John Oliver did an interview with Edward Snowden that aired on his show last night. After showing Snowden that most random people stopped in Times Square didn’t know or care what Snowden had done (starting at 22:30), Oliver then showed that they would care if this were all about the government collecting dick pics.
So Snowden goes through and describes (after 28:00) what authorities the government might use to collect dick pics, focusing largely on different aspects of Section 702 and EO 12333. But (at 30:00), Snowden says the NSA (Oliver should have been asking about the government, not NSA) couldn’t use Section 215 to get dick pics, though they could use the phone dragnet to find out if you’ve been calling a penis enlargement center.
Not so fast, Ed!
It is, hypothetically, possible that the government (more likely FBI than NSA) could use Section 215 to get dick pics, provided there were some entity that had a collection of dick pics it was interested in. It would only 1) need to find that entity that had these dick pics as records, 2) come up with some reason why they needed the dick pics for either a counterterrorism or counterintelligence purpose, and 3) convince the rubber stamp FISA Court that these dick pics were “relevant to” a counterterrorism or counterintelligence FBI investigation (which we know FISC interprets unbelievably broadly) but that FBI wasn’t seeking the dick pics solely on the basis of the target’s First Amendment protected, um, speech. Hypothetically possible, at least, if unlikely. A dick pic is a tangible thing.
Furthermore, it is almost certain that the FBI (again, not the NSA, but if the FBI does it, it is more likely targeted at an American) is using Section 215 to get URL searches and data flows — along with fairly comprehensive online profiles — on users. So in addition to Snowden’s explanation of using the phone dragnet to see if you’ve called a penis enlargement center, the FBI may be using Section 215 to track a user’s porn watching habits and even if they’ve been uploading their own dick pics to some server. There likely are dick pics in this collection (though the FISC almost certainly requires minimization if the collection, so may limit the FBI’s ability to retain dick pics unless it can claim it needs them for an investigative purpose). (Though note, a recent Shane Harris story reveals NSA needs its own porn room because its analysts spend so much time analyzing what they collect.)
Again, Section 215 is far more than the phone dragnet, it is designed to support fairly creative collection of “tangible things” so long as there is an attenuated national security purpose to do so, and we know it supports a great deal of collection on users’ Internet use.
And while dick pics might be just a hypothetical case, far easier to imagine would be FBI using Section 215 to obtain DNA — perhaps from hospitals, perhaps from hotels where targets had stayed, obviously from cops (though they could get that through info sharing). DNA is, after all, a tangible thing. And we know that the government has a DNA database of Gitmo detainees, so they have been amassing DNA to positively ID both the targets but also family members of targets.
One more note. Several of the ways the NSA has gotten dick pics — via Yahoo video chats, stealing from Google servers overseas — may have become less accessible to the government overseas as companies move to encrypt more of their traffic. I assume they’ll find some new way to get these. But for the moment, the government may be ingesting fewer dick pics than they were in 2013.
On September 14, 2001 — 3 days before signing an expansive Memorandum of Notification that would authorize a suite of covert operations against al Qaeda, and 4 days before signing an AUMF that would give those operations the appearance of Congressional sanction — President Bush declared a National Emergency in response to the 9/11 attack.
The following day, according to a 2002 motion to the FISC to be able to share raw FISA-derived information with CIA and NSA (this was liberated by Charlie Savage), FISC suspended its rules on sharing intelligence derived under FBI-obtained FISA warrants with criminal investigations (see page 26 of this paper for background).
On September 15, 2001, upon motion of the Government, the [FISA] Court suspended the “Court wall,” certification, and caveat requirements that previously had applied to Court-authorized electronic surveillance and physical search of [redacted] related targets, while directing that the FBI continue to apply the standard minimization procedures applicable in each case. As stated in the order resulting from that motion, the Court took this action in light of inter alia:
“the President’s September 14, 2001, declaration of a national emergency and the near war conditions that currently exist;”
“the personal meeting the Court had with the Director of the FBI on September 12, 2001, in which he assured the Court of the collection authority requested from this Court in the face of the nature and scope of the multi-faced response of the United States to the above-referenced attacks;
“the need for the Government to rapidly disseminate pertinent foreign intelligence information to appropriate authorities.”
Ten days after FISC dismantled its role in “the wall” between intelligence and criminal investigations in response to the Executive’s invocation of a National Emergency, on September 25, 2001, John Yoo finished an OLC memo considering the constitutionality of dismantling the wall by replacing “the purpose” in FISA orders with “a purpose.”
