Metadata Oversight: “A Banner”!!!!!

/20 Comments/in , /by

The Guardian has their next big NSA scoop, and it is meatier than the earlier ones. The headline is that President Obama continued a 2-degrees of separation analysis of Internet metadata under Section 702 for two years after he came into office. The practice morphed into something else in 2011, making it highly likely the October 3, 2011 FISC opinion finding FAA 702 activities violated the Fourth Amendment pertained to this practice.

Along with their story, the released two documents, one of which has two appendices. Altogether they’ve released:

I’ll have far, far more to say going forward.

But I wanted to point to language that reinforces my fears about how they’re controlling the still extant database of US person telephone metadata.

The documents describe the great oversight of the Internet metadata twice. First in the November 20, 2007 letter itself:

When logging into the electronic data system users will view a banner that re-emphasizes key points regarding use of the data, chaining tools, and proper dissemination of results. NSA will also create an audit trail of every query made in each database containing U.S. communications metadata, and a network of auditors will spot-check activities in the database to ensure compliance with all procedures. In addition, the NSA Oversight and Compliance Office will conduct periodic super audits to verify that activities remain properly controlled. Finally, NSA will report any misuse of the information to the NSA’s Inspector General and Office of GEneral Counsel for inclusion in existing or future reporting mechanisms related to NSA’s signals intelligence activities.

And in the September 28, 2006 Amendment:

5. Before accessing the data, users will view a banner, displayed upon login and positively acknowledged by the user, that re-emphasizes the key points regarding use of the data and chaining tools, and proper dissemination of any results obtained.

6. NSA creates audit trails of every query made in each database containing U.S. communications metadata, and has a network of auditors who will be responsible for spot-checking activities in the database to ensure that activities remain compliant with the procedures described for the data’s use. The Oversight and Compliance Office conducts periodic super audits to verify that activities remain properly controlled.

7. NSA will report any misuse of the information to NSA’s Inspector General and Office of General Counsel for inclusion in existing or future reporting mechanisms relating to NSA’s signals intelligence activities.

These descriptions are consistent with what we’ve been told still exists with the telephone metadata, so it is likely (though not certain) the process remains the same.

There are two big problems, as I see it. First, note that the Oversight and Compliance Office appears to be within NSA’s operational division, not part of the Inspector General’s Office. This means it reports up through the normal chain of command. And, presumably, its actions are not required to be shared with Congress. The IG, by contrast, has some statutory independence. And its activities get briefed to Congress.

In other words, this initial check on the metadata usage appears to be subject to managerial control.

But my other worry is even bigger. See where the descriptions talk about the fancy banner? The description says nothing about how that log-in process relates to the audit trail created for these searches. Indeed, in both of these documents, “the NSA” “creates” the audit trails. They don’t appear to be generated automatically, as they easily could be and should be.

That is, it appears (and this is something that has always been left vague in these descriptions) that these are manual audit trails, not automatic ones. (Though I hope they go back and compare them with keystrokes.)

When FBI had this kind of access to similar data, they simply didn’t record a lot of what they were doing, which means we have almost no way of knowing whether there’s improper usage.

This may have changed. These “audit trails” may have been automatically generated at this time (though that’s not what the process describes). Though the NSA IG’s inability to come up with a number of how many US person records are access suggests there’s nothing automated about it.

And if that’s true, still true, then the telephone metadata still in place is an invitation for abuse.

Share this entry

The FBI and CIA Unminimized Collections and the Holes in Article III Review of FISA Amendments Act

/5 Comments/in , /by

In my piece confirming that the NSA can search on US person data collected incidentally in Section 702 collection, I pointed to these two paragraphs from the minimization procedures.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures  adopted by the Attorney General, in consultation with the Director of National Intelligence, pursuant to subsection 702(e) of the Act.

It’s not clear what this entails.

But Dianne Feinstein once defended the FISA Amendments Act authorization to search on US person information by pointing to Nidal Hasan. Remember, his emails were picked up on a generalized collection of Anwar al-Awlaki’s communications, which should have been a traditional FISA warrant, but may have been conducted via the same software tools as FAA collection. In which case, the kind of access described in the Webster report would provide one idea of what this looks like from the FBI side. That process has almost certainly been streamlined, given that the god-awlful software the FBI used prevented it from pulling the entire stream of Hasan’s emails to Awlaki.

