Dianne Feinstein Discovers Its Not “Just” Metadata

Over the course of years of defending the NSA’s bulk metadata programs, Dianne Feinstein made a series of statements to suggest that massive collection of metadata — including aspiring to collect the phone records of every American — was no big deal because it didn’t include content.

June 6, 2013:

[T]his is just metadata. There is no content involved.

October 20, 2013:

The call-records program is not surveillance. It does not collect the content of any communication,

May 18, 2014:

It’s not a surveillance program, it’s a data-collection program.

But it appears Senator Feinstein no longer believes that the bulk collection of metadata is a minor issue. In response to yesterday’s unsealing of the indictment against 4 Russian hackers for targeting Yahoo, Feinstein had this to say:

Today’s charges against hackers and Russian spies for the theft of more than 500 million Yahoo user accounts is the latest evidence of a troubling trend: Russia’s sustained use of cyber warfare for both intelligence gathering and financial crimes. The indictment shows that Russia used these cyberattacks to target U.S. and Russian government officials, Russian journalists and employees of cybersecurity, financial services and commercial entities.

500 million user accounts didn’t get hacked. Upwards of 6,500 accounts got hacked for content, and the contacts of another 30 million were harvested for spam marketing. The 500 million number refers to the theft of a database of metadata. The indictment made clear that this was non-content data:

21. Beginning no later than 2014, the conspirators stole non-content information regarding more than 500 million Yahoo user accounts as a result of their malicious intrusion. The theft of user data was part of a larger intrusion into Yahoo’s computer network, which continued to and including at least September 2016. As part of this intrusion, malicious files and software tools were downloaded onto Yahoo’s computer network, and used to gain and maintain further unauthorized access to Yahoo’s network and to conceal the extent of such access.

22. The user data referenced in the preceding paragraph was held in Yahoo’s User Database (“UDB”). The UDB was, and contained, proprietary and confidential Yahoo technology and information, including, among other data, subscriber information, such as: account users’ names; recovery email accounts and phone numbers, which users provide to webmail providers, such as Yahoo, as alternative means of communication with the provider; password challenge questions and answers; and certain cryptographic security information associated with the account, i.e. the account’s “nonce”, further described below. Some of the information in the UDB was stored in an encrypted form.

Feinstein has long insisted that so long as content is not collected, it doesn’t amount to surveillance.

Now, I’ll grant you: the Yahoo database included far richer metadata than NSA got under the bulk phone and Internet metadata programs that Feinstein long championed. It includes names, alternate contacts, password hints, and that nonce (which is what the Russians used to break into email accounts themselves).

But we know that NSA’s phone and Internet dragnet programs correlated collected metadata with other information it had to develop this kind of profile of targeted users. We know it has the ability (and so therefore, presumably does) collect such data — as metadata — overseas. The definition of EO 12333 collected metadata that can be shared freely between intelligence agencies remains silent on whether it includes things like names. And even the modified phone dragnet program rolled out under USA Freedom Act correlates data — meaning it will pull from all known instances of the identifier — even before requesting data from providers.

So NSA is still collecting metadata — in quantities greater than what Russia stole from Yahoo — including metadata on US persons.

Perhaps given Feinstein’s newfound discovery of how compromising such information can be, she’ll be a little more attentive to NSA and FBI’s own use of bulk metadata?

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

13 replies
  1. earlofhuntingdon says:

    “It’s not a surveillance program, it’s a data-collection program.”

    That’s a relief. For a minute there, I thought the government was spying on its own citizens, keeping undisclosed amounts of information on undisclosed numbers of people, for an undisclosed period of time, for undisclosed purposes, and sharing it with undisclosed private contractors under undisclosed terms of use. Who ever said the Senate attracted greater talent than the House?

    Mr. Churchill might describe Ms. Feinstein’s parsing not as Clintonesque, but as a terminological inexactitude.

  2. earlofhuntingdon says:

    Should Ms. Feinstein’s staff wish to be proactive, they might contact Shoshana Zuboff at the Harvard Business School, or, in her home state, the staffs at the Berkeley Center for Law and Technology (its 6th annual privacy law forum is in San Jose on March 24th) or the Stanford Center for Internet and Society.