A full month later, on October 25, 2001, Congress passed the PATRIOT Act. For over 13 years, analysis of the PATRIOT Act has explained that it eliminated “the wall” between intelligence and criminal investigations by replacing language requiring foreign intelligence be “the purpose” of FISA wiretaps with language requiring only that that be “a significant purpose” of the wiretap. But the FISC suspension had already removed the biggest legal barrier to eliminating that wall.
In other words, the story we’ve been telling about “the wall” for over 13 years is partly wrong. The PATRIOT Act didn’t eliminate “the wall.” “The wall” had already been suspended, by dint of Executive Proclamation and a secret application with the FISC, over a month before the PATRIOT Act was initially introduced as a bill.
FISC suspended it, without congressional sanction, based on the President’s invocation of a National Emergency.
That’s not the only case where the Executive invoked that National Emergency in self-authorizing or getting FISC to authorize expansive new surveillance authorities (or has hidden the authorities under which it makes such claims).
Perhaps most illustratively, on May 6, 2004, Jack Goldsmith pointed to the National Emergency when he reauthorized most aspects of Stellar Wind.
On September 14, 2001. the President declared a national emergency “by reason of the terrorist attacks at the World Trade Center, New York, New York, and the Pentagon, and the continuing and immediate threat of further attacks on the United States.” Proclamation No. 7463, 66 Fed. Reg. 43, !99 (Sept. 14, 2001). The United States also launched a massive military response, both at home and abroad. In the United States, combat air patrols were immediately established over major metropolitan areas and were maintained 24 hours a day until April 2002, The United States also immediately began plans for a military response directed at al Qaeda’s base of operations in Afghanistan.
Only after invoking both the Proclamation and the immediate military response that resulted did Goldsmith note that Congress supported such a move (note, he cited Congress’ September 14 passage of the AUMF, not Bush signing it into law on September 18, thought that may be in part because Michael Hayden authorized the first expansions of surveillance September 14; also remember there are several John Yoo memos that remain hidden) and then point to an article on the friendly-fire death of Pat Tillman as proof that combat operations continued.
On September 14, 2001, both houses of Congress passed a joint resolution authorizing the President “to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks” of September I I. Congressional Authorization § 2(a). Congress also expressly acknowledged that the attacks rendered it “necessary and appropriate” for the United States to exercise its right “to protect United States citizens both at home and abroad,” and acknowledged in particular that the “the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the United States.” id. pmbl. Acting under his constitutional authority as Commander in Chief, and with the support of Congress, the President dispatched forces to Afghanistan and, with the cooperation of the Northern Alliance, toppled the Taliban regime from power Military operations to seek out resurgent elements of the Taliban regime and al Qaeda fighters continue in Afghanistan to this day. See, e.g., Mike Wise and Josh White, Ex-NFL Player Tillman Killed in Combat, Wash. Post, Apr. 24, 2004, at AI (noting that “there are still more than 10,000 U.S. troops in the country and fighting continues against remains of the Taliban and al Qaeda”).
That is, even in an OLC memo relying on the AUMF to provide legal sanction for President Bush’s systematic flouting of FISA for 2.5 years, Goldsmith relied primarily on the National Emergency Proclamation, and only secondarily on Congress’ sanction of such invocation with the AUMF.
The White Paper released in 2006 largely regurgitating Goldsmith’s opinion for more palatable consumption mentions the AUMF first in its summary, but then repeats Goldsmith’s emphasis on the Proclamation in the background section (see pages 2 and 4).
Paragraphs that may discuss such authorizations get redacted in the 2006 application to move content collection under FISC (see page 6). The entire background section (starting at page 5) of the initial Internet dragnet application is also redacted. While we can’t be sure, given parallel claims made in the same 2004 to 2006 period, it seems likely those memoranda also repeated this formula.
Such a formula was definitely dropped. The 2006 memorandum in support of using Section 215 to create a phone dragnet included no mention of authorities. The 2007 memorandum to compel Yahoo to fulfill Protect American Act orders cites PAA, not Emergency Declarations.
But the formula was retained in all discussions of the Administration’s illegal wiretap program in secret declarations submitted in court in 2006, 2007, and 2009, being repeated again in an unclassified 2013 declaration. While these declarations likely all derive, at least in part, from Goldsmith’s memo, it’s worth noting that the government has consistently suggested it could conduct significant surveillance programs without Congressional sanction by pointing to the that National Emergency Proclamation.
This is the precedent I meant to invoke when I expressed concern about President Obama’s expansive Executive Order of the other day, declaring a National Emergency because of cybersecurity.
