emptywheel

1 2 3 866

Stellar Wind IG Report, Working Thread

Charlie Savage has liberated the Stellar Wind IG Report completed on July 10, 2009. He wrote it up here. This will be a working thread.

(PDF 13) The report reveals that OPR had not yet finished its review of John Yoo’s hackery in authorizing the illegal wiretap program.

(PDF 14) Wolfowitz, Card, Addington, Cheney, Ashcroft, Yoo, and Tenet refused to cooperate with the IG Report.

(PDF 15) IG Report says policy is only to disseminate foreign SIGINT. But actually that policy was changed in EO 12333 the previous year (almost certainly reflected the status quo before).

(PDF 17) DOJ redacted why Hayden didn’t think he could approve a law for this spying.

(PDF 25) Redaction of discussion of Fourth Amendment OLC memo.

(PDF 31) NSA decided only going out 2 hops useful.

(PDF 32) The fact that the program released content analysis was not included in the unredacted IG Report. But this report still redacts at least one kind of reporting — which may be way the data feeds back into other analysis (they would redact that because it would create ongoing poison tree problems).

(PDF 33) “She noted Hayden took personal responsibility for the program and managed it carefully.”

(PDF 33) The description of the delegation hides a much more strained process as described in the NSA IG Report.

(PDF 36) The discussion of IOB records is cynically inadequate, for the reasons I lay out here.

(PDF36) Note the reference to collection continuing to 2004. This may be related to the hospital confrontation. Is this the Iraq-related collection?

(PDF 39) The tippers originally came in through TAU. Which means they likely got mixed up with exigent letters. The resulting ECs would come with instructions that they be used for lead purposes only and not be used in proceedings. That system likely still exists intact!

(PDF 40-41) Describes how tippers led to threat assessments (which Savage described in his article). On top of what this says about investigative process, realize it means that if your number gets tipped you also get a back door search of any communications.

(PDF 43) The discussion of the threat assessments neglects to mention that they used info derived from torture.

Continue reading

The Magic Lawyering Behind Stellar Wind

The NSA IG Report on Stellar Wind reveals this about the legal review behind the dragnet of Americans. (PDF 156)

After having received the Authorization on 4 October 2001, General Hayden asked NSA General Counsel Robert Deitz if it was lawful. Mr. Deitz said that General Hayden understood that the Attorney General had already certified its legality by signing the Authorization, but General Hayden wanted Mr. Deitz’s view. Mr. Dietz said that on 5 October he told General Hayden that he believed the Authorization to be lawful. He added that he emphasized to General Hayden that if this issue were before the Supreme Court, it would like rule, although not unanimously, that the Authorization was legal.

On 5 October 2001, the General Counsel consulted with the Associate General Counsel for Operations at his home by secure telephone. The Associate General Counsel for Operations was responsible for all legal matters related to NSA SIGINT activities. According to the General Counsel, he had not yet been authorized to tell the Associate General Counsel about the PSP, so he “talked around” it and did not divulge details. The Associate General Counsel was given enough information to assess the lawfulness of the concept described, but records show he was not officially cleared for the PSP until 11 October 2001. On Tuesday, 9 October, he told Mr. Dietz that he believed the Authorization was lawful and he began planning for its implementation.

 

In Newly Released IG Reports, Administration Redacted Discussion of the Bill Binney Option

One of the most fascinating aspects of the IG Reports Charlie Savage just liberated is how they redacted the NSA IG Report, a draft of which Edward Snowden already got released.

Consider the following redactions.

NSA redacts the discussion that shows they were already spying

Starting at PDF 146, the entire section describing what Michael Hayden did in the days immediately after 9/11 is redacted. Here’s what is included in the Snowden version.

(TS//SV/NF) On 14 September 2001, three days after terrorist attacks in the United States, General Hayden approved the targeting of terrorist-associated foreign telephone numbers on communication links between the United States and foreign countries where terrorists were known to be operating. Only specified, pre-approved numbers were allowed to be tasked for collection against U.S.-originating links. He authorized this collection at Special Collection Service and Foreign Satellite sites with access to links between the United States and countries of interest, including Afghanistan. According to the Deputy General Counsel, General Hayden determined by 26 September that any Afghan telephone number in contact with a U.S. telephone number on or after 26 September was presumed to be of foreign intelligence value and could be disseminated to the FBI.

