April 9, 2014 / by emptywheel


James Clapper Doesn’t Want You To Know about Verizon’s Foreign Metadata Problem He Already Told You About

Screen shot 2014-01-20 at 3.20.11 AM

Back in September, I noted that the September 3, 2009 phone dragnet Order turned production from a particular telecom back on; it had been turned off in the July 8, 2009 Primary Order.

In addition, the Custodian of Records of [redacted] shall produce to NSA upon service of the appropriate Secondary Order an electronic copy of the same tangible things created by [redacted] for the period from 5:11 p.m. on July 9, 2009 to the date of this Order, to the extent those records still exist.

In January, after ODNI exposed Verizon’s name as the provider directed in all Primary Orders since May 2009 to provide only its non-foreign call records, I laid out when and how the problem of one provider’s foreign data records appears in FISA dragnet orders.

Up until at least March 5, 2009, all the telecoms were addressed in one paragraph starting, “the Custodian of Records.” Starting on May 29, 2009, that’s split out into two paragraphs, with the original Custodian of Records paragraph and the one we know to be specific to Verizon. We don’t have the following order, dated July 8, 2009, but we know that order shut down production from one provider because it was also producing foreign-to-foreign data; that production was restarted on September 3, 2009.

EFF apparently asked ODNI to formally declassify the parts of that September 3 order, and ODNI unsurprisingly objects.

Though, if it were not already clear this is Verizon we’re talking about, a footnote explains,

All Secondary Orders have been withheld in their entirety as any attempt to redact the identity of the service providers in these Secondary Orders, in compilation with other documents that have been declassified, i.e., the BR 13-80 Primary Order and Verizon Secondary Order, would allow a reader to ascertain the identity of the provider simply by looking at the size of the redacted/blocked material, or comparing any redacted Secondary Order with other classified documents.

The only Secondary Order we have is for Verizon. And as a fairly accomplished redaction comparer, I can confirm that comparing redactions and text blocks only works for the same text. So this footnote only makes sense if the provider in question is Verizon.

In spite of the fact that ODNI already (briefly) released Verizon’s name as the provider in question and exacerbated it with this footnote I’m not surprised they’re trying to deny this request.

I am, however, intrigued by the language they use to fight the request, given that we’re talking about whether Verizon provides foreign call records under a domestic program.

The identity of any company ordered to provide call detail records to the NSA clearly relates to “any function of the National Security Agency,” 50 U.S.C. §3605. Indeed, it relates to relates to one of the NSA’s primary functions, its SIGINT mission. NSA’s SIGINT responsibilities include establishing and operating an effective unified organization to conduct SIGINT activities as set forth in E.O. 12333, section 1.7(c), as amended. In performing its SIGINT mission, NSA exploits foreign electromagnetic signals to obtain intelligence information necessary to the national defense, national security, and the conduct of foreign affairs. NSA has developed a sophisticated worldwide SIGINT collection network that acquires, among other things, foreign and international electronic communications. The technological infrastructure that supports NSA’s foreign intelligence information collection network has taken years to develop at a cost of billions of dollars and untold human effort. It relies on sophisticated collection and processing technology.

Pursuant to its SIGINT mission, and as authorized by the FISC, NSA quickly analyzes past connections and chains communications through telephony metadata collected pursuant to Section 215. Unless the data is aggregated, it may not be feasible to detect chains of communications that cross communication networks. The ability to query accumulated telephony metadata significantly increases the NSA’s ability to rapidly detect persons affiliated with the identified foreign terrorist organizations who might otherwise go undetected.

From there, ODNI’s declaration goes on to claim that if Verizon’s name were made public, the bad guys would know to avoid Verizon. Which is sort of nonsense, given the reports that Verizon provides not just their own customers’ records, but also those that transit their backbone.

But I do find it interesting that, in a discussion about hiding the name of a telecom that was accidentally turning over some significant amount of entirely foreign call records under a program that — because it was targeted at domestic users — subjected those records to greater oversight than the foreign records turned over under EO 12333, ODNI started with a discussion of its EO 12333 authorized overseas collection. Particularly given that we know Verizon provides an enormous amount of that overseas collection.

That is, ODNI says that they can’t reveal Verizon was the provider that accidentally provided foreign call records under a domestic order — in spite of the fact that they already did — because if they do it will endanger its overseas collection.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2014/04/09/james-clapper-doesnt-want-you-to-know-about-verizons-foreign-metadata-problem-he-already-told-you-about/