Ranking House Intelligence Member Adam Schiff’s comment that Obama’s EO is “a necessary part of responding to the proliferation of dangerous and economically devastating cyber attacks facing the United States,” but that it will be “coupled with cyber legislation moving forward in both houses of Congress” only adds to my alarm (particularly given Schiff’s parallel interest in giving Obama soft cover for his ISIL AUMF while having Congress still involved). It sets up the same structure we saw with Stellar Wind, where the President declares an Emergency and only a month or so later gets sanction for and legislative authorization for actions taken in the name of that emergency.
And we know FISC has been amenable to that formula in the past.
We don’t know that the President has just rolled out a massive new surveillance program in the name of a cybersecurity Emergency (rooted in a hack of a serially negligent subsidiary of a foreign company, Sony Pictures, and a server JP Morgan Chase forgot to update).
We just know the Executive has broadly expanded surveillance, in secret, in the past and has never repudiated its authority to do so in the future based on the invocation of an Emergency (I think it likely that pre FISA Amendments Act authorization for the electronic surveillance of weapons proliferators, even including a likely proliferator certification under Protect America Act, similarly relied on Emergency Proclamations tied to all such sanctions).
I’m worried about the Cyber Intelligence Sharing Act, the Senate version of the bill that Schiff is championing. But I’m just as worried about surveillance done by the executive prior to and not bound by such laws.
Because it has happened in the past.
Update: In his October 23, 2001 OLC memo authorizing the President to suspend the Fourth Amendment (and with it the First), John Yoo said this but did not invoke the September 14, 2001 proclamation per se.
As applied to the present circumstances, the [War Powers Resolution] signifies Congress’ recognition that the President’s constitutional authority alone enables him to take military measures to combat the organizations or groups responsible for the September 11 incidents, together with any governments that may have harbored or supported them, if such actions are, in his judgment, a necessary and appropriate response to the national emergency created by those incidents.
Update: Thanks to Allen and Joanne Leon for the suspend/suspect correction.
The NYT yesterday had a story on the secrecy surrounding Stingrays including these admissions from an FBI affidavit to explain the secrecy.
A fuller explanation of the F.B.I.’s position is provided in two publicly sworn affidavits about StingRay, including one filed in 2014 in Virginia. In the affidavit, a supervisory special agent, Bradley S. Morrison, said disclosure of the technology’s specifications would let criminals, including terrorists, “thwart the use of this technology.”
“Disclosure of even minor details” could harm law enforcement, he said, by letting “adversaries” put together the pieces of the technology like assembling a “jigsaw puzzle.” He said the F.B.I. had entered into the nondisclosure agreements with local authorities for those reasons. In addition, he said, the technology is related to homeland security and is therefore subject to federal control.
In a second affidavit, given in 2011, the same special agent acknowledged that the device could gather identifying information from phones of bystanders. Such data “from all wireless devices in the immediate area of the F.B.I. device that subscribe to a particular provider may be incidentally recorded, including those of innocent, nontarget devices.”
But, he added, that information is purged to ensure privacy rights.
In response, a bunch of smart people had an interesting conversation today about why the government is so secretive about them (start at this tweet).
My wildarseguess is that they’re hiding some kind of programmatic Stingray program. I think so for three reasons:
I believe one of the best ways to see vague outlines of undisclosed domestic surveillance is to watch where the Intelligence Community is most intransigent on legislation.
When Michaels Mukasey and McConnell wrote a transparently bullshit response to a Russ Feingold effort to segregate incidentally collected US person data under FISA Amendments Act in early 2008, I guessed they were doing back door searches of that data. 4 and 5 years later (with the report on the reauthorization and Snowden disclosures, respectively), that was proven correct.
When the IC repeatedly and successfully defeated efforts to require some real connection between a target and the records collected using Section 215 in 2009 all while boasting they had used it in the Najibullah Zazi investigation, I guessed they were using Section 215 to collect bulky data. I even guessed that they had migrated Bush’s illegal wiretap program to Section 215 and PRTT (though a former prosecutor friend soon dissuaded me from pushing my PRTT analysis because, she pointed out, there was no way in hell PRTT could authorize a dragnet).
There were 3 parts of the USA Freedom Act which struck me as particularly notable in the same way. First, the government’s insistence on expanding the chaining process to include “connections” in addition to contacts; I strongly believe that indicates they ask cell companies to match up the various identities with a particular handset.
