1 2 3 135

FBI Is Not “Surveilling” WikiLeaks Supporters in Its Never-Ending Investigation; Is It “Collecting” on Them?

The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)

In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.

2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.

I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.

In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.

First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.

Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.

I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.

Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.

All  of which brings me to the remaining interesting subtext of this ruling.

Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.

While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)

Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).

In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.

Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.

Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.


In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.

I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.

James Clapper Admits Phone Dragnet Data Retention Is about Discerning Patterns

In the Q&A portion of a James Clapper chat at Council on Foreign Relations yesterday, he was asked about the phone dragnet and Section 215 (this starts after 48:00).

He made news for the way he warned Congress that if they take away Section 215 (he didn’t specify whether he was talking about just the phone dragnet or Section 215 and the roughly 175 other orders authorized under it) and something untoward happens as a result, they better be prepared to take some of the blame.

Q: In recent days the government reauthorized the telephone metadata collection program through June 1st, when there’s the Sunset date, obviously, of Section 215 of the PATRIOT Act. What do you want to see happen after that?

Clapper: Well, what we have agreed to, Attorney General Eric Holder and I, last September, signed a letter saying that we supported the notion of moving the retention of the data to providers in a bill that was — actually came out of the Senate from Senator Leahy, so we signed up to that. I think that’s the only thing that’s realistic if we’re going to have this at all. In the end, the Congress giveth and the Congress taketh away. So if the Congress in its wisdom decides that the candle isn’t worth the flame, the juice isn’t worth the squeeze, whatever metaphor you want to use, that’s fine. And the Intelligence Community will do all we can within the law to do what we can to protect the country. But, I have to say that every time we lose another tool in our toolkit, you know? It raises the risk. And so if we have — if that tool is taken away from us, 215, and some untoward incident happens which could have been thwarted had we had it I just hope that everyone involved in that decision assumes responsibility. And it not be blamed if we have another failure exclusively on the intelligence community.

At one level, I’m absolutely sympathetic with Clapper’s worries about getting blamed if there’s another attack (or something else untoward). In some cases (particularly in the aftermath of the 2009 Nidal Hasan and Umar Farouk Abdulmutallab attacks), politicians have raised hell about the Intelligence Community missing a potential attack. But that really did not happen after the Boston Marathon; contemporaneous polls even said most people accepted that you couldn’t prevent every attack. Moreover, in that case, NSA — the entity running the phone dragnet — was excluded from more intensive Inspector General review, as NSA has repeatedly been in the past (including, to a significant extent, the 9/11 attack), even though it had collected data on one or both of the Tsarnaev brothers but not accessed it until after the attack. In other words, NSA tends not to be held responsible even when it is.

Clapper’s fear-mongering has gotten most of the attention from that Q&A, even more than Clapper’s admission elsewhere that “moderate” in Syria — he used scare quotes — means “anyone who’s not affiliated w/I-S-I-L.”

But on the phone dragnet, I found this a far more intriguing exchange.

Q: And just to be clear, with the private providers maintaining that data, do you feel you’ve lost an important tool?

Clapper: Not necessarily. It will depend though, for one, retention period. I think, given the attitude today of the providers, they will probably do all they can to minimize the retention period. Which of course, from our standpoint, lessens the utility of the data, because you do need some — and we can prove this statistically — you do need some historical data in order to, if you’re gonna discern a pattern. And again, 215 to me, is much like my fire insurance policy. You know, my house has never burned down but every year I buy fire insurance just in case.

In general, discussions about why the NSA needs 5 years of phone dragnet have used a sleeper argument: a suspect might have spoken to someone of interest 4 years ago, which would be an important connection to identify and pursue. But that’s not what Clapper says here. They need years and years of our phone records not to find calls we might have made 5 years ago, but to “discern patterns.”

Well, that changes things a bit, and may even suggest how they’re actually using the phone dragnet.

While we know they have, at times, imputed some kind of meaning to the lengths of calls — for a while they believed calls under 2 minutes were especially suspicious until they realized calls to the pizza joint also tend to be under 2 minutes — there’s another application where pattern analysis is even more important: matching burner phones. You need a certain volume of past calls to establish a pattern of a person’s calls so as to be able to identify another unrelated handset that makes the same pattern of calls as the same person.

Connection chaining, not contact chaining.

Clapper’s revelation that they need years of retention for pattern analysis, not for contact chaining, seems consistent with the language describing the chaining process under USA Freedom Act.

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;

That is, they’d be getting all the calls the target had made, as well as all the calls an identifiable target’s associate or additional phone had made.

And remember, one of the NSA’s two greatest “successes” with the phone dragnet — when they found that Adis Medunjanin, whom they already knew to be associated with Najibullah Zazi, had a phone they hadn’t known about — involves burner matching. That match took place at an important moment, too, when the NSA had turned off its automatic correlation process (which uses a dedicated database to identify the other known identities of a person in a chain), and when its queries were as closely controlled as they ever have been in the wake of the massive violations in 2009. At a time when they were running a bare bones phone dragnet, they were still doing burner matching, and considered that a success.

