The August 20, 2008 Correlations Opinion

/8 Comments/in , /by

Screen Shot 2014-04-08 at 10.18.39 AMOn August 18, 2008, the government described to the FISA Court how it used a particular tool to establish correlations between identifiers. (see page 12)

A description of how [name of correlations tool] is used to correlate [description of scope of metadata included] was included in the government’s 18 August 2008 filing to the FISA Court,

 

On August 20, 2008, the FISC issued a supplemental opinion approving the use of “a specific intelligence method in the conduct of queries (term “searches”) of telephony metadata or call detail records obtained pursuant to the FISC’s orders under the BR FISA program.” The government claims that it cannot release any part of that August 20, 2008 opinion, which given the timing (which closely tracks with the timing of other submissions and approvals before the FISC) and the reference to both telephony metadata and call detail records almost certainly approves the use of the dragnet — and probably not just the phone dragnet — to establish correlations between a target’s multiple communications identifiers.

As ODNI’s Jennifer Hudson described in a declaration in the EFF suit, the government maintains that it cannot release this opinion, in spite of (or likely because of) ample description of the correlations function elsewhere in declassified documents.

The opinion is only six pages in length and the specific intelligence method is discussed at great length in every paragraph of this opinion, including the title. Upon review of this opinion, I have determined that there is no meaningful, segregable, non-exempt information that can be released to the plaintiff as the entire opinion focuses on this intelligence method. Even if the name of the intelligence method was redacted, the method itself could be deduced, given other information that the DNI has declassified pursuant to the President’s transparency initiative and the sophistication of our Nation’s adversaries [Ed: did she just call me an “adversary”?!?] and foreign intelligence services.

[snip]

The intelligence method is used to conduct queries of the bulk metadata, and if NSA were no longer able to use this method because it had been compromised, NSA’s ability to analyze bulk metadata would itself be compromised. A lost or reduced ability to detect communications chains that link to identifiers associated with known and suspected terrorist operatives, which can lead to the identification of previously unknown persons of interest in support of anti-terrorism efforts both within the United States and abroad, would greatly impact the effectiveness of this program as there is no way to know in advance which numbers will be responsive to the authorized queries.

ACLU’s snazzy new searchable database shows that this correlations function was discussed in at least three of the officially released documents thus far: in the June 25, 2009 End-to-End Review, in a June 29, 2009 Notice to the House Intelligence Committee, and in the August 19, 2009 filing submitting the End-to-End Review to the FISC.

In addition to making it clear this practice was explained to the FISC just before the Supplemental Opinion in question, these documents also describe a bit about the practice.

They define what a correlated address is (and note, this passage, as well as other passages, do not limit correlations to telephone metadata — indeed, the use of “address” suggests correlations include Internet identifiers).

The analysis of SIGINT relies on many techniques to more fully understand the data. One technique commonly used is correlated selectors. A communications address, or selector, is considered correlated with other communications addresses when each additional address is shown to identify the same communicant as the original address.

They describe how the NSA establishes correlations via many means, but primarily through one particular database.

NSA obtained [redacted] correlations from a variety of sources to include Intelligence Community reporting, but the tool that the analysts authorized to query the BR FISA metadata primarily used to make correlations is called [redacted].

[redacted] — a database that holds correlations [redacted] between identifiers of interest, to include results from [redacted] was the primary means by which [redacted] correlated identifiers were used to query the BR FISA metadata.

They make clear that NSA treated all correlated identifiers as RAS approved so long as one identifier from that user was RAS approved.

In other words, if there: was a successful RAS determination made on any one of the selectors in the correlation, all were considered .AS-a. ,)roved for purposes of the query because they were all associated with the same [redacted] account

And they reveal that until February 6, 2009, this tool provided “automated correlation results to BR FISA-authorized analysts.” While the practice was shut down in February 2009, the filings make clear NSA intended to get the automated correlation functions working again, and Hudson’s declaration protecting an ongoing intelligence method (assuming the August 20, 2008 opinion does treat correlations) suggests they have subsequently done so.

When this language about correlations first got released, it seemed it extended only so far as the practice  — also used in AT&T’s Hemisphere program — of  matching call circles and patterns across phones to identify new “burner” phones adopted by the same user. That is, it seemed to be limited to a known law enforcement approach to deal with the ability to switch phones quickly.

But both discussions of the things included among dragnet identifiers — including calling card numbers, handset and SIM card IDs — as well as slides released in stories on NSA and GCHQ’s hacking operations (see above) make it clear NSA maps correlations very broadly, including multiple online platforms and cookies. Remember, too, that NSA analysts access contact chaining for both phone and Internet metadata from the same interface, suggesting they may be able to contact chain across content type. Indeed, NSA presentations describe how the advent of smart phones completely breaks down the distinction between phone and Internet metadata.

In addition to mapping contact chains and identifying traffic patterns NSA can hack, this correlations process almost certainly serves as the glue in the dossiers of people NSA creates of individual targets (this likely only happens via contact-chaining after query records are dumped into the corporate store).

Now it’s unclear how much of this Internet correlation the phone dragnet immediately taps into. And my assertion that the August 20, 2008 opinion approved the use of correlations is based solely on … temporal correlation. Yet it seems that ODNI’s unwillingness to release this opinion serves to hide a scope not revealed in the discussions of correlations already released.

Which is sort or ridiculous, because far more detail on correlations have been released elsewhere.

Share this entry

DOJ’s Multiple Authorities for Destroying Evidence

/5 Comments/in , /by

It seems like aeons ago, but just a week ago, EFF and DOJ had a court hearing over preserving evidence in the EFF lawsuits (Shubert, Jewel, and First Unitarian Church v. NSA). As I noted in two posts, a week ago Monday DOJ surprised EFF with the news that it had been following its own preservation plan, which it had submitted ex parte to Vaughn Walker, rather than the order Walker subsequently imposed. As a result, it has been aging off data in those programs (notably the PATRIOT-authorized Internet and phone dragnets) authorized by law, as opposed to what it termed Presidential authorization. DOJ’s behavior makes it clear that it is  trying to justify treating some data differently by claiming it was collected under different authorities.

Remember, there are at least five different legal regimes involved in the metadata dragnet:

  • EO 12333 authority for data going back to at least 1998
  • Stellar Wind authority lasting until 2004, 2006, and 2007 for different practices
  • PATRIOT-authorized authorities for Internet (until 2011) and phone records (until RuppRoge or something else passes)
  • SPCMA, which is a subset of EO 12333 authority that conducts potentially problematic contact chaining integrating US person Internet metadata
  • Five Eyes, which is EO 12333, but may involve GCHQ equities or, especially, ownership of the data

At the hearing and in their motions, EFF argued that their existing suits are not limited to any particular program (they didn’t name all these authorities, but they could have). Rather, they are about the act of dragnetting, regardless of what authority (so they’ll still be live suits after RuppRoge passes, for example).

EFF appears to have at least partly convinced Judge Jeffrey White, because on Friday he largely sided with EFF, extending the preservation order and — best as I can tell — endorsing EFF’s argument that their suits cover the act of dragnetting, rather than just the Stellar Wind, FISA Amendments Act, or phone and Internet dragnets.

With that as background, I want to look at a few things from the transcript of last Wednesday’s hearing. Read more

Share this entry

RuppRoge Fake Dragnet Fix Requires Intel Community to Update 30 Year Old EO 12333 Procedures

/3 Comments/in , /by

One good aspect of the RuppRoge Fake Dragnet Fix is its measure requiring all elements of the Intelligence Community to comply with the EO that governs them.

At issue is this clause in EO 12333 requiring that any element of the Intelligence Community collecting data on US persons have Attorney General approved procedures for handling that data.

2.3 Collection of information. Elements of the Intelligence Community are authorized to collect, retain, or disseminate information concerning United States persons only in accordance with procedures established by the head of the Intelligence Community element concerned or by the head of a department containing such element and approved by the Attorney General, consistent with the authorities provided by Part 1 of this Order, after consultation with the Director.

This is something PCLOB asked Eric Holder and James Clapper to make sure got done back in August. In their letter, they disclosed some agencies in the IC have been stalling on these updates almost 3 decades.

The Privacy and Civil Liberties Oversight Board just sent a letter to Eric Holder and James Clapper requesting that they have all the Intelligence Committee agencies update what are minimization procedures (though the letter doesn’t call them that), “to take into account new developments including technological developments.”

As you know, Executive Order 12333 establishes the overall framework for the conduct of intelligence activities by U.S. intelligence agencies. Under section 2.3 of the Executive Order, intelligence agencies can only collect, retain, and disseminate information about U.S. persons if the information fits within one of the enumerated categories under the Order and if it is permitted under that agency’s implementing guidelines approved by the Attorney General after consultation with the Director of National Intelligence.

The Privacy and Civil Liberties Oversight Board has learned that key procedures that form the guidelines to protect “information concerning United States person” have not comprehensively been updated, in some cases in almost three decades, despite dramatic changes in information use and technology. [my update]

In other words, these procedures haven’t been updated, in some cases, since not long after Ronald Reagan issued this EO in 1981.

RuppRoge aims to require the IC elements to comply.

(1) REQUIREMENT FOR IMMEDIATE REVIEW.–Each head of an element of the intelligence community that has not obtained the approval of the Attorney General for the procedures, in their entirety, required by section 2.3 of Executive Order 12333 (50 U.S.C. 3001 note) within 5 years prior to the data of the enactment of the End Bulk Collection Act of 2014, shall initiate, not later than 180 days after such enactment, a review of the procedures for such element.

Mind you, asking agencies to initiate a review 6 months after passage of a bill to update procedures that are 30 years old isn’t exactly lighting a fire under IC arse. But then, the delay probably stems from some agencies hoarding agency records on US persons that are even older than the EO.

Share this entry

NSA Bids to Expand Spying in Guise of “Fixing” Phone Dragnet

/8 Comments/in , , /by

Dutch Ruppersberger has provided Siobhan Gorman with details of his plan to “fix” the dragnet — including repeating the laughable claim that the “dragnet” (which she again doesn’t distinguish as solely the Section 215 data that makes up a small part of the larger dragnet) doesn’t include cell data.

Only, predictably, it’s not a “fix” of the phone dragnet at all, except insofar as NSA appears to be bidding to use it to do all the things they want to do with domestic dragnets but haven’t been able to do legally. Rather, it appears to be an attempt to outsource to telecoms some of the things the NSA hasn’t been able to do legally since 2009.

For example, there’s the alert system that Reggie Walton shut down in 2009.

As I reported back in February, the NSA reportedly has never succeeded in replacing that alert system, either for technical or legal reasons or both.

NSA reportedly can’t get its automated chaining program to work. In the motion to amend, footnote 12 — which modifies part of some entirely redacted paragraphs describing its new automated alert approved back in 2012 — reads:

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

PCLOB describes this automated alert this way.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. The database places the results of these queries together in a repository called the “corporate store.”

It has been 15 months since FISC approved this alert, but NSA still can’t get it working.

I suspect this is the root of the stories claiming NSA can only access 30% of US phone records.

As described by WSJ, this automated system will be built into the orders NSA provides telecoms; once a selector has been provided to the telecoms, they will keep automatically alerting on it.

Under the new bill, a phone company would search its databases for a phone number under an individual “directive” it would receive from the government. It would send the NSA a list of numbers called from that phone number, and possibly lists of phone numbers those numbers had called. A directive also could order a phone company to search its database for such calls as future records come in. [my emphasis]

This would, presumably, mean NSA still ends up with a corporate store, a collection of people against whom the NSA has absolutely not a shred of non-contact evidence, against whom they can use all their analytical toys, including searching of content.

Note, too, that this program uses the word “directive,” not query. Directive comes from the PRISM program, where the NSA gives providers generalized descriptions and from there have broad leeway to add new selectors. Until I hear differently, I’ll assume the same is true here: that this actually involves less individualized review before engaging in 2 degrees of Osama bin Laden.

The legislation seems ripe for inclusion of querying of Internet data (another area where the NSA could never do what it wanted to legally after 2009), given that it ties this program to “banning” (US collection of, but Gorman doesn’t say that either, maintaining her consistency in totally ignoring that EO 12333 collection makes up the greater part of bulk programs) Internet bulk data collection.

The bill from Intelligence Committee Chairman Mike Rogers (R., Mich.) and his Democratic counterpart, Rep. C.A. “Dutch” Ruppersberger (D., Md.), would ban so-called bulk collection of phone, email and Internet records by the government, according to congressional aides familiar with the negotiations. [my emphasis]

Call me crazy, but I’m betting there’s a way they’ll spin this to add in Internet chaining with this “fix.”

Note, too, Gorman makes no mention of location data, in spite of having tied that to her claims that NSA only collects 20% of data. Particularly given that AT&T’s Hemisphere program provides location data, we should assume this program could too, which would present a very broad expansion on the status quo.

And finally, note that neither the passage I quoted above on directives to providers, nor this passage specifies what kind of investigations this would be tied to (though they are honest that they want to do away with the fig leaf of this being tied to investigations at all).

The House intelligence committee bill doesn’t require a request be part of an ongoing investigation, Mr. Ruppersberger said, because intelligence probes aim to uncover what should be investigated, not what already is under investigation.

Again, the word “directive” in the PRISM context also provides the government the ability to secretly pass new areas of queries — having expanded at least from counterterrorism to counterproliferation and cybersecurity uses. So absent some very restrictive language, I would assume that’s what would happen here: NSA would pass it in the name of terrorism, but then use it primarily for cybersecurity and counterintelligence, which the NSA considers bigger threats these days.

And that last suspicion? That’s precisely what Keith Alexander said he planned to do with this “fix,” presumably during the period when he was crafting this “fix” with NSA’s local Congressman: throw civil libertarians a sop but getting instead an expansion of his cybersecurity authorities.

Update: Here’s Spencer on HPSCI, confirming it’s as shitty as I expected.

And here’s Charlie Savage on Obama’s alternative.

It would:

  • Keep Section 215 in place, though perhaps with limits on whether it can be used in this narrow application
  • Enact the same alert-based system and feed into the corporate store, just as the HPSCI proposal would
  • Include judicial review like they have now (presumably including automatic approval for FISA targets)

Obama’s is far better than HPSCI (though this seems to be part of a bad cop-good cop plan, and the devil remains in the details). But there are still some very serious concerns.

Share this entry

The October 30, 2009 Statement of Authorities: The EFF Document Fight Could Get Very Interesting

/4 Comments/in , /by

If the Chief FISC Judge accuses the government of material misrepresentations but no one but a dirty fucking hippie blogger reports it, did it happen?

On Friday, I reported on Judge Reggie Walton’s cranky opinion asking for an explanation about why the government didn’t tell him EFF believed they had a protection order in cases relevant to the dragnets. And while it overstates the resounding silence to say that only your esteemed DFH host reported it — TechDirt had a good reportsome of the other reporting on it thus far seems to have missed the whole material misrepresentation judgement in Walton’s order.

But I think it’s not yet clear — to anyone — how interesting this document fight could get.

Just as one example of why (I’ll develop some of the others over the next couple of days, I hope), consider the October 30, 2009 statement of authorities.

Earlier this month, I noted that EFF had submitted a list of filings that the government had not released in spite of what they believed to be Judge Jeffrey White’s order to declassify everything.

  • April 9, 2007 notices indicating FISC Judge rejected early bulk orders
  • October 25, 2007 government challenge to motion to protect evidence, with ex parte NSA official declaration submitted in Shubert
  • April 3, 2009 supplemental memorandum in Jewel
  • October 30, 2009 supplemental memorandum on points of authority in Shubert
  • November 2012

In last Wednesday’s hearing, the government claimed they didn’t have to release these because they engaged in a colloquy limiting White’s orders to the state secrets declarations. And for the moment, I’ll take that as accurate.

But since then, the government has released one of these — the October 25, 2007 challenge to the protection motion — as part of their filing on Monday fighting a protection order in EFF’s phone dragnet suit. And that document was pretty stunning. Not only did it show the government had redefined the Multidistrict Litigation suits so as to exclude any of the FISA-authorized metadata dragnets that EFF of course had no way of knowing about yet. But in the filing, the government revealed that because of this filing and in defiance of Vaughn Walker’s November 2007 protection order, it has been destroying the metadata dragnet data in the interim.

In other words, the government is withholding these filings because they’re fairly damning.

Which got me thinking about the timing and significance of the October 30, 2009 supplemental memorandum on points of authority supporting a motion to dismiss the Shubert suit based on sovereign immunity and state secrets.

At one level, the memorandum is not all that suspicious. As you can see above, the government filed what is presumably roughly the same filing at the analogous time in Jewel, just as it was making its state secrets bid.

But I find the timing of the October 30 filings in Shubert to be of particular interest. That’s because a 2011 NSA training program seems to indicate that the Internet dragnet shut down at almost precisely that time, as it indicates that Internet dragnet data collected prior to November 2009 requires some sort of special treatment.

In addition, in the source information at the end of the line, the SIGAD [redacted] BR data can be recognized by SIGADs beginning with [redacted] For PR/TT, data collected after October 2010 is found [redacted] For a comprehensive listing of all the BR and PR/TT SIGADs as well as information on PR/TT data collected prior to November of 2009, contact your organization’s management or subject matter expert.

Remember, Shubert was suing for illegal wiretapping. And while Judge John Bates did not fully assess what NSA was doing — which appears to be collecting data that counts as content in the guise of collecting metadata — until the following year (some time between July and October 2010), when he did so, he implied the government had to comply with the laws in which they were claiming, in 2009, they had sovereign immunity. And the government had to know by that point they had serious legal problems with the Internet dragnet.

Indeed, the government kept asking for extensions leading up to this filing — at the time they claimed it was because of DOJ’s whats-old-is-new state secrets policy. Altogether they got an extra 22 days to file this filing (which should have been substantially similar to the ones they filed in April). They were almost certainly having still-undisclosed problems with the phone dragnet (probably relating to dissemination of data), as the October 30, 2009 phone dragnet orders is one of the ones the government has withheld even though it is obviously responsive to ACLU and EFF’s FOIA. But the discussions on the Internet dragnet must have been even more contentious, given that the FISC (probably either Reggie Walton or John Bates) refused to reauthorize it. (Note, October 30, 2009 was a Friday, so if FISC formally didn’t approve the Internet dragnet in October 2009, it would have been that day).

And the thing is, from Keith Alexander’s state secrets declaration, submitted perhaps hours and almost certainly no more than a month before the Internet dragnet got shut down because it was illegally collecting metadata that was legally content, it’s not at all clear that the government fully disclosed details they knew about those legal problems with the dragnet. Look closely at ¶¶ 27 and 28, ¶¶48-56, ¶¶58-62 with footnotes.

The phone dragnet description hides the problems with ongoing dissemination problems (which the Administration hid from Congress, as well). It also makes no mention that the phone dragnet had US persons on an alert list without reviewing those selectors for First Amendment review, something that should be central to the suits against NSA (see in particular ¶60). And while there are redacted sentences and footnotes — 13 and 24 — which could include notice that the government was (and had been, since the inception of the FISC-authorized Internet dragnet) collecting metadata that counted as content, those are all very brief descriptions. Moreover, the unredacted descriptions clearly claim that the Internet dragnet program collects no content, which legally it almost certainly did. Moreover, note that the references to the Internet dragnet speak of it in the present tense: “Pursuant to the FISA Pen Register, …. NSA is authorized to collect in bulk.”But there doesn’t seem to be the parallel structure in ¶28 where you’d expect the government to confess that the program was imminently shutting down because it was illegally collecting Internet content.

Note, too, how the declaration refers to the reauthorizations. ¶59 describes the phone dragnet authority “continuing until October 30, 2009” and ¶58 describes the Internet dragnet “requires continued assistance by the providers through [redacted] 2009. They appear not to have known for sure whether the programs would be reauthorized that night! But they appear not to have explained why not.

Perhaps the most pregnant paragraph is ¶62, which in context appears to relate only to the phone dragnet, though I suspect the government would point to to claim their description of violations was not comprehensive:

NSA is committed to working with the FISC on this and other compliance issues to ensure that this vital intelligence tool works appropriately and effectively. For purposes of this litigation, and the privilege assertions now made by the DNI and by the NSA, the intelligence sources and methods described herein remain highly classified and the disclosure that [redacted] would compromise vital NSA sources and methods and result in exceptionally grave harm to national security.

By any measure, Alexander’s declaration falls short of what the government already knew at that time, demonstrably so in the case of the phone dragnet. He hid details — significantly, the watchlist of Americans that violated statute, and almost certainly that the NSA was collecting content in the name of metadata — that were material to the suits at hand.

Which brings me to the memo on authorities. Even as the government was hiding material violations of the statutes they were disclosing to Judge Walker, was it also making expansive Executive Authority claims it couldn’t (and still can’t) share with plaintiffs? Did the government, for example, make an Executive Authority claim that we have every reason to believe John Bates (especially) and Reggie Walton would rebut if they knew about it?

In any case, in addition to the watchlist data from those 3,000 US persons (which would have aged off last month otherwise), the last of the illegal Internet content-as-metadata data might be aged off as soon as April absent these stays.That data might well provide plaintiffs proof they were illegally wiretapped (note, the Internet dragnet was limited to certain switches, but Jewel was built around the Folsom Street switch which was almost certainly included in that). And that the government provided highly misleading descriptions to Vaughn Walker when bidding for a state secrets exemption.

And add in one more legal fight here: as I noted, DOJ is withholding the October 30, 2009 (as well as one later one from 2009) from both the ACLU and EFF (the EFF suit is before a different San Francisco judge). In addition, DOJ is refusing all push for expedited processing on FOIAs for the Internet dragnet filings.

Seeing how clearly manipulative their data release in these lawsuits is, it seems safe to suggest the government is also making FOIA decisions to prevent plaintiffs from obtaining information to really contest these suits. That shouldn’t surprise anyone. But I would hope it would piss off the judges.

Share this entry

How the NSA Deals with a Threat to Its Backbone Hegemony

/8 Comments/in , /by

I have talked before about the importance of US’ dominant role in global telecom infrastructure in our hegemonic position.

US hegemony rests on a lot of things: the dollar exchange, our superlative military, our ideological lip service to democracy and human rights.

But for the moment, it also rests on the globalized communication system in which we have a huge competitive advantage. That is, one reason we are the world’s hegemon is because the rest of the world communicates through us — literally, in terms of telecommunications infrastructure, linguistically, in English, and in terms of telecommunications governance.

Which is why these stories (NYT, Spiegel’s short version, to be followed by a longer one Monday) about NSA’s targeting of Huawei are so interesting. Der Spiegel lays out the threat Huawei poses to US hegemony.

“We currently have good access and so much data that we don’t know what to do with it,” states one internal document. As justification for targeting the company, an NSA document claims that “many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products.” The agency also states concern that “Huawei’s widespread infrastructure will provide the PRC (People’s Republic of China) with SIGINT capabilities.” SIGINT is agency jargon for signals intelligence. The documents do not state whether the agency found information indicating that to be the case.

The operation was conducted with the involvement of the White House intelligence coordinator and the FBI. One document states that the threat posed by Huawei is “unique”.

The agency also stated in a document that “the intelligence community structures are not suited for handling issues that combine economic, counterintelligence, military influence and telecommunications infrastructure from one entity.”

Fears of Chinese Influence on the Net

The agency notes that understanding how the firm operates will pay dividends in the future. In the past, the network infrastructure business has been dominated by Western firms, but the Chinese are working to make American and Western firms “less relevant”. That Chinese push is beginning to open up technology standards that were long determined by US companies, and China is controlling an increasing amount of the flow of information on the net. [my emphasis]

And the NSA document the NYT included makes this threat clear.

There is also concern that Huawei’s widespread infrastructure will provide the PRC with SIGINT capabilities and enable them to perform denial of service type attacks.

Now, for what it’s worth, the NYT story feels like a limited hangout — an attempt to pre-empt what Spiegel will say on Monday, and also include a bunch of details on NSA spying on legitimate Chinese targets so the chattering class can talk about how Snowden is a tool of Chinese and Russian spies. (Note, the NYT story relies on interviews with a “half dozen” current and former officials for much of the information on legitimate Chinese targets here, a point noted by approximately none of the people complaining.)

But the articles make it clear that 3 years after they started this targeted program, SHOTGIANT, and at least a year after they gained access to the emails of Huawei’s CEO and Chair, NSA still had no evidence that Huawei is just a tool of the People’s Liberation Army, as the US government had been claiming before and since. Perhaps they’ve found evidence in the interim, but they hadn’t as recently as 2010.

Nevertheless the NSA still managed to steal Huawei’s source code. Not just so it could more easily spy on people who exclusively use Huawei’s networks. But also, it seems clear, in an attempt to prevent Huawei from winning even more business away from Cisco.

I suspect we’ll learn far more on Monday. But for now, we know that even the White House got involved in an operation targeting a company that threatens our hegemony on telecom backbones.

Share this entry

Former NSA General Counsel Robert Deitz, Who Rubber-Stamped Illegal Wiretap Program, Says All Felonies Should Be Prosecuted

/7 Comments/in , , /by

I’m watching a CUNY conference on sources and secrets, which currently has a panel including Bob Woodward, Jane Mayer, and former NSA General Counsel Robert Deitz.

When asked whether he could think of a leak that had been damaging, Deitz said the exposure of the illegal (he called it “special”) wiretap program had been damaging.

Then, in the context of prosecuting leaks, Deitz argued that all leaks should be prosecuted, because they involve a felony violation of an oath (that’s not always true, but I’ll just accept that Deitz believes all felonies should be prosecuted). He went on to say, “How is it you put a line around this felony and not prosecute it?”

According to the 2009 Draft NSA IG Report, Deitz, on September 20, 2001, suggested to Alberto Gonzales they should consider modifying FISA (which was then being modified as part of the PATRIOT Act); he appears to have gotten no answer. On October 5, 2001 — having asked but not been permitted to read the underlying OLC authorization for it (Addington read him a few lines over the phone), having not participated in the drafting of the Presidential Authorization for it, and having given it just one day of legal review — Deitz said a program violating the exclusivity provision of FISA was legal. On October 8, Deitz briefed the analysts who would carry out this illegal program.

Deitz’ subordinates provided the only oversight of the program at first. (Later in today’s program he claimed the line between domestic and foreign intelligence was rigorously maintained.) To his credit, Deitz ultimately fought to have the Inspector General read into the program after it had operated for some months.

This is a man who provided the legal fig leaf for a patently illegal program (though the IG Report provides no details of Deitz’ actions for the March to May 2004 timeframe, when the program was even more illegal). This is a man who showed awareness of the legally correct way to do this — include this expanded program in PATRIOT — but nevertheless accepted and participated in not doing so.

And he advocates prosecuting every felony.

Perhaps before he talks about prosecuting journalists and their sources, he should consider his own role in encouraging felonies?

Share this entry

The Government Has a Festering EO 12333 Problem In Jewel/First Unitarian

/3 Comments/in , , /by

The government claims it does not have a protection order pertaining to the phone dragnet lawsuits because the suits with a protection order pertain only to presidentially-authorized programs.

The declaration made clear, in a number of places, that the plaintiffs challenged activities that occurred under presidential authorization, not under orders of the Foreign Intelligence Surveillance Court (FISC), and that the declaration was therefore limited to describing information collected pursuant to presidential authorization and the retention thereof.

Therefore, the government is challenging the EFF’s effort to get Judge Jeffrey White to reaffirm that the preservation orders in the Multidistrict Litigation and Jewel apply to the phone dragnet.

Fine. I think EFF can and should challenge that claim.

But let’s take the government at its word. Let’s consider what it would obliged to retain under the terms laid out.

The government agrees it was obliged, starting in 2007, to keep the content and metadata dragnets that were carried out exclusively on presidential authorization. Indeed, the declaration from 2007 they submitted describing the material they’ve preserved includes telephone metadata (on tapes) and the queries of metadata, including the identifiers used (see PDF 53). It also claimed it would keep the reports of metadata analysis.

That information is fundamentally at issue in First Unitarian Church, the EFF-litigated challenge to the phone dragnet. That’s true for three reasons.

First, the government makes a big deal of their claim, made in 2007, that the metadata dragnet databases were segregated from other programs. Whether or not that was a credible claim in 2007, we know it was false starting in early 2008, when “for the purposes of analytical efficiency,” a copy of that metadata was moved into the same database with the metadata from all the other programs, including both the Stellar Wind phone dragnet data, and the ongiong phone dragnet information collected under EO 12333.

And given the government’s promise to keep reports of metadata analysis, from that point until sometime several years later, it would be obliged to keep all phone dragnet analysis reports involving Americans. That’s because — as is made clear from this Memorandum of Understanding issued sometime after March 2, 2009 — the analysts had no way of identifying the source of the data they were analyzing. The MOU makes clear that analysts were performing queries on data including “SIGINT” (EO 12333 collected data), [redacted] — which is almost certainly Stellar Wind, BRFISA, and PR/TT. So to the extent that any metadata report didn’t have a clear time delimited way of identifying where the data came from, the NSA could not know whether a query report came from data collected solely pursuant to presidential authorization or FISC order. (The NSA changed this sometime during or before 2011, and now metadata all includes XML tags showing its source; though much of it is redundant and so may have been collected in more than one program, and analysts are coached to re-run queries to produce them under EO 12333 authority, if possible.)

Finally, the real problem for the NSA is that the data “alerted” illegally up until 2009 — including the 3,000 US persons watchlisted without undergoing the legally required First Amendment review — was done so precisely because when NSA merged its the phone dragnet data with the data collected under Presidential authorization — either under Stellar Wind or EO 12333 — it applied the rules applying to the presidentially-authorized data, not the FISC-authorized data. We know that the NSA broke the law up until about 5 years ago. We know the data from that period — the data that is under consideration for being aged off now — broke the law precisely because of the way the NSA mixed EO 12333 and FISC regulations and data.

The NSA’s declarations on document preservation — not to mention the declarations about the dragnets more generally — don’t talk about how the EO 12333 data gets dumped in with and mixed up with the FISC-authorized data. That’s NSA’s own fault (and if I were Judge White it would raise real questions for me about the candor of the declarants).

But since the government agreed to preserve the data collected pursuant to presidential authorization without modification (without, say, limiting it to the Stellar Wind data), that means they agreed to preserve the EO 12333 collected data and its poisonous fruit which would just be aging off now.

I will show in a follow-up post why that data should be utterly critical, specifically as it pertains to the First Unitarian Church suit.

But suffice it to say, for now, that the government’s claim that it is only obliged to retain the US person data collected pursuant to Presidential authorization doesn’t help it much, because it means it has promised to retain all the data on Americans collected under EO 12333 and queries derived from it.

Share this entry

The Clear Precedent for Carrie Cordero’s “Uncharted Territory” of Destruction of Evidence

/2 Comments/in , , /by

Shane Harris has a report on the government’s odd behavior in regards to preserving the phone dragnet data in light of the suits challenging its legality.

It’s surprising on three counts. First, because he claims the legal back and forth has not previously been reported.

Now, that database will include phone records that are older than five years — not exactly the outcome that critics of the NSA program were hoping for. A dramatic series of legal maneuvers, which have not been previously reported, led the outcome.

It’s surprising not just because the “legal maneuvers” have in fact been reported before (though not the detail that James Cole got involved, though it’s not yet clear how his involvement affected the actual legal maneuvers rather than the internal DOJ communication issues). But also because Harris neglects to mention key details of those legal maneuvers — notably that EFF reminded DOJ, starting on February 26, that it had preservation orders that should affect the dragnet data, reminders which DOJ stalled and then ignored.

Harris’ piece is also surprising because of the implicit suggestion that NSA hasn’t been aging off data regularly, as it is supposed to be.

A U.S. official familiar with the legal process said the question about what to do with the phone records needn’t have been handled at practically the last minute. “The government was coming up on a five-year deadline to delete the data. Lawsuits were pending. The Justice Department could have approached the FISC months ago to resolve this,” the official said, referring to the Foreign Intelligence Surveillance Court.

There should be no “deadline” here — aside from the daily “deadline” that should automatically age off the five year old data. Now, the WSJ had previously reported that that’s not actually how age-off works.

As the NSA program currently works, the database holds about five years of data, according to officials and some declassified court opinions. About twice a year, any call record more than five years old is purged from the system, officials said.

But even assuming NSA only ages off data twice a year (in which case they should stop claiming they only “keep” data for 5 years because they already keep some of it for 5 1/2 years), most of these suits are well older than 6 months old, predating what might have been an August age-off, which means unless NSA already deviated from its normal pattern, it deleted data relevant to the suits.

By far the most surprising detail in Harris’ story, however, is this response from former DOJ National Security Division Counsel Carrie Cordero to the news that Deputy Attorney General James Cole has gotten involved. This is, Cordero claims, “uncharted territory.”

“This is all uncharted territory,” said Carrie Cordero, a former senior Justice Department official who recently served as the counsel to the head of the National Security Division. “Given the complexity and the novelty of this chain of events, it’s a good thing that the deputy attorney general is personally engaged, and it demonstrates the significant attention that they’re giving to it.”

To be more specific about Cordero’s work history, from 2007 to 2011, she was deeply involved in FISA-related issues, first at ODNI and then at DOJ’s NSD.

