Section 702 Reauthorization Bill: The Very Narrowly Scoped Back Door Search Fix

/1 Comment/in , /by

This is my second post on the draft House Judiciary Committee version of the Section 702 reauthorization. In this post, I’ll look at how the bill tries to fix the back door search loophole. In two followup posts I’ll explain why this fix is inadequate legislatively, and why it is inadequate legally.

The back door fix:

  • Requires a court order to access content “for evidence of a crime”
  • Requires an AG relevance statement to access metadata-plus
  • Creates exceptions that swallow the rule
  • Prevents reverse targeting
  • Mandates simultaneous access to FBI databases
  • Permits broad delegation
  • Creates auditable records with big loopholes
  • Invites the government to define foreign intelligence information

Requires a court order to access content “for evidence of a crime”

Here’s the language that requires the government to obtain a court order when accessing Section 702 data.

(j) REQUIREMENTS FOR ACCESS AND DISSEMINATION OF COLLECTIONS OF COMMUNICATIONS.—

(1) COURT ORDERS AND OTHER REQUIREMENTS.—

(A) COURT ORDERS TO ACCESS CONTENTS.—Except as provided by subparagraph (C), in response to a query for evidence of a crime, the contents of queried communications acquired under subsection (a) may be accessed or disseminated only upon—

(i) an application by the Attorney General to a judge of the Foreign Intelligence Surveillance Court that describes the determination of the Attorney General that—

(I) there is probable cause to believe that such contents may provide evidence of a crime specified in section 2516 of title 18, United States Code (including crimes covered by paragraph (2) of such section);

(II) noncontents information accessed or disseminated pursuant to subparagraph (B) is not the sole basis for such probable cause;

(III) such queried communications are relevant to an authorized investigation or assessment, provided that such investigation or assessment is not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States; and

(IV) any use of such queried communications pursuant to section 706 will be carried out in accordance with such section;

(ii) an order of the judge approving such application.

The requirement only applies to evidence of crime. It requires the crime to be one of the ones listed in the Wiretap Act, but includes state crimes, which in turn includes drug crimes (and child pornography, which of course is now in Section 702’s minimization procedures).

For some reason, it requires this application to go to FISC, rather than a regular magistrate, which is problematic both from a time management issue for FISC but also for reasons of standardization among magistrates. That’s all the more concerning given that the bill doesn’t explain what kind of review the FISC judge can do — whether the judge can actually review for probable cause, or whether she doesn’t have that authority. This is a big concern, because DOJ has repeatedly told FISC judges in secret that they don’t have authority specifically laid out in law, not even when they were asking judges to approve programmatic spying.

One good part of this language is that it requires something beyond metadata from a 702 search to support a probable cause review.

As I’ll write in a follow-up, though, the limitation of this to criminal purposes makes it absolutely meaningless — it simply misunderstands how FBI conducts these queries (and obviously doesn’t apply to how NSA and CIA do it).

Requires an AG relevance statement to access metadata-plus

In addition to the controls on content, this reauthorization also imposes new controls on access to metadata-plus.

(B) RELEVANCE AND SUPERVISORY APPROVAL TO ACCESS NONCONTENTS INFORMATION.—Except as provided by subparagraph (C), in response to a query for evidence of a crime, the information of queried communications acquired under subsection (a) relating to the dialing, routing, addressing, signaling, or other similar noncontents information may be accessed or disseminated only upon a determination by the Attorney General that—

(i) such queried communications are relevant to an authorized investigation or assessment, provided that such investigation or assessment is not conducted solely on the basis of activities protected by the first amendment to the Constitution of the United States; and

(ii) any use of such queried communications pursuant to section 706 will be carried out in accordance with such section.

This imposes an Attorney General certification of relevance for access to 702-derived “metadata-plus.” I’m using that term to refer to the broadened definition of metadata that presumably invokes John Bates’ definition adopted in a series of opinions, but which remains entirely redacted.

Consider the absurdity of the proposition that the government can search “just metadata” but metadata is so sensitive it can’t be publicly defined. And Congress chooses not to define it here either.

