1 2 3 43

DOJ Threatens to Invoke State Secrets Over Something Released in FOIA

Screen Shot 2015-08-28 at 11.22.34 AM
In a hearing today, Judge Richard Leon said that Larry Klayman could pursue his dragnet challenge by adding a plaintiff who did business with Verizon Business Services. But as part of Klayman’s effort, he noted — weakly — that evidence got released showing Verizon Wireless was included in the dragnet. Klayman cited just the Charlie Savage article, not the document released under FOIA showing VZ Wireless on a FISC caption (though I presume his underlying 49 page exhibit includes the actual report — just not necessarily with the passage in question highlighted).

It was disclosed on August 12, 2015 by Charlie Savage of The New York Times that Verizon Wireless, as this Court had already ruled in its Order of December 16, 2013, at all material times was conducting and continuing to conduct unconstitutional and illegal dragnet “almost Orwellian” surveillance on Plaintiffs and millions of other American citizens. See Exhibit 1, which is a Government document evidencing this, incorporated herein by reference, and see Exhibit 2, the New York Times article.

Moreover, Klayman surely overstated what the inclusion of VZ Wireless in a phone dragnet Primary Order caption from 2010 showed. Which probably explains why DOJ said “The government has not admitted in any way, shape, or form that Verizon Wireless participated” in the Section 215 phone dragnet, according to Devlin Barrett.

The point is, they should have to explain why it is that, according to a document they’ve released, VZ Wireless was targeted under the program. Perhaps we’ll get that in Northern California, where EFF very competently pointed to what evidence there was.

Which is why the government’s threat to invoke state secrets was so interesting.

The Court should avoid discovery or other proceedings that would unnecessarily implicate classified national-security information, and the potential need to assert and resolve a claim of the state secrets privilege: Plaintiffs’ proposed amendments, in particular their new allegations regarding the asserted participation of Verizon Wireless in the Section 215 program, implicate matters of a classified nature. The Government has acknowledged that the program involves collection of data from multiple telecommunications service providers, and that VBNS (allegedly the Little Plaintiffs’ provider) was the recipient of a now-expired April 25, 2013, FISC Secondary Order. But otherwise the identities of the carriers participating in the program, now, or at any other time, remain classified for reasons of national security. See Klayman, 2015 WL 5058403, at *6 (Williams, S.J.).

At this time the Government Defendants do not believe that it would be necessary to assert the state secrets privilege to respond to a motion by Plaintiffs for expedited injunctive relief that is based on the allegations of the Little Plaintiffs, or even the proposed new allegations (and exhibit) regarding Verizon Wireless. Nor should it be necessary to permit discovery into matters that would risk or require the disclosure of classified national-security information and thus precipitate the need to assert the state secrets privilege. Nevertheless, if Plaintiffs were permitted to seek discovery on the question of whether Verizon Wireless is now or ever has been a participating provider in the Section 215 program, the discovery sought could call for the disclosure of classified national-security information, in which case the Government would have to consider whether to assert the state secrets privilege over that information.

As the Supreme Court has advised, the state secrets privilege “is not to be lightly invoked.” United States v. Reynolds, 345 U.S. 1, 7 (1953). “To invoke the . . . privilege, a formal claim of privilege must be lodged by the head of the department which has control over the matter after actual personal consideration by that officer.” Id. at 7-8. To defend an assertion of the privilege in court also requires the personal approval of the Attorney General. Policies and Procedures Governing Invocation of the State Secrets Privilege at 1-3, The Government should not be forced to make so important a decision as whether or not to assert the state secrets privilege in circumstances where the challenged program is winding down and will end in a matter of weeks. Moreover, discovery into national-security information should be unnecessary to the extent the standing of the newly added Little Plaintiffs, and the appropriateness of injunctive relief, may be litigated without resort to such information.

If, however, discovery into national-security information is permitted, the Government must be allowed sufficient time to give the decision whether to assert the state secrets privilege the serious consideration it requires. And if a decision to assert the privilege is made, the Government must also be given adequate time to prepare the senior-level declarations and other materials needed to support the claim of privilege, to ensure that the national security interests at stake are appropriately protected. See, e.g., Mohamed v. Jeppesen Dataplan, Inc., 614 F.3d 1070, 1077, 1090 (9th Cir. 2009).