Now, let me be clear: matching the burner phones of real suspects is a reasonable use for a phone dragnet, though the government ought to provide more clarity about whether they’re matching solely on call patterns or on patterns of handset use, including on the Internet. It’d also be nice if anyone caught in this fashion had some access to the accuracy claims the government has made and the basis used to make those accuracy claims (for one incarnation of the Hemisphere dragnet, DEA was claiming 94% accuracy, based of 10 years of data and, apparently, multiple providers). And this points to the importance of retaining FISC review of the targets, because people for whom there is not reasonable articulable suspicion of ties to terrorism ought to be able to use burner phones.

James Clapper’s office has gone to great lengths to try to hide any mention of pattern analysis in declassified discussions of the phone dragnet. Apparently, Clapper doesn’t think that detail needs to be classified anymore.

Will Verizon Challenge the Government’s Fishy Dragnet?

Tim Edgar has a fascinating post on how the SCOTUS decision in Yates v US — in which a guy busted for throwing away undersized fish was let off because those fish do not constitute a tangible object under the law — might have repercussions for the phone dragnet.

The Supreme Court let Yates off the hook.  Five justices agreed that a fish is not a tangible object.  At first blush, this seems a bit implausible.  Justice Kagan certainly thought so.  Her eloquent dissent cites Dr. Seuss’s One Fish Two Fish Red Fish Blue Fish – for a time, my favorite book – as authority that fish are, indeed, tangible objects.  I expect it is the first use of any book by Dr. Seuss as legal authority in an opinion of the Supreme Court, and I must say that I found it squarely on point, if not ultimately persuasive.

Justice Ginsburg’s opinion for the plurality explains that fish are not tangible objects because “in law as in life . . . the same words, placed in different contexts, sometimes mean different things.”


Surprisingly, Yates has real implications for national security surveillance.   The NSA’s bulk collection of telephone records is based on section 215 of the Patriot Act, which amended the business records provision of the Foreign Intelligence Surveillance Act (FISA).  That provision is titled “Access to certain business records for foreign intelligence and international terrorism investigations.”  It allows the government to obtain an order from the FISA court “requiring the production of any tangible things(including books, records, papers, documents, and other items)” in national security investigations.

Does this literally mean “any tangible things,” or is this just a catch-all ensuring that  all types of business records are covered?  While the provision is very broad even if limited to business records or data, until Yates it might have meant literally anything at all.  For example, it might be tempting for the government to use it to obtain, in national security investigations, the kind of physical items that would otherwise have required a physical search order.  As a FISA business records order requires only relevance, and not probable cause, that would be a dangerous loophole.  Yates closes it.

Perhaps more to the point, Yates also weakens the government’s bulk collection theory for telephone records.  While Yates is interpreting a different statute, the logic is clear: the words “any tangible things” should not be read literally.  Instead, they must be read in context, taking account of the words immediately surrounding it, the title of the section, the structure of the law, and its purpose.  Read in this way, it is clear that “tangible things” should not be read to encompass things far afield from the sorts of business records that Congress expected would be sought in national security investigations.


Bulk collection is qualitatively, not just quantitatively, different from the sorts of requests for records, documents, or other “tangible things” ordinarily made by government both in law enforcement and intelligence investigations. 

Steve Vladeck made a similar observation on Twitter earlier today, so Edgar is not the only one raising this question.

As it happens, today is dragnet renewal day. Which not only means that some FISC judge will reapprove the dragnet, but that providers will get new Secondary Orders. And — as happened in January 2014, when Verizon challenged an order based on Richard Leon’s decision in Klayman v. Obama — that presents the providers with an opportunity to challenge the order based on new legal developments.

And it’s not just Verizon that has a new opportunity to challenge the government’s fishy dragnets.

I’ve long suspected that the government has, in limited fashion, used Section 215 to obtain DNA material (they have databases of DNA from Gitmo detainees, for example, and I can imagine that they’d love to obtain DNA samples where they exist).

More interestingly, we’ve been talking about the government’s use of Section 215 to obtain Internet data, probably in hacking investigations. If, as a number of people suspect, they’re using it to get data flow records, that may be deemed even further away from common definitions of “tangible things.” And the Internet companies are riled up.

So let’s have it, providers! Some challenges to the fishy dragnet!

Update: In the post announcing the reauthorization (yesterday, actually) of the dragnet, I Con the Record noted that this one expires on June 1. I suppose that’s designed to add pressure on the reauthorization fight.  I think that works out to be a 95 day dragnet.

The Government Continues to Play Hide and Seek with Surveillance Authorities

Last year, I described the effort by the Reaz Qadir Khan’s lawyers to make the government list all the surveillance it had used to catch him (which, significantly, would either be targeted off a dead man or go back to the period during with the government used Stellar Wind). In October the government wrote a letter dodging most notice. Earlier this year, Judge Michael Mosman (who happens to also be a FISA judge) deferred the notice issues until late in the CIPA process. Earlier this month, Khan plead guilty to accessory to material support for terrorism after the fact.

Another defendant accused of material support, Jamshid Muhtorov, replicated that tactic, demanding notice of all the types of surveillance used against him (his co-defendant, Bakhtiyor Jumaev, joined the motion). The government responded to that motion yesterday.

