1 2 3 43

The FBI Is Using NSLs to Target “Facilities” Now

The Freedom of the Press Foundation has been looking for more details about when the FBI can use NSLs to obtain records including the communication records of journalists, and they just obtained initial response to a FOIA on the subject. There is abundant reason to believe the government does this in leak cases, though as Trevor Timm noted in his piece on this, “a ‘broad reading’ of the media guidelines [was] allegedly hindering leak investigations” in the summer of 2015.

As part of DOJ’s response to FPF’s FOIA, the provided a section of the Domestic Investigations and Operations Guide for the FBI that covers NSLs generally. While I don’t think the FOIA response provides the date of the DIOG (it was declassified on November 6, 2015), it appears to post-date last June’s passage of USA Freedom Act, because it incorporates the language on disclosure from that bill (see the last section).

I was particularly interested in the discussion of reporting to Congress, as that’s something DOJ’s Inspector General found FBI to have serious problems with in the 2014 IG Report on NSLs.

There are two potentially significant changes in the passage on “notice and reporting requirements” in what FPF obtained (see page 9) from the 2011 version (see page 106) that was the last to be released on comprehensive fashion (see below for the text).

First, and probably most importantly, the 2015 version envisions targeting “facilities/accounts,” whereas the 2011 version envisioned targeting “phone numbers/e-mail accounts/financial accounts.” The reason this is so concerning is that, in 2007, the government invented a new meaning for “facility” that could mean an entire data switch. The language is all the more concerning if, as I believe, this DIOG post-dates USAF, because that law limits bulk collection by requiring a selection term for NSLs and other collection. But if they’re using that expansive definition of “facility,” then selection terms may not be all that limiting.

That language is accompanied by a change I don’t entirely understand (I can’t figure out whether this alleviates or magnifies my concern about “facilities” being targeted). It appears the FBI has entirely reversed the meaning of the words “target” and “subject” here. Whereas they used to refer to the “target” of an investigation and then track individual “subjects” named in NSLs, they now refer to the “subject” of an investigation (which would more closely match how prosecutors would describe someone not yet charged and might cover enterprise investigations without one identified culprit) and the “target” of an NSL (which would allow all others collected to be treated as incidental collection). In both cases, they’re surely accounting for the fact that the FBI may investigate a suspect by investigating other people known to have ties to the suspect. This pertains directly to tracking of US persons swept up, but I’m not entirely sure the net effect. Note, too, the language tying NSLs to “predicated” investigations is different in other parts of the DIOG fragment.

Again, I’m not entirely sure what all this means (aside from the fact that using “facility” instead of email or phone number is very concerning). But it is rather alarming, in any case.

2015 version

i.e., delineate the number of targeted facilities/accounts in each NSL issued to an NSL recipient.

NSLB also reports to Congress the USPER status of the target (as opposed to the subject of the investigation) of all NSLs, other than NSLs that seek only subscriber information. While the subject of the investigation is often the target of the NSL, that is not always the case. The EC must record the USPER status of the target of the NSL — the person whose information the FBI is seeking. If the NSL is seeking information about more than one person, the EC must record the USPER status of each person.

2011 version

The EC must delineate the number of targeted phone numbers/e-mail accounts/financial accounts that are addressed to each NSL recipient. For example, if there are three targets, ten accounts, and six recipients of an NSL, the EC must state how many accounts are the subject of the NSL as to Recipient 1, Recipient 2, etc. It is not sufficient to indicate only that there are ten accounts and six recipients.

In addition, the FBI must report the USPER status of the subject of all NSLs (as opposed to the target of the investigation) other than NSLs that seek only subscriber information. While the subject is often the target of the investigation, that is not always the case. The EC must reflect the USPER status of the subject of the request–the person whose information the FBI is seeking. If the NSL is seeking information about more than one person, the EC must reflect the USPER status of each person.

FBI Redacted Passages Showing Judge Mocking Its Stupid Claims

As I noted earlier, today Nicholas Merrill was finally able to reveal the things he was requested to turn over to the FBI in response to a National Security Letter he received 11 years ago.

The expiration of his gag order also allowed him to publish an unredacted copy of the ruling ending the gag, which was released in redacted form in September.  Comparing the two lets us see what the government believed had to be redacted in September. Not only does it show how ridiculous were FBI’s claims of secrecy, but also makes it clear FBI used such claims to hide the fact that the judge in the case, Victor Marrero, was mocking the stupidity of its claims.