(TS//SV/NF) NSA OGC said General Haydens action was a lawful exercise of his power under Executive Order (E.O.) 12333, United States Intelligence Activities, as amended. The targeting of communication links with one end in the United States was a more aggressive use of E.O. 12333 authority than that exercised by former Directors. General Hayden was  operating in a unique environment in which it was a widely held belief that additional terrorist attacks on U.S. soil were imminent. General Hayden said this was a tactical decision.

(U//FOUO) On 2 October 2001, General Hayden briefed the House Permanent Select Committee on Intelligence (HPSCI) on this decision and later informed members of the Senate Select Committee on Intelligence (SSCI) by telephone. He had also informed DCI George Tenet.

(TS) At the same time NSA was assessing collection gaps and increasing efforts against terrorist targets immediately after the 11 September attacks, it was responding to Department of Defense (DoD), Director of Central Intelligence Community Management Staff questions about its ability to counter the new threat.

We can tell the discussion in the released version is different, even though it is entirely redacted. That’s because the discussion is longer, appears to include two footnotes, and has some indentations that don’t appear in the Snowden version.

But as it is, the discussion is legally dangerous for the Executive, because it either shows that NSA used the 15-day window permitted under FISA (which would make the Yoo memos all the more problematic), or conducted this spying without any authorization. (There are also “doth protest too much” discussions of how the NSA never spied on Americans before this that we know to be false, so I suspect that’s part of the problem.)

NSA redacts the Cheney paragraph

The final report redacts a discussion (PDF 148-149) titled, “Vice President Asked What Other Authorities NSA Needed.” Some related discussion appears in the Snowden version, but clearly not the entire discussion.

Mr. Tenet relayed that the Vice President wanted to know if NSA could be doing more. General Hayden replied that nothing else could be done within existing NSA authorities. In a follow-up telephone conversation, Mr. Tenet asked General Hayden what could be done if he had additional authorities. General Hayden said that these discussions were not documented.

Though it’s possible — perhaps even probable — that what the NSA draft depicts as NSA identifying its own needs is actually Hayden getting people to identify the needs Cheney had already identified for him.

In any case, the final IG report complains that none of this was documented, which suggests there was far more of interest that actually went on in these discussions.

NSA Redacts the Binney Option

Perhaps most interesting, the NSA redacts almost all of whatever became of this discussion.

Among other things, NSA considered how to tweak transit collection-the collection of communications transiting through but not originating or terminating in the United States. NSA personnel also resurfaced a concept proposed in 1999 to address the Millennium Threat. NSA proposed that it would perform contact chaining on metadata it had collected. Analysts would chain through masked U.S. telephone numbers to discover foreign connections to those numbers, without specifying, even for analysts, the U.S. number involved. In December 1999, the Department of Justice (DoJ), Office of intelligence Policy Review (OIPR) told NSA that the proposal fell within one of the FISA definitions of electronic surveillance and, therefore, was not permissible when applied to metadata associated with presumed U.S. persons (i.e., U.S. telephone numbers not approved for targeting by the FISC).

Though PDF 150 appears to have a footnote that would modify that discussion (but that doesn’t appear in the Snowden version).

According to NSA OGC, DoJ has since agreed with NSA that simply processing communications metadata in this manner does not constitute electronic surveillance under the FISA.

This footnote may refer to the SPCMA decision in 2007 to 2008. Except that’s not what Binney et al proposed back in 1999. On the contrary: SPCMA permits NSA to chain through unmasked US person metadata, whereas Binney had proposed permitting only chaining through masked US person identifiers.

Which suggests the George Ellard may have been misrepresenting what was possible in this sensitive IG Report designed for Congress.

But that would make it easier to come to this conclusion, one not included in the Snowden version:

Under its authorities, NSA had no other options for the timely collection of communications of suspected terrorists when one end of those communications was in the United States and the communications could only be collected from a wire or cable in the United States.

No wonder they redacted the Binney discussion.

The “Accidental” Phone Dragnet Violations IDed in 2009 Were Actually Retained Stellar Wind Features

I have long scoffed at the claim that the phone dragnet violations discovered in 2009 were accidental. It has always been clear they were, instead, features of Stellar Wind that NSA simply never turned off, even though they violated the FISC orders on it.

The Stellar Wind IG Report liberated by Charlie Savage confirms that.

It describes that numbers were put on an alert list and automatically chained.

An automated process was created to alert and automatically chain new and potential reportable telephone numbers using what was called an “alert list.” Telephone numbers on the alert list were automatically run against incoming metadata to look for contacts. (PDF 31)

This was precisely the substance of the violations admitted in 2009.

So NSA lied to FISC about that, and the IC lied to us about it when this came out in 2013.

Update: Note the reference to the violations on PDF 36 — though they don’t admit that it’s the same damn alert list and that NSA’s IG considered telling FISC from the start.

America’s Intelligence Empire

I’ve been reading Empire of Secrets, a book about the role of MI5 as the British spun off their empire. It describes how, in country after country, the government that took over from the British — even including people who had been surveilled and jailed by the British regime — retained the British intelligence apparatus and crafted a strong intelligence sharing relationship with their former colonizers. As an example, it describes how Indian Interior Minister, Sardr Patel, decided to keep the Intelligence Bureau rather than shut it down.

Like Nehru, Patel realised that the IB had probably compiled records on himself and most of the leaders of Congress. However, unlike Nehru, he did not allow this to colour his judgment about the crucial role that intelligence would play for the young Indian nation.

[snip]

Patel not only allowed the continued existence of the IB, but amazingly, also sanctioned the continued surveillance of extremist elements within this own Congress Party. As Smith’s report of the meeting reveals, Patel was adamant that the IB should ‘discontinue the collection of intelligence on orthodox Congress and Muslim League activity’, but at the same time he authorised it to continue observing ‘extremist organisations’. Patel was particularly concerned about the Congress Socialist Party, many of whose members were communist sympathisers.

[snip]

The reason Patel was so amenable to continued surveillance of some of his fellow Indian politicians (keeping tabs on his own supporters, as one IPI report put it) was his fear of communism.

And the same remarkable process, by which the colonized enthusiastically partnered with their former colonizers to spy on their own, happened in similar fashion in most of Britain’s former colonies.

That’s what I was thinking of on March 13, when John Brennan gave a speech to the Council on Foreign Relations. While it started by invoking an attack in Copenhagen and Charlie Hebdo, a huge chunk of the speech talked about the value of partnering with our intelligence allies.

Last month an extremist gunned down a film director at a cafe in Copenhagen, made his way across town and then shot and killed a security guard at a synagogue. Later the same day the terrorist group ISIL released a video showing the horrific execution of Coptic Christians on a beach in Libya.

The previous month, in a span of less than 24 hours, we saw a savage attack on the staff of the satirical newspaper Charlie Hebdo in France. We saw a car bomb kill dozens at a police academy in Yemen.

[snip]

As CIA tackles these challenges, we benefit greatly from the network of relationships we maintain with intelligence services throughout the world. This is a critically important and lesser known aspect of our efforts. I cannot overstate the value of these relationships to CIA’s mission and to our national security. Indeed, to the collective security of America and its allies.

By sharing intelligence, analysis, and know-how with these partner services, we open windows on regions and issues that might otherwise be closed to us. And when necessary, we set in concert to mitigate a common threat.

By collaborating with our partners we are much better able to close key intelligence gaps on our toughest targets, as well as fulfill CIA’s mission to provide global coverage and prevent surprises for our nation’s leaders. There is no way we could be successful in carrying out our mission of such scope and complexity on our own.

Naturally these are sensitive relationships built on mutual trust and confidentiality. Unauthorized disclosures in recent years by individuals who betrayed our country have created difficulties with these partner services that we have had to overcome.

But it is a testament to the strength and effectiveness of these relationships that our partners remain eager to work with us. With the stakes so high for our people’s safety, these alliances are simply too crucial to be allowed to fail.

From the largest services with global reach to those of smaller nations focused on local and regional issues, CIA has developed a range of working and productive relationships with our counterparts overseas. No issue highlights the importance of our international partnerships more right now than the challenge of foreign fighters entering and leaving the conflict in Syria and Iraq.

We roughly estimate that at least 20,000 fighters from more than 90 countries have gone to fight, several thousand of them from Western nations, including the United States. One thing that dangers these fighters pose upon their return is a top priority for the United States intelligence community, as well as our liaison partners.

We exchange information with our counterparts around the world to identify and track down men and women believed to be violent extremists. And because we have the wherewithal to maintain ties with so many national services, we act as a central repository of data and trends to advance the overall effort.

On this and in innumerable other challenges, our cooperation with foreign liaison quietly achieves significant results. Working together, we have disrupted terrorist attacks and rolled back groups that plot them, intercepted transfers of dangerous weapons and technology, brought international criminals to justice and shared vital intelligence and expertise on everything from the use of chemical armaments in Syria to the downing of the Malaysian airliner over Ukraine.

These relationships are an essential adjunct to diplomacy. And by working with some of these services in building their capabilities we have helped them become better prepared to tackled the challenges that threaten us all.