A comparison of the two responses is instructive.

Part of what the government does in both is to rehearse the notice requirements of a particular statute, stating that in this case the evidence hasn’t met those terms. It does so, we can be certain, whether or not the surveillance has been used. That’s because the government addressed FISA Section 703 notice in the Khan case, and we know the government doesn’t use 703 by itself at all.

The responses the government made for both Section 215 request, in which the government said it has no duty to notice Section 215 and a defendant would not have standing nor would have a suppression remedy,

Screen Shot 2015-02-27 at 3.07.00 PM

And PRTT, in which the government listed 5 criteria, all of which must be met to require notice, were virtually identical.

Screen Shot 2015-02-27 at 3.08.35 PM

Which is why I’m interested that the government’s treatment of EO 12333 notice was different (in both cases, there’s good reason to believe EO 12333 surveillance was involved, though in the case of Khan, that would likely include the illegal dragnet).

With Khan, the government remained completely silent about the questions of EO 12333 collection.

Whereas with Muhtorov — who was likely included in the Internet metadata dragnet, but probably not in Stellar Wind — the government argues he would only get notice if Muhtorov could claim evidence used against him in a proceeding was obtained via allegedly illegal electronic surveillance.

Therefore, under circumstances where § 3504 applies, the government would be required to affirm or deny the occurrence of the surveillance only when a defendant makes a colorable claim that evidence is inadmissible because it was “the primary product of” or “obtained by the exploitation of” allegedly unlawful electronic surveillance as to which he is aggrieved.

Then it included a [sealed material redacted] notice.

Which seems tantamount to admission that EO 12333 data was used to identify Muhtorov, but that in some way his prosecution was did not arise from that data as a “primary product.”

Muhtorov was IDed in a chat room alleged to have ties to the Islamic Jihad Union, which I presume though don’t know is hosted overseas. So that may have  been EO 12333 surveillance. But it may be that his communications on it were collected via 702 using the Internet dragnet as an index.

Is the government arguing that using a dragnet the FISC declared to be in violation of FISC orders only as a Dewey Decimal system for other surveillance doesn’t really count?

NSA’s Dysfunctional Post-Tasking Checks

I noted this in both my working threads on the NSA, CIA and FBI minimization procedures, but it deserves more attention. Sometime in the last several years, the process by which NSA determines whether something they’ve collected is of a person in the US started going flukey, during certain periods. So now there’s a subset of data that analysts — at NSA, CIA, and FBI — all have to check for foreignness before they use it. That also means there is US person data that has been collected but not properly identified.

All three minimization procedures have a paragraph like this:

In the event that NSA seeks to use any information acquired pursuant to section 702 during a time period when there is uncertainty about the location of the target of the acquisition because the [redacted] post-tasking checks described in NSA’s section 702 targeting procedures, NSA will follow its internal procedures for determining whether such information may be used (including, but not limited to, in FISA applications, section 702 targeting, and disseminations). Except as necessary to assess location under this provision, NSA may not use or disclose any information acquired pursuant to section 702 during such time period unless NSA determines, based on the totality of the circumstances, that the target is reasonably believed to have been located outside the United States at the time the information was acquired. If the NSA determines that the target is reasonably believed to have been located inside the United States at the time the information was acquired, such information will not be used and will be promptly destroyed.

Both the fact that this section appears in the Destruction of Raw Data section in NSA’s SMPs (and not the section dedicated to challenges with upstream collection), and the fact that it appears in both the CIA and FBI SMPs (suggesting this is data they’d be getting in raw format, which they don’t get from upstream collection), suggest that this is general 702 data, not upstream data, where NSA has been known to have had a problem in the past.

The fact that the same paragraph, almost verbatim, shows up in all three places, plus the language about using such data for FISA applications, suggests this language came from or is in the SMPs to keep the FISA Court happy. Indeed, there’s probably a nice FISC opinion that explains how FISC learned that NSA’s targeting process was flawed.

We know this problem was identified sometime between October 2011 and July 2014 because this language doesn’t show up in the 2011 NSA SMPs. There are few things that are identifiable in the Intelligence Oversight Board reports that could be a dysfunction that would merit a FISC order, though there are a number — such as these two redacted paragraphs on Systems Errors in the middle of the FISA section of the Q1 2013 (which covers the last three months of 2012) report that might be such a problem.

Screen Shot 2015-02-25 at 8.56.26 AM

Or perhaps the problem is even more recent, meaning it would have been reported in the 2 years of IOB reports we don’t have.

To be sure, it appears FISC has required that all agencies accessing raw data do the kind of location checks that the failed system would otherwise have done. So US person data won’t be used, it’ll just sit in NSA’s (or CIA or FBI’s) servers until it is discovered.

But this is one of a number of examples we see in the IOB reports (the purge process, which was also not working for a while, is another; that seems to have been or is being fixed with the Master Purge List that appears in these SMPs) where the software checks designed to protect Americans failed. That doesn’t indicate any animus or ill-intent. But it does suggest the complexity of this system continues to result in failures that — regardless of intent — also present a privacy risk.

Does the FBI STILL Have an Identity Crisis?

