Wyden to Coats: Admit You Know NSA Is Collecting Domestic Communications under 702

Last week, I noted that Ron Wyden had asked Director of National Intelligence Dan Coats a question akin to the one he once asked James Clapper.

Can the government use FISA Act Section 702 to collect communications it knows are entirely domestic?

Coats responded much as Clapper did four years ago.

Not to my knowledge. It would be against the law.

But, as I pointed out, Coats signed a certification based off an application that clearly admitted that the government would still collect entirely domestic communications using upstream collection. Rosemary Collyer, citing the application that Coats had certified, stated,

It will still be possible for NSA to acquire [a bundled communication] that contains a domestic communication.

When I asked the Office of Director of National Intelligence about this, they said,

Section 702(b)(4) plainly states we “may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States.” The DNI interpreted Senator Wyden’s question to ask about this provision and answered accordingly.

Yesterday, Ron Wyden wrote Dan Coats about this exchange. Noting everything I’ve just laid out, Wyden said,

That was not my question. Please provide a public response to my question, as asked at the June 7, 2017 hearing.

Wyden doesn’t do the work of parsing his question for Coats. But he appears to be making a distinction. The language ODNI’s spox pointed to discusses “intentionally acquir[ing a] communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States.” Wyden’s question, however, did not use the term “intentionally” and did not include the language about “knowing at the time of collection” that the communication is domestic.

The distinction he is making appears to be the one I pointed out in this post. In a 2010 opinion, John Bates distinguished data that NSA had no reason to know was domestic communication (in this case, categories of packet information prohibited by the FISC in 2004, effectively content as metadata, but the precedent holds for all FISA collection), which he treated as legal, from that the NSA had reason to know was domestic.

When it is not known, and there is no reason to know, that a piece of information was acquired through electronic surveillance that was not authorized by the Court’s prior orders, the information is not subject to the criminal prohibition in Section 1809(a)(2). Of course, government officials may not avoid the strictures of Section 1809(a)(2) by cultivating a state of deliberate ignorance when reasonable inquiry would likely establish that information was indeed obtained through unauthorized electronic surveillance.

If NSA knew the data it was collecting was domestic, it was illegal. If NSA didn’t know the data it was collecting was domestic, it was not illegal.

But don’t you dare deliberately cultivate ignorance about whether the data you’re collecting is domestic, John Bates warned sternly!

Here, of course, the government has told the court in its application, “Hey, we’re going to be collecting domestic communications,” but then, in testimony to Congress, said, “nah, we’re not collecting domestic communications.”

Having said in its application that it is still possible to collect domestic communications, it sure seems the government has ceded any claim to be ignorant that it is collecting domestic communications.

Which would make this collection of domestic communications illegal.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

22 replies
  1. SpaceLifeForm says:

    The Government basically admitted everything, just not publicly to Congress.
    Which is what Senator Wyden wants to happen.

    https://www.techdirt.com/articles/20170614/17570137592/2008-fisa-transcript-shows-nsa-already-knew-it-might-have-incidental-collection-problem.shtml

    The ODNI has released several documents in response to FOIA lawsuits (EFF, ACLU). The EFF scored 18 of these and the ACLU seven.

    [On first read, it appears most of this has been covered by Marcy already, but you never know]

    There are some really interesting tidbits to be gleaned from the often heavily-redacted proceedings, including this statement, which makes it clear the NSA engaged in wholly-domestic surveillance prior to the FISA Amendments Act.

    [My parser crashes on the first sentence by the REDACTED GOV’T RESPONDENT][

    THE COURT: All right. Well, what about the non-U.S. person status, which of course is new under the FISA Amendments Act? Are you going to be changing anything in terms of focusing on that?

    [REDACTED GOV’T RESPONDENT]: We already sort of do with respect to the U.S. person status is so intertwined with the location of the target [REDACTED] to the extent that in the past NSA.would actually affirmatively identify targeted U.S. persons to us on the sheets, because one of the additional fields that they put in the sheets is basically a blurb, an explanation and a description of the target.

    Clearly, we’re not allowed to target US persons anymore, so I don’t anticipate seeing any such descriptions on the sheets. But again, since the status of the person, the determination of how that is made is so intertwined with the same information upon which NSA relies to make a foreignness determination, that it would be hard for us not to identify such information as we’re conducting the reviews.

  2. SpaceLifeForm says:

    OT: Purpose of DC leaks.

    Prevent attempted coverup.

    Apparently, many, many law firms in DC want to have no action with regard to the Trump-Russia mess. Ten foot poles are way too short.

    Pence is stressed to max, and has hired a lawyer.

    Trump lawyer Cohen has hired a lawyer.

    Trump lawyer Sekulow added to team (see underside of bus). Trump idea? Or Kasowitz idea? (my guess: Kasowitz)

    I found it hilarious that recently Sekulow was whining about the DC leaks. Like, who ya gonna call? Ghostbusters?

    He can whine all he wants, but he has no legal entity that cares to hear his whining at this point. Well, except maybe to record his calls.