Then there were two kinds of programmatic collection that would not only not be shut down by the prohibition on bulk collection in the bill, but which were specifically excluded from individualized transparency reporting (in addition to back door searches and upstream domestic collection, but we already knew about both of those), because transparency in the bill only covered “communications.” The first is any kind of dragnet tied to a non-communication corporate name, such as a financial dragnet or hotel records. See this post for an explanation. USAF would not require individualized reporting on this collection at all. Particularly given that the bill would permit using corporate names as identifiers and would exclude that from transparency, I think reasonable people should assume that kind of bulky collection would continue unabated.
More interesting, though, the transparency provisions also appear to exempt tracking device collection from individualized reporting, because those aren’t considered “communications” from individualized transparency reporting (I believe it would also exempt cloud data but I don’t understand what this is yet). I don’t think the government could use “Harris Corporation” as a identifier (they wouldn’t need to anyway, because the FBI would be using the tool not collecting all of Harris’ data). But they could collect the tracking data on 310 million people and only need to report targets (which currently number in the hundreds, though there already is some gaming of the required US person target reporting).
Like a Stingray, which looks for one phone, but obtains the records of everyone in a cell area.
Which is why I love this quote from the NYT article:
Christopher Allen, an F.B.I. spokesman, said “location information is a vital component” of law enforcement. The agency, he said, “does not keep repositories of cell tower data for any purpose other than in connection with a specific investigation.”
The government currently collects phone records of some significant subset of 310 million Americans for the purposes of “specific investigations.” It’s just that they consider enterprise investigations to be “specific” and therefore every American to be “relevant.” The same may well apply to location data.
We’ve already seen plenty of evidence that local law enforcement retain their ties and obligations to federal law enforcement, largely in the demands the Marshal service puts on secrecy.
But as I lay out in this post, that seems to involve ongoing cooperation using the Stingray. An NDA liberated in MN specifically requires deconfliction of missions, indicating that multiple entities would use one Stingray at once.
That all seems to suggest a key part of this top-down hierarchical non-disclosure requirement involves that kind of mission-sharing.
Which is another way of saying that FBI probably relies on these local Stingrays.
In this post and this one, I showed that the FISC-authorized use of PRTT relates the criminal context but may not be bound by it. That’s significant, because we know where the government has obtained permission for Stingray use in the criminal context, they’ve often relied on PRTT.
In both the use of combined PRTT/215 orders to get location data and in the collection of Post-Cut Through Dialed Digits, FISC has reconsidered PRTT orders after magistrates challenged similar criminal uses. At least in the latter example, FISC permitted FBI to continue a more expansive collection even after it was prohibited in the criminal context, requiring only that FBI comply with Fourth Amendment protections using minimization (as I’ll show when I finally write up the remainder of the FISC opinions, this practice has early foundation in other FISC applications).
What becomes clear reviewing the public records (these reports say this explicitly) is that the 2002 DOJ directive against retaining PCTDD applies to the criminal context, not the FISA context. When judges started challenging FBI’s authority to retain PCTDD that might include content under criminal authorities, FBI fought for and won the authority to continue to treat PCTDD using minimization procedures, not deletion. And even the standard for retention of PCTDD that counts as content permits the affirmative investigative use of incidentally collected PCTDD that constitutes content in cases of “harm to the national security.”
Whateverthefuck that is.
Which is, I guess, how FBI still has 7 uses of PCTDD, including one new one since 2008.
In other words, the Stingray use we see glimpses of in the criminal and fugitive context may be far short of what FISC has permitted in the national security context, if it tracks other practice. And accused terrorists (or spies) would not get notice of any such PRTT use so long as it wasn’t entered into a criminal proceeding (there have been several instances where the government has seemed to suggest PRTT was used, but evidence from it not entered into evidence).
All of this, of course, is speculative.
But there’s some reason the government is insisting on its expansive NDAs even while more and more people are discussing them. Hiding a more comprehensive program targeted at national security targets (terrorists and spies) might explain why the government is increasingly willing to forgo prosecutions of alleged criminals to keep what they’re doing with dragnets secret.
Update: Meanwhile, in NY, a judge has ordered the Erie County Sheriff to come clean on its Stingray use.
The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)
In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.
2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.
I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.
In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.
First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:
As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.
Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.
I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.
Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.
All of which brings me to the remaining interesting subtext of this ruling.
Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.
While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)
Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).
In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.
Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.
Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.
In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.
I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.
I’ve been remiss in laying out what I think the real solution for Section 215 is; I hope to get to that later this week.
Meanwhile, in the House, the question of what to do about the phone dragnet is already heating up. Adam Schiff, newly appointed ranking member in the House Intelligence Committee, is trying to buck up reform advocates in the face of calls for MOAR HAYSTACKS following the HebdoCharlie attack.