I think it’s quite possible that VZW was not turning over phone records under the Section 215 program in 2010 (which is quite another matter than suggesting NSA was not obtaining a great deal, if not most, of VZW phone records generally). I believe it quite likely NSA obtained some VZW records under Section 215 during the 2010 period.

But I also believe explaining the distinctions between those issues would be very illuminating.

Meanwhile, the threat of stalling, with all the attendant rigamarole, served to scare Leon — he wants this to move quickly as badly as Klayman does. After all, Leon will have much less ability to issue a ruling that will stand after November 28, when the current dragnet dies.

We shall see what happens in CA when DOJ attempts to make a similar argument.

John Doe Ungagged: Nicholas Merrill Wins the Right to Reveal Contents of 11-Year Old National Security Letter

Nicholas Merrill, who first challenged a National Security Letter 11 years ago, has won the right to talk about what he was ordered to turn over to the FBI in 2004. A key holding from the decision is that private citizens — as distinct from government officials who have signed non-disclosure agreements — cannot be prevented from talking about stuff that the government, as a whole, has already released.

A private citizen should be able to disclose information that has already been publicly disclosed by any government agency — at least once the underlying investigation has concluded and there is no reason for the identities of the recipient and target to remain secret. Otherwise, it would lead to the result that citizens who have not received such an NSL request can speak about information that is publicly known (and acknowledged by other agencies), but the very individuals who have received such NSL requests and are thus best suited to inform public discussion on the topic could not. Such a result would lead to “unending secrecy of actions taken by government officials” if private citizens actually affected by publicly known law enforcement techniques could not discuss them.

The judge in the case, Victor Marrero, gave the government 90 days to appeal. If they don’t (?!?!), Merrill will finally be ungagged after 11 years of fighting.

As noted, the FBI served the NSL back in 2004, when Merrill ran a small Internet Service Provider. Merrill sued under the name John Doe. He twice won court rulings that the gag orders were unconstitutional. But it wasn’t until 2010 that he was allowed to ID himself as Doe, and it wasn’t until 2014 — a decade after receiving the NSL — that he was able to tell the person whose records the FBI wanted. Even then, even after Edward Snowden revealed the need for more transparency about these things, the government fought Merrill’s demand to disclose what he had been asked to turn over, which was included in an attachment to the NSL itself.

See this post and this post for background on Merrill’s renewed fight to disclose how much FBI has demanded under an NSL.

Marrero found that the government just didn’t have really good reasons to gag this information, especially given that substantially similar information had been given out by other government agencies, and especially since the government admits it is only trying to hide the information from future targets, not anyone tied to the investigation that precipitated the NSL over a decade ago.

For the reasons discussed below, the court finds that the Government has not satisfied its burden of demonstrating a “good reason” to expect that disclosure of the NSL Attachment in its entirety will risk an enumerated harm, pursuant to Sections 2709 and 3511.


The Government argues that disclosure of the Attachment would reveal law enforcement techniques that the FBI has not acknowledged in the context of NSLs, would indicate the types of information the FBI deems important for investigative purposes, and could lead to potential targets of investigations changing their behavior to evade law enforcement detection. {See Gov’t Mem. at 6.) The Court agrees that such reasons could, in some circumstances, constitute “good” reasons for disclosure.


The Government’s justifications might constitute “good” reasons if the information contained in the Attachment that is still redacted were not, at least in substance even if not in the precise form, already disclosed by government divisions and agencies, and thus known to the public. Here, publicly-available government documents provide substantially similar information as that set forth in the Attactunent. For that reason, the Court is not persuaded that it matters that these other documents were not disclosed by the FBI itself rather than by other government agencies, and that they would hold significant weight for a potential target of a national security investigation in ascertaining whether the FBI would gather such information through an NSL. The documents referred to were prepared and published by various government divisions discussing the FBI’s authority to issue NSLs, the types of materials the FBI seeks, and how to draft NSL requests.


Now, unlike earlier iterations of this litigation, the asserted Government interest in keeping the Attachment confidential is based solely on protecting law enforcement sensitive information that is relevant to future or potential national security investigations.


[I]t strains credulity that future targets of other investigations would change their behavior in light of the currently-redacted information, when those targets (which, according to the Government, [redacted] see Perdue Deel. ¶ 56) have access to much of this same information from other government divisions and agencies.

Effectively, Marrero is arguing that since the government has asserted potential national security targets are good at putting 2 plus 2 together, and 2 and 2 are already in the public domain, any targets can already access the information in the attachment.

Marrero’s quotations from already released documents and the redactions from the attachment make it clear the government is trying to hide they were getting activity logs…

Screen Shot 2015-09-14 at 4.41.14 PM

And the various identities tied to an account (which we know the government matches to better be able to map activity across multiple identities).

Screen Shot 2015-09-14 at 4.42.34 PM

I’ll lay more of this out shortly — effectively, Marrero has already done the mosaic work for targets, even without the attachment (though I suspect what the government is really trying to prevent is release of a document defendants can point to to support discovery requests).

Ultimately, Marrero points to the absurd — and dangerous, for a democracy — position that would result if the government were able to suppress this already public information.

If the Court were to find instead that the Government has met its burden of showing a good reason for nondisclosure here, could Merrillever overcome such a showing? Under the Government’s reasoning, the Court sees only two such hypothetical circumstances in which Merrill could prevail: a world in which no threat of terrorism exists, or a world in which the FBI, acting on its own accord and its own time, decides to disclose the contents of the Attachment. Such a result implicates serious issues, both with respect to the First Amendment and accountability of the government to the people.

Especially at a time when the President claims to want to reverse the practice of forever gags on NSLs, Marrero finds such a stance untenable.

Let’s see whether the government doubles down on secrecy.

Administration Feeds Journalists Hints of More Secret Law … Journalists Instead Parrot “Russian Roulette” Line

Back in January, Charlie Savage revealed that in 2007 the FISC approved a secret interpretation of the Roving Wiretap provision, one of the provisions due to sunset Sunday night. To support a domestic content collection order targeting al Qaeda targets overseas, Judge Roger Vinson rubber-stamped DOJ’s argument that — because Congress had let it wiretap individual targets without naming each of the phones they were using, that also meant it could target al Qaeda as a target — without naming each of the phones and email addresses it was targeting until after tasking them [this sentence updated for accuracy].

Judge Vinson ruled that this procedure was a legitimate interpretation of FISA because of a provision Congress had added to the surveillance law in the Patriot Act. The provision created so-called roving wiretap authority, which allows the F.B.I. to get orders to swiftly follow targets who switch phones, telling the court about the new numbers later.

Public discussion of the purpose and meaning of roving wiretap authority has focused on targeting individual terrorists or spies who seek to evade detection. But Judge Vinson accepted a Justice Department proposition that the target could be Al Qaeda in general, so if the N.S.A. learned of a new Qaeda suspect, it could immediately collect his communications and get after-the-fact approval.

The government stopped using this particular application as it transitioned to Protect America Act (though it even grandfathered some of the existing targets tasked under the prior argument). But the premise — that DOJ can target entire communication nodes based on the argument that a specific target is using unknown accounts passing through that node — surely remains on the books.

This secret interpretation of the law may not be as outrageous as FISC’s redefinition of the word “relevant” to mean “all,” but it is nevertheless a fairly breathtaking argument, with potentially dangerous ongoing implications.

Yet, in spite of the fact that a top journalist (not some dirty hippie like me!) revealed this secret interpretation, the journalists who transcribed Administration claims that sunsetting PATRIOT would amount to playing “national security Russian roulette” have also transcribed Administration claims that they’re only using Roving Wiretaps individually.

A second tool is the “roving wiretap,” which enables the FBI to use one warrant to wiretap a spy or terrorist suspect who is constantly switching cellphones. Those two in particular are of “tremendous value,” the first official said.

We don’t know they’re using Roving Wiretaps to tap entire circuits anymore. But we know they can. That detail should be included in any description before a journalist parrots the Administration claim this is an “uncontroversial” authority. If it’s not controversial, it should be.

Ditto the Lone Wolf provision.

Reporters are reporting something that — 11 years after passage of the Lone Wolf provision — ought to raise serious questions (note: Lone Wolf was actually not part of the PATRIOT Act; it was passed in 2004 as part of the Intelligence Reform and Terrorism Prevention Act).

A third tool allows the FBI to surveil a “lone wolf” suspect who cannot be tied to a foreign terrorist group such as al-Qaeda. It has never been used, but officials said it is a valuable authority they do not want to lose.

That provision has been on the book for 11 years, and the FBI still says they have never used it but even though they have never used it is a valuable authority. It was not used in cases — such as that of Khalid Ali-M Aldawsari — that solidly fit the definition of a Lone Wolf. Even if the FBI found someone who they thought was an international terrorist but didn’t know to what group he belonged, they could get an emergency wiretap to help them find evidence.

So what “value” does the Lone Wolf provision have, if it’s not to authorize the wiretapping of Lone Wolves?

I think there’s increasing reason to ask whether this, like the Roving Wiretap, serves to justify some other secret law, allowing the government to spy on people against whom it has no evidence of ties to al Qaeda or any other terrorist group, but on whom it nevertheless wants to use its terrorist authorities against.

We’re on the fifth or so reauthorization debate where FBI has said “we don’t use this thing but we find it very valuable anyway.” At some point, we need to start assuming that when they say they haven’t “used” it, they only mean in the literal sense, and they’re using it to support some secret, unintended purpose.

Rather than parroting Administration claims of “Russian roulette,” shouldn’t journalists be asking why, after 11 years, their claims of necessity make no sense?

DOJ IG Issues Yet Another Classified Report that Should Be Public Before Congress Votes on PATRIOT Act

DOJ’s Inspector General just announced it completed its draft report on the use of Pen Register/Trap and Trace between 2007 and 2009 15 months ago, but the Intelligence Community only finished its classification review last month. It has now issued a classified version of that report to the Judiciary and Intelligence Committees.

Department of Justice Inspector General Michael E. Horowitz today issued a classified report entitled, The Federal Bureau of Investigation’s Use of Pen Register and Trap and Trace Devices under the Foreign Intelligence Surveillance Act in 2007 through 2009. The Department of Justice (DOJ) Office of the Inspector General (OIG) completed a draft of this report in February 2014. At that time, we provided the draft report to DOJ, the Federal Bureau of Investigation (FBI), and the Intelligence Community to conduct factual accuracy and classification reviews. In May 2014, we circulated an updated draft report that reflected minor revisions made in response to the factual accuracy comments we received. We did not receive the final results of the classification reviews until April 30, 2015.

We are providing today’s classified report to the relevant Congressional oversight and intelligence committees, as well as to DOJ leadership offices. We recently submitted a short unclassified Executive Summary of the report to DOJ, the FBI, and the Intelligence Community for review. We will publicly release the Executive Summary as soon as that review is completed.

This is another report that should have been released long before the current debate on the PATRIOT Act. While PRTT is not among the authorities that sunsets on Sunday, the issues surrounding the shut-down of the bulk Internet program in (around) October 2009 are central to the debate about the dragnet going forward, because “call” records are increasingly Internet records.

Moreover, the USA F-ReDux calls for “privacy guidelines” that I believe are still inadequate to protect US persons’ privacy in the ways the IC is likely using PRTT today. Plus, PRTT is likely used for applications — such as tower dumps and Stingrays — that affect the privacy of many people not otherwise targeted. Congress should have details about that before they legislate.

In addition, Richard Burr’s bill actually adopts a definition of “content” — excluding Dialing, Routing, Addressing, and Signaling data from the definition of content — that responds directly to the issues behind the Internet dragnet shutdown in 2009.

Last week, much of DC discovered for the first time — because of the delayed release of DOJ IG’s report on Section 215 — what I had been reporting for months: that the bulk of Section 215 orders actually collect bulky Internet data. That report also disclosed that, at least as used up until 2009 (that is, as FBI just started using 215 for that Internet collection), Section 215 wasn’t all that useful.

It is highly likely that the 15-month old PRTT report DOJ’s IG just released would have information that is equally important to this debate.

But the public is not going to have access to it.

Edward Snowden Richard Burr Exposes IP Address Dragnet on Senate Floor

Update: As I show in this post, the transcription of Burr’s speech in the Congressional record removed the reference to IP addresses. 

Update: While Burr’s office did not respond to my request for comment, they did respond to Buzzfeed (which sadly didn’t ask the obvious follow-up questions). His office claims he misspoke, though apparently didn’t explain why he would confuse Section 215 and PRTT, why he would tie the Internet dragnet to phone calls, or why, if the current dragnet doesn’t collect Internet data but USA F-ReDux would, why that would not then be a welcome return for the Senator given his stated desire to track such collection. I have asked for comment again from Burr’s office on those questions. 

Since last summer, I have been emphasizing that the bulk of Section 215 orders collect Internet data, not phone records under the phone dragnet. I pointed to evidence that that production included data flows and noted FBI claims they use it to conduct hacking investigations.   But I have assumed that was primarily bulky collection, not bulk collection.

Not so. Earlier today, noted whistleblower Edward Snowden Senate Intelligence Chair Richard Burr revealed that there is also an IP address bulk collection program. (h/t Andrew Blake, after 2:15)

Now what’s bulk data? Bulk data is storing telephone numbers and IP addresses — we have no idea who they belong to — that are domestic. And the whole basis behind this program is that as a cell phone is picked up in Syria, and you look at the phone numbers that phone talked to, if there’s some in the United States we’d like to know that — at least law enforcement would like to know it — so that we can understand if there’s a threat against us here in the homeland [sic] or somewhere else in the world. So Section 215 allows the NSA to collect in bulk telephone numbers and IP addresses with no identifier on it. We couldn’t tell you who that American might be.

I thought when you leaked details like this it helped our enemies? I thought if you did such things you were a traitor, deserving of an orange jumpsuit at Gitmo?

Apparently not.

So it appears it’s the IP dragnet, and not the phone dragnet, that the Republicans are trying to save?

It’s a little late for that, though, given that the Second Circuit just ruled such dragnets illegal.

emptywheel Coverage of USA F-ReDux, or, PRISM for Smart Phones

This post will include all my coverage on USA F-ReDux.

Ten Goodies USA F-ReDux Gives the Intelligence Community 

USA F-ReDux’s boosters often suggest the bill would be a big sacrifice for the Intelligence Community. That’s nonsense. This post lists just 10 of the goodies the IC will get under the bill, including chaining on Internet calls, a 2nd super-hop, emergency provisions ripe for abuse, and expansions of data sharing.

2nd Circuit Decision Striking Down Dragnet Should Require Tighter “Specific Selection Term” Language in USA F-ReDux 

The 2nd Circuit just ruled that the phone dragnet was not authorized by Section 215. The language in the opinion on DOJ’s misinterpretation of “relevant to” ought to lead Congress to tighten the definition of “Specific Selection Term” in the bill to better comply with the opinion.

USA F-ReDux: Chaining on “Session Identifying Information” that Is Not Call Detail Records 

As I correctly predicted a year ago, by outsourcing “connection chaining” to the providers, the Intelligence Community plans to be able to chain on session identifying information (things like location and cookies) that is probably illegal.

USA F-ReDux: Dianne Feinstein Raises the Data Handshake Again (Latest post)

Some months ago, Bob Litt emphasized USA Freedom would only work if the telecoms retained enough data for pattern analysis (which may or may not back my worry the government plans to outsource such pattern analysis to the telecoms). Nevertheless, no one seems to want to discuss whether and if so how USA F-ReDux will ensure providers do keep data. Except Dianne Feinstein, who today once again suggested there is a kind of “data handshake” whereby the telecoms will retain our data without being forced.

Unlike the Existing Phone Dragnet, USA F-ReDux Does Not Include “Telephony” in Its Definition of Call Detail Record 

The definition of Call Detail Record that will be adopted under USA F-ReDux is closely related to the definition currently used in the phone dragnet — though the USA F-ReDux does not require CDRs to be comprehensive records of calls as the existing phone dragnet does. The big difference, however, is that USA F-ReDux never specifies that calls include only telephony calls.

Congress’s Orwellian spying “reforms”: Why the government wants to outsource its surveillance to your Internet provider 

At Salon, I explain more about why the IC wants to create PRISM for Smart Phones with USA F-ReDux.

Google Applauds USA F-ReDux Because It “Modernizes” Surveillance 

Neither Google nor any of the other providers are admitting they’ll be getting expansive immunity to help spy on their users if USA F-ReDux passes. But Google does reveal they consider this move “modernization,” not reform. Is that because they’ll once again get a monopoly on spying on their users?

Continue reading

FBI’s Pen Registers without Any Call Records

There’s one more aspect of the transparency procedures in USA F-ReDux I find notable (in addition to the IC’s sudden unwillingness to share the scope of Section 702 and the fact that FBI will get all the returns from CDR searches, as opposed to a tiny subset as happens now).

As under the Leahy version of USA Freedom Act, the bill only requires the government to count communications collected pursuant to the Pen Register statute.

(3) the total number of orders issued pursuant to title IV and a good faith estimate of—

(A) the number of targets of such orders; and

(B) the number of unique identifiers used to communicate information collected pursuant to such orders;

Location tracking does not count as a communication (and there may be other loopholes in the new, undefined language). So to the extent they’re using PRTTs primarily to conduct location tracking, that won’t show up.

Remarkably (and in good news, maybe, but who knows?), the FBI exemption they give to everything interesting only applies to non telephone and email identifiers.

(B) ELECTRONIC MAIL ADDRESS AND TELEPHONE NUMBERS.—Paragraph (3)(B) of subsection (b) shall not apply to orders resulting in the acquisition of information by the Federal Bureau of Investigation that does not include electronic mail addresses or telephone numbers.

(Bob Litt, didn’t your Yale professors ever tell you not to use a double negative if you wanted to avoid confusing people?)

Again, perhaps this means the FBI is exclusively using PRTT for location data (but even there, to claim they weren’t collecting it, they’d have to claim a device identifier was different than a phone number, which it is, but jeebus are they that cynical?). But we know they’ve got their PCTDD production, which ought to be based off a traditional pen register which ought to collect emails and telephone numbers.

To be honest, I’m confused. I can’t imagine how any of the FBI exemptions do anything but hide some of the most interesting collection, which may be the case if they’re only using PRTT for location. But still, it doesn’t seem to make sense…

One more point of interest. The bill adds to reporting to the oversight committees a requirement that the government list all of the agencies that have been using PRTT.

(4) each department or agency on behalf of which the Attorney General or a designated attorney for the Government has made an application for an order authorizing or approving the installation and use of a pen register or trap and trace device under this title; and

Nine Members of Congress Vote to Postpone the Fourth Amendment

Broadcast live streaming video on Ustream

John Conyers, Jim Sensenbrenner, Darrell Issa, Steve Cohen, Jerry Nadler, Sheila Jackson Lee, Trey Gowdy,  John Ratcliffe, Bob Goodlatte all voted to postpone the Fourth Amendment today.

At issue was Ted Poe’s amendment to the USA Freedom Act (USA F-ReDux; see the debate starting around 1:15), which prohibited warrantless back door searches and requiring companies from inserting technical back doors.

One after another House Judiciary Committee member claimed to support the amendment and, it seems, agreed that back door searches violate the Fourth Amendment. Though the claims of support from John Ratcliffe, who confessed to using back door searches as a US Attorney, and Bob Goodlatte, who voted against the Massie-Lofgren amendment last year, are suspect. But all of them claimed they needed to vote against the amendment to ensure the USA Freedom Act itself passed.

That judgment may or may not be correct, but it’s a fairly remarkable claim. Not because — in the case of people like Jerry Nader and John Conyers — there’s any question about their support for the Fourth Amendment. But because the committee in charge of guarding the Constitution could not do so because the Intelligence Committee had the sway to override their influence. That was a point made, at length, by both Jim Jordan and Ted Poe, with the latter introducing the point that those in support of the amendment but voting against it had basically agreed to postpone the Fourth Amendment until Section 702 reauthorization in 2017.

(1:37) Jordan: A vote for this amendment is not a vote to kill the bill. It’s not a vote for a poison pill. It’s not a vote to blow up the deal. It’s a vote for the Fourth Amendment. Plain and simple. All the Gentleman says in his amendment is, if you’re going to get information from an American citizen, you need a warrant. Imagine that? Consistent with the Fourth Amendment. And if this committee, the Judiciary Committee, the committee most responsible for protecting the Bill of Rights and the Constitution and fundamental liberties, if we can’t support this amendment, I just don’t see I it. I get all the arguments that you’re making, and they’re all good and the process and everything else but only in Congress does that trump — I mean, that should never trump the Fourth Amendment.

(1:49) Poe; We are it. The Judiciary Committee is it. We are the ones that are protecting or are supposed to protect, and I think we do, that Constitution that we have. And we’re not talking about postponing an Appropriations amount of money. We’re not talking about postponing building a bridge. We’re talking about postponing the Fourth Amendment — and letting it apply to American citizens — for at least two years. This is our opportunity. If the politics says that the Intel Committee — this amendment may be so important to them that they don’t like it they’ll kill the deal then maybe we need to reevaluate our position in that we ought to push forward for this amendment. Because it’s a constitutional protection that we demand occur for American citizens and we want it now. Not postpone it down the road to live to fight another day. I’ve heard that phrase so long in this Congress, for the last 10 years, live to fight another day, let’s kick the can down the road. You know? I think we have to do what we are supposed to do as a Committee. And most of the members of the Committee support this idea, they agree with the Fourth Amendment, that it ought to apply to American citizens under these circumstances. The Federal government is intrusive and abusive, trying to tell companies that they want to get information and the back door comments that Ms. Lofgren has talked about. We can prevent that. I think we should support the amendment and then we should fight to keep this in the legislation and bring the legislation to the floor and let the Intel Committee vote against the Fourth Amendment if that’s what they really want to do. And as far as leadership goes I think we ought to just bring it to the floor. Politely make sure that the law, the Constitution, trumps politics. Or we can let politics trump the Constitution. That’s really the decision.

Nevertheless, only Louie Gohmert, Raul Labrador, Zoe Lofgren, Suzan DelBene, Hakeem Jeffries, David Cicilline, and one other Congressman–possibly Farenthold–supported the amendment.

The committee purportedly overseeing the Intelligence Community and ensuring it doesn’t violate the Constitution has instead dictated to the committee that guards the Constitution it won’t be permitted to do its job.

Google Applauds USA F-ReDux Because It “Modernizes” Surveillance

Thus far, none of the Internet providers who have issued statements in support of the latest incarnation of USA Freedom Act (which I’m calling USA F-ReDux) have mentioned that they will be getting expansive immunity and compensation for helping the government spy on you.

Google didn’t mention it either.

Along with two other features, Google argues USA F-ReDux would,

[E]nd the bulk collection of communications metadata under various legal authorities. This not only includes telephony metadata collected under Section 215, but also Internet metadata that has been or could be collected under other legal authorities.

I find that an interesting way to describe the bill, particularly given that Google calls this “modernizing” surveillance, not limiting it.

Congress Has Only A Few Weeks Left to Modernize Surveillance Laws

Both the government and some providers used that same language — “modernize” — during the FISA Amendments Act, too. Sure, that was partly because it accommodated the law to growing Internet reliance. USA F-ReDux will do that too, to the extent it allows the government to obtain metadata for things like Google Meet-Ups and other VOIP calls and Internet messaging, which the government needs if it really wants dragnet coverage. FAA also involved deputizing Internet providers so that their data could not longer be collected in bulk by phone companies.

Modernizing surveillance, they called that.

And as I’ve just begun to lay out, this bill will set up a system similar in many respects to PRISM, where the government would go to the provider to get what they wanted on a target. Under PRISM, what the government wanted quickly expanded. Within 6 months of the roll-out of PRISM, the government was already asking for 9 different types of data from providers like Yahoo, apparently spanning Yahoo’s four business functions (meaning email, information services, data storage, and Yahoo internal functions).

Here, as with FAA, the government will go to providers to get what they want. And given that the bill permits the government to ask providers to chain on non-Call Detail Record session identifiers (things like cookies and location data), the government will benefit from, though not directly access, some of the same data that the government started obtaining under PRISM. And while I would hope the FISA Court would exert some oversight, I would also bet the government will make increasingly expansive claims about what constitutes a “session identifier” that can be used to chain (we know that, overseas, they chain on address books and photographs, for example).

And in one way, USA F-ReDux is worse than PRISM. Unlike FAA, USA F-ReDux will feature an added role for a Booz-type contractor compiling all this data, possibly in some cloud somewhere that would be about as safe as all the documents Edward Snowden took, to make it easier to chain across providers.

This is what Google celebrates as “modernization.”

But let’s go back to Google’s representation of this as ending bulk collection of, “Internet metadata that has been or could be collected under other legal authorities.”

We’ve long discussed the Section 215 dragnet as covering just calls made by phone companies (though Verizon’s Counsel, in a hearing last year, noted that the government would have to get VOIP if it wanted full coverage).

But that’s not true. As I reported the other day, at least one of the phone metadata dragnets was collecting VOIP metadata. Google’s VOIP metadata. In fact, the only known use of the DEA dragnet involved a US user subscribing to Google calls.

In other words, the Shantia Hassanshahi case is important not just because it led to us learning about the DEA dragnet, but because it revealed that (in addition to Google’s Internet metadata being collected under PRTT illegally for years), Google’s VOIP data also got sucked up in at least one phone dragnet.

Google doesn’t like other people being able to spy on its customers.

But now that USA F-ReDux will return it to the position of having the monopoly on spying on its customers, it calls this “modernization.”