If we need to revisit the definition of metadata, then Congress should do it here, not just nod blindly to redacted opinions at FISC.

And, again, this applies only to crimes.

Creates exceptions that swallow the rule

As I keep saying, the back door search fix only applies to criminal searches. Here’s what is not included.

(C) EXCEPTIONS.—The requirement for an order of a judge pursuant to subparagraph (A) and the requirement for a determination by the Attorney General under subparagraph (B), respectively, shall not apply to accessing or disseminating queried communications acquired under subsection (a) if one or more of the following conditions are met:

(i) Such query is reasonably designed for the primary purpose of returning foreign intelligence information.

(ii) The Attorney General makes the determination described in subparagraph (A)(i) and

(I) the person related to the queried term is the subject of an order or emergency authorization that authorizes electronic surveillance or physical search under this Act or title 18 United States Code; or

(II) the Attorney General has a reasonable belief that the life or safety of a person is threatened and such contents are sought for the purpose of assisting that person.

(iii) Pursuant to paragraph (5), the person related to the queried term consents to such access or dissemination.

First, the bill exempts emergency or threat to life queries.

But before it does that, it exempts all requests “designed for the primary purpose of returning foreign intelligence information.” In a different section, HJC punts on the issue of defining what “foreign intelligence information” means, directing the government to do that in minimization procedures.

It punts on more than that. How can you have one category for “primary purpose” FI information, but then not treat criminal searches as primary? Where does that line end? Especially given that this is permitted, for both criminal and intelligence purposes, at the assessment level, which is before the government has any evidence.

In short, even where it is writing exceptions, the bill does it in such a way as to let the split swallow the rule.

Prevents reverse targeting

I think this language prohibits reverse targeting.

(D) LIMITATION ON ELECTRONIC SURVEILLANCE OF UNITED STATES PERSONS.—If the Attorney General determines that it is necessary to conduct electronic surveillance on a known United States person who is related to a term used in a query of communications acquired under subsection (a), the Attorney General may only conduct such electronic surveillance using authority provided under other provisions of law.

As I read it, if the FBI queries 702 data and finds evidence of a crime, they cannot then develop that evidence using already collected (or newly targeted) 702 data. They have to get a criminal warrant to do it.

Mind you, this is the kind of authorities laundering they do anyway, but this prohibition is worthwhile.

Mandates simultaneous access to FBI databases

The most interesting — and potentially dangerous — language in this section mandates that when the FBI does queries, all the data they have be accessible.

(E) SIMULTANEOUS ACCESS OF FBI DATABASES.—The Director of the Federal Bureau of Investigation shall ensure that all available investigative or intelligence databases of the Federal Bureau of Investigation are simultaneously accessed when the Bureau properly uses an information system of the Bureau to determine whether information exists in such a database. Regardless of any positive result that may be returned pursuant to such access, the requirements of this subsection shall apply.

I say it’s dangerous, because it might require very compartmented data to be more broadly accessible.

But the other thing that’s interesting about it is it will ensure that if there’s any multiplicitous data in the databases, FBI will have options to bypass the intent of the back door fix.

Consider: a great deal of individually targeted FISA data will replicate data obtained using 702 (which may in fact be the data the government used to obtain a targeted FISA order). A search on such data will return both the traditional FISA data and the 702 data. In cases where the FBI can use the former, they don’t have to bother with a “warrant” from FISC. As FBI obtains more and more raw EO 12333 data, that will be even more true there.

So while there may be an interesting operational reason for this — perhaps FBI even missed information in some sensitive investigation because not all data was accessible? — there are also clear downsides and the likelihood this will turn into a workaround to make the back door search even less meaningful.

Permits broad delegation

Another thing HJC doesn’t bother to specify is how broadly the Attorney General can delegate the authority for these various declarations.

(F) DELEGATION.—The Attorney General shall delegate the authority under this paragraph to the fewest number of officials that the Attorney General determines practicable.

(2) AUTHORIZED PURPOSES FOR QUERIES.—A collection of communications acquired under subsection (a) may only be queried for legitimate national security purposes or legitimate law enforcement purposes.