Schiff told me that those who are hoping for reform of bulk metadata collection need to remain vigilant against the possibility that lawmakers will seize on the Paris horror to blunt the case for change.
“Some will argue that the events in Paris make it impossible to reform any of our intelligence gathering programs,” Schiff said. “But as long as we can accomplish these reforms bolstering our privacy, while maintaining our security, we should do so.”
Remember, Schiff was the first to call publicly to have the telecoms hold the phone records.
Newly appointed Chair Devin Nunes, however, not only wants to reauthorize PATRIOT but also FISA (which isn’t expiring).
Q: What do you think should be the path forward for reform of the Foreign Intelligence Surveillance Act Courts? Do you support consideration and passage of the FISA Court Reform Act of 2013? If not, do you have your own proposals for FISA reform?
A: I believe the FISA court system is working well and striking the right balance between protecting Americans’ constitutional rights and allowing for effective intelligence operations to catch terrorists. So I don’t think it needs reform at this time — we don’t want to further encumber intelligence and law enforcement communities who already have a difficult task in tracking those who wish to attack Americans at home and abroad.
Our immediate priorities will be analyzing the president’s budget, crafting the intelligence authorization bill and working with other committees to reauthorize FISA and the Patriot Act.
I hope we can hold him to his observation that FISC is working great, because most “reform” efforts (especially the RuppRoge effort out of the House Intelligence Committee) took authority out of FISC’s hands and put it into the IC’s.
One thing is missing from this discussion, on all sides.
Congress needs to do more than just extend PATRIOT, if they want full dragnet. They need to extend it, probably by starting with immunity, and probably some other tweaks, to be able to access all the phone records they want. That’ll be harder to do if it’s not done under cover of “reform.”
The government has been releasing a bunch of documents under FOIA while we’re all out celebrating: a classification review of the two earlier Section 215 IG Reports, as well as NSA’s reports to the Intelligence Oversight Board (though thus far, NSA has mistakenly linked to 1Q 2012 rather than 2Q 2012, which should be one of the most important reports for reasons I’ll come back to).
In this post I just want to review the phone dragnet classified appendix included as part of the 2008 DOJ IG Report on the use of Section 215. We’ve known this appendix — one of two attached to this report (the other, which may be as long as 16 pages, remains classified) — dealt with the phone dragnet since the phone dragnet was revealed. One thing this report provides are clear dates (which I used to update the dates in my phone dragnet tracker), including exact (in case of the first addition) and rough updates for additional “agents of a foreign power” that may be chained on.
Here are details of interest:
The fourth redaction on the 2nd page of the appendix — in the sentence starting “The queries would attempt to identify…” — is rather interesting syntactically. The redaction should read something like “terrorist associates” or something similar. But in this context, it ties the contact chaining much more closely to the contact-chaining process. Somewhere there must be language purporting to make this case specifically, but the redaction here is remarkably short to do so.
The appendix notes in the first full paragraph on page 3 that the dragnet application promised the NSA Director would inform the Intelligence Committees (but not the Judiciary Committees) about the dragnet. That’s curious because we have every reason to believe the NSA did not inform the Intel Committees about the Internet dragnet until after PATRIOT reauthorization, as reflected by this April 27, 2005 briefing to SSCI. Presumably, the December 15, 2005 disclosure of the dragnet led the FISC to discover that Congress hadn’t been briefed.
The discussion of the additional terrorist group approved for contact chaining on page 4 seems heavily redacted. I wonder if NSA got Iran approved as early as 2006, with the later approvals being additional al Qaeda affiliates?
At least according to the changes noted in the dragnet orders, the only known addition in the second dragnet order was the pre-approval for FISA targets to be RAS seeds under the dragnet. I’m not sure whether the redaction here would refer to this change, but if it does, it is odd it remains redacted. But it’s also possible the government started collecting some other kind of telephony metadata in that order.
With the exception of the first order, it appears DOJ’s IG was working from the applications for the dragnet, not the orders. And the narrative of the dragnet appears to be silent on a number of changes, including the elimination of the compensation paragraph, the addition of spot checks (both in the November 15, 2006 order), and the exception of pre-authorized RAS approval for dockets 06-2081, 07-449, and PAA.