In 2009, I served as Counsel to the Assistant Attorney General for National Security at the Unit ed States Department of Justice, where I co – chaired an interagency group created by the Director of National Intelligence (DNI) to improve FISA processes. From 2007 – 2009, I served in a joint duty capacity as a Senior Associate General Counsel at the Office of the Director of National Intelligence, where I worked behind the scenes on matters relating to the legislative efforts that resulted in the FISA Amendments Act of 2008.

Given her position in the thick of FISA-related issues, one would think she was at least aware of the protection order Vaughn Walker issued on November 6, 2007 ordering the preservation of evidence, up to and including “tangible things,” in the multidistrict litigation issues pertaining to the dragnet.

[T]he court reminds all parties of their duty to preserve evidence that may be relevant to this action. The duty extends to documents, data and tangible things in the possession, custody and control of the parties to this action,

And Cordero presumably should be aware that Walker renewed the same order on November 13, 2009, extending it to cover the Jewel suit, which had an ongoing focus.

Cordero is presumably aware of two other details. First, there should be absolutely no dispute that the phone dragnet was covered by these suits. That’s because at least as early as May 25, 2007 (and again in a declaration submitted October 2009), Keith Alexander included the phone dragnet among the things he considered related to the EFF and other suits over which he claimed state secrets.

In particular, disclosure of the NSA’s ability to utilize the TSP (or, therefore, the current FISA Court-authorized content collection) in conjunction with contact chaining [redacted–probably relating to data mining] would severely undermine efforts to detect terrorist activities.

[snip]

To the extent that the NSA’s bulk collection and targeted analysis of communication meta data may be at issue in this case, those activities–as described in paragraphs 27 and 28 above–must also be protected from disclosure.

In paragraphs 27 and 28 and the following paragraphs, Alexander named the FISC Pen Register and Telephone Records Orders by name.

Thus, as far back as 2007, the NSA acknowledged that it used its content collection in conjunction with its metadata dragnets, including data obtained pursuant to the FISA dragnet orders.

Read more

Share this entry

John Brennan’s Parallel “Investigative, Protective, or Intelligence Activity”

/24 Comments/in , , /by

Yesterday, Jack Goldsmith defended CIA lawyer Robert Eatinger for referring Senate Intelligence Committee staffers for criminal investigation. Eatinger had no choice but to refer his Agency’s overseers, you see, because EO 12333 required it.

I knew Eatinger a bit when I was at OLC a decade ago, and based on that experience I agree with John Rizzo that “[h]e doesn’t have a political bone in his body” and “[i]f he made this referral, it’s because he felt it was the right and necessary thing to do.”

It might be useful to articulate the standard for the “right and necessary thing to do,” because I think that standard is at the bottom of this corner of the controversy.  The standard comes from Section 6.1(b) of E.O. 12,333, which imposes a duty on the CIA Director to:

Report to the Attorney General possible violations of Federal criminal laws by employees and of specified Federal criminal laws by any other person as provided in procedures agreed upon by the Attorney General and the head of the department, agency, or establishment concerned, in a manner consistent with the protection of intelligence sources and methods, as specified in those procedures;

I believe that the CIA Director delegates this duty to the CIA General Counsel.

Note how low the bar is for the referral—possible violations of federal law.  Think about what that low standard means.  It means that CIA often has a duty to refer a matter to DOJ that it is reasonably confident does not violate federal law, simply because the matter possibly violates federal law.  As John Radsan noted in his study of the CIA General Counsel’s Office, the low standard results in CIA making “several referrals to the Justice Department in a typical month.”  It might seem that these frequent referrals are signs of lawlessness, but in fact they are a mechanism of accountability. The very soft trigger of “possible” as opposed to “likely” or “actual” violations promotes significant over-reporting and allows another Agency, DOJ, to decide the appropriate action in the first instance.” [my emphasis]

Nice try.

But there’s a significant problem with that. In response to Ron Wyden’s question about whether CIA is subject to the Computer Fraud and Abuse Act — a polite way of suggesting CIA hacked the Committee server — John Brennan told Wyden,

The statute does apply. The Act, however, expressly “does not prohibit any lawfully authorized investigative, protective, or intelligence activity … of an intelligence agency of the United States.” 18 U.S.C. § 1030(f).

In other words, Brennan implicitly asserts the CIA snooping on SSCI was legal because CIA was engaged in lawfully authorized “investigative, protective, or intelligence activity.”

Side note: what are the chances that Brennan, who likes to remind that he’s not a lawyer when he gets legally dangerous questions, consulted with CIA’s Acting General Counsel Robert Eatinger in crafting this response to Wyden?

But let’s look at when and how Brennan chose to engage in what he claims is either “investigative, protective, or intelligence activity” and when and how Eatinger found SSCI’s oversight of CIA reached the “low bar” that merited referral.

Read more

Share this entry