[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Reclassification of Details on the 2011 Upstream Fight

As I noted in this post, Charlie Savage recently liberated more details on the resolution of the 2011 upstream 702 problems.

With respect to some details, however, the newly liberated documents represent a reclassification of details that were made public when the October 3, 2011 John Bates opinion was released in 2013. The government has provided entirely classified documents that are probably the early exchanges on the problem, including language that was unclassified in Bates’ 2011 opinion. In addition, the government has redacted dates that were also made public in Bates’ opinion.

I laid out both the timeline and the language cited from those early exchanges in this post. As I noted in this post, that timeline makes it clear that at the same time John Bates was asking NSA to assess the impact of upstream collection on US persons by sampling real NSA collection, Ron Wyden and Mark Udall were asking for the same thing.

I’ve laid out the combined timeline below. What it — and the newly released documents — show is just how brazen James Clapper’s refusal to provide real numbers to Wyden and Udall was. Not only did their request exactly coincide with the government’s request for more time so they could get more data — the count of US persons — to Bates (though Clapper’s record quick response delivered his refusal before Bates got his first real numbers). But the 48-hour turnaround on analysis of SCTs in September shows how quickly NSA can get rough estimates of US person data when they need to.

There are more alarming things the reclassification of these details suggests, which I’ll address in a follow-up. But for now, know that in 2011, the Intelligence Community refused to treat Congress with the same respect due a co-equal branch of government as it was treating Bates (and that’s the deep background to James Clapper’s 2013 “not wittingly” response).

April 2011, unknown date: Wyden and Udall ask for estimate of US person collection verbally

 

April 19, 2011: Notice of two upstream overcollection violations [see PDF 144]

April 20, 2011: One recertification submission

April 22, 2011: Two more recertification submissions

May 2, 2011: Clarification letter first admits MCT problem

May 5, 2011: Government asks for extension until July 22, 2011

May 9, 2011: Court grants extension, issues briefing order

June 1, 2011: Government submits response to briefing order

June 17, 2011: Court presents follow-up questions

June 28, 2011: Government response to follow-up questions

July 8, 2011: Court (John Bates) meets with senior DOJ people, tells them he has serious concerns

July 14, 2011: Government files another extension; court grants extension to September 20, 2011

July 14, 2011: Wyden and Udall send letter to James Clapper asking (among other things):

  • In a December 2007 Statement of Administration Policy on the FISA Amendments Act, the Office of Management and Budget said that it would “likely be impossible” to count the number of people located in the United States whose communications were reviewed by the government pursuant to the FISA Amendments Act. Is this still the case? If so, is it possible to estimate this number with any accuracy?
  • Have any apparently law-abiding Americans had their communications collected by the government pursuant to the FISA Amendments Act?

July 26, 2011: Clapper responds to Wyden and Udall, refusing to give numbers or describe compliance incidents

August 16, 2011: Government files supplement, presenting results of “manual review of statistically representative sample” for 6 months

August 22, 2011: Meeting between Court and government

August 30, 2011: Government makes another submission

September 7, 2011: Court has hearing

September 9, 2011: Government files additional submission, submitting results of analysis of SCTs completed in just 48 hours

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

3 replies
  1. SpaceLifeForm says:

    Stonewalling 101.

    Some group in DOJ now seems to be in a bit of a panic. Trying to make a Judge blink. Which will not happen.

    It appears that there is an effort to throw sand in the Wheels of Justice.

    Why is DOJ attacking a Judge in 9th Circuit that has done nothing different than a Judge in 2nd Circuit? Or in other Districts where Google has same legal issues? Implying the Judge is incompetent? WTF?

    Google, like Microsoft previously, has told the court, paraphrasing here, “sure, go ahead and say we are in civil contempt, these cases need to move along”.

    Neither care about a fine.

    https://arstechnica.com/tech-policy/2017/09/justice-department-goes-nuclear-on-google-in-search-warrant-fight/

    The government added in its Wednesday brief:

    DOJ: “Google is entitled to have its own view of the law and to press that view before a court of competent jurisdiction. However, when faced with a valid court order, Google, like any other person or entity, must either comply with such an order or face consequences severe enough to deter willful noncompliance. The issue before this court is what sanction is sufficient to achieve that goal.”

    Google said it wasn’t complying with the order because it was on appeal. Google also said it was following precedent from a New York-based federal appellate court that ruled Microsoft doesn’t have to comply with a valid US warrant for data if the information is stored on overseas servers. Google is appealing the California warrant to the San Francisco-based 9th US Circuit Court of Appeals on the same grounds. However, neither Seeborg nor the 9th Circuit is bound by the 2nd Circuit Court of Appeals’ decision— which the government has appealed to the US Supreme Court. (The US circuit courts of appeal are not bound to follow rulings by their sister circuits, but they all must obey precedent from the Supreme Court.)

    “Google therefore does not intend to comply with the August 14 Order while seeking appellate review,” the company wrote Judge Seeborg. Google was asking the court to be held in civil contempt in a bid to speed up the appellate process of its case. Such a move, which on its face seems counterintuitive, has been done before.

    In the Microsoft case, the government and Microsoft agreed to have Microsoft held in contempt so as to hasten the appellate process and get that case before the Supreme Court in a quicker fashion than without a contempt ruling. What’s different now, however, is that the government wants the judge to sanction Google as well. The government did not seek sanctions against Microsoft, and it didn’t seek sanctions against Google in a different case on the topic of whether the US tech sector must comply with US warrants for data stored on overseas servers.

    [In a few days hopefully, we will have news from SCOTUS regarding at least the Microsoft case]

    [But here is paranoria and grasping at straws]

    The government, meanwhile, accused Google of fashioning a system that kept consumer data stored on various servers across the globe—just so it could defy court orders.

    DOJ: “Even more alarming is the fact that Google went out of its way, spending thousands of man-hours and forgoing other engineering projects, all so that it would be positioned to refuse to disclose any of its foreign-stored data—or, more precisely, any data it could not confirm was held in the United States—without seeking judicial relief or guidance and without limiting its new tooling to be used for warrants issued out of the Second Circuit.”

    [So, why did DOJ *NOT* use that line of BS in the Microsoft case? Why does DOJ believe they know how both Microsoft and Google make their respective cloud network engineering decisions?

    Hint: They do *NOT* know.]

    • SpaceLifeForm says:

      On further parsing, DOJ argument is even sicker than I first thought. And a tell.

      “…without seeking judicial relief or guidance and without limiting its new tooling to be used for warrants issued out of the Second Circuit.”

      Let me parse and interpret:

      “without seeking judicial relief or guidance”

      [Message to google: You need to suck DOJ dick]

      [Note that Google had already sought judicial relief via appeal]

      “and without limiting its new tooling to be used for warrants issued out of the Second Circuit.”

      The tell: Something fishy with regard to 2nd Circuit.

      DOJ (probably really FBI) does not want internet traffic (email) from 2nd Circuit to go offshore. They want access asap to the 22 email accounts.

      New York people based likely. No doubt there.

      Maybe DOJ should just ask for help?

      Instead of the dick-waving BS like they did with Marcus?

      Why do DOJ folks treat people like crap when they would nost likely help if just asked and treated with respect?

  2. SpaceLifeForm says:

    OT: This is not the Microsoft of the past

    When Microsoft helps competition, you have to realize that Gates and Balmer are gone.

    In this case, Microsoft finds bug in Chrome component (V8), and actually communicates their findings to Google.

    Who needs VEP?

    Note: V8 is the JavaScript engine used in Chrome browser. But also used on server side projects.

    https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html

    CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14

Comments are closed.