[snip]

With CIA’s support, I have seen counterparts develop into sophisticated and effective partners. Over time our engagement with partner services fosters a deeper, more candid give and take, a more robust exchange of information and assessments, and a better understanding of the world that often ultimately encourages better alignment on policy.

Another advantage of building and maintaining strong bilateral and multilateral intelligence relationships is that they can remain, albeit not entirely, insulated from the ups and downs of diplomatic ties. These lengths can provide an important conduit for a dispassionate dialogue during periods of tension, and for conveying the U.S. perspective on contentious issues.

In recognition of the importance of our liaison relationships, I recently reestablished a senior position at the CIA dedicated to ensuring that we are managing relationships in an integrated fashion. To developing a strategic vision and corporate goals for our key partnerships and to helping me carryout my statutory responsibility to coordinate the intelligence communities’ foreign intelligence relationships. [my emphasis]

We are and still remain in the same position as MI5, Brennan seems to want to assure the CFR types, in spite of the embarrassment experienced by our intelligence partners due to leaks by Chelsea Manning and Edward Snowden. Information sharing remains the cement of much of our relationships with allies; our ability to let them suck off our dragnet keeps them in line.

And of particular note, Brennan described these “strong bilateral and multilateral intelligence relationships …remain[ing], albeit not entirely, insulated from the ups and downs of diplomatic ties.”

The spooks keep working together regardless of what the political appointees do, Brennan suggested.

But that speech is all the more notable given the revelations in this Der Spiegel story. It describes how, because of the Snowden leaks, the Germans slowly started responding to something they had originally discovered in 2008. The US had been having BND spy on selectors well outside the Memorandum of Understanding governing the countries’ intelligence sharing, even including economic targets. At first, BND thought this was just 2,000 targets, but as the investigation grew more pointed, 40,000 suspicious selectors were found. Only on March 12 — the day before Brennan gave this remarkable speech — did Merkel’s office officially find out.

But in October 2013, not even the BND leadership was apparently informed of the violations that had been made. The Chancellery, which is charged with monitoring the BND, was also left in the dark. Instead, the agents turned to the Americans and asked them to cease and desist.

In spring 2014, the NSA investigative committee in German parliament, the Bundestag, began its work. When reports emerged that EADS and Eurocopter had been surveillance targets, the Left Party and the Greens filed an official request to obtain evidence of the violations.

At the BND, the project group charged with supporting the parliamentary investigative committee once again looked at the NSA selectors. In the end, they discovered fully 40,000 suspicious search parameters, including espionage targets in Western European governments and numerous companies. It was this number that SPIEGEL ONLINE reported on Thursday. The BND project group was also able to confirm suspicions that the NSA had systematically violated German interests. They concluded that the Americans could have perpetrated economic espionage directly under the Germans’ noses.

Only on March 12 of this year did the information end up in the Chancellery.

This has led to parliamentary accusations that BND lied in earlier testimony. The lies are notable, given how they echo the same kind of sentiment John Brennan expressed in his speech.

According to a classified memo, the agency told parliamentarians in 2013 that the cooperation with the US in Bad Aibling was consistent with the law and with the strict guidelines that had been established.

The memo notes: “The value for the BND (lies) in know-how benefits and in a closer partnership with the NSA relative to other partners.” The data provided by the US, the memo continued, “is checked for its conformance with the agreed guidelines before it is inputted” into the BND system.

Now, we know better. It remains to be determined whether the BND really was unaware at the time, or whether it simply did not want to be aware.

The NSA investigative committee has also questioned former and active BND agents regarding “selectors” and “search criteria” on several occasions. Prior to the beginning of each session, the agents were informed that providing false testimony to the body was unlawful. The BND agents repeatedly insisted that the selectors provided by the US were precisely checked.

As almost a snide aside, Der Spiegel notes that in spite of these lies, the public prosecutor has not yet been informed of these lies.

That is, the spooks have been lying — at least purportedly including up to and including Merkel’s office. But the government seems to be uninterested in pursuing those lies.

As Brennan said as this was just breaking out, the spooks retain their “strong bilateral and multilateral intelligence relationships …remain[ing], albeit not entirely, insulated from the ups and downs of diplomatic ties.”

And as with Brennan — who, as Gregory Johnsen chronicles in this long profile of the CIA Director published yesterday — the spooks always evade accountability.

The “Sitting Next to a Baddie” American Death Authorization Has become the “Sitting in a Baddie Compound”

As Jim laid out, yesterday President Obama admitted that we killed two hostages, including American Warren Weinstein, in a drone operation in the Af-Pak border in January. In that same strike, we killed American citizen Ahmed Faruq, though he was not specifically targeted, Administration sources assure us. We also killed Adam Gadahn in an apparently unrelated strike, though we weren’t targeting him either, Administration sources assure us.

But I want to point to something rather remarkable in the language the Administration used yesterday to discuss this.

For years, the government has used the rationale that if an American is “sitting next to a baddie” then he becomes acceptable collateral damage in a drone strike.

That’s the rationale they gave when they killed Kamal Derwish in 2002: they were not targeting Derwish, they were targeting Abu Ali al-Harethi, but Derwish — far more threatening to the US at that moment because of his presumed role in recruiting Muslims in Lackawanna, NY — just was unlucky enough to be sitting next to him.

That’s the rationale they gave when they first missed Anwar al-Awlaki on December 24, 2009, a day before the government decided he had gone operational but at a time when Pete Hoekstra was making his continued existence an embarrassing issue for the Obama Administration. The Administration hadn’t been targeting Awlaki, they explained, they were instead targeting Nasir al-Wuhayshi and some other AQAP leaders, and Awlaki just happened to be present.

That’s the rationale they gave when they killed Samir Khan. He just happened to be sitting in the car when the CIA finally scorched Awlaki.

And that’s the rationale they gave when they killed Abdulrahman al-Awlaki: They weren’t targeting him, they were targeting Ibrahim al-Banna, though al-Banna turned out not even to be present.

That’s the rationale they gave, years later, when they admitted to killing Jude Kenan Mohammed: he was killed in a signature strike targeting the group he was in as a whole.

Never mind that in a number of these cases — the first Awlaki strike and the one that killed his son — there’s reason to believe they were specifically targeted. Never mind that in the case of Derwish and Khan knowing insiders wink winked that the government knew full well they’d be killing these men too when they struck the other target. The excuse has been — with the exception of the pursuit of Anwar al-Awlaki — that they were targeting another person (another known person, with the exception of the Jude Mohammed strike), and the American just happened to die as collateral damage.

But yesterday, that rationale changed.

Now, the government wasn’t so much targeting a person, but a compound, something that Josh Earnest was quite insistent on in his press conference yesterday.

Q    Thanks, Josh.  Let’s start just with some of the facts of what happened, to the extent that you can discuss them.  How many other people were killed in these two strikes, either local civilians or militants?

EARNEST:  Josh, I won’t be able to provide specific numbers on this.  I can tell you that in the specific strike that resulted in the death of Dr. Weinstein and Mr. Lo Porto, there was one other al Qaeda leader who was among those that was killed.  That is the — Ahmed Faruq, the American citizen al Qaeda leader.  This was a strike against an al Qaeda compound, and the result was the death of at least one al Qaeda leader.

I can tell you that the assessment that we have right now does not raise questions about additional civilian loss of life. Again, the reason for that is that the standard that was in place and, to the best of our knowledge, was closely followed by our counterterrorism professionals was to adhere to this near-certainty standard.  And that near-certainty standard applied to two things.

The first is near certainty that this was an al Qaeda compound that was used by al Qaeda leaders; that turned out to be true.  That assessment did turn out to be correct.  The other near-certainty assessment was that no civilians would be harmed if this operation were carried out.  Unfortunately, that was not correct, and the operation led to this tragic, unintended consequence.
Continue reading

On Mitch’s PATRIOT Gambit

Mitch McConnell, as you’ve probably heard, has just introduced a bill to reauthorize the expiring provisions of the PATRIOT Act until 2020.

The move has elicited a bunch of outraged comments — as if anyone should ever expect anything but dickishness from Mitch McConnell. But few interesting analytical comments.

For example, Mitch is doing this under Rule 14, meaning it bypasses normal committee process. But that’s not as unusual, in ultimate effect, as people are making out. After all, last year the House Judiciary Committee was forced to adopt a much more conservative opening bill under threat of having its jurisdiction stripped entirely — something that Bob Goodlatte surely liked because it helped him rein in the reformers on his committee. Particularly given Chuck Grassley’s dawdling, I suspect something similar is at issue, an effort to give him leverage to rein in last year’s USA Freedom Act in order to undercut Mitch’s ploy.

Moreover, I think it would be utterly naive to believe Mitch and Richard Burr when they claim they would prefer straight reauthorization.

That’s because we know the IC can’t do everything they want to do under Section 215 right now. While reports that they only get 30% of calls are misleading (not least because NSA gets plenty of international calls into the US under EO 12333), for legal or technical or some other reason, the NSA isn’t currently getting all the records it needs to have full coverage. But it could get all or almost all if it worked with providers.

In addition — and this may be related — the NSA has never been able to turn its automated processes back on for US collected telephone data since they had to turn them off in 2009. They gave up trying last year, when Obama decided to move data to the providers. I suspect that the combination of mandated assistance, record delivery in optimal form, and immunity will permit NSA to dump this data into its existing automated system.

So while Mitch and Burr may pretend they’d love straight reauthorization, it is far, far more likely they’re using this gambit to demand changes to USAF that permit the IC to claim more authorities while pretending to reluctantly adopt reform.

And chief on that list is likely to be data retention, something reformers have been conspicuously silent about since Dianne Feinstein revealed USAF would have had a data retention handshake, but not a mandate. Data retention is why most SSCI members opposed USAF last year, it’s why Bill Nelson (working off his dated understanding of the program from when he served on SSCI) voted against it, and Bob Litt has renewed his emphasis on data retention.

Moreover, given the debates about encryption of the last year, especially Jim Comey’s concerns that Apple would have an unfair advantage over Verizon if it can shield iMessage data, I suspect that by data retention they also mean “forced retention of non-telephony messaging metadata.” I’m not sure whether they would be able to pull this off, but I wouldn’t be surprised if the IC plans to use “NSA reform” as an opportunity to force Apple to keep iMessage metadata.

So that’s what I expect this is about: I expect Mitch deliberately caused outright panic among those fighting straight reauthorization that even he doesn’t really want to demand more things from this “reform” bill.

 

I Con the Record’s Annual Transparency™

Amid about 100 pressing bills having to do with surveillance, I Con the Record released the yearly FISA letter and pretty Transparency Report. Here’s what I can see in it (here’s last year’s report and letter for comparison).

Probable Cause FISA

Probable cause FISA orders (Title I, III, 703, and 704) have declined from 1,767 to 1,519, but the number of targets affected has gone up, from 1,144 to 1,562. This seems to suggest that at least some of these orders must involve more than one target. There were 1,416 applications total, including 1,379 including electronic surveillance.

Also note, at least until a few years ago, NSA never used 703 in isolation, it only uses 705(b) orders, which are combinations of 703 and 704. I’m not sure how ODNI counts them, then, and whether 705(b) orders are included as 703 counts.

There were a number of modified probable cause orders this year:

FISC made modifications to the proposed orders in 19 applications.1 Thus, the FISC approved collection activity in a total of 1,379 of the applications that included requests for authority to conduct electronic surveillance.

1 In addition to the 19 orders modified with respect to applications made during the reporting period, the FISC modified two orders for applications after first granting authorization. The FISC also modified two orders for application made in a previous reporting period during the current reporting period.

That’s actually interesting: it may reflect something problematic with the way the government was obtaining this data or that it was collecting too much incidentally protected data. Or it may reflect a new approach that required some negotiation with the Court.

Section 702

As it did last year, the government only admits its one order, which hides that it has 3 or more certifications (a counterterrorism one, a counterproliferation one, and a foreign government catchall one).

The total number of targets affected has gone up, from 89,138 to 92,707. And remember, that’s just the targets. Every person who communicates with those targets will also be affected.

PRTT

The total PRTT orders are pretty flat: they went from 131 to 135. But those affected far more targets, from 319 to 516.

I strongly suspect (in part because of the way USAF carved out location reporting in its transparency procedures) that the government is hiding some kind of systematic Stingray use. So it may be that those 516 targets each suck in hundreds of thousands of Americans co-located with them.

215 orders

I didn’t realize this last year, but the government is reporting applications, not orders.There are good reasons to do this and dishonest reasons. In any case the number has remained relative flat, from 178 to 170, as have specific targets 172 to 160, and US persons who were subjects of queries, 248 to 227.

There are two far more interesting numbers.

First in 2013 (before NSA had to submit each selector to the FISA Court, but also a year with a major terrorist attack), there were 423 selectors approved to be queried in the phone dragnet. But in 2104 — when FISC started reviewing everything — just 161 selectors were approved. That may suggest (though we’d need more data we won’t get because of imminent changes of some sort or another) that the NSA queries on fewer selectors when it has to tell FISC what they are.

Even more interesting, whereas FISC modified 141 Section 215 orders in 2013, last year they just modified four applications last year. Here’s what recent numbers look like to convey how big of a change this is:

215 tracker

In the 2010 to 2012 time frame, the government admitted that these modifications were largely the court imposing minimization procedures and requiring the government report back on the implementation of those minimization procedures.