This was a significant problem behind the early NSL abuses. Letting the AG decide how much authority he wants to delegate invites similar abuses and is not why we’re paying Congress.

Creates auditable records with big loopholes

As always with transparency provisions, the loopholes are far more interesting than the provisions themselves, because they reveal where the interesting stuff is hiding. This requirement applies to all four agencies that get raw 702 traffic: NSA, CIA, NCTC, and FBI.

NSA is already doing this kind of record-keeping (sort of, though given the violations discovered last year, there’s reason to doubt it). But once they set the requirement, they create big problematic loopholes.

(3) RETENTION OF AUDITABLE RECORDS.— The Attorney General and each Director concerned shall retain records of queries that return a positive result from a collection of communications acquired under subsection (a). Such records shall—

(A) include such queries for not less than 5 years after the date on which the query is made; and

(B) be maintained in a manner that is auditable and available for congressional oversight.

With this language, HJC exempts Congressional queries (which I’m fine with), but also tech queries.

(4) COMPLIANCE AND MAINTENANCE.—The requirements of this subsection do not apply with respect to queries made for the purpose of—

(A) submitting to Congress information required by this Act or otherwise ensuring compliance with the requirements of this section; or

(B) performing maintenance or testing of information systems.

Until at least 2010, NSA was using tech queries to do metadata searches that weren’t authorized by the phone dragnet (which was facilitated by having tech people co-located with analysts, which made it easy for the analysts to as for help). If you exempt tech people, you will have abuses on any restriction.

In addition, the auditable record requirement doesn’t count for those who’ve given consent, which includes informants.

(5) CONSENT.—The requirements of this subsection do not apply with respect to—

(A) queries made using a term relating to a person who consents to such queries; or

(B) the accessing or the dissemination of the contents of queried communications of a person who consents to such access or dissemination.

From this I assume that a great many of these queries (especially those at CIA that aren’t now being counted) are being done for Insider Threat detection, which tracks a bunch of people who, by obtaining a clearance, have given consent for this kind of searching. I assume there are a great many of them too, since they need to be hidden.

(6) DIRECTOR CONCERNED.—In this subsection, the term ‘Director concerned’ means the following:

(A) The Director of the National Security Agency, with respect to matters concerning the National Security Agency.

(B) The Director of the Federal Bureau of Investigation, with respect to matters concerning the Federal Bureau of Investigation.

(C) The Director of the Central Intelligence Agency, with respect to matters concerning the Central Intelligence Agency.

(D) The Director of the National Counterterrorism Center, with respect to matters concerning the National Counterterrorism Center.

Invites the government to define foreign intelligence information

Finally, the bill requires the government to adopt a meaning for “query reasonably designed for the primary purpose of returning foreign intelligence information” in yearly certifications, rather than doing it themselves.

(b) PROCEDURES.—Subsection (e) of such section 6 (50 U.S.C. 1881a(e)) is amended by adding at the end the following new paragraph:

(3) CERTAIN PROCEDURES FOR QUERYING.— The minimization procedures adopted in accordance with paragraph (1) shall describe a query reasonably designed for the primary purpose of returning foreign intelligence information pursuant to subsection (j)(1)(C)(i).’’.

Again, it is the job of Congress to do this. Once the IC defines this in such a way that will further swallow up the rule, what then? We wait until 2023 (which is when this law would next get reauthorized) to define the term meaningfully? At some point we need to have an explicit discussion about the foreign intelligence purposes that drive a lot of these queries, and talk about whether they’re permissible under the Fourth Amendment. Now would be a good time, but this language just punts the question.

Other 702 posts

702 Reauthorization Bill: The “About” Fix (What Is A Person?)

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

702 Reauthorization Bill: The “About” Fix (What Is A Person?)

/2 Comments/in /by

I’m going to do a series of posts on the draft 702 reauthorization bill, which is here. The bill makes a number of improvements to the status quo, but it’s not clear whether it fixes the biggest problems with Section 702.

Take the “about” fix, which is a short and sweet change to the targeting procedures.

(4) LIMITATION.—During the period preceding September 30, 2023, the procedures adopted in accordance with paragraph (1) shall require that the targeting of a person is limited to communications to or from the targeted person.