The most important new disclosure is that the FBI no longer uses NSLs to get location information and that it considered location information to be included among log files. (In all passages, I have underlined what the government originally redacted.)

Additionally, the Government seeks to keep some information redacted despite publicly conceding that those types of records (i.e., “radius log” information, which is cell-tower based phone tracking information) are no longer sought through NSLs. Yet the Government still argues that this information should remain redacted because it would reveal techniques that might be used at some undetermined time under a hypothetical policy promulgated by a future administration.

More stunning is that the government wanted to hide that it can obtain daytime and evening phone numbers with one NSL.

For example, the Government seeks to prevent Merrill from disclosing that the Attachment requested “Subscriber day/evening telephone numbers” even though the Government now concedes that the phrase “telephone number” can be disclosed. The Court is not persuaded that there is a “good reason” to believe that disclosure of the fact that the Government can use NSLs to seek both day and evening telephone numbers could result in an enumerated harm, especially if it is already publicly known that the Government can use NSLs to obtain a telephone number, more generally.

By golly if the terrorists realize the FBI knows some people have separate work numbers, they’re sure to win!

Demands like this clearly tanked the government’s credibility with Judge Marrero, because he kicked their ass about the absurdity of some claims, such as their attempt to redact the “s” indicating that the FBI would ask for telephone numbers, plural.

As another example of the extreme and overly broad character of these redactions, the Government apparently believes that while the public can know that it seeks records of an “address” and a “telephone number,” there is a “good reason” to prevent disclosure of the fact that the Government can seek “addresses” and “telephone numbers.” (See Gov’t Mem. Attach.) In any event, based on the Government’s redactions alone, a potential target of an investigation, even a dim-witted one, would almost certainly be able to determine, simply by running through the alphabet, that “telephone numberll” could only be “telephone numbers.” Redactions that defy common sense such as concealing a single letter at the end of a word diminish the force of the Government’s claim to “good reason” to keep information under seal, and undermine its argument that disclosure of the currently-redacted information in the Attachment can be linked to a substantial risk of an enumerated harm.

Marrero then reminded the FBI that they had claimed they were chasing “sophisticated foreign adversaries,” not dim-witted terrorists.

Therefore, it strains credulity that future targets of other investigations would change their behavior in light of the currently-redacted information, when those targets (which, according to the Government, include “sophisticated foreign adversaries,” see Perdue Deel. ~ 56) have access to much of this same information from other government divisions and agencies.

And he revealed that their declarant was demanding things they had already disclosed be kept secret.

10 Also interestingly, the Perdue Declaration argues that the category of “[a] ny other information which [the recipient] consider [s] to be an electronic communication transactional record” should not be disclosed. (See Perdue Deel. , 70.) However, this category was not redacted by the Government in its submissions or even in the Perdue Declaration.

Here’s the thing though: the last two of these redactions were not hiding secret information at all. Instead, they (plus the phone number comments, though technically those included top secret information about the FBI obtaining telephone numbers, plural) served to hide the fact that Marrero was making fun of the FBI’s batshit claims.

Opinions may vary about whether the FBI’s 11-year fight to hide the fact it knows some people have work phone numbers was an appropriate use of secrecy. But hiding that a judge is mocking your stupid claims doesn’t fit under any legal use of classification. It’s abuse, pure and simple.

DOJ Threatens to Invoke State Secrets Over Something Released in FOIA

Screen Shot 2015-08-28 at 11.22.34 AM
In a hearing today, Judge Richard Leon said that Larry Klayman could pursue his dragnet challenge by adding a plaintiff who did business with Verizon Business Services. But as part of Klayman’s effort, he noted — weakly — that evidence got released showing Verizon Wireless was included in the dragnet. Klayman cited just the Charlie Savage article, not the document released under FOIA showing VZ Wireless on a FISC caption (though I presume his underlying 49 page exhibit includes the actual report — just not necessarily with the passage in question highlighted).

It was disclosed on August 12, 2015 by Charlie Savage of The New York Times that Verizon Wireless, as this Court had already ruled in its Order of December 16, 2013, at all material times was conducting and continuing to conduct unconstitutional and illegal dragnet “almost Orwellian” surveillance on Plaintiffs and millions of other American citizens. See Exhibit 1, which is a Government document evidencing this, incorporated herein by reference, and see Exhibit 2, the New York Times article.

