PATRIOT

1 2 3 42

Yes, Section 215 Might Be Used to Get Dick Pics — or Porn Searches and Dick Uploads

John Oliver did an interview with Edward Snowden that aired on his show last night. After showing Snowden that most random people stopped in Times Square didn’t know or care what Snowden had done (starting at 22:30), Oliver then showed that they would care if this were all about the government collecting dick pics.

So Snowden goes through and describes (after 28:00) what authorities the government might use to collect dick pics, focusing largely on different aspects of Section 702 and EO 12333. But (at 30:00), Snowden says the NSA (Oliver should have been asking about the government, not NSA) couldn’t use Section 215 to get dick pics, though they could use the phone dragnet to find out if you’ve been calling a penis enlargement center.

Not so fast, Ed!

It is, hypothetically, possible that the government (more likely FBI than NSA) could use Section 215 to get dick pics, provided there were some entity that had a collection of dick pics it was interested in. It would only 1) need to find that entity that had these dick pics as records, 2) come up with some reason why they needed the dick pics for either a counterterrorism or counterintelligence purpose, and 3) convince the rubber stamp FISA Court that these dick pics were “relevant to” a counterterrorism or counterintelligence FBI investigation (which we know FISC interprets unbelievably broadly) but that FBI wasn’t seeking the dick pics solely on the basis of the target’s First Amendment protected, um, speech. Hypothetically possible, at least, if unlikely. A dick pic is a tangible thing.

Furthermore, it is almost certain that the FBI (again, not the NSA, but if the FBI does it, it is more likely targeted at an American) is using Section 215 to get URL searches and data flows — along with fairly comprehensive online profiles — on users. So in addition to Snowden’s explanation of using the phone dragnet to see if you’ve called a penis enlargement center, the FBI may be using Section 215 to track a user’s porn watching habits and even if they’ve been uploading their own dick pics to some server. There likely are dick pics in this collection (though the FISC almost certainly requires minimization if the collection, so may limit the FBI’s ability to retain dick pics unless it can claim it needs them for an investigative purpose). (Though note, a recent Shane Harris story reveals NSA needs its own porn room because its analysts spend so much time analyzing what they collect.)

Again, Section 215 is far more than the phone dragnet, it is designed to support fairly creative collection of “tangible things” so long as there is an attenuated national security purpose to do so, and we know it supports a great deal of collection on users’ Internet use.

And while dick pics might be just a hypothetical case, far easier to imagine would be FBI using Section 215 to obtain DNA — perhaps from hospitals, perhaps from hotels where targets had stayed, obviously from cops (though they could get that through info sharing). DNA is, after all, a tangible thing. And we know that the government has a DNA database of Gitmo detainees, so they have been amassing DNA to positively ID both the targets but also family members of targets.

One more note. Several of the ways the NSA has gotten dick pics — via Yahoo video chats, stealing from Google servers overseas — may have become less accessible to the government overseas as companies move to encrypt more of their traffic. I assume they’ll find some new way to get these. But for the moment, the government may be ingesting fewer dick pics than they were in 2013.

The Precedent for Using Presidential National Emergency Proclamations to Expand Surveillance

On September 14, 2001 — 3 days before signing an expansive Memorandum of Notification that would authorize a suite of covert operations against al Qaeda, and 4 days before signing an AUMF that would give those operations the appearance of Congressional sanction — President Bush declared a National Emergency in response to the 9/11 attack.

The following day, according to a 2002 motion to the FISC to be able to share raw FISA-derived information with CIA and NSA (this was liberated by Charlie Savage), FISC suspended its rules on sharing intelligence derived under FBI-obtained FISA warrants with criminal investigations (see page 26 of this paper for background).

On September 15, 2001, upon motion of the Government, the [FISA] Court suspended the “Court wall,” certification, and caveat requirements that previously had applied to Court-authorized electronic surveillance and physical search of [redacted] related targets, while directing that the FBI continue to apply the standard minimization procedures applicable in each case. As stated in the order resulting from that motion, the Court took this action in light of inter alia:

“the President’s September 14, 2001, declaration of a national emergency and the near war conditions that currently exist;”

“the personal meeting the Court had with the Director of the FBI on September 12, 2001, in which he assured the Court of the collection authority requested from this Court in the face of the nature and scope of the multi-faced response of the United States to the above-referenced attacks;

“the need for the Government to rapidly disseminate pertinent foreign intelligence information to appropriate authorities.”

Ten days after FISC dismantled its role in “the wall” between intelligence and criminal investigations in response to the Executive’s invocation of a National Emergency, on September 25, 2001, John Yoo finished an OLC memo considering the constitutionality of dismantling the wall by replacing “the purpose” in FISA orders with “a purpose.”

A full month later, on October 25, 2001, Congress passed the PATRIOT Act. For over 13 years, analysis of the PATRIOT Act has explained that it eliminated “the wall” between intelligence and criminal investigations by replacing language requiring foreign intelligence be “the purpose” of FISA wiretaps with language requiring only that that be “a significant purpose” of the wiretap. But the FISC suspension had already removed the biggest legal barrier to eliminating that wall.

In other words, the story we’ve been telling about “the wall” for over 13 years is partly wrong. The PATRIOT Act didn’t eliminate “the wall.” “The wall” had already been suspended, by dint of Executive Proclamation and a secret application with the FISC, over a month before the PATRIOT Act was initially introduced as a bill.

FISC suspended it, without congressional sanction, based on the President’s invocation of a National Emergency.