Most interesting still is the report’s silence on the change allowing NSA to put the BRFISA data in with other data for the purposes of analytical efficiency. That first shows up in the first dragnet order of 2008 — which the appendix helpfully clarifies was signed on January 10, 2008. It’s possible the IG Report doesn’t note it (or some of the other changes) because it was only supposed to treat Section 215 for 2006. Perhaps the other changes were done via amendment not shared with the IG (perhaps because of that scope issue). In any case, I find the timing of the order (which admittedly was dictated by the expiration date of the prior order). That would put the change — which I’ve speculated might relate to the roll-out of ICREACH — just days after Michael Mukasey signed the SPCMA order which allowed chaining on EO 12333 data on US persons. I increasingly believe all these things — ICREACH, SPCMA, and the insertion of FBI into the heart of the FISA process — were necessarily rolled out together.
One other silence of note: This appendix, at least, makes no mention of the 4- and 15-page October 31, 2006 opinions withheld from the EFF and ACLU FOIAs. That’s not surprising: if it had been central to the phone dragnet, the government probably would have had to release it. I wonder, though, if they pertain to the dragnet program discussed in the second, still unreleased appendix (and I wonder if that is the CIA money transfer program).
In addition to liberating the document dump pertaining to the Internet dragnet program. (See my working threads: one, two, three, four, five.), EPIC has been fighting several other parts of the FOIA for the PRTT documentation to Congress. I’m going to have three more posts on these materials. This post will comment on the reports to Congress, all of which (except the December 2006 one, which I’ll ask them to fix) are available here.
Here’s a summary of the changes from report to report.
Here’s an explanation of what I make of these details:
Throughout this reporting requirement, DOJ has been obligated to include the number of US persons targeted. How it has done so has varied by period. Here’s how it breaks out by reporting period (I’m doing it this way so we can match it up to known techniques).
July 2000 through December 2001: US person subjects of investigation described by sketch but not broken out by number
January 2002 through June 2002: US person targets identified by number and sketch
July 2002 through December 2004: US person targets identified by number “who were targeted”; sketches replaced by general language about First Amendment review
January 2005 through June 2006: Orders include a definition of aggregate that includes corporations and other non-individual legal persons, these orders provided an “at least” aggregate number (with a footnote explaining why that is redacted). This method covers most of the reports during the “combined” period. Update: The DOJ IG Report on Section 215 use in 2006 may explain some of this: for 215 orders in this period, FBI did not count the requested records of non-subjects, which would likely apply to combined orders.
July 2006 through December 2006: This report includes no discernible US person breakout.
January 2007 through June 2008: These reports used an “at least” number to count US persons.
July 2008 through June 2010:This period included exact numbers for USP targets, and also no longer includes modifications (which often are minimization procedures).
July 2010 through December 2012: This period uses “named US persons” as a reporting category, and to the extent it’s relevant, breaks out the NSA orders.
Note, some of the differential reporting (such as the “aggregate” language for the period before Congress got briefed on the bulk PRTT) to be get around informing Congress of certain collections. Some–such as the apparently still-current “named USP” suggests there’s a lot of incidental collection the government doesn’t count (which would be likely in the use of stingrays, though the prior use of target could be done there too).
Note the variation in agencies named, with PRTT being listed as FBI only, then being listed as NSA and FBI, then all government, then both again, and finally, broken out by agency. This likely stems most significantly from efforts to hide that they were using PRTT for the dragnet, then incorporation of NSA into the FBI dragnet numbers.
The NSA numbers first get broken out for the December 2010 report, with a statement there were no NSA applications in the first half of 2010. That accords with the understanding that the Internet dragnet got shut down around October 30, 2009, then Bates approved it again in July 2010 (which would be the partial declination marked).
I was interested that John Ashcroft didn’t a bunch of reports during a period when DOJ provided narratives of the Americans targeted. Also, for the first few periods of Stellar Wind, the signee was not read into Stellar Wind. I’ve increasingly noticed AGs having someone else sign something as a workaround, and that may have been true here, too (remember that the government was obtaining Internet metadata even before Stellar Wind).
But then, to the extent we still got transmittal letters (they stopped entirely in June 2007), they were signed by the Congressional Liaison.
Update: I realize something about this classification guide. While it was updated in 2012 (so after the Internet dragnet got shut down) it was dated August 2009, so while it was still running. So that part of this may not be location data. But the FBI almost certainly still does do fun stuff w/PRTT because it’s the one part of PRTT that remains classified.
Ed Markey, who is absolutely superb on tracking Title III surveillance, continues that tradition today with a letter to Eric Holder asking about the US Marshall Program DirtBox surveillance program revealed last week by WSJ.
Among his questions are:
Do other agencies within DOJ operate similar programs, in which airplanes, helicopters or drones with attached cellular surveillance equipment are flown over US airspace?