As a reminder, “about” collection targeted the content of “communications” — perhaps searching on something like Osama bin Laden’s phone number in the content of email. It posed a problem because sometimes NSA obtains upstream communications in bundles, meaning they’ll get a number of unrelated communications at the same time. In such a case, if an email in a bundle included the target (OBL’s phone number), then all the emails would be collected, which also might include emails to other people. In a small number of cases, such collection would result in the collection of entirely domestic communications that had no foreign intelligence value; it resulted in a larger number of entirely domestic, unbundled communications that were of foreign intelligence value because they mentioned the selector.

The legislative fix largely parallels the fix Rosemary Collyer approved in April. She accomplished this (relying on an Administration memo that, unlike almost everything else from the reauthorization process, has not been released) this way:

Finally, upstream collection of Internet transaction [redacted] for communications to or from a targeted person, but “abouts” communication may no longer be acquired. The NSA Targeting Procedures are amended to state that “[a]cquisitions conducted under these procedures will be limited to communications to or from persons targeted in accordance with these procedures. [citation removed], and NSA’s Minimization Procedures now state that Internet transactions acquired after March 17, 2017, “that are not to or from a person targeted in accordance with NSA’s section 702 targeting procedures are unauthorized acquisitions and therefore will be destroyed upon recognition.” [citation removed]

Here’s how it looks in practice, in the current targeting procedures.

In both cases, I have a similar concern, one which is made more obvious in the targeting procedures. They start by suggesting that all acquisitions under 702 will be limited to “communications to or from persons targeted in accordance with these procedures.” But then its discussion of upstream collection defines “Internet transaction” in such a way to treat it only as a communication.

The draft bill similarly suggests the possibility that there is the targeting of persons — for whom the active user rule much hold, but if there were some other kind of targeting, it might not hold.

What is a person, in this situation? Does this language prevent NSA from targeting a group (a point raised by John Bates on precisely this point in 2011)? Can NSA target — say — an encryption product used by a corporate group (ISIS’s shitty encryption product, for example), and if so are all users of that product assumed to be part of the group? What happens if the collection is targeting the command and control server of a botnet; any communications back and forth from it are, technically speaking, communications, but not involving a human person.

In other words, both versions of this prohibition seem to operate under they fiction that NSA is just collecting emails, traditional communications between traditional people. I’m actually not sure how the language would apply to other stuff. I’m also not sure if the possible exceptions would have privacy concerns.

Which is why I’m not certain whether the prohibition actually eliminates the privacy threat in question.

Not least, because directly after the introduction of the prohibition in her opinion, Collyer acknowledges that NSA will still obtain entirely domestic comms.

As I’ve said elsewhere, I think this prohibition does fix the email (and other kinds of Internet messaging) MCT problem. But given that even Collyer admits NSA will still obtain domestic communications, there’s still the problem that those domestic comms will be sucked up in the newly permitted back door searches of upstream communications.

Share this entry

Why Did Google Miss a Lot of Users Affected by FISA?

/2 Comments/in /by

There’s been some bad news in the transparency reports issued by America’s tech companies thus far. First, Apple revealed a huge spike in FISA requests.

the number of national security orders, including secret rulings from the Foreign Intelligence Surveillance Court, spiked during the period.

The company received between 13,250 and 13,499 national security orders, affecting between 9,000 and 9,249 accounts.

That’s a threefold increase compared to the year earlier, which saw up to 2,999 orders for the period.

It’s the largest number of national security orders that Apple has ever reported in five years of publishing transparency reports.

My guess is this reflects increasing reliance on requests to Apple to obtain information that would otherwise be encrypted (it might even suggest Apple was forced to put a back door into their phones, though there has been no declassified FISC opinion that would reflect that, so I doubt that’s it). I’m wondering, because of the change Apple just made in iOS 11 that requires passwords before a phone trusts a computer, whether Apple has been asked to turn over backups of iPhones shared to iTunes, but that’s admittedly a wildarseguess.

Then, in addition to an new high in standard government information requests, Google also revised its previously issued national security request numbers to reflect (on the most part) significantly more users and/or accounts affected (CNet reported this here).