  3. scribe says:

    Yet again, Feinstein shows her approach to government activities re surveillance (in particular) and intelligence (in general) to be thoroughly infected with partisan bias.  When she chaired the Intel Committee, during Obama’s administration, she was OK with what the IC was doing.  I suppose because the Executive Branch functionaries in charge were, nominally, under the control/supervision of people from her party.  But, you’ll recall, the minute control of the Senate shifted from her party to the other one (and she was no longer Chair of the Intel Committee) she was shocked, shocked, shocked by all the misdeeds going on.  And now that the Executive Branch functionaries are from the Other party, too, she’s the great civil libertarian.

    Frankly, I’d be inclined to call her a “hypocrite” but for two reasons.  First, it would be an insult to the other hypocrites out there to lump her in with them.  And second, she and her family have made entirely too much money and political capital off her act (how does one get a HUUUGE SF mansion like hers when you’ve only ever been on a government salary, anyway?) for too long such that any attempt to sway her by pointing out her rancid behavior would be a waste of time and energy.  She’s done this shit for years.

    So, caveat lector – she should not be taken seriously as anything other than a self-promoting partisan hack.

    • emptywheel says:

      There’s admittedly a difference between partisan hackery and nationalist bias. It is different if the Russians are doing it. But it ought to make her realize how infringing it can be.

  4. SpaceIfeForm says:

    She drank the IC Koolaid long ago.  Her comment continues the refrain that it is Russia.  In no way, shape, or form does she indicate that she ‘gets it’ with regard to metadata.

    Hasn’t she at least ‘heard about’ the cia tools leak that indicates false flag ops?

    She has her head in the sand looking for her rose coloured glasses.

  5. SpaceIfeForm says:

    twelve-triple-three 12333

    Note there is a link to DF talking about lack of oversight into 12333 but no mention of metadata back then.

    https://www.techdirt.com/articles/20170316/01500636929/rep-devin-nunes-hypocrisy-display-concerns-over-nsa-surveillance.shtml

    “Reporter Katie Bo Williams got her hands on an interesting letter that Nunes, along with ranking member Rep. Adam Schiff, just sent to the heads of the CIA, NSA and FBI, continuing to dig in on the whole “recorded Mike Flynn” thing. The target now is Executive Order 12333…”

    This new letter suggests that the Flynn recording came under 12333, and so he’s demanding all sorts of data on how 12333 is used on US Persons.”

  6. earlofhuntingdon says:

    I don’t think Ms. Feinstein is a hack.  She is talented if thoroughly establishmentarian.  Her church seems to be the defense industry; it certainly contributes mightily to her husband’s investments.  She is not liberal, only occasionally progressive, in the manner of a wealthy northern Californian who thinks that the Bohemian Grove is a refuge for casual relaxation.

  7. PeasantParty says:

    Why does things like this have to happen in order to prove to her that she doesn’t do oversight?  We all knew that, but she acts as though she had everything in hand.  They are all profit centers off the taxpayers there on Capital Hill and the White House.  What I would like to see is a Brand NEW TRIBUNAL for the lot of them!

     

  8. GKJames says:

    “It’s not a surveillance program, it’s a data collection program.” Could it be that time and technology simply passed Feinstein by? Sure, in the old days listening in on calls was different from a register of numbers. But that’s hardly the case in an era of VoIP protocols. Yet another reason for term limits?

    • fastenbulbous says:

      I prefer mandatory retirement from any/all government offices immediately at age 70. You want to elect a 68 year old president? Better have a good VP — he takes over after 2 years. I am suggesting that there be NO ONE above the age 70 in any government position.

  9. Maudy Grunch says:

    But what if data from NSA collection proves that people in the White House engaged in laundering Russian money and/or collusion of some sort? What if this data proves Trump is a thief and his staff colluded with foreign governments for “pay to play”? Will we justify those collections if they bring down a totally corrupt White House?

  10. Michael says:

    “The call=records program is not surveillance.”

    Slurping up, storing, “massaging” names, email addresses, dates/times is not surveillance? The cop who records who meets with who, when; records when and where a target goes…. that cop is not conducting surveillance? I think a lot of cops would disagree. So if someone were to “tail” Ms Feinstein 24/7 and record who she communicated with and when, she would object to harassment, not surveillance.

    Witnessing Ms Feinstein’s awakening over the last four years has felt less exciting than watching paint dry.

    surveillance: close watch kept over someone or something – Merriam Webster online

Comments are closed.