What types of court order, if any, are sought and obtained to authorize searches conducted under this program?
In what kind of investigations are the “dirtbox” and similar technology used to locate targets? Are there any limitations imposed on the kinds of investigations in which the dirtbox and similar technology can be used?
According to media reports, the dirtbox technology, which is similar to a so-called “stingray” technology, works by mimicking the cellular networks of U.S. wireless carriers. Upon what specific legal authority does the Department rely to mimic these cellular networks?
Do the dirtbox and stingray send signals through the walls of innocent people’s homes in order to communicate with and identify the phones within?
What, if any, policies govern the collection, retention, use and sharing of this information?
Are individuals–either those suspected of committing crimes or innocent individuals–provided notice that information about their phones was collected? If yes, explain how. If no, why not?
I could be spectacularly wrong on this point, but I very very strongly believe the answer to some of his questions lie in a bill Markey is all set to vote for tomorrow.
We know that the government — including the FBI — uses Title III Pen Registers to obtain authorization to use Stingrays; so one answer Markey will get is “Title III PRTT” and “no notice.”
Given that several departments at DOJ use PRTT to get Stingrays on the criminal side, it is highly likely that a significant number of the 130-ish PRTT orders approved a year are for Stingray or related use.
Using that logic gets us to the likelihood that FBI’s still unexplained PRTT program — revealed in this 2012 NSA declassification guide — also uses Stingray technology to provide location data. That’s true especially given that NSA would have no need to go to FBI to get either phone or email contacts, because it has existing means to obtain that (though if the cell phone coverage of the Section 215 dragnet is as bad as they say, it may require pen registers for that).
The guide distinguishes between individual orders, which are classified SECRET, and “FBI Pen Register Trap Trace,” which therefore seems to be more programmatic. The FBI PRTT is treated almost exactly like the then undisclosed phone dragnet was in the same review, as a highly classified program where even minimized information is TS/SCI.
Now, it’s possible (ha!) that this is a very limited program, just targeting individual targets in localized spots for a brief period of time.
It’s also possible the government scaled this back after the US v. Jones decision.
But it’s equally possible that this is a bulky dragnet akin to the phone dragnet, one that will be invisible in transparency measures under USA Freedom Act because location trackers are excluded from that reporting.
I do hope Markey insists on getting answers to his questions before he votes for this bill tomorrow.
As you likely know, there have been two developments with NSLs in the last few days. First, Twitter sued DOJ, on First Amendment grounds, to be able to publish how many NSLs and FISA orders it has received. And EFF argued before the 9th Circuit that the entire NSL statute should be declared unconstitutional.
These developments intersect with the USA Freedom Act in an interesting way. In the 9th Circuit, the Court (I believe this is Mary Murguia based on tweets from lawyers who were there, but am not certain) asked why Congress hasn’t just fixed the Constitutional problems identified in Doe v. Mukasey with NSL gag orders.
That set off DOJ Appellate lawyer Douglas Letter hemming and hawing in rather unspecific language (my transcription).
Mary Murguia: Have any measures been taken to Congress to try to change that reciprocal notice procedure, to make it legal as the 2nd Circuit suggested?
Douglas Letter: Your honor, my understanding is, and I’m a little hesitant to talk about this in this sense, as we know proposals can be made to Congress and who knows what will happen? The government is working on some, a, is working with Congressional staffers etcetera, we would hope that at some point we would have legislation. We do not as this point. I’m not, I’m not going to here make any predictions whether anything passes.
What Letter was talking about — bizarrely without mentioning it — was a provision addressing the unconstitutional NSL gags in USA Freedom Act.
The provision fixes one part of the NSLs by putting the onus on FBI to review every year whether gags must remain in place.
(A) IN GENERAL.—In the case of any request under subsection (b) for which a recipient has submitted a notification to the Government under section 3511(b)(1)(A) or filed a petition for judicial review under subsection (d)—
(i) an appropriate official of the Federal Bureau of Investigation shall, until termination of the nondisclosure requirement, review the facts supporting a nondisclosure requirement annually and upon closure of the investigation; and
(ii) if, upon a review under clause (i), the facts no longer support the nondisclosure requirement, an appropriate official of the Federal Bureau of Investigation shall promptly notify the wire or electronic service provider, or officer, employee, or agent thereof, subject to the nondisclosure requirement, and the court as appropriate, that the nondisclosure requirement is no longer in effect.
This would fix the problem identified by the 2nd Circuit.