That’s not the only case where the Executive invoked that National Emergency in self-authorizing or getting FISC to authorize expansive new surveillance authorities (or has hidden the authorities under which it makes such claims).

Perhaps most illustratively, on May 6, 2004, Jack Goldsmith pointed to the National Emergency when he reauthorized most aspects of Stellar Wind.

On September 14, 2001. the President declared a national emergency “by reason of the terrorist attacks at the World Trade Center, New York, New York, and the Pentagon, and the continuing and immediate threat of further attacks on the United States.” Proclamation No. 7463, 66 Fed. Reg. 43, !99 (Sept. 14, 2001). The United States also launched a massive military response, both at home and abroad. In the United States, combat air patrols were immediately established over major metropolitan areas and were maintained 24 hours a day until April 2002, The United States also immediately began plans for a military response directed at al Qaeda’s base of operations in Afghanistan.

Only after invoking both the Proclamation and the immediate military response that resulted did Goldsmith note that Congress supported such a move (note, he cited Congress’ September 14 passage of the AUMF, not Bush signing it into law on September 18, thought that may be in part because Michael Hayden authorized the first expansions of surveillance September 14; also remember there are several John Yoo memos that remain hidden) and then point to an article on the friendly-fire death of Pat Tillman as proof that combat operations continued.

On September 14, 2001, both houses of Congress passed a joint resolution authorizing the President “to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks” of September I I. Congressional Authorization § 2(a). Congress also expressly acknowledged that the attacks rendered it “necessary and appropriate” for the United States to exercise its right “to protect United States citizens both at home and abroad,” and acknowledged in particular that the “the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the United States.” id. pmbl. Acting under his constitutional authority as Commander in Chief, and with the support of Congress, the President dispatched forces to Afghanistan and, with the cooperation of the Northern Alliance, toppled the Taliban regime from power Military operations to seek out resurgent elements of the Taliban regime and al Qaeda fighters continue in Afghanistan to this day. See, e.g., Mike Wise and Josh White, Ex-NFL Player Tillman Killed in Combat, Wash. Post, Apr. 24, 2004, at AI (noting that “there are still more than 10,000 U.S. troops in the country and fighting continues against remains of the Taliban and al Qaeda”).

That is, even in an OLC memo relying on the AUMF to provide legal sanction for President Bush’s systematic flouting of FISA for 2.5 years, Goldsmith relied primarily on the National Emergency Proclamation, and only secondarily on Congress’ sanction of such invocation with the AUMF.

The White Paper released in 2006 largely regurgitating Goldsmith’s opinion for more palatable consumption mentions the AUMF first in its summary, but then repeats Goldsmith’s emphasis on the Proclamation in the background section (see pages 2 and 4).

Paragraphs that may discuss such authorizations get redacted in the 2006 application to move content collection under FISC (see page 6). The entire background section (starting at page 5) of the initial Internet dragnet application is also redacted. While we can’t be sure, given parallel claims made in the same 2004 to 2006 period, it seems likely those memoranda also repeated this formula.

Such a formula was definitely dropped. The 2006 memorandum in support of using Section 215 to create a phone dragnet included no mention of authorities. The 2007 memorandum to compel Yahoo to fulfill Protect American Act orders cites PAA, not Emergency Declarations.

But the formula was retained in all discussions of the Administration’s illegal wiretap program in secret declarations submitted in court in 2006, 2007, and 2009, being repeated again in an unclassified 2013 declaration. While these declarations likely all derive, at least in part, from Goldsmith’s memo, it’s worth noting that the government has consistently suggested it could conduct significant surveillance programs without Congressional sanction by pointing to the that National Emergency Proclamation.

This is the precedent I meant to invoke when I expressed concern about President Obama’s expansive Executive Order of the other day, declaring a National Emergency because of cybersecurity.

Ranking House Intelligence Member Adam Schiff’s comment that Obama’s EO is “a necessary part of responding to the proliferation of dangerous and economically devastating cyber attacks facing the United States,” but that it will be “coupled with cyber legislation moving forward in both houses of Congress” only adds to my alarm (particularly given Schiff’s parallel interest in giving Obama soft cover for his ISIL AUMF while having Congress still involved).  It sets up the same structure we saw with Stellar Wind, where the President declares an Emergency and only a month or so later gets sanction for and legislative authorization for actions taken in the name of that emergency.

And we know FISC has been amenable to that formula in the past.

We don’t know that the President has just rolled out a massive new surveillance program in the name of a cybersecurity Emergency (rooted in a hack of a serially negligent subsidiary of a foreign company, Sony Pictures, and a server JP Morgan Chase forgot to update).

We just know the Executive has broadly expanded surveillance, in secret, in the past and has never repudiated its authority to do so in the future based on the invocation of an Emergency (I think it likely that pre FISA Amendments Act authorization for the electronic surveillance of weapons proliferators, even including a likely proliferator certification under Protect America Act, similarly relied on Emergency Proclamations tied to all such sanctions).

I’m worried about the Cyber Intelligence Sharing Act, the Senate version of the bill that Schiff is championing. But I’m just as worried about surveillance done by the executive prior to and not bound by such laws.

Because it has happened in the past.

Update: In his October 23, 2001 OLC memo authorizing the President to suspend the Fourth Amendment (and with it the First), John Yoo said this but did not invoke the September 14, 2001 proclamation per se.

As applied to the present circumstances, the [War Powers Resolution] signifies Congress’ recognition that the President’s constitutional authority alone enables him to take military measures to combat the organizations or groups responsible for the September 11 incidents, together with any governments that may have harbored or supported them, if such actions are, in his judgment, a necessary and appropriate response to the national emergency created by those incidents.

Update: Thanks to Allen and Joanne Leon for the suspend/suspect correction.

Is There a Programmatic Stingray?

The NYT yesterday had a story on the secrecy surrounding Stingrays including these admissions from an FBI affidavit to explain the secrecy.

A fuller explanation of the F.B.I.’s position is provided in two publicly sworn affidavits about StingRay, including one filed in 2014 in Virginia. In the affidavit, a supervisory special agent, Bradley S. Morrison, said disclosure of the technology’s specifications would let criminals, including terrorists, “thwart the use of this technology.”

“Disclosure of even minor details” could harm law enforcement, he said, by letting “adversaries” put together the pieces of the technology like assembling a “jigsaw puzzle.” He said the F.B.I. had entered into the nondisclosure agreements with local authorities for those reasons. In addition, he said, the technology is related to homeland security and is therefore subject to federal control.

In a second affidavit, given in 2011, the same special agent acknowledged that the device could gather identifying information from phones of bystanders. Such data “from all wireless devices in the immediate area of the F.B.I. device that subscribe to a particular provider may be incidentally recorded, including those of innocent, nontarget devices.”

But, he added, that information is purged to ensure privacy rights.

In response, a bunch of smart people had an interesting conversation today about why the government is so secretive about them (start at this tweet).

My wildarseguess is that they’re hiding some kind of programmatic Stingray program. I think so for three reasons:

  • Any programmatic Stingray program would (have) been hidden by carve-outs in USA Freedom Act’s transparency provisions
  • At least one of the liberated non-disclosure agreements suggests ongoing obligations between localities and the FBI
  • FISC appears to have permitted more expansive versions of criminal PRTT programs

In past legislative debates the Intelligence Community revealed secret programs by defending them

I believe one of the best ways to see vague outlines of undisclosed domestic surveillance is to watch where the Intelligence Community is most intransigent on legislation.

When Michaels Mukasey and McConnell wrote a transparently bullshit response to a Russ Feingold effort to segregate incidentally collected  US person data under FISA Amendments Act in early 2008, I guessed they were doing back door searches of that data. 4 and 5 years later (with the report on the reauthorization and Snowden disclosures, respectively), that was proven correct.

When the IC repeatedly and successfully defeated efforts to require some real connection between a target and the records collected using Section 215 in 2009 all while boasting they had used it in the Najibullah Zazi investigation, I guessed they were using Section 215 to collect bulky data. I even guessed that they had migrated Bush’s illegal wiretap program to Section 215 and PRTT (though a former prosecutor friend soon dissuaded me from pushing my PRTT analysis because, she pointed out, there was no way in hell PRTT could authorize a dragnet).

There were 3 parts of the USA Freedom Act which struck me as particularly notable in the same way. First, the government’s insistence on expanding the chaining process to include “connections” in addition to contacts; I strongly believe that indicates they ask cell companies to match up the various identities with a particular handset.

Then there were two kinds of programmatic collection that would not only not be shut down by the prohibition on bulk collection in the bill, but which were specifically excluded from individualized transparency reporting (in addition to back door searches and upstream domestic collection, but we already knew about both of those), because transparency in the bill only covered “communications.” The first is any kind of dragnet tied to a non-communication corporate name, such as a financial dragnet or hotel records. See this post for an explanation. USAF would not require individualized reporting on this collection at all. Particularly given that the bill would permit using corporate names as identifiers and would exclude that from transparency, I think reasonable people should assume that kind of bulky collection would continue unabated.

More interesting, though, the transparency provisions also appear to exempt tracking device collection from individualized reporting, because those aren’t considered “communications” from individualized transparency reporting (I believe it would also exempt cloud data but I don’t understand what this is yet). I don’t think the government could use “Harris Corporation” as a identifier (they wouldn’t need to anyway, because the FBI would be using the tool not collecting all of Harris’ data). But they could collect the tracking data on 310 million people and only need to report targets (which currently number in the hundreds, though there already is some gaming of the required US person target reporting).

Like a Stingray, which looks for one phone, but obtains the records of everyone in a cell area.

Which is why I love this quote from the NYT article:

Christopher Allen, an F.B.I. spokesman, said “location information is a vital component” of law enforcement. The agency, he said, “does not keep repositories of cell tower data for any purpose other than in connection with a specific investigation.”

The government currently collects phone records of some significant subset of 310 million Americans for the purposes of “specific investigations.” It’s just that they consider enterprise investigations to be “specific” and therefore every American to be “relevant.” The same may well apply to location data.

FBI’s non-disclosure agreement(s) suggests ongoing cooperation between local and federal law enforcement

We’ve already seen plenty of evidence that local law enforcement retain their ties and obligations to federal law enforcement, largely in the demands the Marshal service puts on secrecy.

But as I lay out in this post, that seems to involve ongoing cooperation using the Stingray. An NDA liberated in MN specifically requires deconfliction of missions, indicating that multiple entities would use one Stingray at once.

That all seems to suggest a key part of this top-down hierarchical non-disclosure requirement involves that kind of mission-sharing.

Which is another way of saying that FBI probably relies on these local Stingrays.

FISC appears to permit more expansive PRTT programs than in criminal context

In this post and this one, I showed that the FISC-authorized use of PRTT relates the criminal context but may not be bound by it. That’s significant, because we know where the government has obtained permission for Stingray use in the criminal context, they’ve often relied on PRTT.

In both the use of combined PRTT/215 orders to get location data and in the collection of Post-Cut Through Dialed Digits, FISC has reconsidered PRTT orders after magistrates challenged similar criminal uses. At least in the latter example, FISC permitted FBI to continue a more expansive collection even after it was prohibited in the criminal context, requiring only that FBI comply with Fourth Amendment protections using minimization (as I’ll show when I finally write up the remainder of the FISC opinions, this practice has early foundation in other FISC applications).

What becomes clear reviewing the public records (these reports say this explicitly) is that the 2002 DOJ directive against retaining PCTDD applies to the criminal context, not the FISA context. When judges started challenging FBI’s authority to retain PCTDD that might include content under criminal authorities, FBI fought for and won the authority to continue to treat PCTDD using minimization procedures, not deletion. And even the standard for retention of PCTDD that counts as content permits the affirmative investigative use of incidentally collected PCTDD that constitutes content in cases of “harm to the national security.”

Whateverthefuck that is.

Which is, I guess, how FBI still has 7 uses of PCTDD, including one new one since 2008.

In other words, the Stingray use we see glimpses of in the criminal and fugitive context may be far short of what FISC has permitted in the national security context, if it tracks other practice. And accused terrorists (or spies) would not get notice of any such PRTT use so long as it wasn’t entered into a criminal proceeding (there have been several instances where the government has seemed to suggest PRTT was used, but evidence from it not entered into evidence).

All of this, of course, is speculative.

But there’s some reason the government is insisting on its expansive NDAs even while more and more people are discussing them. Hiding a more comprehensive program targeted at national security targets (terrorists and spies) might explain why the government is increasingly willing to forgo prosecutions of alleged criminals to keep what they’re doing with dragnets secret.

Update: Meanwhile, in NY, a judge has ordered the Erie County Sheriff to come clean on its Stingray use.

FBI Is Not “Surveilling” WikiLeaks Supporters in Its Never-Ending Investigation; Is It “Collecting” on Them?

The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)

In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.

2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.

I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.

In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.

First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.

Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.

I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.

Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.

All  of which brings me to the remaining interesting subtext of this ruling.

Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.

While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)

Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).

In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.

Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.

Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.

[snip]

In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.

I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.

PATRIOT Extension: Congress Can’t Just Extend PATRIOT

I’ve been remiss in laying out what I think the real solution for Section 215 is; I hope to get to that later this week.

Meanwhile, in the House, the question of what to do about the phone dragnet is already heating up. Adam Schiff, newly appointed ranking member in the House Intelligence Committee, is trying to buck up reform advocates in the face of calls for MOAR HAYSTACKS following the HebdoCharlie attack.

Schiff told me that those who are hoping for reform of bulk metadata collection need to remain vigilant against the possibility that lawmakers will seize on the Paris horror to blunt the case for change.

“Some will argue that the events in Paris make it impossible to reform any of our intelligence gathering programs,” Schiff said. “But as long as we can accomplish these reforms bolstering our privacy, while maintaining our security, we should do so.”

Remember, Schiff was the first to call publicly to have the telecoms hold the phone records.

Newly appointed Chair Devin Nunes, however, not only wants to reauthorize PATRIOT but also FISA (which isn’t expiring).

Q: What do you think should be the path forward for reform of the Foreign Intelligence Surveillance Act Courts? Do you support consideration and passage of the FISA Court Reform Act of 2013? If not, do you have your own proposals for FISA reform?
A: I believe the FISA court system is working well and striking the right balance between protecting Americans’ constitutional rights and allowing for effective intelligence operations to catch terrorists. So I don’t think it needs reform at this time — we don’t want to further encumber intelligence and law enforcement communities who already have a difficult task in tracking those who wish to attack Americans at home and abroad.

[snip]

Our immediate priorities will be analyzing the president’s budget, crafting the intelligence authorization bill and working with other committees to reauthorize FISA and the Patriot Act.

I hope we can hold him to his observation that FISC is working great, because most “reform” efforts (especially the RuppRoge effort out of the House Intelligence Committee) took authority out of FISC’s hands and put it into the IC’s.

One thing is missing from this discussion, on all sides.

Congress needs to do more than just extend PATRIOT, if they want full dragnet. They need to extend it, probably by starting with immunity, and probably some other tweaks, to be able to access all the phone records they want. That’ll be harder to do if it’s not done under cover of “reform.”

 

The Phone Dragnet Classified Appendix

The government has been releasing a bunch of documents under FOIA while we’re all out celebrating: a classification review of the two earlier Section 215 IG Reports, as well as NSA’s reports to the Intelligence Oversight Board (though thus far, NSA has mistakenly linked to 1Q 2012 rather than 2Q 2012, which should be one of the most important reports for reasons I’ll come back to).

In this post I just want to review the phone dragnet classified appendix included as part of the 2008 DOJ IG Report on the use of Section 215. We’ve known this appendix — one of two attached to this report (the other, which may be as long as 16 pages, remains classified) — dealt with the phone dragnet since the phone dragnet was revealed. One thing this report provides are clear dates (which I used to update the dates in my phone dragnet tracker), including exact (in case of the first addition) and rough updates for additional “agents of a foreign power” that may be chained on.

Here are details of interest:

The fourth redaction on the 2nd page of the appendix — in the sentence starting “The queries would attempt to identify…” — is rather interesting syntactically. The redaction should read something like “terrorist associates” or something similar. But in this context, it ties the contact chaining much more closely to the contact-chaining process. Somewhere there must be language purporting to make this case specifically, but the redaction here is remarkably short to do so.

The appendix notes in the first full paragraph on page 3 that the dragnet application promised the NSA Director would inform the Intelligence Committees (but not the Judiciary Committees) about the dragnet. That’s curious because we have every reason to believe the NSA did not inform the Intel Committees about the Internet dragnet until after PATRIOT reauthorization, as reflected by this April 27, 2005 briefing to SSCI.  Presumably, the December 15, 2005 disclosure of the dragnet led the FISC to discover that Congress hadn’t been briefed.

The discussion of the additional terrorist group approved for contact chaining on page 4 seems heavily redacted. I wonder if NSA got Iran approved as early as 2006, with the later approvals being additional al Qaeda affiliates?

At least according to the changes noted in the dragnet orders, the only known addition in the second dragnet order was the pre-approval for FISA targets to be RAS seeds under the dragnet. I’m not sure whether the redaction here would refer to this change, but if it does, it is odd it remains redacted. But it’s also possible the government started collecting some other kind of telephony metadata in that order.

With the exception of the first order, it appears DOJ’s IG was working from the applications for the dragnet, not the orders. And the narrative of the dragnet appears to be silent on a number of changes, including the elimination of the compensation paragraph, the addition of spot checks (both in the November 15, 2006 order), and the exception of pre-authorized RAS approval for dockets 06-2081, 07-449, and PAA.

Most interesting still is the report’s silence on the change allowing NSA to put the BRFISA data in with other data for the purposes of analytical efficiency. That first shows up in the first dragnet order of 2008 — which the appendix helpfully clarifies was signed on January 10, 2008. It’s possible the IG Report doesn’t note it (or some of the other changes) because it was only supposed to treat Section 215 for 2006. Perhaps the other changes were done via amendment not shared with the IG (perhaps because of that scope issue). In any case, I find the timing of the order (which admittedly was dictated by the expiration date of the prior order). That would put the change — which I’ve speculated might relate to the roll-out of ICREACH — just days after Michael Mukasey signed the SPCMA order which allowed chaining on EO 12333 data on US persons. I increasingly believe all these things — ICREACH, SPCMA, and the insertion of FBI into the heart of the FISA process — were necessarily rolled out together.

One other silence of note: This appendix, at least, makes no mention of the 4- and 15-page October 31, 2006 opinions withheld from the EFF and ACLU FOIAs. That’s not surprising: if it had been central to the phone dragnet, the government probably would have had to release it. I wonder, though, if they pertain to the dragnet program discussed in the second, still unreleased appendix (and I wonder if that is the CIA money transfer program).

 

The Congressional PRTT Reports

Screen Shot 2014-11-28 at 11.29.07 AM

In addition to liberating the document dump pertaining to the Internet dragnet program. (See my working threads: onetwothreefourfive.), EPIC has been fighting several other parts of the FOIA for the PRTT documentation to Congress. I’m going to have three more posts on these materials. This post will comment on the reports to Congress, all of which (except the December 2006 one, which I’ll ask them to fix) are available here.

Here’s a summary of the changes from report to report.

  • April 2001 (covering July 2000 to December 2000): US persons described in sketches provided at request of SSCI, some applications filed in 1999, numbers not broken out by USP,  CIA not included, PRTT explicitly only FBI
  • December 2001 (covering first half 2001): signed by Jay Bybee as Acting, US persons described in sketches provided at request of SSCI,  PRTT explicitly only FBI
  • April 2002 (covering second half 2001): signed by Larry Thompson as Acting, 7 applications filed after PATRIOT, includes descriptions of the investigations as well as of USPs,  CIA not included, PRTT explicitly only FBI
  • December 2002 (covering first half 2002): signed by Ted Olson as Acting,  CIA not included, PRTT explicitly only FBI
  • September 2003 (covering second half of 2002): stop providing sketch of each American targeted; signed by John Ashcroft,  CIA not included, PRTT explicitly only FBI
  • December 2003 (covering first half of 2003): signed by John Ashcroft. mostly-redacted delayed PRTT approval for one target, CIA not included, PRTT explicitly only FBI
  • September 2004 (covering second half 2003): transmittal letters not included, not mentioned, CIA not included, PRTT explicitly only FBI
  • December 2004 (covering first half 2004): transmittal letters signed by AAG, first modifications, CIA not included, PRTT explicitly FBI and NSA
  • June 2005 (covering second half 2004): transmittal letters not included, not mentioned, modifications, the following report says that this report described combined orders, but that part is redacted (there is one footnote with a 7E exemption), CIA not included, PRTT not explicitly FBI and NSA
  • December 2005 (covering first half 2005): transmittal by AAG, definition of aggregate to include corporation etc, “at least” aggregate number, combined orders, modifications, CIA not included, PRTT not explicitly FBI and NSA
  • July 2006 (covering second half 2005) transmittal by AAG, definition of aggregate, delay from flood, “at least” aggregate number, more explicit description of combined with anticipation of end per PATRIOT, language on “scope of FISC jurisdiction,” modifications, CIA not included, PRTT not explicitly FBI and NSA
  • December 2006 (covering first half 2006): transmittal by Acting AAG, definition of aggregate, “at least” aggregate number, more explicit break out of combined, modifications, CIA not included, PRTT not explicitly FBI and NSA
  • June 2007 (covering second half 2006): transmittal letters not included, language on modifications and explanation for rise in number, reorganization of OIPR, footnote on some people listed (probably under trad FISA) may be targets of PRTT, no USP numbers broken out, include all 3 agencies with NSA and FBI PRTT numbers combined, modifications
  • December 2007 (covering first half 2007): transmittal letters not included, “at least” number, modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2008 (covering second half 2007): transmittal letters not included, “at least” number, modifications, include all three agencies, with FBI and NSA combined for PRTT
  • December 2008 (covering first half 2008): transmittal letters not included, “at least” number, last modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2009 (covering second half 2008): transmittal letters not included, no more “at least” number, no modifications, include all 3 agencies, with FBI and NSA combined for PRTT
  • December 2009 (covering first half 2009): transmittal letters not included, supplemental order, include all 3 agencies, with FBI and NSA combined for PRTT
  • June 2010 (covering second half 2009): transmittal letters not included, adjust targeted number for previous period (perhaps without explanation), include all 3 agencies with FBI and NSA combined for PRTT
  • December 2010 (covering first half 2010): transmittal letters not included, note one not considered util following period, break out FBI application, no NSA application to FISC
  • June 2011 (covering second half 2010): transmittal letters not included, introduction of “named US persons” category, one NSA denied in part (probably July Bates opinion), one approved, mention of compliances meetings with telecoms
  • December 2011 (covering first half 2011): transmittal letters not included, redaction of number and “named” in US persons targeted in narrative section, 4 approved outside reporting period, 3 NSA PRTT approved
  •  June 2012 (covering second half 2011): transmittal letters not included, redaction of number and “named” in US persons targeted in narrative section, and numerical breakout, 4 earlier FBI applications approved, 1 NSA PRTT approved (somewhere something in 2011 must have been withdrawn, given the approved numbers)
  • December 2012 (covering first half 2012): transmittal letters not included, number and “named” unredacted (including for previous period), no NSA application submitted
  • June 2013 (covering second half 2012 and submitted after first Snowden leaks): transmittal letters not included, number and “named” unredacted, no NSA application submitted

