May 20, 2014 / by emptywheel


The Administration Stops Pretending Phone Dragnet Is Only about Phone Calls

The other day, I noted that the language describing contact-chaining had been changed to permit chaining between identifiers that had a “connection” even without any actual phone contact. At a minimum, this permits the government to contact chain on various phones associated with the same person. But in the telecoms hands (which have access to geolocation information the government may not collect under the phone dragnet) it may also mean close proximity.

The Administration made this all more obvious with changes it added to the HR 3361, AKA the USA Freedom (Freedumb) Act. It changed the language on contact chaining from this:

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production;

(II) using the results of the production under subclause (I) as the basis for production; and

(III) using the results of the production under subclause (II) as the basis for production;

To this:

(iii) provide that the Government  may require the prompt production of call  detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii)  as the basis for production; and

(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;

(iv) provide that, when produced, such records be in a form that will be useful to the Government;

Now there is actually an important improvement in this language. The new language requires each step return to a call detail record: a phone number or SIM card number, for example. The telecoms can’t use things like geolocation or email addresses in that interim hop, as they might have been able to do under the previous language.

Though the end results may only need to be “a form that will be useful to the Government.” Before, the end results had to be a CDR; this would seem to permit some other kind of result.

And along the way, the Administration has abandoned all pretense that contact-chaining is only about tracking who calls whom. This language makes clear that the chaining is about connections.

As I said, the most obvious kind of “connection” is a burner phone: identifying the new phone of the same target based off the old phones existing call patterns. And, given the big push to outsource the call records to the telecoms, NSA surely intends to use cell location (the telecoms can legally use location, whereas the NSA is not permitted to under current FISA rules).

But those are only the most obvious applications. It would take a great deal of imagination, I think, to anticipate all the kinds of connections the NSA might ask the telecoms to make for them.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @