The Government Has a Festering EO 12333 Problem In Jewel/First Unitarian

The government claims it does not have a protection order pertaining to the phone dragnet lawsuits because the suits with a protection order pertain only to presidentially-authorized programs.

The declaration made clear, in a number of places, that the plaintiffs challenged activities that occurred under presidential authorization, not under orders of the Foreign Intelligence Surveillance Court (FISC), and that the declaration was therefore limited to describing information collected pursuant to presidential authorization and the retention thereof.

Therefore, the government is challenging the EFF’s effort to get Judge Jeffrey White to reaffirm that the preservation orders in the Multidistrict Litigation and Jewel apply to the phone dragnet.

Fine. I think EFF can and should challenge that claim.

But let’s take the government at its word. Let’s consider what it would obliged to retain under the terms laid out.

The government agrees it was obliged, starting in 2007, to keep the content and metadata dragnets that were carried out exclusively on presidential authorization. Indeed, the declaration from 2007 they submitted describing the material they’ve preserved includes telephone metadata (on tapes) and the queries of metadata, including the identifiers used (see PDF 53). It also claimed it would keep the reports of metadata analysis.

That information is fundamentally at issue in First Unitarian Church, the EFF-litigated challenge to the phone dragnet. That’s true for three reasons.

First, the government makes a big deal of their claim, made in 2007, that the metadata dragnet databases were segregated from other programs. Whether or not that was a credible claim in 2007, we know it was false starting in early 2008, when “for the purposes of analytical efficiency,” a copy of that metadata was moved into the same database with the metadata from all the other programs, including both the Stellar Wind phone dragnet data, and the ongiong phone dragnet information collected under EO 12333.

And given the government’s promise to keep reports of metadata analysis, from that point until sometime several years later, it would be obliged to keep all phone dragnet analysis reports involving Americans. That’s because — as is made clear from this Memorandum of Understanding issued sometime after March 2, 2009 — the analysts had no way of identifying the source of the data they were analyzing. The MOU makes clear that analysts were performing queries on data including “SIGINT” (EO 12333 collected data), [redacted] — which is almost certainly Stellar Wind, BRFISA, and PR/TT. So to the extent that any metadata report didn’t have a clear time delimited way of identifying where the data came from, the NSA could not know whether a query report came from data collected solely pursuant to presidential authorization or FISC order. (The NSA changed this sometime during or before 2011, and now metadata all includes XML tags showing its source; though much of it is redundant and so may have been collected in more than one program, and analysts are coached to re-run queries to produce them under EO 12333 authority, if possible.)

Finally, the real problem for the NSA is that the data “alerted” illegally up until 2009 — including the 3,000 US persons watchlisted without undergoing the legally required First Amendment review — was done so precisely because when NSA merged its the phone dragnet data with the data collected under Presidential authorization — either under Stellar Wind or EO 12333 — it applied the rules applying to the presidentially-authorized data, not the FISC-authorized data. We know that the NSA broke the law up until about 5 years ago. We know the data from that period — the data that is under consideration for being aged off now — broke the law precisely because of the way the NSA mixed EO 12333 and FISC regulations and data.

The NSA’s declarations on document preservation — not to mention the declarations about the dragnets more generally — don’t talk about how the EO 12333 data gets dumped in with and mixed up with the FISC-authorized data. That’s NSA’s own fault (and if I were Judge White it would raise real questions for me about the candor of the declarants).

But since the government agreed to preserve the data collected pursuant to presidential authorization without modification (without, say, limiting it to the Stellar Wind data), that means they agreed to preserve the EO 12333 collected data and its poisonous fruit which would just be aging off now.

I will show in a follow-up post why that data should be utterly critical, specifically as it pertains to the First Unitarian Church suit.

But suffice it to say, for now, that the government’s claim that it is only obliged to retain the US person data collected pursuant to Presidential authorization doesn’t help it much, because it means it has promised to retain all the data on Americans collected under EO 12333 and queries derived from it.

3 replies
  1. Peterr says:

    the analysts had no way of identifying the source of the data they were analyzing

    OK, this is just plain dumb.

    You can’t do analysis unless you can understand the source of your data, especially when you are working with multiple data sources.

    First there’s the question of independent vs overlapping data. Let’s say you’ve got 8 data items pointing to contact between Persons A and B. But if you don’t know the source of your data, you don’t know if you’ve got 8 independent items pointing to 8 separate contacts, 8 items all pointing to the same single contact, or some iteration in between those options.

    Then there’s the question of data quality. Let’s say you’ve got three general sources of data, one of which is known (or even suspected) to be significantly less reliable than the other two. Analysts need to be able to gauge the quality of the data, which requires knowledge of the source. Imagine filling out an NCAA basketball bracket with data from Ken Pomeroy, ESPN Insider, and the drunk who keeps muttering “Jayhawks Rock!” at the end of that bar off of Massachusetts Street in Lawrence — but you don’t know which data is from which source.

    At this point, the NSA and its friends have told so many different stories to so many different judges and congressional committees that they’re having a tough time keeping their lies straight. Until they are not allowed to get away with “least untruthful” answers, the lies will only continue.

    • emptywheel says:

      I get what you’re saying but don’t think it applies here.


      The source of data is just whether it consists of phone records obtained domestically or offshore. But the actual underlying source is almost certainly all the same, because the global telecom system uses a consistent system (have to, to be interoperable).


      And while analysts DO get data that might arise from two different sources (say, 12333 and FISC on a call between Somalia and the US), that doesn’t add to the validity of the record.


      It’s a legal issue, almost exclusively, as I understand it.

  2. WilliamOckham says:

    I’m fairly confident that the technical means of collection is a single system that intercepts all the data (content and metadata) and filters it in real time. The whole stupid song and dance that the NSA has done since 2004 makes no sense otherwise. Something has to explain why the NSA swore to a judge that they had no idea how the HTTP and SMTP protocols work. Or how they implemented MYSTIC. It’s been pretty obvious sense Mark Klein first blew the whistle on the NSA’s secret server room at AT&T.

Comments are closed.