Here’s an explanation of what I make of these details:

How you count US persons

Throughout this reporting requirement, DOJ has been obligated to include the number of US persons targeted. How it has done so has varied by period. Here’s how it breaks out by reporting period (I’m doing it this way so we can match it up to known techniques).

July 2000 through December 2001: US person subjects of investigation described by sketch but not broken out by number

January 2002 through June 2002: US person targets identified by number and sketch

July 2002 through December 2004: US person targets identified by number “who were targeted”; sketches replaced by general language about First Amendment review

January 2005 through June 2006: Orders include a definition of aggregate that includes corporations and other non-individual legal persons, these orders provided an “at least” aggregate number (with a footnote explaining why that is redacted). This method covers most of the reports during the “combined” period. Update: The DOJ IG Report on Section 215 use in 2006 may explain some of this: for 215 orders in this period, FBI did not count the requested records of non-subjects, which would likely apply to combined orders.

July 2006 through December 2006: This report includes no discernible US person breakout.

January 2007 through June 2008: These reports used an “at least” number to count US persons.

July 2008 through June 2010:This period included exact numbers for USP targets, and also no longer includes modifications (which often are minimization procedures).

July 2010 through December 2012: This period uses “named US persons” as a reporting category, and to the extent it’s relevant, breaks out the NSA orders.

Note, some of the differential reporting (such as the “aggregate” language for the period before Congress got briefed on the bulk PRTT) to be get around informing Congress of certain collections. Some–such as the apparently still-current “named USP” suggests there’s a lot of incidental collection the government doesn’t count (which would be likely in the use of stingrays, though the prior use of target could be done there too).

The Agencies

Note the variation in agencies named, with PRTT being listed as FBI only, then being listed as NSA and FBI, then all government, then both again, and finally, broken out by agency. This likely stems most significantly from efforts to hide that they were using PRTT for the dragnet, then incorporation of NSA into the FBI dragnet numbers.

The NSA numbers first get broken out for the December 2010 report, with a statement there were no NSA applications in the first half of 2010. That accords with the understanding that the Internet dragnet got shut down around October 30, 2009, then Bates approved it again in July 2010 (which would be the partial declination marked).

Who signs the transmittals

I was interested that John Ashcroft didn’t a bunch of reports during a period when DOJ provided narratives of the Americans targeted. Also, for the first few periods of Stellar Wind, the signee was not read into Stellar Wind. I’ve increasingly noticed AGs having someone else sign something as a workaround, and that may have been true here, too (remember that the government was obtaining Internet metadata even before Stellar Wind).

But then, to the extent we still got transmittal letters (they stopped entirely in June 2007), they were signed by the Congressional Liaison.

Ed Markey May Not Be Adequately Prepared to Vote on USA Freedom Act

Update: I realize something about this classification guide. While it was updated in 2012 (so after the Internet dragnet got shut down) it was dated August 2009, so while it was still running. So that part of this may not be location data. But the FBI almost certainly still does do fun stuff w/PRTT because it’s the one part of PRTT that remains classified.

PRTT1

Ed Markey, who is absolutely superb on tracking Title III surveillance, continues that tradition today with a letter to Eric Holder asking about the US Marshall Program DirtBox surveillance program revealed last week by WSJ.

Among his questions are:

Do other agencies within DOJ operate similar programs, in which airplanes, helicopters or drones with attached cellular surveillance equipment are flown over US airspace?

What types of court order, if any, are sought and obtained to authorize searches conducted under this program?

In what kind of investigations are the “dirtbox” and similar technology used to locate targets? Are there any limitations imposed on the kinds of investigations in which the dirtbox and similar technology can be used?

According to media reports, the dirtbox technology, which is similar to a so-called “stingray” technology, works by mimicking the cellular networks of U.S. wireless carriers. Upon what specific legal authority does the Department rely to mimic these cellular networks?

Do the dirtbox and stingray send signals through the walls of innocent people’s homes in order to communicate with and identify the phones within?

What, if any, policies govern the collection, retention, use and sharing of this information?

Are individuals–either those suspected of committing crimes or innocent individuals–provided notice that information about their phones was collected? If yes, explain how. If no, why not?

I could be spectacularly wrong on this point, but I very very strongly believe the answer to some of his questions lie in a bill Markey is all set to vote for tomorrow.

We know that the government — including the FBI — uses Title III Pen Registers to obtain authorization to use Stingrays; so one answer Markey will get is “Title III PRTT” and “no notice.”

Given that several departments at DOJ use PRTT to get Stingrays on the criminal side, it is highly likely that a significant number of the 130-ish PRTT orders approved a year are for Stingray or related use.

Using that logic gets us to the likelihood that FBI’s still unexplained PRTT program — revealed in this 2012 NSA declassification guide — also uses Stingray technology to provide location data. That’s true especially given that NSA would have no need to go to FBI to get either phone or email contacts, because it has existing means to obtain that (though if the cell phone coverage of the Section 215 dragnet is as bad as they say, it may require pen registers for that).

PRTT2

PRTT3

PRTT4

The guide distinguishes between individual orders, which are classified SECRET, and “FBI Pen Register Trap Trace,” which therefore seems to be more programmatic. The FBI PRTT is treated almost exactly like the then undisclosed phone dragnet was in the same review, as a highly classified program where even minimized information is TS/SCI.

Now, it’s possible (ha!) that this is a very limited program, just targeting individual targets in localized spots for a brief period of time.

It’s also possible the government scaled this back after the US v. Jones decision.

But it’s equally possible that this is a bulky dragnet akin to the phone dragnet, one that will be invisible in transparency measures under USA Freedom Act because location trackers are excluded from that reporting.

I do hope Markey insists on getting answers to his questions before he votes for this bill tomorrow.

USA Gag Freedom Act

As you likely know, there have been two developments with NSLs in the last few days. First, Twitter sued DOJ, on First Amendment grounds, to be able to publish how many NSLs and FISA orders it has received. And EFF argued before the 9th Circuit that the entire NSL statute should be declared unconstitutional.

These developments intersect with the USA Freedom Act in an interesting way. In the 9th Circuit, the Court (I believe this is Mary Murguia based on tweets from lawyers who were there, but am not certain) asked why Congress hasn’t just fixed the Constitutional problems identified in Doe v. Mukasey with NSL gag orders.

That set off DOJ Appellate lawyer Douglas Letter hemming and hawing in rather unspecific language (my transcription).

Mary Murguia: Have any measures been taken to Congress to try to change that reciprocal notice procedure, to make it legal as the 2nd Circuit suggested?

Douglas Letter: Your honor, my understanding is, and I’m a little hesitant to talk about this in this sense, as we know proposals can be made to Congress and who knows what will happen? The government is working on some, a, is working with Congressional staffers etcetera, we would hope that at some point we would have legislation. We do not as this point. I’m not, I’m not going to here make any predictions whether anything passes.

What Letter was talking about — bizarrely without mentioning it — was a provision addressing the unconstitutional NSL gags in USA Freedom Act.

The provision fixes one part of the NSLs by putting the onus on FBI to review every year whether gags must remain in place.

(3) TERMINATION.—

(A) IN GENERAL.—In the case of any request under subsection (b) for which a recipient has submitted a notification to the Government under section 3511(b)(1)(A) or filed a petition for judicial review under subsection (d)—

(i) an appropriate official of the Federal Bureau of Investigation shall, until termination of the nondisclosure requirement, review the facts supporting a nondisclosure requirement annually and upon closure of the investigation; and

(ii) if, upon a review under clause (i), the facts no longer support the nondisclosure requirement, an appropriate official of the Federal Bureau of Investigation shall promptly notify the wire or electronic service provider, or officer, employee, or agent thereof, subject to the nondisclosure requirement, and the court as appropriate, that the nondisclosure requirement is no longer in effect.

This would fix the problem identified by the 2nd Circuit.

Except that, bizarrely, it would require FBI to do what Letter represented to the Court FBI could not do — review the gags every year. Presumably, they assume so few providers will challenge the gag that they’ll be able to manage those few yearly reviews that would be required.

Which might be what this language is about.

(B) CLOSURE OF INVESTIGATION.—Upon closure of the investigation—

(i) the Federal Bureau of Investigation may petition the court before which a notification or petition for judicial review under subsection (d) has been filed for a determination that disclosure may result in the harm described in clause (i), (ii), (iii), or (iv) of paragraph (1)(B), if it notifies the recipient of such petition;

(ii) the court shall review such a petition pursuant to the procedures under section 3511; and

(iii) if the court determines that there is reason to believe that disclosure may result in the harm described in clause (i), (ii), (iii), or (iv) of paragraph (1)(B), the Federal Bureau of Investigation shall no longer be required to conduct the annual review of the facts supporting the nondisclosure requirement under subparagraph (A).

That is, in addition to fixing the constitutional problem with NSLs, USAF provides FBI way out of the supposedly onerous problem that fix requires, by establishing a way to get a permanent gag.

The NSL provisions in USAF have not gone totally unnoticed. Perhaps appropriately, one of the few public comments on it came from the EFF. It lumps it in with FBI’s exemption from reporting back door searches.

The FBI is exempt from Section 702 reporting, and the bill appears to provide a path for the FBI to get permanent gag orders in connection with national security letters.

And bill champion Kevin Bankston is acutely aware of the dynamic as well; after Twitter announced his suit he suggested this was a good reason to pass USAF.

Bankston NSL

 

Me, I’d rather let the courts work and get the leverage we might get that way.

Especially since it seems like FBI is more able to review yearly gag renewals that Letter told the court.

 

The Hemisphere Decks: A Comparison and Some Hypotheses

Last week, Dustin Slaughter published a story using a new deck of slides on the Hemisphere program, the Drug Czar program that permits agencies to access additional telecommunications analytical services to identify phones, which then gets laundered through parallel construction to hide both how those phones were found, as well as the existence of the program itself.

It has some significant differences from the deck released by the New York Times last year.  I’ve tried to capture the key differences here:

140915 Hemisphere Comparison

 

The biggest difference is that the NYT deck — which must date to no earlier than June 2013 — draws only from AT&T data, whereas the Declaration deck draws from other providers as well (or rather, from switches used by other providers).

In addition, the Declaration deck seems to reflect approval for use in fewer states (given the mention of CA court orders and the recent authorization to use Hemisphere in Washington in the AT&T deck), and seems to offer fewer analytical bells and whistles.

Thus, I agree with Slaughter that his deck predates — perhaps by some time — the NYT/AT&T deck released last year.  That would mean Hemisphere has lost coverage, even while it has gained new bells and whistles offered by AT&T.

While I’m not yet sure this is my theory of the origin of Hemisphere, some dates are worth noting:

From 2002 to 2006, the FBI had telecoms onsite to provide CDRs directly from their systems (the FBI submitted a great number of its requests without any paperwork). One of the services provided — by AT&T — was community of interest tracking. Presumably they were able to track burner phones (described as dropped phones in these decks) as well.

In 2006, FBI shut down the onsite access, but retained contracts with all 3 providers (AT&T, Verizon, and probably Sprint). In 2009, one telecom — probably Verizon — declined to renew its contract for whatever the contract required.

AT&T definitely still has a contract with FBI, and in recent years, it has added more services to what it offers the FBI.

It’s possible the FBI multi-provider access moved under ONCDP (the Drug Czar) in 2007 as a way to retain its authorities without attracting the attention of DOJ’s excellent Inspector General (who is now investigating this in any case). Though I’m not sure that program provided the local call records the deck at least claims it could have offered. I’m not sure that program got to the telecom switches the way the deck seems to reflect. It’s possible, however, that the phone dragnet in place before it was moved to Section 215 in 2006 did have that direct access to switches, and the program retained this data for some years.

The phone dragnet prior to 2006 and NSL compliance (which is what the contracts with AT&T and one other carrier purportedly provide now) are both authorized in significant part (and entirely, before 2006) through voluntary compliance, per David Kris, the NSA IG Report, and the most recent NSL report. That’s a big reason why the government tried to keep this secret — to avoid any blowback on the providers.

In any case, if I’m right that the program has lost coverage (though gained AT&T’s bells and whistles) in the interim, then it’s probably because providers became unwilling, for a variety of reasons (and various legal decisions on location data are surely one of them) to voluntarily provide such information anymore. I suspect that voluntary compliance got even more circumscribed with the release of the first Horizon deck last year.

Which means the government is surely scrambling to find additional authorities to coerce this continued service.

1 2 3 42
Emptywheel Twitterverse
bmaz @radleybalko I may have to unfollow you for linking this horse manure. Jeebus.
9mreplyretweetfavorite
bmaz @ScottGreenfield "The law professor in the Think Progress blog was totally correct." Oh yeah, like that is fucking credible.
4hreplyretweetfavorite
bmaz @ddayen Well, compared to Loretta Lynch, he surely is.
5hreplyretweetfavorite
bmaz @KellyFlood3 @DanCBarr My own little picture for posterity. Arpaio's look was priceless.
5hreplyretweetfavorite
bmaz @DanCBarr Mike Manning still loves his cash cow! http://t.co/Oi7Redxw1r
5hreplyretweetfavorite
bmaz Tony Blair to join McCain at Sedona Forum 2015 http://t.co/vtNulbBl6z Jeebus, what is Sheldon Whitehouse doing at this? Cc: @emptywheel
5hreplyretweetfavorite
bmaz @benwizner @realDonaldTrump Go stand in the corner Ben
6hreplyretweetfavorite
bmaz @johnsonr Ilya Kuryakin!
6hreplyretweetfavorite
bmaz RT @DanCBarr: @bmaz Yep. The only thing truly shocking about Arpaio's testimony is that there people who are shocked and surprised.
6hreplyretweetfavorite
bmaz @DanCBarr 22+ years. It started first looking suspect about 60-90 days in. Though public first really started catching on w/Norberg death.
6hreplyretweetfavorite
bmaz RT @emptywheel: Government’s Own Witness Debunks Government’s “Overwrought Hyperbole” in Sterling Case https://t.co/kJ4tJAAUw0
6hreplyretweetfavorite
bmaz RT @eggsandbread: how to sneak chocolate undetected into a US cinema http://t.co/GkBNQFAUV8
6hreplyretweetfavorite
April 2015
S M T W T F S
« Mar    
 1234
567891011
12131415161718
19202122232425
2627282930