First, the FBI’s database of intercepts sucked. When the first Hasan intercepts came in, it allowed only keyword searches; tests the Webster team ran showed it would have taken some finesse even to return all the contacts between Hasan and Awlaki consistently. More importantly, it was not until February 2009 that the database provided some way to link related emails, so the Awlaki team in San Diego relied on spreadsheets, notes, or just their memory to link intercepts. (91) But even then, the database only linked formal emails; a number of Hasan’s “emails” to Awlaki were actually web contacts, (100) which would not trigger the database’s automatic linking function. In any case, it appears the Awlaki team never pulled all the emails between Hasan and Awlaki and read them together, which would have made Hasan seem much more worrisome (though when the San Diego agent set the alert for the second email, he searched and found the first one).

Even before this was streamlined, the collection seemed to lack real minimization. Though to be fair, the Agents spending a third of their days reading Awlaki’s emails were drowning and really had an incentive to get reports out as quickly as possible. But they seemed to be in the business of sending out reports with IDs, not the reverse.

In addition, we know that subsequent to that time, the FBI started using this collection (and, I’m quite certain, Samir Khan’s), as a tripwire — what they call “Strategic Collections.”

The Hasan attack (and presumably subsequent investigations, as well as the Umar Farouk Abdulmutallab attack) appears to have brought about a change in the way wiretaps like Awlaki’s are treated. Now, such wiretaps–deemed Strategic Collections–will have additional follow-up and management oversight.

The Hasan matter shows that certain [redacted] [intelligence collections] [redacted] serve a dual role, providing intelligence on the target while also serving as a means of identifying otherwise unknown persons with potentially radical or violent intent or susceptibilities. The identification and designation of Strategic Collections [redacted] will allow the FBI to focus additional resources–and, when appropriate, those of [redacted] [other government agencies]–on collections most likely to serve as “trip wires.” This will, in turn, increase the scrutiny of information that is most likely to implicate persons in the process of violent radicalization–or, indeed, who have radicalized with violent intent. This will also provide Strategic Collections [redacted] with a significant element of program management, managed review, and quality control that was lacking in the pre-Fort Hood [review of information acquired in the Aulaqi investigation] [redacted].

If implemented prior to November 5, 2009, this process would have [redacted] [enhanced] the FBI’s ability to [redacted] identify potential subjects for “trip wire” and other “standalone” counterterrorism assessments or investigations. (99)

Many many many of the aspirational terrorists the FBI rolled up in 2010 and afterwards were people who had communicated or followed Awlaki or Khan. And to the extent we’ve prosecuted a bunch of wayward youth who can’t pull together a plot without the FBI’s assistance, that ought to be a concern on many levels.

Because it would mean this unminimized production is part of the Terror Manufacturing Industry. (Mind you, the FBI was doing this with their own surveillance based off Hal Turner in the 00s, so it’s not an approach limited to Muslim radicals.)

To the extent that FAA collection might be sent to FBI as a way to identify non-criminal leads to criminalize, it’s a problem, particularly if the FISA Court doesn’t see what minimization the FBI uses.

Read more

Share this entry

Keith Alexander: “We Must Win, There Is No Substitute for Victory”

/30 Comments/in , , , , /by

I frankly have no problem with Keith Alexander giving the employees of the National Security Agency a pep talk as the truth of what they’re doing to us becomes public. They are not, after all, responsible for the serial disinformation Alexander and James Clapper have spread about their work. And the overwhelming majority of them are just trying to support the country.

I don’t find this part of Alexander’s speech even remotely accurate, mind you, but I’ve gotten used to dissembling from Alexander.

The issue is one that is partly fueled by the sensational nature of the leaks and the way their timing has been carefully orchestrated to inflame and embarrass. The challenge of these leaks is exacerbated by a lack of public understanding of the safeguards in place and little awareness of the outcomes that our authorities yield. Leadership, from the President and others in the Executive Branch to the Congress, is now engaged in a public dialogue to make sure the American public gets the rest of the story while not disclosing details that would further endanger our national security.

It’s hard to understand how leaks can be inflammatory and embarrassing but all the claims about safeguards and dialogue to also be true.

But it’s this passage I’m far more struck by:

Let me say again how proud I am to lead this exceptional workforce, uniformed and civilian, civil service and contract personnel. Your dedication is unsurpassed, your patriotism unquestioned, and your skills are the envy of the world. Together with your colleagues in US Cyber Command, you embody the true meaning of noble intent through your national service. In a 1962 speech to the Corps of Cadets on “duty, honor and country,” one of this nation’s military heroes, General Douglas MacArthur, said these words teach us “not to substitute words for action; not to seek the path of comfort, but to face the stress and spur of difficulty and challenge; to learn to stand up in the storm.” You have done all that and more. “Duty, Honor, Country” could easily be your motto, for you live these words every day. [my emphasis]

It’s not just that he calls out Cyber Command in the midst of a scandal that’s not supposed to be (but really is) about offensive war.

It’s not just that he chooses to cite one of the most powerful Generals ever, one who defied civilian command to try to extend a war that — it turns out — wasn’t existential.

But it’s also that he chose to cite a speech that invokes that moment of insubordination, a speech that encourages political inaction among the troops, a speech whose audience MacArthur defined as singularly military.

And through all this welter of change and development your mission remains fixed, determined, inviolable. It is to win our wars. Everything else in your professional career is but corollary to this vital dedication. All other public purpose, all other public projects, all other public needs, great or small, will find others for their accomplishments; but you are the ones who are trained to fight.

Yours is the profession of arms, the will to win, the sure knowledge that in war there is no substitute for victory, that if you lose, the Nation will be destroyed, that the very obsession of your public service must be Duty, Honor, Country.

Others will debate the controversial issues, national and international, which divide men’s minds. But serene, calm, aloof, you stand as the Nation’s war guardians, as its lifeguards from the raging tides of international conflict, as its gladiators in the arena of battle. For a century and a half you have defended, guarded and protected its hallowed traditions of liberty and freedom, of right and justice.

Let civilian voices argue the merits or demerits of our processes of government. Whether our strength is being sapped by deficit financing indulged in too long, by federal paternalism grown too mighty, by power groups grown too arrogant, by politics grown too corrupt, by crime grown too rampant, by morals grown too low, by taxes grown too high, by extremists grown too violent; whether our personal liberties are as firm and complete as they should be.

These great national problems are not for your professional participation or military solution. Your guidepost stands out like a tenfold beacon in the night: Duty, Honor, Country.

At a moment of crisis, at a moment when his own credibility is under strain, Keith Alexander has chosen to address the military, civilian, and contractor employees of the NSA as unthinking warriors, isolated from the critical issues swirling around them at the moment. He has chosen to frame NSA as a war machine, not as a defense machine.

The employees of NSA’s first duty is to the Constitution, not the secret battles Alexander wants to escalate and win at all costs. I do hope they don’t despair of that duty.

Share this entry

FISA Amendments Act Minimization: Preventing Serious Harm to Corporate Persons

/8 Comments/in , , /by

As I was working through some other things last night, I had an opportunity to compare the minimization standards for the FISA Amendments Act (see section h) with the standards under which the actual minimization procedures allow the retention of purely domestic communications (that is, between parties that are all within the United States). These procedures are in addition to procedures that affect foreign communications (with one of the participants a non-US person outside the US).

Last night, I suggested there were 3 “normal” standards and one that doesn’t appear in the law pertaining to cybersecurity and encrypted communications. But that’s not entirely right. The last standard in the actual law reads,

(4) notwithstanding paragraphs (1), (2), and (3), with respect to any electronic surveillance approved pursuant to section 1802 (a) of this title, procedures that require that no contents of any communication to which a United States person is a party shall be disclosed, disseminated, or used for any purpose or retained for longer than 72 hours unless a court order under section 1805 of this title is obtained or unless the Attorney General determines that the information indicates a threat of death or serious bodily harm to any person.

That is, the actual law allows retention of information for up to 72 hours (presumably to process, which is moot anyway, since they’re actually keeping this data 5 years), unless the court or the Attorney General says it must be kept longer because it pertains to threat of death of serious bodily harm.

But in the minimization standards themselves, here’s how that reads.

A communication identified as a domestic communication will be promptly destroyed upon recognition unless the Director (or Acting Director) of NSA specifically determines, in writing, that:

the communication contains information pertaining to a threat of serious harm to life or property. [my emphasis]

In plain language, the law seems to be about saving human lives. But in paragraphs marked Secret, the government has redefined threat of death or “serious bodily harm to any person” as “serious harm to life or property.”

And while it’s just a guess here, I’m guessing that they switched this language, protecting property, not people, to protect corporate people.

In any case, spying on entirely domestic communications to protect against threats entirely to property, not life, sure seems like a giant loophole in a program that is supposed to be focused exclusively on foreign intelligence.

Share this entry

Keith Alexander’s Secret Lie: Retention and Distribution of Domestic Encrypted and Hacking Communications?

/19 Comments/in , , /by

As I noted in my last two posts, Keith Alexander has admitted that the classified lie Mark Udall and Ron Wyden accused him of telling “could have more precisely described the requirements of collection under FISA Amendments Act.”

He then goes onto repeat the many claims about Section 702, which are different forms of saying that it may not collect information on someone knowingly in the US.

Which leads me to suspect that the lie Udall and Wyden described is that the program can retain and distribute domestic communications, which are defined as “communications in which the sender and all intended recipients are reasonably believed to be located in the United States at the time of acquisition.”

The minimization procedures actually describe four kinds of domestic communications that can be distributed with written NSA Director determination. Three of those — significant foreign intelligence information, evidence of a crime imminently being committed, and threat of serious harm to life or property — were generally known. But there is a fourth which I think is probably huge collection:

Section 5(3)

The communication is reasonably believed to contain technical data base information, as defined in Section 2(i), or information necessary to understand or assess a communications security vulnerability. Such communication may be provided to the FBI and/or disseminated to other elements of the United States Government. Such communications may be returned for a period sufficient to allow a thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a current or future foreign intelligence requirement. Sufficient duration may vary with the nature of the exploitation.

a. In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any time period during which encrypted material is subject to, or of us in, cryptanalysis.

b. In the case of communications that are not enciphered or otherwise thought to contain secret meaning, sufficient duration is five years unless the Signal Intelligence Director, NSA, determines in writing that retention for a longer period is required to respond to authorized foreign intelligence or counterintelligence requirements,

Technical data base information, according to the definitions, “means information retained for cryptanalytic, traffic analytic, or signal exploitation purposes.”

In other words, hacking.

Encrypted communications and evidence of hacking have secretly been included in a law purportedly about foreign intelligence collection. And they can keep that information as long as it takes, exempting it from normal minimization requirements.

To be clear, the government still has to get the communication believing (according to its 51% rule) that it has one foreign component. But if Keith Alexander says so, NSA can keep it, forever, even after it finds out it is a domestic communication.

Update: Here’s the July 2012 letter to Clapper. Here’s Clapper’s August 2012 response — the good bits of which are all classified.

Share this entry

NSA’s Querying of US Person Data, Take Two

/12 Comments/in , /by

Update: Alexander’s office has conceded Udall and Wyden’s point about the classified inaccuracy. It also notes:

With respect to the second point raised in your 24 June 2013 letter, the fact sheet did not imply nor was it intended to imply “that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.”

He then cites two letters from James Clapper’s office which I don’t believe have been published.

Joshua Foust tries to refute this post and in doing so proves once again he doesn’t understand the meaning of “target” under Section 702.

Out of courtesy to him, I’m going to rewrite this post to help him understand it. The issue is not whether the US can “target” a US person without a warrant. They can’t. The issue is what the US does with US person data they collect incidentally off a legal target (which must be a foreigner overseas collected for a legitimate intelligence purpose).

At issue is this sentence in the Mark Udall/Ron Wyden letter to Keith Alexander.

Separately, this same fact sheet states that under Section 702, “Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.” We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.

The passage says that the claim, “any inadvertently acquired communication of or concerning a US person must be promptly destroyed” is “somewhat misleading,” for two reasons:

  1. It implies that the NSA has the ability to determine how many American communications it has collected under section 702
  2. It implies that the law does not allow the NSA to deliberately search for the records of particular Americans

Now, before I get into bullet point 2, which is the one in question, note that this entire passage is talking about “inadvertently acquired communication of or concerning a US person.” This is not information on someone who has been targeted. It discusses what happens to information collected along with the communications of those who’ve been targeted (say, by emailing the target). Therefore, this entire passage is irrelevant to the issue of what happens with the targeted person’s communication. The Udall/Wyden claim is not about targeting in the least; it is about incidental collection.

Okay, bullet point 2: Udall and Wyden claim that Alexander’s fact sheet is misleading because it implies the law does not allow the NSA to deliberately search for the records of particular Americans. They could be wrong, but their claim is that it is misleading for Alexander to suggest that the law does not allow the NSA to deliberately search for the records of particular Americans. That means they believe the law does allow the NSA to deliberately search for the records of particular Americans, otherwise they wouldn’t think his statement was misleading.

Now, if it were just Udall and Wyden making this claim, it’d be a he-said/he-said. But  pointed out that this claim is not new at all. It’s not even one limited to Udall and Wyden. In the FAA report released by Dianne Feinstein last year, it said,

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession.