Except that, bizarrely, it would require FBI to do what Letter represented to the Court FBI could not do — review the gags every year. Presumably, they assume so few providers will challenge the gag that they’ll be able to manage those few yearly reviews that would be required.
Which might be what this language is about.
(B) CLOSURE OF INVESTIGATION.—Upon closure of the investigation—
(i) the Federal Bureau of Investigation may petition the court before which a notification or petition for judicial review under subsection (d) has been filed for a determination that disclosure may result in the harm described in clause (i), (ii), (iii), or (iv) of paragraph (1)(B), if it notifies the recipient of such petition;
(ii) the court shall review such a petition pursuant to the procedures under section 3511; and
(iii) if the court determines that there is reason to believe that disclosure may result in the harm described in clause (i), (ii), (iii), or (iv) of paragraph (1)(B), the Federal Bureau of Investigation shall no longer be required to conduct the annual review of the facts supporting the nondisclosure requirement under subparagraph (A).
That is, in addition to fixing the constitutional problem with NSLs, USAF provides FBI way out of the supposedly onerous problem that fix requires, by establishing a way to get a permanent gag.
The NSL provisions in USAF have not gone totally unnoticed. Perhaps appropriately, one of the few public comments on it came from the EFF. It lumps it in with FBI’s exemption from reporting back door searches.
The FBI is exempt from Section 702 reporting, and the bill appears to provide a path for the FBI to get permanent gag orders in connection with national security letters.
And bill champion Kevin Bankston is acutely aware of the dynamic as well; after Twitter announced his suit he suggested this was a good reason to pass USAF.
Me, I’d rather let the courts work and get the leverage we might get that way.
Especially since it seems like FBI is more able to review yearly gag renewals that Letter told the court.
Last week, Dustin Slaughter published a story using a new deck of slides on the Hemisphere program, the Drug Czar program that permits agencies to access additional telecommunications analytical services to identify phones, which then gets laundered through parallel construction to hide both how those phones were found, as well as the existence of the program itself.
It has some significant differences from the deck released by the New York Times last year. I’ve tried to capture the key differences here:
The biggest difference is that the NYT deck — which must date to no earlier than June 2013 — draws only from AT&T data, whereas the Declaration deck draws from other providers as well (or rather, from switches used by other providers).
In addition, the Declaration deck seems to reflect approval for use in fewer states (given the mention of CA court orders and the recent authorization to use Hemisphere in Washington in the AT&T deck), and seems to offer fewer analytical bells and whistles.
Thus, I agree with Slaughter that his deck predates — perhaps by some time — the NYT/AT&T deck released last year. That would mean Hemisphere has lost coverage, even while it has gained new bells and whistles offered by AT&T.
While I’m not yet sure this is my theory of the origin of Hemisphere, some dates are worth noting:
From 2002 to 2006, the FBI had telecoms onsite to provide CDRs directly from their systems (the FBI submitted a great number of its requests without any paperwork). One of the services provided — by AT&T — was community of interest tracking. Presumably they were able to track burner phones (described as dropped phones in these decks) as well.
In 2006, FBI shut down the onsite access, but retained contracts with all 3 providers (AT&T, Verizon, and probably Sprint). In 2009, one telecom — probably Verizon — declined to renew its contract for whatever the contract required.
AT&T definitely still has a contract with FBI, and in recent years, it has added more services to what it offers the FBI.
It’s possible the FBI multi-provider access moved under ONCDP (the Drug Czar) in 2007 as a way to retain its authorities without attracting the attention of DOJ’s excellent Inspector General (who is now investigating this in any case). Though I’m not sure that program provided the local call records the deck at least claims it could have offered. I’m not sure that program got to the telecom switches the way the deck seems to reflect. It’s possible, however, that the phone dragnet in place before it was moved to Section 215 in 2006 did have that direct access to switches, and the program retained this data for some years.
The phone dragnet prior to 2006 and NSL compliance (which is what the contracts with AT&T and one other carrier purportedly provide now) are both authorized in significant part (and entirely, before 2006) through voluntary compliance, per David Kris, the NSA IG Report, and the most recent NSL report. That’s a big reason why the government tried to keep this secret — to avoid any blowback on the providers.
In any case, if I’m right that the program has lost coverage (though gained AT&T’s bells and whistles) in the interim, then it’s probably because providers became unwilling, for a variety of reasons (and various legal decisions on location data are surely one of them) to voluntarily provide such information anymore. I suspect that voluntary compliance got even more circumscribed with the release of the first Horizon deck last year.
Which means the government is surely scrambling to find additional authorities to coerce this continued service.