The change may mean that, in response to the Snowden disclosures, the government finally complied with the requirement mandated by Congress in 2006 that it adopt such procedures itself. It might reflect FISC’s confidence that the government was finally managing this properly. Or it might reflect that the government was collecting less incidental data. Or something else. But it is a very large change that merits further explanation.

NSLs

Both the annual number of NSLs issued and the number of requests dropped by 15%, from to 19,212 to 16,348 and 38832 to 33,024 respectively.

The number of US persons affected showed a slightly smaller drop, about 12-13%. In 2013, the government made 14,291 requests affecting 5,334 different US persons. In 2014, the government made 12,452 requests affecting 4,699 US persons.

Why Do All the Stingray NDAs Date to 2011 to 2012?

The other day, the Baltimore Sun continued its great work on Stingrays with a report on the most recent court disclosure from the Baltimore Police Department, revealing that instead of the 4,300 uses of its Stingray that it testified to earlier this month, it had in fact used the Stingray 25,000 times, not counting the times it has used it in exigent situations.

While police said earlier this month that the agency had deployed a “Stingray” cell simulator device more than 4,300 times since 2007 Det. Michael Dressel testified Monday that the actual number of times used with a court order was north of 25,000 times. The lesser figure reflected the amount since the department changed the way it documents its use of the device.

[snip]

Dressel said there are a number of scenarios in which police can cite exigent circumstances and proceed without a court order or search warrant. He said he did not know the number of such instances.

The revelation, on its face, reveals two important points. That BPD, at least, doesn’t track all its uses of its Stingray. But also that at some point in time (the original count purported to date back to 2007), the department changed the way it counted Stingrays.

This post started as a reflection on the changing numbers Baltimore Police Department has given for its use of Stingrays. I learned after I posted that the Sun had retracted the 25,000 number.

That said, the now retracted article got me thinking about the data of all the Stingray NDAs.

The two complete non-disclosure agreements we’ve seen — from Erie (June 29, 2012) and Baltimore (July 13, 2011) — as well as some of the partial ones we’ve seen — Tacoma (December 19, 2012), Minneapolis (June 12, 2012), San Bernadino (December 7, 2012), Hillsborough, FL (around March 6, 2012) — all date to around the same 2011 to 2012 time period. But Stingray use goes back well before that, as the contracts released make clear. That’s all not long after the government started trying to protect its use of Stingray to find Daniel Rigmaiden (see the docket starting at document 465 and this contemporaneous coverage of it), which Stephanie Pell and Chris Soghoian point to as the first time use of a Stingray showed up in a criminal proceeding (see 29 ff).

That may not be the explanation — I can think of a number of other possibilities why, starting in 2011, the government changed how it approached Stingray secrecy — but it is a possibility. 2011 is also the year US v. Jones was briefed to SCOTUS, and also the year NSA ultimately gave up its efforts to get location as part of its phone dragnet. It at least appears possible that FBI started pushing out NDAs (or new NDAs) starting in 2011.

Is that what led to the change in how BPD counted these?

In any case, I’m increasingly wondering whether there’s a significant change that took place in 2011 with how the FBI administered Stingray use at the local level, which led, in that year and the next, to a whole new Nondisclosure regime.

 

NSA’s Dragnet Failed to “Correlate” David Headley’s Identity, One of Its Core Functions

In a piece on the GCHQ and NSA failure to identify David Headley’s role in the Mumbai terrorist attack, ProPublica quotes former CIA officer Charles Faddis on the value of bulk surveillance.

“I’m not saying that the capacity to intercept the communications is not valuable,” said Charles (Sam) Faddis, a former C.I.A. counterterror chief. “Clearly that’s valuable.” Nonetheless, he added, it is a mistake to rely heavily on bulk surveillance programs in isolation.

“You’re going to waste a lot of money, you’re going to waste a lot of time,” Faddis said. “At the end, you’re going have very little to show for it.”

The article as a whole demonstrates that in a manner I’m fairly shocked about. The NSA failed to recognize what it had in intelligence collected on Headley’s role in the attack even after the attack because they hadn’t correlated his known birth name with the name he adopted in the US.

Headley represents another potential stream of intelligence that could have made a difference before Mumbai. He is serving 35 years in prison for his role. He was a Pakistani-American son of privilege who became a heroin addict, drug smuggler and DEA informant, then an Islamic terrorist and Pakistani spy, and finally, a prize witness for U.S. prosecutors.