  3. SpaceLifeForm says:

    OT: RW leak

    It is the soup du jour watercooler talk inside IC.
    Every day. Probably 99% think she was just stupid. Any given individual’s reasoning that led that person to that conclusion varies depending upon the inside intel they have read and/or heard and the scuttlebutt of the day.

    But, what is really stupid is that she had mandatory training on basic opsec and on not taking the bait on phishing emails. Mandatory for everyone in MIL/IC. Mandatory. Even if your role does not require daily computer use.

    So maybe she just was stupid like most inside MIL/IC conclude.

    But, why was she allegedly using tor from home?

    Was she turned?

    • greengiant says:

      Winner and tor,  first guess she saw one too many movies or read one too many books.   Fits with sending it to gg.  ( Apologies to EW for possibly having cashed a check or two from that outfit ).  Poitras’s movie Risk was being reviewed in May.    Second guess,  avoiding some private actors monitoring,  but then she would not have been using facebook from the same computer.

      2017 media research is Murdoch phone tapping on steroidal Cambridge Analytica click history sorting.  Guess any number of actors know Winner’s history better than she or watercooler denizens do.  Think media does parallel construction as well so not yet worth taking public in Winner’s case.  Is someone suggesting she was sent to trap the intercept?

  4. TomA says:

    Marcy, you seem to think that domestic collection (surveillance) may stop or be inhibited if Senator Wyden somehow exposes this deceit by NSA. Why would you assume that? Wouldn’t it be more likely that NSA would simply find another legal ploy to exploit this opportunity. My guess is that they already have backup plans to accomplish this if the need should arise. I would argue that NSA cannot change its stripes, so the only prudent response is to educate the public that surveillance is ubiquitous (like gravity).

    • TheOfficialHashtagResistanceSuperPAC says:

      I agree.  Wouldn’t be the first time a mass surveillance program was exposed and ended only for another one to quietly start up.

  5. SpaceLifeForm says:

    OT: Marcy, pass on to Alex.

    A VPN is equivalent to a tor cicuit with only one node.

    Any VPN or Tor node, to be reachable, has to go thru routers that the user can not control.
    Any VPN server or Tor entry point is almost certainly *NOT ONE HOP* from user machine.
    It just can not be the case. No way.

    The ip traffic goes thru the users ISP.

    Upstream only has to be ‘upstream’ of the users ISP.

    Routers that are ‘upstream’ of ISP network, most certainly under 702.

    The ip adresses (Note definitely plural, because a router by definition has to have a least two routable working ip adresses to be functioning as a router) are then (well at least one of the ip addresses), used as 702 selectors. Actually, only the ‘upstream’ ip address needs to be used as the ‘selector’ in order to ‘collect it all’.

    Suspect every ISP has received NSLs about this. They are forced to cooperate and route traffic the way nsa wants so that upstream is effective.

    Now, even if vpn/tor, if the upstream collection can bust the security (likely if RSA), and upstream routers really under control by ic (likely), then everything is collected.

    But that would be too much data to look at and do any analysis on. So for specific targets they have to use additional selectors in order to winnow the dataset down to a more managable size.

    And if the target is using vpn/tor then in order to winnow out that targets traffic, they have to be doing traffic analysis and early tcp connection metadata analysis or, RSA is broken.

    VPNs/tor entry nodes, do not need to worry about 702. It is already taken care of before the servers actually see any of the traffic.

    And mention BGP hijacking to Alex so he can have a night of no sleep.

    Also Alex, if your pgp is still rsa….

    • SpaceLifeForm says:

      I left out a point about upstream routers.

      Because the router has to have at least two working routable ip connections (ip addresses) that can (and will) be used as selectors, even though upstream collection can normally function very well using the ‘upstream’ ip address as the selector, there are situations where the downstream ip addresses may be needed to be used as selectors.

      Remember, by definition, a router must have at least two working routable connections, which means two different ip addresses.

      But, and this is important to understand, the router can have lots of routable ip addresses.

      And some can exist totally in software.

      And they all do *NOT* require a wire or fibre.

      At least two will be physical hardware if it is a normal true router.

      But a router can function as a router even if it only has one physical connection. The rest can be in software via tunnels.

      So, two cases where you would use the ‘downstream’ ip address as a selector.

      The ‘router’ is really a reflector, a machine with maybe only one physical ip address visible but is providing pure refective tunnel services (the traffic should be visible via normal ‘upstream’ anyway, but the other case is potentially more important.

      A hacked upstream router. If you suspect a router (that is ‘upstream’) has been hacked, you most certainly would want to do the 702 ‘upstream’ collection on the ‘downstream’ side.

      The reason. If the router has been hacked, and it is supposed to function as expected for 702 purposes, but it is not, so you guess it may have been hacked, then you definitely will want to use the downstream ip addresses as selectors to hopefully find the attackers traffic.