At first I thought this might reflect either the two-year delayed reporting on new services being requested or delayed collection off an original target (which might happen if someone commented, four years later, on a YouTube video posted by an account being tasked).  And while some combination of those might be involved, Google claims this was an inadvertent undercounting

We’ve also posted updated figures for the number of users/accounts impacted by Foreign Intelligence Surveillance Act (FISA) requests for content in previous reporting periods. While the total number of FISA content requests was reported accurately, we inadvertently under-reported the user/account figures in some reporting periods and over-reported the user/account figures in the second half of 2010. The corrected figures are in the latest report and reflected on our visible changes page. [my emphasis]

Which suggests it may instead pertain to uncertainty — on the part of the government, especially — of which selectors relate to a natural person.

As I have noted, in the government’s own transparency reporting, they provide estimated numbers of targets for both 702 and traditional FISA. The reason they can only provide estimates is almost certainly because for both authorities (and for much of NSA’s 12333 targeting) they’re targeting selectors of interest, only some of which they’ve tied to a known person’s identity. And it’s likely they have selectors that are interesting because of their contacts and other behaviors that belong to already known targets using other selectors.

I provided some background on why this is the case in this post on changes in the reporting provisions the 2015 version of USA Freedom Act.

First, the reporting provisions as a whole move from tracking “individuals whose communications were collected” to “unique identifiers used to communicate information.” They probably did that because they don’t really have a handle on which of the identifiers all represent the same natural person (and some aren’t natural persons), and don’t plan on ever getting a handle on that number. Under last year’s bill, ONDI could certify to Congress that he couldn’t count that number (and then as an interim measure I understand they were going to let them do that, but require a deadline on when they would be able to count it). Now, they’ve eliminated such certification for all but 702 metadata back door searches (that certification will apply exclusively to CIA, since FBI is exempted). In other words, part of this is just an admission that ODNI does not know and does not planning on knowing how many of the identifiers they target actually fit together to individual targets.

But since they’re breaking things out into identifiers now, I suspect they’re unwilling to give that number because for each of the 93,000 targets they’re currently collecting on, they’re probably collecting on at least 10 unique identifiers and probably usually far, far more.

Just as an example (this is an inapt case because Hassanshahi, as a US person, could not be a PRISM target, but it does show the bare minimum of what a PRISM target would get), the two reports Google provided in response to administrative subpoenas for information on Shantia Hassanshahi, the guy caught using the DEA phone dragnet (these were subpoenas almost certainly used to parallel construct data obtained from the DEA phone dragnet and PRISM targeted at the Iranian, “Sheikhi,” they found him through), included:

  • a primary gmail account
  • two secondary gmail accounts
  • a second name tied to one of those gmail accounts
  • a backup email (Yahoo) address
  • a backup phone (unknown provider) account
  • Google phone number
  • Google SMS number
  • a primary login IP
  • 4 other IP logins they were tracking
  • 3 credit card accounts
  • Respectively 40, 5, and 11 Google services tied to the primary and two secondary Google accounts, much of which would be treated as separate, correlated identifiers

So just for this person who might be targeted under the new phone dragnet (though they’d have to play the same game of treating Iran as a terrorist organization that they currently do, but I assume they will), you’d have upwards of 15 unique identifiers obtained just from Google. And that doesn’t include a single cookie, which I’ve seen other subpoenas to Google return.

In other words, one likely reason the IC has decided, now that they’re going to report in terms of unique identifiers, they can’t report the number of identifiers targeted under PRISM is because it would make it clear that those 93,000 targets represent, very conservatively, over a million identifiers — and once you add in cookies, maybe a billion identifiers — targeted. And reporting that would make it clear what kind of identifier soup the IC is swimming in.

Here’s another list of the kinds of identifiers the government seeks with just a 2703(d) order (remember, under PRISM, the government would get both this list of the identifiers, as well as the content or other activity, including location data, tied to the identifiers).

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as either of the accounts in Part A).