In recounting that odyssey, we previously explored half a dozen missed opportunities by U.S. law enforcement to pursue tips from Headley’s associates about his terrorist activity. New reporting and analysis traces Headley’s trail of suspicious electronic communications as he did reconnaissance missions under the direction of Lashkar and Pakistan’s Inter-Services Intelligence Directorate (ISI).

Headley discussed targets, expressed extremist sentiments and raised other red flags in often brazen emails, texts and phone calls to his handlers, one of whom worked closely on the plot with Shah, the Lashkar communications chief targeted by the British.

U.S. intelligence officials disclosed to me for the first time that, after the attacks, intensified N.S.A. monitoring of Pakistan did scoop up some of Headley’s suspicious emails. But analysts did not realize he was a U.S.-based terrorist involved in the Mumbai attacks who was at work on a new plot against Denmark, officials admitted.

The sheer volume of data and his use of multiple email addresses and his original name, Daood Gilani, posed obstacles, U.S. intelligence officials said. To perfect his cover as an American businessman, Headley had legally changed his name in 2006.

“They detected a guy named ‘Gilani’ writing to bad guys in Pakistan, communicating with terror and ISI nodes,” a senior U.S. intelligence official said. “He wrote also in fluent Urdu, which drew interest. Linking ‘Gilani’ to ‘Headley’ took a long time. The N.S.A. was looking at those emails post-Mumbai. It was not clear to them who he was.”

As I’ve explained, one of the things NSA does with all its data is to “correlate” selectors, so that it maps a picture of all the Internet and telecom (and brick and mortar, where they have HUMINT) activities of a person using the multiple identities that have become common in this day and age. This is a core function of the NSA’s dragnets, and it works automatically on EO 12333 data (and worked automatically on domestically-collected phone and — probably — Internet metadata until 2009).

When you think about it, there are some easy ways of matching online identities (going to a provider, mapping some IP addresses). And even the matching of “burner” IDs can be done with 94% accuracy, at least within AT&T’s system, according to AT&T’s own claims.

The NSA says they didn’t do so here because Headley had changed his name.

Headley, recall, was a DEA informant. Which means, unless these intelligence agencies are far more incompetent than I believe they are, this information was sitting in a government file somewhere: “Daood Gilani, the name of a known Urdu-fluent informant DEA sent off to Pakistan to hang out with baddies  = David Headley.” Unless Headley adopted the new name precisely because he knew it would serve to throw the IC off his trail.

And yet … NSA claims it could not, and did not, correlate those two identities and as a result didn’t even realize Headley was involved in the Mumbai bombing even after the attack.

Notably, they claim they did not do so because of the “sheer volume of data.”

In short, according to the NSA’s now operative story (you should click through to read the flaccid apologies the IC offered up for lying about the value of Sections 215 and 702 in catching Headley), the NSA’s dragnet failed at one of its core functions because it is drowning in data.

 

1 2 3 866
Emptywheel Twitterverse
bmaz @Ali_Gharib Dear Ali, I cleaned up the car to take you to #NerdProm tonight. Yours truly, @JoeBiden http://t.co/H3S8OYEkha
2mreplyretweetfavorite
bmaz @_silversmith Heh, I'm watching hoops mostly. I just like carping about the bacchanal because it is so absurd.
5mreplyretweetfavorite
bmaz @_silversmith @nytimes Agreed, but that criticism is for another day, tonight is all about #NerdProm!
13mreplyretweetfavorite
bmaz @joshgerstein @RosieGray @BuzzFeedAndrew What is the likelihood or efficacy of either with a release date pending this November?
15mreplyretweetfavorite
bmaz RT @dangillmor: Little shames journalism more than the annual White House Correspondents Dinner. The DC press corps knows this but does it …
30mreplyretweetfavorite
emptywheel If only we had CISA than Vlad Putin wouldn't know what Obama emails to Malia. http://t.co/8ORsH29c87
31mreplyretweetfavorite
bmaz Can US agencies balance security and the Constitution? http://t.co/mihrWXPp31 via @wusa9
36mreplyretweetfavorite
emptywheel @jackshafer What would you like included, since your idea of "left" apparently includes "centrist"?
44mreplyretweetfavorite
emptywheel @FranklinH3000 Or Simon & Schuster's right wing hack shop. @jackshafer
45mreplyretweetfavorite
bmaz @jackgillum All things in this house are for the dog. But she lets us use them too sometimes.
46mreplyretweetfavorite
April 2015
S M T W T F S
« Mar    
 1234
567891011
12131415161718
19202122232425
2627282930