  6. SpaceLifeForm says:

    Not buying. IG was snowed.
    Spreadsheets for access control?
    And the spreadsheets were corrupted?
    And no backups?
    Pure BS.

    https://mobile.nytimes.com/2017/06/16/us/politics/nsa-data-edward-snowden.html

    The report portrayed certain aspects of the N.S.A.’s internal controls as particularly sloppy before the Snowden breach in 2013. The inspector general found that the agency was unable to say how many privileged users and officials were empowered to transfer data. Those lists were kept in spreadsheets that had become corrupted and were no longer available.

    [To avoid the spreadsheet corruption problem,
    and especially since the Snowden leaks when they learned that they can not trust their own IT systems and procedures, rumour has it they keep track via post-it notes on the underside of mouse pads. No one looks there due to crumbs. AKA, crummy security]

  7. SpaceLifeForm says:

    OT: @RickR

    I’ve tried to answer your question multiple times over past few days, but, alas, into ether. Was not ignoring your question.

    My guess is due to importance and not tipping someone under investigation. Answer was no.
    It was most certainly the links.

    Let’s leave it at that for now. The subject will come back up later anyway. Count on it.

    • RickR says:

      Thanks for reply. No prob delay. We’re not doing teenage texting here. :)

      FYI: Followed project for many years including running exits. Still follow mailing lists. Just thought I’d missed something crucial.

      Enough said. Thanks again.

      • SpaceLifeForm says:

        Note: There is an important hint there in what I wrote (multiple == 4), and must be taken into context with other comments I have made recently. ‘Into ether’ is another hint, that others here have run into also.

        Connect those dots. You get the tech obviously. Connect those dots from past week. Our Ess Eh.

  8. SpaceLifeForm says:

    Marcy, you made my day. (RickR, dots here).

    Emptywheel tweeted:

    So I’m grateful for that big flag, like NSA is likely grateful for certain kinds of encryption to ID the good stuff.

  9. SpaceLifeForm says:

    Rock vs Hardplace

    (Depending on your view of the current state of encryption, and which crypto methods you trust, it can be difficult to decide which is the Rock and which is the Hardplace)

    But, one thing is for certain: trying to force backdoors is a waste of time as it will lead to further and further draconian laws that will accomplish absolutely nothing, and most certainly will lead to even worse problems in society.

    As the mandatory backdoor crap escalates, it will lead to complete failure of society, because the ‘going dark’ issue will become fact. Note “going dark” can mean getting offline, which could help, but percentage-wise, the percentage will not be large enough. We are not going to magically revert to pre-internet days.

    Failure of society will not be due to more people using better encryption, it will be due to the draconian laws foisted by fascists that will impact people that do not even care about encryption. They may not even have a cell phone or use internet!

    Fascists beleive in magical thinking, which is what a secret encryption backdoor is in their mind. Their mind is corrupted, addicted to money.

    So given the above, what can we expect in short term with two different views from within government?

    Talking about 5-eyes and MEPs.

    Remember, there is no such thing as a secret backdoor. It will be discovered.

    Also, important, note the last sentence.

    https://www.theregister.co.uk/2017/06/13/five_eyes_stare_menacingly_at_encryption/

    Officials from the United States, the United Kingdom, Canada, Australia and New Zealand will discuss next month plans to force tech companies to break encryption on their products.

    The so-called Five Eyes nations have a long-standing agreement to gather and share intelligence from across the globe. They will meet in Canada with a focus on how to prevent “terrorists and organized criminals” from “operating with impunity ungoverned digital spaces online,” according to Australian prime minister Malcolm Turnbull.

    http://www.telegraph.co.uk/technology/2017/06/16/eu-deals-theresa-may-encryption-setback-meps-propose-ban-government/

    The Government has been dealt a blow in its bid to force WhatsApp and other tech companies to hand over terror suspects’ encrypted messages by EU proposals.

    MEPs have tabled laws that would forbid countries in the EU from breaking the electronic protection that prevents security services from reading messages sent via WhatsApp. The plans would also impose obligations on tech companies that do not currently apply encryption to messages to do so.

  10. SpaceLifeForm says:

    OT: Memo to Google.

    I know you are trolling good on this one, and after you collect the ‘stuff’, just get the word out that it will not cost any taxpayer money.

    This is petty cash, I saw it the other day in the cookie jar in the big break room. Change left over for next Friday party.

    https://www.usatoday.com/story/news/politics/metro-government/2017/06/08/koch-group-among-those-against-citys-5-4-m-broadband-network-plan/379718001/

    A group affiliated with the Koch brothers’ powerful political network is leading an online campaign against Mayor Greg Fischer’s $5.4 million proposal to expand Louisville’s ultra-fast internet access.

  11. Media Matters says:

    It is perfectly legal to wiretap a cable that you know a particular person is using, even if that person is using only 0.01% of the bandwidth of the cable. It is well known to be incidental collection. The US government keeps a database of all seized hard drive images, database of phone calls, there is nothing to be concerned about.

    These politicians are well aware of what is happening.

Comments are closed.