I’ve finished up my working threads on the NSA, CIA, and FBI Section 702 minimization procedures. And they suggest that FBI has an identity crisis. Or rather, an inability to describe what it means by “identification of a US person” in unclassified form.

Both the NSA and CIA minimization procedures have some form of this definitional paragraph (this one is NSA’s):

Identification of a United States person means (1) the name, unique title, or address of a United States person; or (2) other personal identifiers of a United States person when appearing in the context of activities conducted by that person or activities conducted by others that are related to that person. A reference to a product by brand name, or manufacturer’s name or the use of a name in a descriptive sense, e.g., “Monroe Doctrine,” is not an identification of a United States person.

Even though the FBI minimization procedures have a (briefer than NSA and CIA’s) definitional section and gets into when someone counts as US person from a geographical standpoint, it doesn’t have the equivalent paragraph on what they consider US person identifying information, which is central to minimization procedures.

Now, I might assume that this is just an oversight, something FBI forgot to incorporate as it was writing its own 702 minimization procedures incorporating what NSA has done.

Except that we know the FBI has suffered from this same kind of identity crisis in the past, in an analogous situation. As Glenn Fine described in the 2008 Inspector General Report on Section 215 (the one the successor for which has been stalled for declassification review for over 6 months), the FBI never got around to (and almost certainly still hasn’t gotten around to, except under modifications from the FISA Court) complying with Section 215’s requirement that it adopt minimization procedures specific to Section 215.

One holdup was disagreement over what constituted US person identifying information.

Unresolved issues included the time period for retention of information, definitional issues of “U.S. person identifying information,” and whether to include procedures for addressing material received in response to, but beyond the scope of, the FISA Court order; uploading information into FBI databases; and handling large or sensitive data collections.

(Note, there’s very good reason to believe FBI is still having all these problems, not least because several of them showed up in Michael Horowitz’ NSL IG Report last year.)

One problem Fine pointed out is that the AG Guidelines adopted in lieu of real minimization procedures don’t provide any guidance on when US identifying information is necessary to share.

When we asked how an agent would determine, for example, whether the disclosure of U.S. person identifying information is necessary to understand foreign intelligence or assess its importance, the FBI General Counsel stated that the determination must be made on a case-by-case basis.

While NSA’s 702 SMPs do lay out cases when FBI can and cannot share US person identifying information (those are, in some ways, less permissive than CIA’s sharing guidelines, if you ignore the entire criminal application and FBI’s passive voice when it comes to handling “sensitive” collections), if the guidelines for what counts as PII are not clear — or if they’re expansive enough to exempt (for example) Internet handles such as “emptywheel” that would clearly count as PII under NSA and CIA’s SMPs, then it would mean far more information on Americans can be shared in unminimized form.

And remember, FBI’s sharing rules are already far more lenient than NSA’s, especially with regards to sharing with state, local, and other law enforcement partners.

Call me crazy. But given the FBI’s past problems defining precisely this thing, I suspect they’re still refusing to do so.

Working Thread: 702 Minimization Procedures (NSA and CIA)


These SMPs have not changed significantly since they were changed in the wake of the 2011 upstream ruling. The exceptions are:

(1) “of information, including non-publicly available information” was added to the first paragraph. This may suggest NSA is also using publicly available information (which you would think they would anyway, if only to integrate public Twitter and other social media) in their analysis.

(1) The third paragraph (which has a counterpart in FBI SMPs) is new. I wonder whether there have been IG access problems in the past, notably when both FBI and NSA did big 702 IG Reports in 2012?

(2) (f) I’ve added this to the FBI SMPs. But NSA and CIA SMPs, unlike FBI ones, include this language defining what identification means. FBI has been dodging this on other issues as well in recent years (including the illusory 215 SMPs), so I suspect its lack of such language suggests FBI’s interpreting it very narrowly.

(2) (j) Some of these paragraphs now marked unclassified, such as this one, were marked S/SI in 2011. That you Snowden.

(3) (k)(3) This changes an automatic loss of USP rights if someone loses their resident alien status from the 2011 SMPs.

(3) (b)(1) In 2011, this paragraph specified “in processing cycle” in the earliest practicable point, suggesting it may have gotten moved later.

(4) This takes out a paragraph (formerly paragraph 3) on retaining storage tapes.

(4) (1)(a) The “including metadata” language is newly unredacted, as another reference to obtaining metadata from upstream collection also is.

(5) Through these SMPs, including at (b)(1), add language about how to deal with upstream transactions, permitting the use of them if they’re targeted and aren’t all USPs.

(6) Paragraph 4 is the other newly unredacted discussion of metadata use.

(7-8) The destruction paragraphs 3 and 4 are both entirely new. The 2011 stuff seems to reflect a decision at the end of 2011 to destroy its upstream USP transactions. The litigation paragraph reflects some other language elsewhere.

(8) Paragraph e has counterparts in the FBI and CIA SMPs, suggesting there was a significant problem with location tracking. Unless I’m mistaken, that doesn’t show up in IOB reports (as, for example, the purge tool does).

(9) There are more strictures in place for deciding to keep domestic communications.

(10) The last (unnumbered) paragraph on the page adds the ability to share target location.