First, the report describes a debate the committee had:

The Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained.

The committee debated two things:

  1. Whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited.
  2. Whether querying information collected under Section 702 to find communications of a particular United States person should be more robustly constrained.

Bullet point 1 makes it clear they were debating whether they should prohibit this activity. If they had to consider that, it means that it is not prohibited (which is precisely what Udall and Wyden say–that the law allows it). Bullet point 2 says they also considered whether they should “more robustly constrain” it, which suggests (though does not prove) that it is going on now, otherwise there’d be nothing to constrain.

The IC IGs won’t tell us how much of this goes on–they claim they have no way of counting it, which ought to alarm you, because it says they’re not actually tracking it via some kind of auditing function.

I defer to his conclusion that obtaining such an estimate was beyond the capacity of his office and dedicating sufficient additional resources would likely impede the NSA’s mission. He further stated that his office and NSA leadership agreed that an IG review of the sort suggested would itself violate the privacy of U.S. persons.

Now, as I already laid out, what we’re talking about is not targeting a US person–focusing collection on that person. What we’re talking about is what you can do with the US person data collected “incidentally” with the communications collected of that targeted person. That information–as the minimization guidelines describe–is lawfully collected. The big question is what you can do with it once you have collected it, and in many but not all cases there are restrictions against circulating that information before you’ve hidden the identity of the US person in question.

The last part of the passage from the SSCI says,

With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession.

Again, some amount of US person data is collected under Section 702 along with the data of the targeted person (if it weren’t, they wouldn’t need minimization procedures). It is lawfully collected. The question is what you’re allowed to do with it. And as part of the debate the committee had about whether they were going to “prohibit” or “more robustly constrain” the querying of US person data that was lawfully collected as incidental data, SSCI describes the Intelligence Community (which includes, in part, the NSA, the CIA, and the FBI) providing several reasons why it might need to conduct queries of this data. And the committee agreed that these reasons were “legitimate foreign intelligence needs.”

The minimization procedures from 2009, at least, require destruction of US person data if it is “clearly not relevant to the authorized purpose of the acquisition (e.g., the communication does not contain foreign intelligence information).” (3(b)(1)) What is not immediately destroyed may be kept for up to 5 years. But it only destroys the stuff that is “clearly not relevant,” not data that might be relevant to the purpose of the investigation.

Now, while the language is not exact, the SSCI report’s description of data that has a “legitimate foreign intelligence” surely includes “foreign intelligence information.” This is kind of backwards (which may be part of complaint from Udall and Wyden), but unless the information is clearly not relevant — and the intelligence community says some of this data has legitimate intelligence purposes — then it is retained. This is probably why Udall and Wyden think Alexander’s “must be promptly destroyed” is misleading, because if the IC thinks they might need to query it because it would serve a legitimate foreign intelligence purpose, then it is not.

So who makes this decision whether to keep the data? “NSA analyst(s) will determine whether it … is reasonably believed to contain foreign intelligence information.” (3(b)(4)) The NSA, not FBI or CIA.

And this data cannot just be retained. It can also be “forwarded to analytic personnel responsible for producing intelligence information from the collected data.” (3(b)(2))

Now, in most cases, that information must be anonymized (which is what Kurt Eichenwald discusses here, which Foust cites). But it has always been the case there are exceptions to that rule. Some exceptions are if:

  • The Director of NSA specifically determines, in writing, that the communication is reasonably believed to contain significant foreign intelligence information. (5(1)) In that case the information goes to the FBI. [Update: This distribution is permitted with domestic communication–that is, US to US person.]
  • A recipient requiring the identity of such person for the performance of official duties needs the identity of the United States person to understand foreign intelligence information or assess its importance. (6(b)(2) This sometimes, but not always, happens after an initial distribution.

There are actually a slew more exceptions but these two should suffice. Again, these rules on distribution (except as they affect technical data base information, which might be relevant here, but not necessary) are not new with FAA. They’ve long been in place.

Again, this is all about what happens to incidentally collected data, not the data of the person actually targeted. Which is why these two passages are irrelevant to the entire point (the second of which Foust thought I was leaving out because it hurt my point).

As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause.

[snip]

The Department of Justice and Intelligence Community reaffirmed that any queries made of Section 702 data will be conducted in strict compliance with applicable guidelines and procedures and do not provide a means to circumvent the general requirement to obtain a court order before targeting a U.S. person under FISA.

What they say is that the government is prohibited from targeting a US person without a warrant and that any other things done with incidentally collected data must be conducted in strict compliance with applicable guidelines, which are the minimization procedures I just reviewed (though again, those are from 2009 so they may have changed somewhat). The passage very clearly envisions making queries of the data and very clearly considers such queries to be distinct from the targeting of a US person.

And the minimization procedures make it clear that if data is not “clearly not foreign intelligence,” (that is, if it might be foreign intelligence, as this queried data is, according to the IC) then it is retained, at least through the initial (NSA-conducted) review. Where it can be queried, so long as the other minimization procedures are met.

One final thing. Foust is actually wrong when he suggests the IC asked for new authority (in any case, the only conclusion would be that they got it). Rather, in both the SSCI and the Senate Judiciary Committee, Senators tried to limit this authority. In SJC, Mike Lee,  Dick Durbin, and Chris Coons submitted an amendment to (among other things) prohibit,

the searching of the contents of communications acquired under this section [702] in an effort to find communications of a particular United States person…

…Except with an emergency authorization.

Dianne Feinstein fought the amendment by arguing such a prohibition would have made it harder to find Nidal Hasan (whom we didn’t find anyway, and whose communications with Anwar al-Awlaki may well have been traditional FISA collection). But at one level that makes sense.

Sheldon Whitehouse said that such a restriction would “kill this program.”

I may not like what Whitehouse stated. But I do trust his judgement about how central to this program is access to US person communications.

That doesn’t say how much of this stuff goes on (though it does seem to suggest it does). But it does say we ought to at least track it.

Share this entry

Confirmed: NSA Does Search Section 702 Data for Particular US Person Data

/18 Comments/in , /by

Update: To help Joshua Foust understand this topic, I did a second, really basic version of this post here. So if you’re fairly new to all this stuff, you might start there and then come back.

Update: Alexander’s office has conceded Udall and Wyden’s point about the classified inaccuracy. It also notes:

With respect to the second point raised in your 24 June 2013 letter, the fact sheet did not imply nor was it intended to imply “that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans.”

He then cites two letters from James Clapper’s office which I don’t believe have been published.

I’ve seen some people complaining that Ron Wyden and Mark Udall didn’t explicitly describe what Keith Alexander’s lies were in the NSA handout on Section 702 collection (note, as of 1PM, NSA has taken down their handout from their server). I’m okay with them leaving big breadcrumbs instead, not least because until we fix intelligence oversight, we’re going to need people like them who manage to stay on the committees but lay these signposts.

That said, I think people are underestimating how big of a signpost they did leave. Consider this, from their letter:

Separately, this same fact sheet states that under Section 702, “Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.” We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans. [my emphasis]

Last year’s SSCI report on extending the FISA Amendments Act strongly implied that the government interpreted the law to mean it could search for records of particular Americans.

During the Committee’s consideration of this legislation, several Senators expressed a desire to quantify the extent of incidental collection under Section 702. I share this desire. However, the Committee has been repeatedly advised by the ODNI that due to the nature of the collection and the limits of the technology involved, it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority. Senators Ron Wyden and Mark Udall have requested a review by the Inspector General of the NSA and the Inspector General of the Intelligence Community to determine whether it is feasible to estimate this number. The Inspectors General are conducting that review now, thus making an amendment on this subject unnecessary.

Finally, on a related matter, the Committee considered whether querying information collected under Section 702 to find communications of a particular United States person should be prohibited or more robustly constrained. As already noted, the Intelligence Community is strictly prohibited from using Section 702 to target a U.S. person, which must at all times be carried out pursuant to an individualized court order based upon probable cause. With respect to analyzing the information lawfully collected under Section 702, however, the Intelligence Community provided several examples in which it might have a legitimate foreign intelligence need to conduct queries in order to analyze data already in its possession. [my emphasis]

This passage made it clear that the Intelligence Community had demanded the ability to search on US person data already collected. Wyden and Udall’s letter makes that even more clear.

And the minimization procedures leaked last week support this (though note, these date to 2009 and might have been ruled to violate the Fourth Amendment since, though I suspect they haven’t).

They make it clear that US person communications will be retained if they contain foreign intelligence information (a term not defined in the procedures), including those they collected because (they claim) they’re unable to filter it out.

3(b)

(1) Personnel will exercise reasonable judgment in determining whether information acquired must be minimized and will destroyed inadvertently acquired communications of or concerning a United States person at the earliest practicable point in the processing cycle at which such communication can be identified either: as clearly not relevant to the authorized purpose of the acquisition (e.g., the communication does not contain foreign intelligence information)

[snip]

The communications that may be retained include electronic communications acquired because of limitations on NSA’s ability to filter communications.

(2) Communications of or concerning United States persons that may be related to the authorized purpose of the acquisition may be forwarded to analytic personnel responsible for producing intelligence information from the collected data.

The procedures make it clear that, with authorization from the NSA Director, even communications entirely between US persons may be retained (see section 5) if they are of significant intelligence value. Communications showing a communications security vulnerability may also be retained (this permission, related to cybersecurity, was not made public in the NSA handout).

And here’s perhaps the most interesting way of keeping US person data.

6(c)

(1) NSA may provide to the Central Intelligence Agency (CIA) unminimized communications acquired pursuant to section 702 of the Act. CIA will identify to NSA targets for which NSA may provide unminimized communications to CIA. CIA will process any such unminimized communications received from NSA in accordance with CIA minimization procedures …

(2) NSA may provide to the FBI unminimized communications acquired pursuant to section 702 of the Act. FBI will identify to NSA targets for which NSA may provide unminimized communications to the FBI. FBI will process any such unminimized communications received from NSA in accordance with FBI minimization procedures …

This is a kind of collection that Pat Leahy seems to believe escapes review by current Inspector General reviews of the program, as he tried to mandate such reviews in last year’s reauthorization.

The minimization procedures also appear to support Julian Sanchez’ guesstimate of how they could pull up US person contacts, since a phone number or unique name are not explicitly included among the identifiers that would constitute IDing a US person.

Now, all that doesn’t specifically address the other lie Wyden and Udall invoked, which they describe “portrays protections for Americans’ privacy as being significantly stronger than they actually are.” But I think the points I’ve laid out above — particularly the cybersecurity collection that is entirely unmentioned in the 702 sheet — probably lays out the gist of Alexander’s lies.

The government has spent the entire time since these documents were revealed trying to lie to Americans about whether their contacts with foreigners can be retained and read. And those lies keep getting exposed.

Share this entry

Shorter WaPo: It Would Take Months to Know about Spying Misconduct

/11 Comments/in , , /by

For what it’s worth, I consider reports that the government doesn’t know what Edward Snowden took to be disinformation. And indeed, claims to that effect in this WaPo article are sourced to: “one former government official,”a “former senior U.S. official,” and “a former senior U.S. intelligence official who served in Russia.” There’s also “a senior intelligence official” who says only it’ll take months to complete the damage assessment on Snowden’s materials, which is different from claiming (as the other sources do) that Russia and China have what he took. And a “second senior intelligence official” who fearmongers improbably about how much easier this will make things on the terrorists.

But ultimately, most of the people claiming NSA doesn’t know what Snowden took are former officials, presumably out of the loop on such issues (unless, of course, they’re Booz Allen Hamilton revolving doormen).

Funny thing is, if all that were true — if the government is still struggling to figure out what Snowden took a month after he left NSA — it indicates that the government would not know if a Sysadmin at the NSA had spied on Americans, if ever, until months after someone did so.

But, promise, this giant dragnet is secure.

Update: Mark Hosenball’s version of this apparently organized leak (his is sourced to “several U.S. officials,” “one non-government source familiar with Snowden’s materials,” and “2 U.S. national security sources,” makes it fairly clear the government intends to release this disinformation — along with incorrect claims about the history of WikiLeaks — as a way to fearmonger about that connection.

Although WikiLeaks initially made the diplomatic cables available to media outlets, including the Guardian and New York Times, who redacted potentially sensitive information before publishing them, the website eventually released an entirely unredacted archive of the material, to the dismay of the Obama Administration. U.S. officials said the information put sources at risk and damaged relations with foreign governments.

The disinformation people spreading this story apparently are less worried about confirming genuine concerns about the security of these programs than they are about trying to catch up to WikiLeaks involvement with a new line of fearmongering.

Update: I changed the title of this after it was published.

Share this entry

Wyden & Udall to Alexander: Why Do You People Keep Lying?

/10 Comments/in , /by

According to a letter Ron Wyden and Mark Udall sent Keith Alexander, the NSA is still lying publicly. At issue are two inaccuracies in the information sheet the NSA released about Section 702 implementation.