Moreover, Klayman surely overstated what the inclusion of VZ Wireless in a phone dragnet Primary Order caption from 2010 showed. Which probably explains why DOJ said “The government has not admitted in any way, shape, or form that Verizon Wireless participated” in the Section 215 phone dragnet, according to Devlin Barrett.

The point is, they should have to explain why it is that, according to a document they’ve released, VZ Wireless was targeted under the program. Perhaps we’ll get that in Northern California, where EFF very competently pointed to what evidence there was.

Which is why the government’s threat to invoke state secrets was so interesting.

The Court should avoid discovery or other proceedings that would unnecessarily implicate classified national-security information, and the potential need to assert and resolve a claim of the state secrets privilege: Plaintiffs’ proposed amendments, in particular their new allegations regarding the asserted participation of Verizon Wireless in the Section 215 program, implicate matters of a classified nature. The Government has acknowledged that the program involves collection of data from multiple telecommunications service providers, and that VBNS (allegedly the Little Plaintiffs’ provider) was the recipient of a now-expired April 25, 2013, FISC Secondary Order. But otherwise the identities of the carriers participating in the program, now, or at any other time, remain classified for reasons of national security. See Klayman, 2015 WL 5058403, at *6 (Williams, S.J.).

At this time the Government Defendants do not believe that it would be necessary to assert the state secrets privilege to respond to a motion by Plaintiffs for expedited injunctive relief that is based on the allegations of the Little Plaintiffs, or even the proposed new allegations (and exhibit) regarding Verizon Wireless. Nor should it be necessary to permit discovery into matters that would risk or require the disclosure of classified national-security information and thus precipitate the need to assert the state secrets privilege. Nevertheless, if Plaintiffs were permitted to seek discovery on the question of whether Verizon Wireless is now or ever has been a participating provider in the Section 215 program, the discovery sought could call for the disclosure of classified national-security information, in which case the Government would have to consider whether to assert the state secrets privilege over that information.

As the Supreme Court has advised, the state secrets privilege “is not to be lightly invoked.” United States v. Reynolds, 345 U.S. 1, 7 (1953). “To invoke the . . . privilege, a formal claim of privilege must be lodged by the head of the department which has control over the matter after actual personal consideration by that officer.” Id. at 7-8. To defend an assertion of the privilege in court also requires the personal approval of the Attorney General. Policies and Procedures Governing Invocation of the State Secrets Privilege at 1-3, The Government should not be forced to make so important a decision as whether or not to assert the state secrets privilege in circumstances where the challenged program is winding down and will end in a matter of weeks. Moreover, discovery into national-security information should be unnecessary to the extent the standing of the newly added Little Plaintiffs, and the appropriateness of injunctive relief, may be litigated without resort to such information.

If, however, discovery into national-security information is permitted, the Government must be allowed sufficient time to give the decision whether to assert the state secrets privilege the serious consideration it requires. And if a decision to assert the privilege is made, the Government must also be given adequate time to prepare the senior-level declarations and other materials needed to support the claim of privilege, to ensure that the national security interests at stake are appropriately protected. See, e.g., Mohamed v. Jeppesen Dataplan, Inc., 614 F.3d 1070, 1077, 1090 (9th Cir. 2009).

I think it’s quite possible that VZW was not turning over phone records under the Section 215 program in 2010 (which is quite another matter than suggesting NSA was not obtaining a great deal, if not most, of VZW phone records generally). I believe it quite likely NSA obtained some VZW records under Section 215 during the 2010 period.

But I also believe explaining the distinctions between those issues would be very illuminating.

Meanwhile, the threat of stalling, with all the attendant rigamarole, served to scare Leon — he wants this to move quickly as badly as Klayman does. After all, Leon will have much less ability to issue a ruling that will stand after November 28, when the current dragnet dies.

We shall see what happens in CA when DOJ attempts to make a similar argument.

John Doe Ungagged: Nicholas Merrill Wins the Right to Reveal Contents of 11-Year Old National Security Letter

Nicholas Merrill, who first challenged a National Security Letter 11 years ago, has won the right to talk about what he was ordered to turn over to the FBI in 2004. A key holding from the decision is that private citizens — as distinct from government officials who have signed non-disclosure agreements — cannot be prevented from talking about stuff that the government, as a whole, has already released.