(11) Note the reference to the Master Purge List, which was a big issue in recent years (because it wasn’t functioning the way it was supposed to).


(1-2) CIA has better repository language than FBI.

(2) Note NCS Director gets to decide to retain things longer than 5 years (though I would assume this would change if Brennan gets his Cyber expansion).

(2) CIA gets to keep unminimized USP data if they “may be a target of intelligence activities of a foreign power.”

(2) As with NSA (though their language is different), the CIA gets to keep USP data if “a United States person has engaged or may be engaging in the unauthorized disclosure of properly classified national security information.” Surely the FBI gets to keep this too, they just describe it differently.

(2) I do believe this USP retention is unique to CIA:

The information concerns corporations or other commercial organizations the deletion of which would hamper the correlation of foreign intelligence information on the same subject;

(3) Amid a slew of USP retention clauses (including one for people who pose a threat of sabotage to any US IC facility, which is problematic), there’s entirely redacted h. My guess is this is about people who facilitate terrorism but who aren’t terrorists (or perhaps who read stuff that is bad).

(3) As with FBI, the metadata paragraph (4a) is fairly broad, and permits copying of all such metadata.

(4) As with FBI, there’s this oblique paragraph (4b) that doesn’t require tracking of queries that don’t get to the underlying FISA data.

(4) CIA, unlike FBI and NSA, explicitly limits the technical database to technical personnel.

(5) CIA has a paragraph like FBI and NSA permitting them to keep data for a year to assess whether they’ve been compromised.

(5) CIA’s Attorney Client paragraph is similar to what FBI’s used to be.

(6) It’s odd that CIA has a long passage on federal translators or technical assistance, whereas NSA has its international one. I’d expect CIA to rely on other governments too (though it does have a foreign govt dissemination section too, of similar length).

(6) Unsurprisingly, CIA has multiple ways to share with foreign governments, all but translation redacted.

(9) Bizarrely, an entire big paragraph is redacted to end the SMPs. It probably deals with USP (or domestically collected) data, by context, but that’s a WAG.

How Internet Dragnettery Got Way More Permissive Under PRISM

I’m finally working through the minimization procedures released earlier this month as part of the blitz claiming that the Intelligence Community has made big changes in the year since President Obama’s surveillance speech. Here’s my first working thread, on FBI’s Section 702 minimization procedures (SMPs).

The SMPs provide one sense of why the NSA shut down the Internet dragnet in 2011. As a court filing last year made clear, one of the places the Internet metadata analysis moved to was Section 702. And FBI’s SMPs show that collecting and analyzing metadata via PRISM would be far more permissive in a number of ways than doing it under the rules laid out under the PRTT orders.

The first reason is obvious: whereas the PRTT dragnet could only be used for terrorism purposes, FBI can pull metadata from foreign selectors identified for any number of reasons: there are counterterrorism and counterproliferation certificates, as well as a foreign government one that appears to get used very broadly, including to cover hackers, which the government seems to treat as a counterintelligence function.

Moreover, FBI can disseminate metadata results far more broadly. It can disseminate USP data for all foreign intelligence information, which would include counterterrorism, counterproliferation, and (assuming they’re treating hacking as a clandestine intelligence activity) hackers. And it can disseminate such metadata analysis to state, local, tribal, and other agencies. There’s only protection for USP identities if FBI pulled it for foreign power purposes (that is, who’s chatting with Angela Merkel).

Those receiving the data would be told there are SMPs, but they wouldn’t require any training to receive such query results.

And that’s all before you consider that FBI can “transfer some or all such metadata to other FBI electronic and data storage systems,” which seems to broaden access to it still further.

Users authorized to access FBI electronic and data storage systems that contain “metadata” may query such systems to find, extract, and analyze “metadata” pertaining to communications. The FBI may also use such metadata to analyze communications and may upload or transfer some or all such metadata to other FBI electronic and data storage systems for authorized foreign intelligence or law enforcement purposes.

In this same passage, the definition of metadata is curious.

For purposes of these procedures, “metadata” is dialing, routing, addressing, or signaling information associated with a communication, but does not include information concerning the substance, purport, or meaning of the communication.

I assume this uses the very broad definition John Bates rubber stamped in 2010, which included some kinds of content. Furthermore, the SMPs elsewhere tell us they’re pulling photographs (and, presumably, videos and the like). All those will also have metadata which, so long as it is not the meaning of a communication, presumably could be tracked as well (and I’m very curious whether FBI treats location data as metadata as well).

Using PRISM data, it would be far, far easier to “correlate” multiple identities, so as to show (for example) all the people chained off of one person’s multiple Google identities, because the providers know these (note, too, this seems to have been something the government started asking Yahoo for months after Protect America Act started).

Then there’s retention. While some of the key numbers are redacted, the base retention level for FBI 702 data is 5 years, and for data deemed to have a foreign intelligence purpose it is longer — perhaps as long as the 20 and 30 year retention for FBI records (plus 5 years on the front end). So whereas the NSA had to throw out the underlying data after 4.5 and, for a period, 5 years, they can keep underlying data far longer at the FBI.

Finally, there’s tracking. It appears the FBI doesn’t have to track the metadata queries it makes at all.

