January 22, 2014 / by emptywheel


FISA Warranted Targets and the Phone Dragnet

The identifiers (such as phone numbers) of people or facilities for which a FISA judge has approved a warrant can be used as identifiers in the phone dragnet without further review by NSA.

From a legal standpoint, this makes a lot of sense. The standard to be a phone dragnet identifier is just Reasonable Articulable Suspicion of some tie to terrorism — basically a digital stop-and-frisk. The standard for a warrant is probable cause that the target is an agent of a foreign government — and in the terrorism context, that US persons are preparing for terrorism. So of course RAS already exists for FISC targets.

So starting with the second order and continuing since, FISC’s primary orders include language approving the use of such targets as identifiers (see ¶E starting on page 8-9).

But there are several interesting details that come out of that.

Finding the Americans talking with people tapped under traditional FISA

First, consider what it says about FISC taps. The NSA is already getting all the content from that targeted phone number (along with any metadata that comes with that collection). But NSA may, in addition, find cause to run dragnet queries on the same number.

In its End-to-End report submission to Reggie Walton to justify the phone dragnet, NSA claimed it needed to do so to identify all parties in a conversation.

Collections pursuant to Title I of FISA, for example, do not provide NSA with information sufficient to perform multi-tiered contact chaining [redacted]Id. at 8. NSA’s signals intelligence (SIGINT) collection, because it focuses strictly on the foreign end of communications, provides only limited information to identify possible terrorist connections emanating from within the United States. Id. For telephone calls, signaling information includes the number being called (which is necessary to complete the call) and often does not include the number from which the call is made. Id. at 8-9. Calls originating inside the United States and collected overseas, therefore, often do not identify the caller’s telephone number. Id. Without this information, NSA analysts cannot identify U.S. telephone numbers or, more generally, even determine that calls originated inside the United States.

This is the same historically suspect Khalid al-Midhar claim, one they repeat later in the passage.

The language at the end of that passage emphasizing the importance of determining which calls come from the US alludes to the indexing function NSA Signals Intelligence Division Director Theresa Shea discussed before — a quick way for the NSA to decide which conversations to read (and especially, if the conversations are not in English, translate).

Section 215 bulk telephony metadata complements other counterterrorist-related collection sources by serving as a significant enabler for NSA intelligence analysis. It assists the NSA in applying limited linguistic resources available to the counterterrorism mission against links that have the highest probability of connection to terrorist targets. Put another way, while Section 215 does not contain content, analysis of the Section 215 metadata can help the NSA prioritize for content analysis communications of non-U.S. persons which it acquires under other authorities. Such persons are of heightened interest if they are in a communication network with persons located in the U.S. Thus, Section 215 metadata can provide the means for steering and applying content analysis so that the U.S. Government gains the best possible understanding of terrorist target actions and intentions. [my emphasis]

Though, as I have noted before, contrary to what Shea says, this by definition serves to access content of both non-US and US persons: NSA is admitting that the selection criteria prioritizes calls from the US. And in the case of a FISC warrant it could easily be entirely US person content.

In other words, the use of the dragnet in conjunction with content warrants makes it more likely that US person content will be read.

Excluding bulk targets

Now, my analysis about the legal logic of all this starts to break down once the FISC approves bulk orders. In those programs — Protect America Act and FISA Amendments Act — analysts choose targets with no judicial oversight and the standard (because targets are assumed to be foreign) doesn’t require probable cause. But the FISC recognized this. Starting with BR 07-16, the first order approved (on October 18, 2007) after the PAA  until the extant PAA orders expired, the primary orders included language excluding PAA targets. Starting with 08-08, the first order approved (on October 18, 2007) after FAA until the present, the primary orders included language excluding FAA targets.

Of course, this raises a rather important question about what happened between the enactment of PAA on August 5, 2007 and the new order on October 18, 2007, or what happened between enactment of FAA on July 10, 2008 and the new order on August 19, 2008. Were analysts permitted to contact chain off of any of the targets they were tracking in the interim? Or did FISC pass supplemental orders in the interim?

The question should be of particular interest for Basaaly Moalin’s lawyers. FBI has said they found his number through the phone dragnet two months before (they say only “October”) they started wiretapping him around December 18, 2007. Which might place it before that language got included in the October 18, 2007 order. That’s particularly significant given that al-Shabaab was not yet a designated Foreign Terrorist Organization when all this began.

Those funny overseas American warrants

Finally, there are two other curious details in the language in this section.

First, in addition to the language excluding anyone targeted off of Section 702 of FISA in that August 19, 2008 order, it (and subsequent orders) also excluded anyone targeted off of Section 703 and 704, the warrants needed before wiretapping Americans overseas.

Nor shall it apply to an Order of the FISC issued under Section 703 or Section 704 of FISA, as added by the FISA Amendments Act of 2008.

I don’t pretend to understand why they excluded these warrants, which are supposed to be individual. There are problems with using the phone dragnet with foreign-to-foreign data, so that may be the reason FISC excluded these taps from automatic RAS treatment. But there’s also a great deal of differing understanding — from civil liberties lawyers to the White House — about the limits to these two clauses. So who knows?!?

The pre-bulk collection bulk collection dockets?

Finally, in the dockets dated February 23 (?), 2007 and March 3 (?), 2007, the language excludes “telephone numbers under surveillance in Docket Number 06-2081.”

Screen shot 2014-01-22 at 2.29.42 AM

And in the docket dated July 23 (?), 2007, it excludes “the telephone numbers under surveillance in Docket 07-449 or any renewal thereof.”

Screen shot 2014-01-22 at 2.31.26 AM

This language was replaced in the next order with the PAA language, suggesting they are also bulk collection.

These are notable for several reasons. We know — or think we know — that the FISC approved an early form of bulk collection — collection off the telecom switches — starting on January 10, 2007. It would make sense to exclude this bulk collection using the same logic for excluding the bulk collection under PAA or FAA: these weren’t targets selected using probable cause.

These two passages would seem to suggest there were two different dockets using this formula. That makes sense too: in April or May 2007, a FISC judge rejected one of the applications, presenting the need for PAA.

But this would seem to say there was a bulk docket, 07-449, still active days before passage of the PAA.

In addition, the other docket number, 06-2081, would seem to suggest the bulk collection got approved sooner than we thought it did, sometime in 2006. The FISA Court approved 2176 FISA warrants in 2006, so this would be one of the later dockets in the year.

Now I could be totally wrong about what these two dockets represent. But they do raise questions about the pre-bulk collection bulk collection programs.

Update, 1/28/14: John Bates relied on 07-449 for the assumption that upstream content about a target was likely to involve foreign intelligence information. So these must be upstream collection targeted at content.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2014/01/22/fisa-warranted-targets-and-the-phone-dragnet/