A private citizen should be able to disclose information that has already been publicly disclosed by any government agency — at least once the underlying investigation has concluded and there is no reason for the identities of the recipient and target to remain secret. Otherwise, it would lead to the result that citizens who have not received such an NSL request can speak about information that is publicly known (and acknowledged by other agencies), but the very individuals who have received such NSL requests and are thus best suited to inform public discussion on the topic could not. Such a result would lead to “unending secrecy of actions taken by government officials” if private citizens actually affected by publicly known law enforcement techniques could not discuss them.

The judge in the case, Victor Marrero, gave the government 90 days to appeal. If they don’t (?!?!), Merrill will finally be ungagged after 11 years of fighting.

As noted, the FBI served the NSL back in 2004, when Merrill ran a small Internet Service Provider. Merrill sued under the name John Doe. He twice won court rulings that the gag orders were unconstitutional. But it wasn’t until 2010 that he was allowed to ID himself as Doe, and it wasn’t until 2014 — a decade after receiving the NSL — that he was able to tell the person whose records the FBI wanted. Even then, even after Edward Snowden revealed the need for more transparency about these things, the government fought Merrill’s demand to disclose what he had been asked to turn over, which was included in an attachment to the NSL itself.

See this post and this post for background on Merrill’s renewed fight to disclose how much FBI has demanded under an NSL.

Marrero found that the government just didn’t have really good reasons to gag this information, especially given that substantially similar information had been given out by other government agencies, and especially since the government admits it is only trying to hide the information from future targets, not anyone tied to the investigation that precipitated the NSL over a decade ago.

For the reasons discussed below, the court finds that the Government has not satisfied its burden of demonstrating a “good reason” to expect that disclosure of the NSL Attachment in its entirety will risk an enumerated harm, pursuant to Sections 2709 and 3511.


The Government argues that disclosure of the Attachment would reveal law enforcement techniques that the FBI has not acknowledged in the context of NSLs, would indicate the types of information the FBI deems important for investigative purposes, and could lead to potential targets of investigations changing their behavior to evade law enforcement detection. {See Gov’t Mem. at 6.) The Court agrees that such reasons could, in some circumstances, constitute “good” reasons for disclosure.


The Government’s justifications might constitute “good” reasons if the information contained in the Attachment that is still redacted were not, at least in substance even if not in the precise form, already disclosed by government divisions and agencies, and thus known to the public. Here, publicly-available government documents provide substantially similar information as that set forth in the Attactunent. For that reason, the Court is not persuaded that it matters that these other documents were not disclosed by the FBI itself rather than by other government agencies, and that they would hold significant weight for a potential target of a national security investigation in ascertaining whether the FBI would gather such information through an NSL. The documents referred to were prepared and published by various government divisions discussing the FBI’s authority to issue NSLs, the types of materials the FBI seeks, and how to draft NSL requests.


Now, unlike earlier iterations of this litigation, the asserted Government interest in keeping the Attachment confidential is based solely on protecting law enforcement sensitive information that is relevant to future or potential national security investigations.


[I]t strains credulity that future targets of other investigations would change their behavior in light of the currently-redacted information, when those targets (which, according to the Government, [redacted] see Perdue Deel. ¶ 56) have access to much of this same information from other government divisions and agencies.

Effectively, Marrero is arguing that since the government has asserted potential national security targets are good at putting 2 plus 2 together, and 2 and 2 are already in the public domain, any targets can already access the information in the attachment.

Marrero’s quotations from already released documents and the redactions from the attachment make it clear the government is trying to hide they were getting activity logs…

Screen Shot 2015-09-14 at 4.41.14 PM

And the various identities tied to an account (which we know the government matches to better be able to map activity across multiple identities).

Screen Shot 2015-09-14 at 4.42.34 PM

I’ll lay more of this out shortly — effectively, Marrero has already done the mosaic work for targets, even without the attachment (though I suspect what the government is really trying to prevent is release of a document defendants can point to to support discovery requests).

Ultimately, Marrero points to the absurd — and dangerous, for a democracy — position that would result if the government were able to suppress this already public information.

If the Court were to find instead that the Government has met its burden of showing a good reason for nondisclosure here, could Merrillever overcome such a showing? Under the Government’s reasoning, the Court sees only two such hypothetical circumstances in which Merrill could prevail: a world in which no threat of terrorism exists, or a world in which the FBI, acting on its own accord and its own time, decides to disclose the contents of the Attachment. Such a result implicates serious issues, both with respect to the First Amendment and accountability of the government to the people.