The FBI shall identify FISA-acquired information in its storage systems, other than those used solely for link analysis of metadata, that has been reviewed and meets those standards.2

2 Although the FBI need not mark metadata as meeting the retention standards or as having been disseminated, the FBI must still assess whether the metadata meets the requirements for dissemination pursuant to Section V prior to actually disseminating the information.

Indeed, this may be the real problem for FBI’s counting of back door searches — that they don’t require the tracking of metadata queries at all.

And I think it’s possible (though I’m less sure about this) the curious language I noted in USA Freedom Act exempting communications metadata from cloud providers may also hide what isn’t already protected under back door searches, basically not counting this metadata collection as such.

So whereas under the PRTT program the NSA tracked every single metadata query, using PRISM data there’d be almost no tracking at all.

There are, I think, just two limits in using PRISM to do Internet dragnettery (but remember, some of this almost certainly moved overseas under SPCMA as well, which wouldn’t have these particular limits). First, depending on how a provider retains their data (and how long a user retains her own communications), the FBI might not have access to 5 years of communications data when it first started tracking someone (though it seems NSA primarily needed 2 years, and given how long people keep email, there’d often be far more than 5 years available).

And finally — and this is a significant one — there’s the requirement that the government only target people overseas. So unless FBI is permitted to pull two or three degrees of communication off of targets (and they might be!), it would harder, though not impossible, to show internal communication patterns.

Still, I can see how they’d find the PRTT dragnet to have performance limits. Because, for the purpose of tracking those with ties to known overseas threats, pulling metadata from PRISM would be far permissive if you did it at FBI.


Working Thread: 702 Minimization Procedures (FBI)


(2) Does the exclusion of data acquired with consent incorporate the Third Party doctrine assumption that you’ve given your metadata over willingly? Because the FBI is using 702 acquired data for metadata analysis.

(2) The definitions of who is and who is not a USP are very very permissive. That’s because being outside the US or “not known” is presumptively a non-USP — but we know they claim not to track location that closely. So it’s presumably very easy for them to not know and keep tracking a USP. Moreover, the IOB and 702 IG report show that the FBI doesn’t necessarily double check NSA data on location, so they may not learn even if NSA has subsequently learned someone is a USP.

(3) How many contractors are included in this definition of FBI personnel? And do they include “contractors” who troll chat rooms for potential targets?

(3) This states the procedures should not limit lawful oversight of among other things, the appropriate IGs. So why is DOJ IG having such a hard time tracking things like this?

(3-4) FBI can keep 702 data for up to a year to conduct security assessments of its own systems. Why would 702 data be targeted like that?

(4) This section appears to be the directly acquired data–so why is ODNI still redacting the description of it?

(4) What does FBI mean by “end user” among those who have to delete data that has been improperly collected? Does it include data handed onto localities?

(5) Note the specific permission for multiple users accessing information simultaneously “or sequentially” and sharing back and forth. What’s that about? Also, I’m struck by the absence of any requirement on login credentials, as NSA procedures often include. Is it possible FBI only audits this via log? And how is the log generated?

(5) Note the SMPs specifically include photos among FISA data.

(6) As with the NSA, the FBI is permitted to keep data that has been determined to be USP data if it is information “retained for cryptanalytic, traffic analytic, or signal exploitation process.” While this determination is supposed to happen on a communication-by-communication basis (which should work out to be more restrictive than NSA), it also broadly permits FBI to keep anything encrypted, even if it’s USP data collected domestically.

(7) If people “assisting in a lawful and authorized governmental function” are not doing it as part of their job duties, it seems to suggest sharing outside of professionals. Again, that could include broadly defined “consultants.”

(7) The audit language appears to require only audits of people who’ve accessed raw data, not what they’ve done while accessing it.

(7-8) This language appears to permit the FBI to retroactively reclassify something FI data. This permissiveness would seem to breed permanent retention.

(8) Those getting 702 data aren’t apparently required to go through training; they’re just informed the SMPs exist. This is one of a number of ways that FBI’s SMPs are more lenient than NSA’s, precisely on information sharing.

(8) What does this mean, legally? “Such personnel shall exercise reasonable judgment in making such determinations” [about whether something is foreign intelligence, important, or evidence of a crime]?

(9) The footnote on metadata is key: the FBI case managers don’t have to identify whether metadata has been disseminated, nor that it has met retention standards. This means the standards on PRISM-acquired metadata are vastly more lenient than they were under the PRTT program.

(10) SMPs use the passive voice when instructing people “particular care should be taken” when reviewing sensitive information. A classic rule in procedures writing is if you don’t intend the procedures to work, write them in the passive voice.

Information that reasonable appears to be foreign intelligence information, necessary to understand foreign intelligence information, or necessary to assess the importance of foreign intelligence information may be retained, processed, and disseminated in accordance with these procedures even if it is sensitive information.

(11) I’m wondering if the redaction talks about how those not authorized to access this data can get others to do so for them (as was indicated in PCLOB).

