Working Thread, Internet Dragnet 5: The Audacious 2010 Reapplication

At some point (perhaps at the end of 2009, but sometime before this application), the government tried to reapply, but withdrew their application. The three letters below were sent in response to that. But they were submitted with the reapplication.

See also Working Thread 1Working Thread 2Working Thread 3, Working Thread 4, and Internet Dragnet Timeline. No one else is doing this tedious work; if you find it useful, please support it.

U. First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices,

(15/27) In addition to tagging data itself, the source now gets noted in reports.

(16/27) NSA wanted all analysts to be able to query.

(16/27) COntrary to what redaction seemed to indicate elsewhere, only contact chaining will be permitted.

(17/27) This implies that even technical access creates a record, though not about what they access, just when and who did it.

(17/27) NSA asked for the same RAS timelines as in BRFISA — I think this ends up keeping RAS longer than an initial PRTT order.

(18/27) “Virtually every PR/TT record contains some metadata that was authorized for collection, and some metadata that was not authorized for collection … virtually every PR/TT record contains some data that was not authorized by prior orders and some that was not.”

(21/27) No additional training for internal sharing of emails.

(21/27) Proof they argue everything that comes out of a query is relevant to terrorism:

Results of queries of PR/TT-sourced metadata are inherently germane to the analysis of counterterrorism-related foreign intelligence targets. This is because of NSA’s adherence to the RAS standard as a standard prerequisite for querying PR/TT metadata.

(22/27) Note “relevance” creep used to justify sharing everywhere. I really suspect this was built to authorize the SPCMA dragnet as well.

(23/27) Curious language about the 2nd stage marking: I think it’s meant to suggest that there will be no additional protection once it circulates within the NSA.

(24/27) NSA has claimed they changed to the 5 year age-off in December 2009. Given the question about it I wonder if that’s when these letters were sent?

(24/27) Their logic for switching to USSID-18:

these procedures form the very backbone for virtually all of NSA’s dissemination practices. For this reason, NSA believes a weekly dissemination report is no longer necessary.

(24-5/27) The explanation for getting rid of compliance meetings is not really compelling. Also note that they don’t mention ODNI’s involvement here.

(25/27) “effective compliance and oversight are not performed simply through meetings or spot checks.”

(27/27) “See the attached word and pdf documents provided by OIG on an intended audit of PR/TT prior to the last Order expiring as an example.” Guess this means the audit documents are from that shutdown period.

V. Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices,

W. Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices.

(2) DNI adopted new serial numbers for reports, so as to be able to recall requests.

(3) THey’re tracking the query reports to see if they can withdraw everything.

(3) THis is another of the places they make it clear they can disseminate law enforcement information without the USSID requirements.

(4) It appears the initial application was longer than the July 2010, given the reference to pages 78-79.

Q: Government’s Application for Use of Pen Register/Trap and Trace Devices for Foreign Intelligence Purposes. (around July 2010)

There are some very interesting comparisons with the early 2009 application, document AA.

(1)  Holder applied directly this time rather than a designee (Holder may not have been confirmed yet for the early 2009 one).

(2) The redacted definition of foreign power in AA was longer.

(3) “collect” w/footnote 3 was redacted in AA.

(3) Takes out reference to “email” metadata.

(3) FN 4 both focuses on “Internet communication” rather than “email [redacted]” as AA did, but it also scopes out content in a nifty way.

(3) FN 5 appears to define “Internet comm.”

(4) They add “databases and/or archives” though “archives” was only withdrawn from AA because Walton has just prohibited its use. Also, this uses “repositories” plural.

(4) Defined “identifiers” here used to be email [redacted].

(4) “As appropriate” language at bottom is new.

(5) THere was a footnote on “subject of any FBI investigation” in AA.

(5) “metadata” in middle of page used to be “data.”

(5) As with Holder, here Alexander replaces a surrogate in AA.

(5) This admits they will share with foreign governments; AA did not.

(6) In 2, “information” was “metadata,” and “collected” was “acquired.” Facilities (or its predecessor) redacted in AA.

(6) Govt didn’t submit memo of law w/AA.

(7) Govt didn’t include USSID 18 in AA.

(7) Note reference to April 2010 FBI number; in AA this was December 2008. Both seem to be about 3 months before the application.

(7) Last redaction is “the NSA” in AA.

(8) There’s a shift from talking about pen register devices (in AA) to talking about PR authority.

(9) No mention of “below the bcc line” which was in AA and original application.

(9) Unique markings is new–was added by Walton previous fall.

(9) Defeat list obv neW.

(12) The “auditible record” in AA was listed out.

(12) FN 10: this associated language is particularly important.

(13-14) The “DNI has independent responsibility” language is new, and does not have a parallel in the BR FISAs either before or after.

(14) The order on this compliance stuff has been tweaked a bit.  Also, they replaced “shall” with “will” throughout.