Especially at a time when the President claims to want to reverse the practice of forever gags on NSLs, Marrero finds such a stance untenable.

Let’s see whether the government doubles down on secrecy.

Administration Feeds Journalists Hints of More Secret Law … Journalists Instead Parrot “Russian Roulette” Line

Back in January, Charlie Savage revealed that in 2007 the FISC approved a secret interpretation of the Roving Wiretap provision, one of the provisions due to sunset Sunday night. To support a domestic content collection order targeting al Qaeda targets overseas, Judge Roger Vinson rubber-stamped DOJ’s argument that — because Congress had let it wiretap individual targets without naming each of the phones they were using, that also meant it could target al Qaeda as a target — without naming each of the phones and email addresses it was targeting until after tasking them [this sentence updated for accuracy].

Judge Vinson ruled that this procedure was a legitimate interpretation of FISA because of a provision Congress had added to the surveillance law in the Patriot Act. The provision created so-called roving wiretap authority, which allows the F.B.I. to get orders to swiftly follow targets who switch phones, telling the court about the new numbers later.

Public discussion of the purpose and meaning of roving wiretap authority has focused on targeting individual terrorists or spies who seek to evade detection. But Judge Vinson accepted a Justice Department proposition that the target could be Al Qaeda in general, so if the N.S.A. learned of a new Qaeda suspect, it could immediately collect his communications and get after-the-fact approval.

The government stopped using this particular application as it transitioned to Protect America Act (though it even grandfathered some of the existing targets tasked under the prior argument). But the premise — that DOJ can target entire communication nodes based on the argument that a specific target is using unknown accounts passing through that node — surely remains on the books.

This secret interpretation of the law may not be as outrageous as FISC’s redefinition of the word “relevant” to mean “all,” but it is nevertheless a fairly breathtaking argument, with potentially dangerous ongoing implications.

Yet, in spite of the fact that a top journalist (not some dirty hippie like me!) revealed this secret interpretation, the journalists who transcribed Administration claims that sunsetting PATRIOT would amount to playing “national security Russian roulette” have also transcribed Administration claims that they’re only using Roving Wiretaps individually.

A second tool is the “roving wiretap,” which enables the FBI to use one warrant to wiretap a spy or terrorist suspect who is constantly switching cellphones. Those two in particular are of “tremendous value,” the first official said.

We don’t know they’re using Roving Wiretaps to tap entire circuits anymore. But we know they can. That detail should be included in any description before a journalist parrots the Administration claim this is an “uncontroversial” authority. If it’s not controversial, it should be.

Ditto the Lone Wolf provision.

Reporters are reporting something that — 11 years after passage of the Lone Wolf provision — ought to raise serious questions (note: Lone Wolf was actually not part of the PATRIOT Act; it was passed in 2004 as part of the Intelligence Reform and Terrorism Prevention Act).

A third tool allows the FBI to surveil a “lone wolf” suspect who cannot be tied to a foreign terrorist group such as al-Qaeda. It has never been used, but officials said it is a valuable authority they do not want to lose.

That provision has been on the book for 11 years, and the FBI still says they have never used it but even though they have never used it is a valuable authority. It was not used in cases — such as that of Khalid Ali-M Aldawsari — that solidly fit the definition of a Lone Wolf. Even if the FBI found someone who they thought was an international terrorist but didn’t know to what group he belonged, they could get an emergency wiretap to help them find evidence.

So what “value” does the Lone Wolf provision have, if it’s not to authorize the wiretapping of Lone Wolves?

I think there’s increasing reason to ask whether this, like the Roving Wiretap, serves to justify some other secret law, allowing the government to spy on people against whom it has no evidence of ties to al Qaeda or any other terrorist group, but on whom it nevertheless wants to use its terrorist authorities against.

We’re on the fifth or so reauthorization debate where FBI has said “we don’t use this thing but we find it very valuable anyway.” At some point, we need to start assuming that when they say they haven’t “used” it, they only mean in the literal sense, and they’re using it to support some secret, unintended purpose.

Rather than parroting Administration claims of “Russian roulette,” shouldn’t journalists be asking why, after 11 years, their claims of necessity make no sense?

DOJ IG Issues Yet Another Classified Report that Should Be Public Before Congress Votes on PATRIOT Act

DOJ’s Inspector General just announced it completed its draft report on the use of Pen Register/Trap and Trace between 2007 and 2009 15 months ago, but the Intelligence Community only finished its classification review last month. It has now issued a classified version of that report to the Judiciary and Intelligence Committees.

Department of Justice Inspector General Michael E. Horowitz today issued a classified report entitled, The Federal Bureau of Investigation’s Use of Pen Register and Trap and Trace Devices under the Foreign Intelligence Surveillance Act in 2007 through 2009. The Department of Justice (DOJ) Office of the Inspector General (OIG) completed a draft of this report in February 2014. At that time, we provided the draft report to DOJ, the Federal Bureau of Investigation (FBI), and the Intelligence Community to conduct factual accuracy and classification reviews. In May 2014, we circulated an updated draft report that reflected minor revisions made in response to the factual accuracy comments we received. We did not receive the final results of the classification reviews until April 30, 2015.

We are providing today’s classified report to the relevant Congressional oversight and intelligence committees, as well as to DOJ leadership offices. We recently submitted a short unclassified Executive Summary of the report to DOJ, the FBI, and the Intelligence Community for review. We will publicly release the Executive Summary as soon as that review is completed.

This is another report that should have been released long before the current debate on the PATRIOT Act. While PRTT is not among the authorities that sunsets on Sunday, the issues surrounding the shut-down of the bulk Internet program in (around) October 2009 are central to the debate about the dragnet going forward, because “call” records are increasingly Internet records.

Moreover, the USA F-ReDux calls for “privacy guidelines” that I believe are still inadequate to protect US persons’ privacy in the ways the IC is likely using PRTT today. Plus, PRTT is likely used for applications — such as tower dumps and Stingrays — that affect the privacy of many people not otherwise targeted. Congress should have details about that before they legislate.

In addition, Richard Burr’s bill actually adopts a definition of “content” — excluding Dialing, Routing, Addressing, and Signaling data from the definition of content — that responds directly to the issues behind the Internet dragnet shutdown in 2009.

Last week, much of DC discovered for the first time — because of the delayed release of DOJ IG’s report on Section 215 — what I had been reporting for months: that the bulk of Section 215 orders actually collect bulky Internet data. That report also disclosed that, at least as used up until 2009 (that is, as FBI just started using 215 for that Internet collection), Section 215 wasn’t all that useful.

It is highly likely that the 15-month old PRTT report DOJ’s IG just released would have information that is equally important to this debate.

But the public is not going to have access to it.

Edward Snowden Richard Burr Exposes IP Address Dragnet on Senate Floor

Update: As I show in this post, the transcription of Burr’s speech in the Congressional record removed the reference to IP addresses. 

Update: While Burr’s office did not respond to my request for comment, they did respond to Buzzfeed (which sadly didn’t ask the obvious follow-up questions). His office claims he misspoke, though apparently didn’t explain why he would confuse Section 215 and PRTT, why he would tie the Internet dragnet to phone calls, or why, if the current dragnet doesn’t collect Internet data but USA F-ReDux would, why that would not then be a welcome return for the Senator given his stated desire to track such collection. I have asked for comment again from Burr’s office on those questions. 

Since last summer, I have been emphasizing that the bulk of Section 215 orders collect Internet data, not phone records under the phone dragnet. I pointed to evidence that that production included data flows and noted FBI claims they use it to conduct hacking investigations.   But I have assumed that was primarily bulky collection, not bulk collection.

Not so. Earlier today, noted whistleblower Edward Snowden Senate Intelligence Chair Richard Burr revealed that there is also an IP address bulk collection program. (h/t Andrew Blake, after 2:15)

Now what’s bulk data? Bulk data is storing telephone numbers and IP addresses — we have no idea who they belong to — that are domestic. And the whole basis behind this program is that as a cell phone is picked up in Syria, and you look at the phone numbers that phone talked to, if there’s some in the United States we’d like to know that — at least law enforcement would like to know it — so that we can understand if there’s a threat against us here in the homeland [sic] or somewhere else in the world. So Section 215 allows the NSA to collect in bulk telephone numbers and IP addresses with no identifier on it. We couldn’t tell you who that American might be.

I thought when you leaked details like this it helped our enemies? I thought if you did such things you were a traitor, deserving of an orange jumpsuit at Gitmo?

Apparently not.

So it appears it’s the IP dragnet, and not the phone dragnet, that the Republicans are trying to save?

It’s a little late for that, though, given that the Second Circuit just ruled such dragnets illegal.

emptywheel Coverage of USA F-ReDux, or, PRISM for Smart Phones

This post will include all my coverage on USA F-ReDux.

Ten Goodies USA F-ReDux Gives the Intelligence Community 

USA F-ReDux’s boosters often suggest the bill would be a big sacrifice for the Intelligence Community. That’s nonsense. This post lists just 10 of the goodies the IC will get under the bill, including chaining on Internet calls, a 2nd super-hop, emergency provisions ripe for abuse, and expansions of data sharing.

2nd Circuit Decision Striking Down Dragnet Should Require Tighter “Specific Selection Term” Language in USA F-ReDux 

The 2nd Circuit just ruled that the phone dragnet was not authorized by Section 215. The language in the opinion on DOJ’s misinterpretation of “relevant to” ought to lead Congress to tighten the definition of “Specific Selection Term” in the bill to better comply with the opinion.

USA F-ReDux: Chaining on “Session Identifying Information” that Is Not Call Detail Records 

As I correctly predicted a year ago, by outsourcing “connection chaining” to the providers, the Intelligence Community plans to be able to chain on session identifying information (things like location and cookies) that is probably illegal.

USA F-ReDux: Dianne Feinstein Raises the Data Handshake Again (Latest post)

Some months ago, Bob Litt emphasized USA Freedom would only work if the telecoms retained enough data for pattern analysis (which may or may not back my worry the government plans to outsource such pattern analysis to the telecoms). Nevertheless, no one seems to want to discuss whether and if so how USA F-ReDux will ensure providers do keep data. Except Dianne Feinstein, who today once again suggested there is a kind of “data handshake” whereby the telecoms will retain our data without being forced.

Unlike the Existing Phone Dragnet, USA F-ReDux Does Not Include “Telephony” in Its Definition of Call Detail Record 

The definition of Call Detail Record that will be adopted under USA F-ReDux is closely related to the definition currently used in the phone dragnet — though the USA F-ReDux does not require CDRs to be comprehensive records of calls as the existing phone dragnet does. The big difference, however, is that USA F-ReDux never specifies that calls include only telephony calls.

Congress’s Orwellian spying “reforms”: Why the government wants to outsource its surveillance to your Internet provider 

At Salon, I explain more about why the IC wants to create PRISM for Smart Phones with USA F-ReDux.

Google Applauds USA F-ReDux Because It “Modernizes” Surveillance 

Neither Google nor any of the other providers are admitting they’ll be getting expansive immunity to help spy on their users if USA F-ReDux passes. But Google does reveal they consider this move “modernization,” not reform. Is that because they’ll once again get a monopoly on spying on their users?

Continue reading

FBI’s Pen Registers without Any Call Records

There’s one more aspect of the transparency procedures in USA F-ReDux I find notable (in addition to the IC’s sudden unwillingness to share the scope of Section 702 and the fact that FBI will get all the returns from CDR searches, as opposed to a tiny subset as happens now).

As under the Leahy version of USA Freedom Act, the bill only requires the government to count communications collected pursuant to the Pen Register statute.

(3) the total number of orders issued pursuant to title IV and a good faith estimate of—

(A) the number of targets of such orders; and

(B) the number of unique identifiers used to communicate information collected pursuant to such orders;

Location tracking does not count as a communication (and there may be other loopholes in the new, undefined language). So to the extent they’re using PRTTs primarily to conduct location tracking, that won’t show up.

Remarkably (and in good news, maybe, but who knows?), the FBI exemption they give to everything interesting only applies to non telephone and email identifiers.

(B) ELECTRONIC MAIL ADDRESS AND TELEPHONE NUMBERS.—Paragraph (3)(B) of subsection (b) shall not apply to orders resulting in the acquisition of information by the Federal Bureau of Investigation that does not include electronic mail addresses or telephone numbers.

(Bob Litt, didn’t your Yale professors ever tell you not to use a double negative if you wanted to avoid confusing people?)

Again, perhaps this means the FBI is exclusively using PRTT for location data (but even there, to claim they weren’t collecting it, they’d have to claim a device identifier was different than a phone number, which it is, but jeebus are they that cynical?). But we know they’ve got their PCTDD production, which ought to be based off a traditional pen register which ought to collect emails and telephone numbers.

To be honest, I’m confused. I can’t imagine how any of the FBI exemptions do anything but hide some of the most interesting collection, which may be the case if they’re only using PRTT for location. But still, it doesn’t seem to make sense…

One more point of interest. The bill adds to reporting to the oversight committees a requirement that the government list all of the agencies that have been using PRTT.

(4) each department or agency on behalf of which the Attorney General or a designated attorney for the Government has made an application for an order authorizing or approving the installation and use of a pen register or trap and trace device under this title; and

Nine Members of Congress Vote to Postpone the Fourth Amendment

Broadcast live streaming video on Ustream

John Conyers, Jim Sensenbrenner, Darrell Issa, Steve Cohen, Jerry Nadler, Sheila Jackson Lee, Trey Gowdy,  John Ratcliffe, Bob Goodlatte all voted to postpone the Fourth Amendment today.

At issue was Ted Poe’s amendment to the USA Freedom Act (USA F-ReDux; see the debate starting around 1:15), which prohibited warrantless back door searches and requiring companies from inserting technical back doors.

One after another House Judiciary Committee member claimed to support the amendment and, it seems, agreed that back door searches violate the Fourth Amendment. Though the claims of support from John Ratcliffe, who confessed to using back door searches as a US Attorney, and Bob Goodlatte, who voted against the Massie-Lofgren amendment last year, are suspect. But all of them claimed they needed to vote against the amendment to ensure the USA Freedom Act itself passed.

That judgment may or may not be correct, but it’s a fairly remarkable claim. Not because — in the case of people like Jerry Nader and John Conyers — there’s any question about their support for the Fourth Amendment. But because the committee in charge of guarding the Constitution could not do so because the Intelligence Committee had the sway to override their influence. That was a point made, at length, by both Jim Jordan and Ted Poe, with the latter introducing the point that those in support of the amendment but voting against it had basically agreed to postpone the Fourth Amendment until Section 702 reauthorization in 2017.

(1:37) Jordan: A vote for this amendment is not a vote to kill the bill. It’s not a vote for a poison pill. It’s not a vote to blow up the deal. It’s a vote for the Fourth Amendment. Plain and simple. All the Gentleman says in his amendment is, if you’re going to get information from an American citizen, you need a warrant. Imagine that? Consistent with the Fourth Amendment. And if this committee, the Judiciary Committee, the committee most responsible for protecting the Bill of Rights and the Constitution and fundamental liberties, if we can’t support this amendment, I just don’t see I it. I get all the arguments that you’re making, and they’re all good and the process and everything else but only in Congress does that trump — I mean, that should never trump the Fourth Amendment.

(1:49) Poe; We are it. The Judiciary Committee is it. We are the ones that are protecting or are supposed to protect, and I think we do, that Constitution that we have. And we’re not talking about postponing an Appropriations amount of money. We’re not talking about postponing building a bridge. We’re talking about postponing the Fourth Amendment — and letting it apply to American citizens — for at least two years. This is our opportunity. If the politics says that the Intel Committee — this amendment may be so important to them that they don’t like it they’ll kill the deal then maybe we need to reevaluate our position in that we ought to push forward for this amendment. Because it’s a constitutional protection that we demand occur for American citizens and we want it now. Not postpone it down the road to live to fight another day. I’ve heard that phrase so long in this Congress, for the last 10 years, live to fight another day, let’s kick the can down the road. You know? I think we have to do what we are supposed to do as a Committee. And most of the members of the Committee support this idea, they agree with the Fourth Amendment, that it ought to apply to American citizens under these circumstances. The Federal government is intrusive and abusive, trying to tell companies that they want to get information and the back door comments that Ms. Lofgren has talked about. We can prevent that. I think we should support the amendment and then we should fight to keep this in the legislation and bring the legislation to the floor and let the Intel Committee vote against the Fourth Amendment if that’s what they really want to do. And as far as leadership goes I think we ought to just bring it to the floor. Politely make sure that the law, the Constitution, trumps politics. Or we can let politics trump the Constitution. That’s really the decision.

Nevertheless, only Louie Gohmert, Raul Labrador, Zoe Lofgren, Suzan DelBene, Hakeem Jeffries, David Cicilline, and one other Congressman–possibly Farenthold–supported the amendment.

The committee purportedly overseeing the Intelligence Community and ensuring it doesn’t violate the Constitution has instead dictated to the committee that guards the Constitution it won’t be permitted to do its job.

1 2 3 43