We were disappointed to see that this fact sheet contains an inaccurate statement about how the section 702 authority has been interpreted by the US government. In our judgment this inaccuracy is significant, as it portrays protections for Americans’ privacy as being significantly stronger than they actually are.

While I’m not certain what inaccuracy they’re talking about here, I suspect it has to do with the US person contact info collected along with targets. Even a comparison of the minimization order and the NSA’s claims make it clear US person communication can be swept up more easily than they claim.

Then there’s this complaint, which explicitly objects to the suggestion that the government manages to purge US person data, which of course they also claim they don’t track.

Separately, this same fact sheet states that under Section 702, “Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorized purpose nor evidence of a crime.” We believe that this statement is somewhat misleading, in that it implies that the NSA has the ability to determine how many American communications it has collected under section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans. In fact, the intelligence community has told us repeatedly that it is “not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under the authority” of the FISA Amendments Act.

They make it clear the claim this information gets purged is false.

Share this entry

Obama’s Stubbornness and the Risk of Snowden

/56 Comments/in , , , /by

At the outset of this post, let me lay out my following assumptions (I can’t prove these points, but I suspect them):

  • The documents released so far by Guardian and WaPo — information on the Section 215 program, PRISM, and the PPD on cyberwar — have done negligible damage to our security (indeed, even Sheldon Whitehouse, a big defender of these programs, said the government should have been transparent about them earlier)
  • China already knew the content of Edward Snowden’s public revelations about our hacking into Chinese networks (we know China’s compromises of us, so it is unlikely China, which is more successful and aggressive at hacking than we are, doesn’t know our compromises of it); the revelations on this front so far have served primarily to even out the playing field on mutual accusations of hacking
  • Snowden personally (and his laptops) have information that China and Russia could both find of more use, particularly given that some of our programs targeting them were run out of HI
  • Snowden may also have things that might be of use to others, such as organized crime (If I were planning on longevity and had access, for example, I would take some zero day exploits when I left the NSA, though the street value of them would diminish once NSA had inventoried what I took)
  • The reporting I’ve seen has not confirmed reports that either China or Russia has debriefed Snowden or scanned his computers (indeed, this report on China’s involvement in his departure from Hong Kong suggests they did not talk with him directly)
  • Julian Assange knows where Snowden is, leading to the possibility he has escaped Russia to a country that has not yet been named in reports of Snowden’s escape (named countries have included Venezuela, Cuba, Ecuador, and Iceland)

All of that is a roundabout way of saying that Snowden could do great damage to the US, but may not have yet, and certainly hadn’t by the time he first revealed himself in Hong Kong.

If that’s right, then it seems the Obama approach has been precisely the wrong approach in limiting potential damage to national security. The best way to limit damage, for example, would be to get Snowden to a safe place where our greatest adversaries can’t get to him, where we could make an eternal stink about his asylum there, but still rest easy knowing he wasn’t leaking further secrets. Indeed, if he were exiled in some place like France, we’d likely have more influence over what he was allowed to do than if he gets to Ecuador, for example.

The most likely approach to lead to further damage, however, is to charge him with Espionage. This not only raises the specter of the treatment we’ve given Bradley Manning — giving Snowden Denise Lind’s judgement that Manning’s rights were violated to include in any asylum application — but also easily falls under what states can call political crimes, which permits them to ignore extradition requests. That is, we appear to be pursuing the approach that could lead to greater damage.

By contrast, letting Snowden get someplace safe is perfectly equivalent to letting the CIA off for torture (or, for that matter, James Clapper off for lying to Congress). It’s a violation of rule of law, but it also serves to minimize the tremendous damage the spooks might do to retaliate. Obama has chosen this path already when the criminals were his criminals; he clearly doesn’t have the least bit of compunction of setting aside rule of law for pragmatic reasons. But in Snowden’s case, he seems to be pursuing a strategy that not only might increase the likelihood of damage, but also lets China and Russia retaliate for perceived slights along the way.

All this is just an observation. I believe Obama’s relentless attacks on whistleblowers and his ruthless enforcement of information asymmetry have actually raised the risk of something like this. And he seems to be prioritizing proving the power of the US (which has, thus far, only proved our diminishing influence) over limiting damage Snowden might do.

Update: This fearmongering WaPo article nevertheless quotes a former senior US official admitting that what Snowden has released so far wouldn’t help China or Russia.

A former senior U.S. official said that the material that has leaked publicly would be of limited use to China or Russia but that if Snowden also stole files that outline U.S. cyber-penetration efforts, the damage of any disclosure would be multiplied.

Share this entry