(15) description of changes in methods is new

(15) Now they’ve switched back to talking about “devices” again.

(16) Obv this is all new.

R. Memorandum of Law and Fact in Support of Application for Pen Registers and Trap and Trace Devices for Foreign Intelligence Purposes,

(2) They repeat–then add a long footnote–to their new definition of “not content.”

(3) They’ve decided what they did before was all legal and therefore should be able to collect it all.

(4) The bid to getting rid of past minimization procedures is missing a comma.

(5) Note reference to single doc recovered (this would be before OBL killing).

(9) The “particularly importance” language may suggest “some” limits, but they’re likely very small.

(11) Now they use “content” in the traditional fashion.

(14) They must not specify even all the locations they’re collecting given the post-redaction sentence.

(15) Just some of the data will be subject to “multi-level validation” before going into the repositories.

(16) A long redaction before we get to the part of querying we’re used to. Makes me think of the call-chaining prep as described earlier.

(21) Important discussion of how they changed this starts here: Note it probably explains the different language they used relating to collection versus acquiring.

(22) Here’s where they do their DRAS =/= content.

(23) Once again the govt is speaking broadly about what Congress intended. I wonder whether this was timed to the 2010 reauthorization of PATRIOT?

(24) Here we go:

Information that is both located in the appropriate field and is in the appropriate format for addressing is by definition ‘addressing information.’ Nothing in the pen register statutes requires “addressing information” to be used for the functional or technical purposes of addressing at the time of collection.

(25) They’re also getting rambunctious with the definition of “facilities” but that’s all redacted.

(29) Once again they argue the FISC has “limited’ authority with respect to a PRTT application.

The Government continues to believe that the language of the Certification should be determinative of this issue and incorporates those previously advanced arguments as if set forth more fully herein.

(30) This is one of my favorite comments from these documents.

Relevance here is not properly measured through scientific metrics or the number of reports issued over the course of a year and it does not require a statistical “tight fit” between the volume of proposed collection and the much smaller proportion of information that will be directly “relevant” to the investigations of the Foriegn Powers to protect against international terrorism. See Opinion and Order, docket number PR/TT [redacted], at 49-50. Rather, relevance here properly is measure in packets of metadata that over an extended period of time, can help to fill in information that provides a more complete picture of the communications practices of these Foreign Powers and their agents.

(36) Lots of pretty unconvincing language in here as to whether this stuff really counts as DRAS.

(45) The discussion in footnote 25 has an error in the reference to the House Report, which should go back to the earlier referenced one. Here’s the discussion that is redacted.

 Thus, for example, an order under the statute could not authorize the collection of email subject lines, which are clearly content. Further, an order could not be used to collect information other than ‘‘ dialing, routing, addressing, and signaling’’  information, such as the the portion of a URL (Uniform Resource Locator) specifying Web search terms or the name of a requested file or article.

This concept, that the information properly obtained by using a pen register or trap and trace device is non-content information, applies across the board to all communications media, and to actual connections as well as attempted connections (such as busy signals and similar signals in the telephone context and packetsthat merely request a telnet connection in the Internet context).

(46) They distinguish between this and the information in a pager.

(46) Wonder what the subject of the District Court opinions are: location?

(50) In footnote 28, the government dismisses language prohibiting the collection of other stuff as irrelevant to their question of whether they can collect stuff that’s not DRAS but allegedly not content.

(55) I think they have redacted some, but not all, of the email “validation” references elsewhere.

(56) The redacted stuff must get closer to admitting this stuff is meaningful content.

(59) The government counterposes “individualized warrant” against collecting all metadata.

(60) I’d be curious whether the Kerr citation treats the same stuff they’re saying isn’t content.

(62) Really curious redaction in FN 33. Especially since I believe FISC changed minimization procedures for TItle I in 2008.

(63) Compare the statement on balance here with the far more outrageous one in the 2004 application.

(64) This recurrent rebuttal to efficacy questions makes me wonder whether Ron Wyden and Russ Feingold were already pushing that issue– we know that Wyden and Udall spent much of 2011 doing so.

the measure of efficacy required to make a search “reasonable” is not a numerically demanding success rate for the search.

(65) Hey! THat redaction after “chaining” that disappeared for a while in 2009 is back, suggesting they’re planning more than simple chaining.

(70) They call 2-hop connection a “direct contact” with an identifier.

(71) Actually don’t know if “compliance report” is same thing as E2E report.

(72) THey pretend PRTT doesn’t regulate use normally.

(72) They claim the applications imposed controls, not the orders, maintaining structure that they’re the ones imposing minimization.

(72) Court has asserted, the Government has supported that assertion

(73) This is where the government claims the Court has authority to query everything.

(73) It relies on “known and extended absence provision” of FBI minimization (the logging language reminds me of the changes made in 2008, per Moalin).