Yes, Section 215 Might Be Used to Get Dick Pics — or Porn Searches and Dick Uploads

John Oliver did an interview with Edward Snowden that aired on his show last night. After showing Snowden that most random people stopped in Times Square didn’t know or care what Snowden had done (starting at 22:30), Oliver then showed that they would care if this were all about the government collecting dick pics.

So Snowden goes through and describes (after 28:00) what authorities the government might use to collect dick pics, focusing largely on different aspects of Section 702 and EO 12333. But (at 30:00), Snowden says the NSA (Oliver should have been asking about the government, not NSA) couldn’t use Section 215 to get dick pics, though they could use the phone dragnet to find out if you’ve been calling a penis enlargement center.

Not so fast, Ed!

It is, hypothetically, possible that the government (more likely FBI than NSA) could use Section 215 to get dick pics, provided there were some entity that had a collection of dick pics it was interested in. It would only 1) need to find that entity that had these dick pics as records, 2) come up with some reason why they needed the dick pics for either a counterterrorism or counterintelligence purpose, and 3) convince the rubber stamp FISA Court that these dick pics were “relevant to” a counterterrorism or counterintelligence FBI investigation (which we know FISC interprets unbelievably broadly) but that FBI wasn’t seeking the dick pics solely on the basis of the target’s First Amendment protected, um, speech. Hypothetically possible, at least, if unlikely. A dick pic is a tangible thing.

Furthermore, it is almost certain that the FBI (again, not the NSA, but if the FBI does it, it is more likely targeted at an American) is using Section 215 to get URL searches and data flows — along with fairly comprehensive online profiles — on users. So in addition to Snowden’s explanation of using the phone dragnet to see if you’ve called a penis enlargement center, the FBI may be using Section 215 to track a user’s porn watching habits and even if they’ve been uploading their own dick pics to some server. There likely are dick pics in this collection (though the FISC almost certainly requires minimization if the collection, so may limit the FBI’s ability to retain dick pics unless it can claim it needs them for an investigative purpose). (Though note, a recent Shane Harris story reveals NSA needs its own porn room because its analysts spend so much time analyzing what they collect.)

Again, Section 215 is far more than the phone dragnet, it is designed to support fairly creative collection of “tangible things” so long as there is an attenuated national security purpose to do so, and we know it supports a great deal of collection on users’ Internet use.

And while dick pics might be just a hypothetical case, far easier to imagine would be FBI using Section 215 to obtain DNA — perhaps from hospitals, perhaps from hotels where targets had stayed, obviously from cops (though they could get that through info sharing). DNA is, after all, a tangible thing. And we know that the government has a DNA database of Gitmo detainees, so they have been amassing DNA to positively ID both the targets but also family members of targets.

One more note. Several of the ways the NSA has gotten dick pics — via Yahoo video chats, stealing from Google servers overseas — may have become less accessible to the government overseas as companies move to encrypt more of their traffic. I assume they’ll find some new way to get these. But for the moment, the government may be ingesting fewer dick pics than they were in 2013.

1 2 3 43
Emptywheel Twitterverse
emptywheel RT @adamjohnsonNYC: Imagine the following headline: FBI Thwarts Eastern European Smugglers Selling Nuclear Material to FBI Posing as ISIS
emptywheel @MoonofA Except austerity is coming to the Kingdom. @chinahand
emptywheel GR Tweeps: Rumsey St definitely worth checking out this weekend. This was my favorite piece: State of Exception
emptywheel @chinahand Stop. You're going to make John Hannah cry.
emptywheel @p2wy Might be 4 kids. Rumsey St is worthwhile, btw, & prolly mostly kid friendly. Couldn't get into Whisper on account of hordes of kids
emptywheel @p2wy Forever, or just during Art Prize?
emptywheel @joshgerstein The only way to hold back the tide of govt is to give 535 people offices and lifetime benefits to fight back with.
emptywheel @p2wy Lyon or Sparrows? Wherever they parked I guarantee they were driving 15MPH in 35 zones looking for parking. & stopping in roundabouts
JimWhiteGNV I think I"m a couple of mass shootings behind on saying fuck the @NRA, so I'll say it twice. Fuck the @NRA
bmaz RT @radleybalko: 13 police agencies fight for cut of college student's life savings after drug dog alerts to his bag. No drugs found. http:…
emptywheel RT @Cryptomeorg: FISC Issues Briefing Order on USG Retaining Spy Data
emptywheel To the very end, Boehner will remain incapable of counting votes.
October 2015
« Sep