(11) This is interesting. After saying that queries need to be tracked (see above for my concern about whether these queries are audited), it says this:

For purposes of this section, the term query does not include a user’s search or query of an FBI electronic and data storage system that contains raw FISA-acquired information, where the user does not receive the raw FISA-acquired information in response to the search or query or otherwise have access to the raw FISA-acquired information that is searched.

This seems to suggest, first of all, that if someone queries data they shouldn’t, no record will be kept. But also recall my suspicions about how defeat lists work, including that informants would be defeated from a lot of kinds of searches. That means (if my guess is correct) that FBI would never be held accountable for researching on one of their informants but getting no return. Consider how this would work if, for example, Tam Tsarnaev was informing for FBI, as some evidence suggests he was.

(11) More on the permissions involving metadata:

Users authorized to access FBI electronic and data storage systems that contain “metadata” may query such systems to find, extract, and analyze “metadata” pertaining to communications. The FBI may also use such metadata to analyze communications and may upload or transfer some or all such metadata to other FBI electronic and data storage systems for authorized foreign intelligence or law enforcement purposes. For purposes of these procedures, “metadata” is dialing, routing, addressing, or signaling information associated with a communication, but does not include information concerning the substance, purport, or meaning of the communication.

Bet you $100 there’s a juicy FISC opinion on this. Note, especially, that FBI clearly has access to stuff that is metadata but that has nothing to do with a communication. These SMPs already told us they’re also getting photos. They also don’t comment, one way or another, about location.

(12) As with NSA under 12333 but not their old 702 SMPs, FBI has to consult with GC on whether something is privileged. Doesn’t that suggest you already haven’t protected it enough? But note how weak the “shall consult as appropriate” language is.

(12) Most of the Attorney Client language is redacted, but it seems they primary focus on stuff targeted at that person, and not necessarily other data.

(13) It’s very clear, however, that the FBI permits itself to listen to protected communications, even those who have been charged locally.

(16) It appears NSA has a fairly persistent post-tasking problem determining location (is this just upstream collection?). I wonder if this passage was a response to the 2012 IG Report.

(17) Paragraph 3 affirmatively ensures that USP identities must “are accessible when a search or query is conducted or made of FISA-acquired information.” I’m curious how this works, above, when some of this might not show up in queries. I’m just as interested by the “when a search or query is conducted or made.” Why use this construction? Does this suggest something about searches that are substantively different than queries?

(17) Who all is included in those working at “others working at [prosecutors] discretion”?

(19) Prosecutors can access raw FISA data with Assistant Director approval.

(20) FBI has a retention exemption of metadata:

The FBI is authorized to retain data in electronic and data storage systems other than those solely used for link analysis of metadata…

(20) FBI can retain data it has never reviewed longer than 5 years if they say it contains “significant foreign intelligence information.”

(20) Even after deciding information is not FI, it will be retained for an additional period after the certification used to collect it expires. Apparently, if that data responds to a search, the searcher must get approval from the Assistant Director or that person’s designee to gain full access to this info. What officially counts as the expiration date, I’m not sure. Note that if this is held in an ad hoc database, it gets destroyed 5 years after the expiration of the cert.

(24) Does paragraph 2 say this doesn’t get audited as closely as more established databases?

(24) Of course there’s the indefinite decryption provision (though it is triggered to when the data is “subject to cryptanalysis.”

(25) Interesting redaction of FBI’s analytical techniques. Does that hide that FBI is permitted more pattern analysis than NSA, which is supposed to be limited for some of this to link analysis?

(28) FBI makes a dissemination distinction between foreign intelligence info (related to a threat), which can include USP data, and foreign power intelligence (not), which can only include USP data if necessary.

(28) This section does not list the crimes that Bob Litt listed (except for child porn).

(29) Go back and compare foreign govt redactions with 2006 SMPs.

(30) Why doesn’t FBI have to report foreign disseminations to foreign govts?

(32) I think the NCTC language is designed to hand entire investigative files over (by case type — so presumably using  a terrorism designation). This would seem to include significant tangential data. Also, is this limited to foreign terrorism?

(33) I believe the language in the computer intrusion dissemination is more lenient than language on info sharing.

(33) The serious harm designation matches NSA’s, in that it permits serious harm to property.

(21) Note how the original copy gets saved for 5 years but then can still be granted on a case-by-case basis. How?

(21) Paragraph 3 doesn’t say it, but the “any other form” must be the 20/30 year retention practices.

(22) Retention for time outside of retention limits for litigation reasons must be documented. Where? Is it kept with the investigative file? Would defense attorneys ever learn of it?

(23) The ad hoc section repeats the “unconsenting” language, again raising questions of whether they’re making a Third Party doctrine argument.

(##) A general comment. Other SMPs state very clearly what they mean by “US person identity” (these focus only on USP). We know from Section 215 discussions that FBI fights for very liberal definitions of what counts as an identifier (presumably not counting a unique email or phone number). So presume that applies here as well.

Judge White Makes Crucial Error While Capitulating to State Secrets, Again

Judge Jeffrey White, who has been presiding over the EFF’s challenges to warrantless wiretapping since Vaughn Walker retired, just threw out part of Carolyn Jewel’s challenge to the dragnet on standing and state secrets ground (h/t Mike Scarcella).