(74) Govt uses language prohibiting intentional violations in criminal statutes to say that bc this wasn’t intentional they should be able to access the data good faith. Which of course pretends it wasn’t intentional.

S. Declaration of General Keith B. Alexander, U.S. Army, Director, NSA, in Support of Pen Register/Trap and Trace Application, T. Exhibit D in Support of Pen Register/Trap and Trace Application. U. First Letter in Response to FISC Questions Concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices: V. Second Letter in Response to FISC Questions concerning NSA bulk Metadata Collection Using Pen Register/Trap and Trace Devices, W. Third Letter in Response to FISC Questions Concerning NSA Bulk Metadata Collection Using Pen Register/Trap and Trace Devices.

F. FISC Primary Order. July 2010:

(4) There seems much more emphasis on the assistance of providers; this language parallels what’s in USAF.

(10) Bates switched the “will” language back to “shall” here. They also took out the ODNI language.

(12) Here’s the language permitted them to access the data; it seems like it would amount to virtually all of it.

G. FISC Memorandum Opinion Granting in Part and Denying in Part Application to Reinitiate, in Expanded Form, Pen Register/Trap and Trace Authorization,

(8) It’s interesting that they relied on a Leiter statement from a previous docket; the US approach to AQAP changed in the interim.

(11) The footnote likely admits that this application would be drawing on far more communications.

(11) Director of NSA has informed me that at no time did NSA collect any category of information … other than the [redacted] categories of meta data.” “This assurance turned out to be untrue.””There is not the physical possibility of our having [collected content]

(17) Was 1000 analysts displayed in the compliance docs?

(19) The delegated approval and not for CT purpose may not be declass in other docs

(20) Overcollection was discovered by OGC

(21) Still interested in Bates’ comment abt why it was allowed to continue? Did NSA delay in telling Bates?

(22) “the extraordinary fact that NSA’s end-to-end review overlooked unauthorized acquisitions that were documented in virtually every record of what was acquired, it must be added that those responsible for conducting oversight at NSA failed to do so effectively.”

(23) The government did run emergency queries on at least several subjects and reported those to the court

(29) Footnote 30 modifies the redacted sentence(s). It shows inconsistent judgments on whether the government can record the “contents” of PRTT.

(35) Some of what they’re discussing (which is redacted later) is logging into an account and/or processing or transmitting an email or IM communication. That counts as signaling to Bates.

(72) 11-24 fold increase in volume.

(80) This should make this not a PRTT.

At this pre-collection stage, it is uncertain to which facilities PR/TT devices will be attached or applied during the pendency of the initial order. … For this reason, and because the Court is satisfied that other specifications in the order will adequately demarcate the scope of authorized collection, the Court will issue an order that does not identify persons pursuant to Section 1842(d)(2)(A)(ii). However, once this surveillance is implemented, the government’s state of knowledge may well change. Accordingly, the Court expects the government in any future application to identify persons (as described in Section 1842(d)(2)(A)(ii)) who are know to the government for any facility that the government knows will be subjected to PR/TT surveillance during the period covered by the requested order.

(86) Apparently there’s a think (data mining?) that they only do to the corporate store.

(108) “The government’s descriptions of the overcollected information make clear that the information concerns the identity of the parties, the existence of the communications, or both.

July to August 2010: First of clarifying letters on dragnet order. FF: Government’s First Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata.

August 2010: Second clarifying letter on dragnet order. GG: Government’s Second Letter to Judge Bates to Confirm Understanding of Issues Relating to the FISC’s Authorization to Collect Metadata:

These both just ask for clarification of Bates’ opinion on 5 issues. But it shows there was at least a several week delay in implementing the new collection.

2 replies
  1. Greg Bean (@GregLBean) says:

    EW, I love what you do and really appreciate what must be torturous hours pouring over this stuff to extract the information you highlight, BUT, I get overloaded by the sheer volume and don’t understand the implications of some (much) of what you write in these working threads and timelines. I doubt I’m alone.

    I’ve spent many years working with ‘visualization’ tools that take masses of information and turn it into understandable, instantly intuitive pictures, (mostly for major corporations who need insight into their business performance) and feel that if your information were augmented using visualizations it would capture a much wider audience’s attention.

    Have a look at this set of examples (or google ‘world’s best visualizations’ for more) and you’ll see how it might be done.

    PM me on twitter if you want to discuss.

    Truly, your astonishing talent is not having the impact it should, or could with a few elegant visualizations.

    • wallace says:

      quote”BUT, I get overloaded by the sheer volume and don’t understand the implications of some (much) of what you write in these working threads and timelines. I doubt I’m alone.”unquote

      Indeed, you are not alone. I’m still trying to get my head around the docs from the first batch…notwithstanding keeping up with new revelations every day, the Ferguson debacle, the ISIL /journalist travesty, my wife’s honey’do’s, and emptywheel’s improvisational recipe’s for the not faint of :)

Comments are closed.