[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

FISA and the Space-Time Continuum

I’m going to do a series of FISA posts on both the Keith Gartenlaub case (he was convicted on child porn charges after the FBI found old images on his computers during a FISA search) and the reported Paul Manafort FISA orders.

But first I want to explain FISA and the space-time continuum.

The space part is easy: the FISA Amendments Act slightly changed the geographical rules on what authority the government could use to target various kinds of people. It legalized the government’s practice of collecting on foreigners from facilities in the United States under Section 702. And it also required a judge’s approval for any spying on Americans overseas. While FAA envisioned two kinds of authorities for spying overseas — 703 (collection in the US on an American overseas, as in calling up Google for someone’s email box) and 704/705(b) (collection overseas on an American overseas, which is using all methods covered by EO 12333, including hacking them and collecting off switches), in practice just the latter authority is used. Effectively, then, the change just codified the domestic collection on foreigners, while requiring a court order for the same EO 12333 collection that had already been going on.

The time part is trickier.

The short version is that FISA imposes some restrictions on whether you can collect data at rest to obtain data from outside the period of a FISA order. Thus, if you’re not supposed to collect on someone when they’re in the US (whether that person is a US person or a foreigner), there are classified restrictions about whether you can collect stored data from that period.

None of these rules are (as far as I’m aware) public, but there are rules for all the various laws. In other words, you’re not supposed to be able to collect GMail on a foreigner while they’re in the US, but you’re also not supposed to be able to cheat and just get the same Gmail as soon as they leave the country.

This is even more complex for Americans. Domestically, there are two kinds of collection: 1805, which is the collection of data in motion — an old fashioned wiretap, and 1824, which is called a “physical search” order. The government likes to hide the fact that the collection of data at rest is accomplished with an 1824 physical search order, not 1805. So an 1824 order might be used to search a closet, or it might be used to image someone’s hard drive. Most often, 1805 and 1824 get combined, but not always (the FISC released a breakdown for these last year).

Of course (as the Gartenlaub case will show), if you image someone’s hard drive, you’re going to get data from well before the time they’ve been under a FISA order, quite possibly even from before you’ve owned your computer.

Then there’s travel overseas. If an American on whom there’s already an 1805 and/or 1824 order travels overseas, the Attorney General can automatically approve a 705(b) order for him (effectively replicating the old EO 12333 authority). But that collection is only supposed to cover the period when the person is overseas, and only for the period when they’ve had a FISA order against them. Using the kind of hacking they use overseas is going to get data in motion and stored communications and a whole lot more, meaning they may well get stuff sitting on the computer someone brings with them (yet another reason to bring travel laptops and phones overseas). And apparently, they only turn off an implant when a FISA order expires; they don’t entirely remove the implant. In addition, given the bulk collection the NSA conducts overseas, it would be child’s play (and from descriptions of violations, appears to have included) going back and accessing data that was collected in motion that had in the interim been sitting in NSA’s coffers.

Effectively, once someone leaves the country the NSA has access to time machines to collect data from the past, though there are supposed to be limits on doing this.

The FISA problems last year arose, first and foremost, from NSA collecting on Americans overseas outside the window of the orders covering them, which was a persistent problem that the NSA just never got around to fixing. That’s bad enough. But when you consider a 705(b) order only covers the period when an American normally targeted domestically is overseas, collecting outside the span of the order means you’re probably also using foreign collection to collect (including by hacking) in the US.

Which is all a way of saying that discussions of FISA almost always focus on the geographical limitations: Is someone inside the US or outside? Foreigner or American?

But because of the differing rules on data in motion and data at rest — and because of the truly awesome methods used as soon as someone goes overseas — there are actually a lot of ways that NSA can get around the legal limitations based on space by playing with the limitations on time.

Again, there are rules (which are not public) that are supposed to prevent this kind of thing from going on. But it does seem to be a problem NSA has long struggled with, even at the times it appeared to be operating in good faith rather than manipulating the space-time continuum to get what they want where they can get it.

8 replies
  1. SpaceLifeForm says:

    Ah. Physics. Objects in motion, tend to stay in motion. And objects at rest tend to stay at rest.

    Except data seems to defy gravity.

    On the internet, packets in motion (data) usually end up at rest.

    And data at rest magically become packets in motion.

    It makes no sense, you must acquit. :-)

    Remember that Einstein was always thinking outside the box and had a good understanding of space and time.

    His rule:
    “never memorize something that you can look up”

    Except, that may not be the case in the future.

    Chewbacca will disprove Einstein at some point.

    You may not be able to look stuff up in the future unless you completely lose your PII.

  2. SpaceLifeForm says:

    OT: Russia after London based Telegram

    Or, at least specfic people that use Telegram.

    https://amp.meduza .io /en/news/2017/09/27/russian-federal-agents-have-ordered-telegram-to-decipher-all-your-correspondence

    [Readers should use extra caution when opening Meduza links. / ~Rayne]

  3. SpaceLifeForm says:

    OT: Wisconsin and California say DHS report wrt russian hacking not so accurate


    The U.S. Department of Homeland Security reversed course Tuesday and told Wisconsin officials that the Russian government did not scan the state’s voter registration system, then later reiterated that it still believed it was one of 21 targeted states.


    Padilla said that his office was given incorrect information by the U.S. Department of Homeland Security and that the Russian operation was instead focused on “scanning” the network of the state Department of Technology.

    • lefty665 says:

      Damn straight arrow state employees don’t understand they’re supposed to be part of the propaganda, not insisting on telling the truth. Instead of a 21 state chorus of THE RUSSIANS, THE RUSSIANS, it’s DHS gave us bogus information, those were not election system IPs, why did the Feds wait over a year to tell us about it, and our systems worked as designed and blocked unauthorized access.

      So far DHS stands by its claim it was 21 state election networks and two states have blown raspberries back at them. Wonder how many states will actually turn out to have had Ruskies targeting election systems?  Will the puppet masters get to the other 19 states and twist their arms to toe the line? Turn it into a drinking game: 21 state election system networks IPs on the wall, 21 network IPs, take one down and pass it around, 20 state election system networks IPs on the wall…

      It’s a big world, be interesting to know how many pings and scans for open ports are floating around out there. Betchya it’s in Carl Sagan numbers, billions and billions. When I look at the logs on my poor little podunk router it never fails to surprise me how incessant the assaults are. There are a lot of folks who would be happy to come in if I left the door open.

  4. SpaceLifeForm says:

    OT: @EW – 48 hours to clear tabs? Seriously?

    It may be 48 days if I am lucky.

    Chromium has a box that shows number of tabs. It is two digit.

    Mine always has ‘-D’

    (over a hundred)

    You take better notes than I have time for.

    BTW, you caught WI and CA DHS before me.
    We look at things from different angles, and that is always a good thing.

Comments are closed.