June 22, 2014 / by emptywheel

 

DiFi’s Fake FISA Fix “Connection” Language

As you know, I’ve been trying to track the language in existing phone dragnet orders and new legislation approving the collection of records that are “connected” to a selector by means other than actual calls made. (See here, here, and here for background.) Basically, the automated query approved by the FISA Court in 2012 and the USA Freedumber Act both authorize the government to collect call detail records from phones “connected” to a selector without any call having been made.

Clearly this provision serves to allow the government to track “burner” phones. But given that under the Hemisphere program, AT&T uses cell location to conduct chaining, I expect “connections” will include that too. And it may include things like address books, photos, and calendars, which would be accessible to smart phone providers, and which we know the NSA collects and uses to establish such connections overseas.

I just realized in the last few days that the Fake FISA Fix Dianne Feinstein passed through the Senate Intelligence Committee last year also provides for “connections” based chaining. Here’s how it appears in the bill:

Scope of permissible query return information:

For any query performed pursuant to paragraph (1)(D)(i), the query only may return information concerning communications—

(A) to or from the selector used to perform the query;
(B) to or from a selector in communication with the selector used to perform the query; or
(C) to or from any selector reasonably linked to the selector used to perform the query, in accordance with the court approved minimization procedures required under subsection (g). [my emphasis]

This appears to confirm that the existing connection chaining uses the minimization procedures stage to assess the validity of the connection.

Nowhere, however, have I ever seen any language limiting what kind of “reasonable links” NSA can make in secret.

Particularly given that the government is intent on giving telecoms to make these links, we really ought to be limiting the kinds of links they’re permitted to make.

Copyright © 2014 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2014/06/22/difis-fake-fisa-fix-connection-language/