Based on the public record, the Court finds that the Plaintiffs have failed to establish a sufficient factual basis to find they have standing to sue under the Fourth Amendment regarding the possible interception of their Internet communications. Further, having reviewed the Government Defendants’ classified submissions, the Court finds that the Claim must be dismissed because even if Plaintiffs could establish standing, a potential Fourth Amendment Claim would have to be dismissed on the basis that any possible defenses would require impermissible disclosure of state secret information.

White also does what no self-respecting judge should ever do: cite Sammy Alito on Amnesty’s “speculative” claims about Section 702 collection in Amnesty v. Clapper, which have since been proven to be based off false government claims.

In Clapper, the Court found that allegations that plaintiffs’ communications were intercepted were too speculative, attenuated, and indirect to establish injury in fact that was fairly traceable to the governmental surveillance activities. Id. at 1147-50. The Clapper Court held that plaintiffs lacked standing to challenge NSA surveillance under FISA because their “highly speculative fear” that they would be targeted by surveillance relied on a “speculative chain of possibilities” insufficient to establish a “certainly impending” injury.

Also along the way, White claims the plaintiffs had made errors in their depiction of the upstream dragnet.

But I’m fairly certain he has done the same when he claims that only specific communications accounts can be targeted under both PRISM and upstream Section 702 collection.

Once designated by the NSA as a target, the NSA tries to identify a specific means by which the target communicates, such as an e-mail address or telephone number. That identifier is referred to a “selector.” Selectors are only specific communications accounts, addresses, or identifiers. (See id; see also Privacy and Civil Liberties Oversight Board Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act (“PCLOB Report”) at 32-33, 36.)

Indeed, his citation to PCLOB doesn’t support his point at all. Here are what I guess he means to be the relevant sections.

The Section 702 certifications permit non-U.S. persons to be targeted only through the “tasking” of what are called “selectors.” A selector must be a specific communications facility that is assessed to be used by the target, such as the target’s email address or telephone number.113 Thus, in the terminology of Section 702, people (non-U.S. persons reasonably believed to be located outside the United States) are targeted; selectors (e.g., email addresses, telephone numbers) are tasked.


Because such terms would not identify specific communications facilities, selectors may not be key words (such as “bomb” or “attack”), or the names of targeted individuals (“Osama Bin Laden”).114 Under the NSA targeting procedures, if a U.S. person or a person located in the United States is determined to be a user of a selector, that selector may not be tasked to Section 702 acquisition or must be promptly detasked if the selector has already been tasked.115


The process of tasking selectors to acquire Internet transactions is similar to tasking selectors to PRISM and upstream telephony acquisition, but the actual acquisition is substantially different. Like PRISM and upstream telephony acquisition, the NSA may only target non-U.S. persons by tasking specific selectors to upstream Internet transaction collection.131 And, like other forms of Section 702 collection, selectors tasked for upstream Internet transaction collection must be specific selectors (such as an email address), and may not be key words or the names of targeted individuals.132

First of all, unless they’ve changed the meaning of “such as” and “for example,” PCLOB’s use of email and telephone numbers is not exhaustive (though it does mirror the party line witnesses before PCLOB used, and accurately reflects PCLOB’s irresponsible silence on the use of 702 — upstream and downstream — for cybersecurity, even after ODNI has written publicly on the topic). Indeed, the NSA uses other selectors, including cyberattack signatures, in addition to things more traditionally considered a selector.

And given the government’s past, documented, expansion of the term “facility” beyond all meaning, there’s no reason to believe the government’s use of “use” distinguishes appropriately between participants in communications.

Ah well, all that discussion probably counts as a state secret. A concept which is getting more and more farcical every year.

Update: Clarified to note this is only partial summary judgment.

1 2 3 135
Emptywheel Twitterverse
bmaz .@papicek @CNN Yep, it is an enduring question, no? Problem is, they'e the best cable news. Which says everything about crappjness of rest
bmaz Hey @CNN, you have a prime time hour for "the shroud of turin", but not Global Warming? What kind of charlatans are you??
emptywheel RT @RachelBLevinson: Why the FBI needs to protect its intelligence whistleblowers, by @BrennanCenter's Mike German.
emptywheel RT @kurtopsahl: C'mon guys. Couldn't the unmarked surveillance van in front of @EFF be a little more subtle?
emptywheel I noted Petraeus plea DOESN'T say "All In" contains no classified info. Looks like it might.
emptywheel RT @PDShinkman: Very strange coincidences b/w dates in Petraeus court docs & notes in Broadwell's "All In": http://t…
emptywheel @onekade Shush. You're making trouble w/@joelsilberman (who will probably forgive you bc you have a stylish queer look, unlike me).
emptywheel @onekade @joelsilberman should train you some. He'll be happy to know you're not allergic to lipstick which can be problematic.
emptywheel @onekade Did you ever get @joelsilberman training (tho don' think you need it much)? @HumorlessQueers
emptywheel @onekade You were oversharing again, weren't you? ;p
emptywheel @billmon1 It worked for Bush. @TimothyS
emptywheel @onekade You do posts on what you didn't have time to say? Is that a millennial thing?
March 2015
« Feb