uses(d) NSLs to accomplish the parts of the previous programs that haven’t been authorized under the use of Section 215.

image_print
7 replies
  2. bloodypitchfork says:

    @emptywheel
    quote:”And to some degree, the onsite telecom personnel were duplicating what we understand NSA to have been doing with phone call records in the illegal wiretap program: tracking activity and establishing 3-degree-of-separation maps around phone identifiers of interest. At least for those FBI Agents who knew of the illegal dragnet, they could get the same information from the NSA, though for FBI Agents it was likely more immediate to go directly to the telecom person and provide requests on post-it notes (as sometimes occurred).”unquote

    One thought on “What Was the Purpose of the Exigent Letter Program?” as interpreted by ew. I’ve really began to wonder about something. Exactly where did you get the knowledge the FBI provided requests on post-it notes? The more I read your posts Marci, I’m wondering how in the world you collect so much information faster than the speed of light, notwithstanding analyzing and fostering hypotheses and then posting them. I can’t even keep up with them, let alone internalize everything you post in one day ..let alone comment as well. sheeezsh…I had to skip the last three posts just to keep up!

    And you sew too?? The NSA would kill to have you onboard.

    :)

  3. emptywheel says:

    @bloodypitchfork: I don’t sew. I’m trying to return to sewing, largely because there’s a fabric store here I actually like, so it’d be fun to make some of my own clothes. Which is something entirely different.

    As to the post-its reference, it’s in the IG report on exigent letters, linked in the post.

    This is all iterative stuff for me. I’m finding I DO spend a lot of time reading posts I wrote 5 years ago. But that’s a quick way to catch up.

  4. greengiant says:

    Still waiting to find that Snowden was a smokescreen for the big cahuna, the storage of all audio for network and threat analysis and that the executive orders etc to do same remain buried.

  5. bloodypitchfork says:

    @emptywheel:quote”@bloodypitchfork: I don’t sew. I’m trying to return to sewing, largely because there’s a fabric store here I actually like, so it’d be fun to make some of my own clothes. Which is something entirely different.”unquote

    Sorry ew. I wasn’t trying to interject your personal stuff here. I was only trying to highlight my amazement at your prolific daily schedule here and still having time to watch football, sew, cook..etc etc. Heck, I’ve had to give up some of my interests just to keep up with your blog! Like my wife. I think she’s getting jealous. :)

    quote:”As to the post-its reference, it’s in the IG report on exigent letters, linked in the post. “unquote

    Dang, I didn’t see it. Frankly, by the time I post a comment, there’s so many Tags open to links, on 5 or 6 Windows…geeezus . Going back and forth between them I loose track of what I was originally looking for. Thanks

  7. LeMoyne says:

    The shorter purpose of ‘exigent’ letters is prolly sumpthin’ like: Moar.Phatter.Fassster. As in, ‘It’s such a Terror! emergency we don’t have time to spell or say the 4-syllables of ’emergency’. It’s even beyond Imminent Terror! [and we may have broken the word imminent anyway]. So now it’s Exigent Terror dammit! GIMME!!!

    Of course it depends on what you mean by purpose, and I’m not just joking. The purpose of the program seems to be a fig-leaf-shaped-legality-band-aid on an ad hoc writ of assistance policy. Inside the overarching purpose – ‘Get ALL Needles By Getting The Entire Haystack’ – I am confident that the high level purpose of the administrative/exigent/NSL letter programs can be succinctly stated as: “Hay Stop-Loss”.

    If it is true to it’s ‘exigent’ name, the target and the content requested by an such a ‘letter’ won’t speak directly to the deeper purpose. The separate programmatic context that generates the need for an NSL-type request would give a better view of each letter’s purpose. Here there be darkness… essentially no letters and no clear big picture of how the various surveillance programs are operated in a way that fits together… no hope of association of action to context … except…

    The case of Lavabit does show the potential impact of what appears to be an NSL bulk collection effort. It was at least the threat of an NSL-type request: some request paired with a gag order. Although Ladar Levison was not free to speak the truth of the matter, we are free to speculate. The nature of Lavabit, the fact that Lavabit complied with all subpoenas and Levison’s assertion that he closed down to avoid violating his promises to ALL his customers strongly implies that the FBI was asking for bulk collection or its equivalent. Some potential requests are:
    1) a complete, accurate and up-to-date picture of the Lavabit encryption implementation including key material, key generation/shuffling/exchange methods, i.e. everything (for ease of cracking or for legal injunction) or
    2) a crippling of the same (as in: here’s your key list! we made it just for you! trust US!), or
    3) all cross-index information Lavabit maintained separately and securely (link info between selectors of different types: email/name/phone/bank), or
    4) (1 or 2) and 3 above.

    I imagine much of the bulk collection is implemented as a voluntary response to open-ended requests for info related to a selector list that changes daily. Much cheaper, easier and safer for the corporation to provide a copy of everything, i.e. a feed of their daily/real-time internal unencrypted backup stream. Thereby the request is for info that meets some minimal level of RAS but is difficult to select from the whole and so what actually happens is that the NSS gets it all. As always, the shorter purpose is MOAR == Maximal Oversight of All Relationships.

    IANAL yet the coercion of RAS based requests into everything by ease of implementation appears to fulfill the essential, yet secondary purpose of deniability. The gov’t request is minimal and therefore legal [deniability of illegality]. The gov’t doesn’t collect it all, the corps give it all [deniability of collection].

    From Levison’s October interview on DN! (supported by revelations about ‘hacking into the clouds’), one can add to the ‘speculative’ Lavabit bulk collection request list:
    5) the decrypted content of the Lavabit internal network, or
    6) straight-up real-time decrypted access to Lavabit’s internal encrypted network, or
    7) simply MOAR, dammit, MOAR. We need MOAR and you Lavabit, you will always in all ways give us MOAR. And be nice or we fine you large.

    Lavabit can be seen as an exception to the rule[rs].

    Levison now says that since first going public he has been summoned before a grand jury, fined $10,000 for handing over encryption keys on paper instead of digitally, and threatened with arrest for speaking out. The Justice Department began targeting Labavit the day after Snowden revealed himself [snip] “What they wanted was the ability, basically, to listen to every piece of information coming in and out of my network,” Levison says.

    As Lavabit was a private holding, Levison didn’t have to check with stockholders, only his conscience. And, as a person of integrity, Levison chose to honor his privacy policy word instead of his bottom line wealth. Hence the exceptional nature of Levison’s resistance to the ‘letter’ programs used “to listen to every piece of information”.

Comments are closed.