But for PRISM requests (as opposed to the new phone dragnet implemented in 2006), this works in reverse, with the government providing long lists of identifiers it wants to task, which may or may not reflect groupings using NSA’s own correlation process into identifiable targets. While the government surely asks for all Google content knowingly tied to all accounts of a known identifier (so, for example, if the government tasked “emptywheel” they also might get random Google accounts I set up under different names years ago, as well as accounts they connect by common use of the same cookie), it’s possible the government submits selectors believing they belong to the same person when in fact they are separate individuals.

Particularly once you’re tying collection to an IP address, it’s likely you’ll get multiple people off the same selector. And it may take Google some time to sort all that out. So that’s my guess of what’s going on: the change in numbers reflects the degree of uncertainty — even for Google! — regarding how many people are actually being targeted here.

 

That said, given the obviously different methodologies in counting these numbers, it may also work the other way. That is, Google may at first believe it has just turned over the data for, say, 10 of a user’s Google services, only to later realize it has also provided content or ad profile or Google map location data or Google pay.

Whatever it is, it is telling that even Google (!!!) can’t track how many targets FISA collection involves in real time.

Share this entry

How Keith Gartenlaub Turned Child Porn into Foreign Intelligence

/5 Comments/in , /by

As I mentioned in this post on FISA and the space-time continuum, I’m going to be focusing closely on the FISA implications of Keith Gartenlaub’s child porn prosecution.

Gartenlaub was a Boeing engineer in 2013 when the FBI started investigating him for sharing information with China (see this and this story for background). He was suspected, in significant part, because of relationships and communications tied to his wife, who is a naturalized Chinese-American and whose family appears well-connected in China. The case is interesting for the way the government used both FISA and criminal searches to prosecute him for a non-national security related crime.

The case is currently being appealed to the 9th Circuit; it will be heard on December 4. His defense is challenging several things about his conviction, including that there was insufficient evidence to deem him an Agent of a Foreign Power (and therefore to obtain the ability to conduct a broader search than might be permitted under a criminal warrant), as well as that there was insufficient evidence offered at trial that he knowingly possessed the 9-year old child porn on which his conviction rests. I think there’s some merit to the latter claim, but I’m going to bracket it for my discussion, both because I think the FISA issues would remain important even if the government’s case on the child porn charge were far stronger than it is, and because I think the government may be sitting on potentially inculpatory evidence.

In this post, I’m going to show that it is almost certain that the government changed FISA minimization procedures to facilitate using FISA to prosecute him for child porn.

Timeline

The public timeline around the case looks like this (and as I said, I believe the government is hiding some bits):

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

Unknown date: Harris obtains a FISA order

January 29, 2014: Using FISA physical search order, FBI searches Gartenlaub’s home, images three hard drives

June 3, 2014: Harris sends files to National Center for Missing and Exploited Children, which confirms some files display known victims

August 22, 2014: Criminal search warrant obtained for Gartenlaub’s premises

August 27, 2014: FBI searches Gartenlaub’s properties, seizing computers used as evidence in trial, arrests him

August 29, 2014: Government reportedly says it will dismiss charges if Gartenlaub will cooperate on spying

October 23, 2014: Grand jury indicts

December 10, 2015: Guilty verdict

FBI used a criminal search warrant to obtain evidence, then obtained a FISA order

As you can see from the timeline, the government first obtained a criminal search warrant for access to Gartenlaub and his wife’s email accounts (Gartenlaub also got an 1806 notice, meaning they used a FISA wiretap on him at some point). Only after that did they execute a FISA physical search order to search his house and image his computers. Which means — unless they had a FISA order and a criminal warrant simultaneously — they had already convinced a judge it was likely Gartenlaub’s emails would provide evidence he was “remov[ing ] information, including export controlled technical data, from Boeing’s computer networks to China.” In his affidavit, Agent Harris cited violations of the Arms Export Control Act and Computer Fraud and Abuse Act.

Then, after probably months of reviewing emails later, having already shown probable cause that could have enabled them to get a search warrant to search Gartenlaub’s computer for those specific crimes — that is, proof that he had exploited his network access at Boeing in order to obtain data he could share with his wife’s Chinese associates — the government then went to FISA and convinced a judge they had probable cause Gartenlaub (or perhaps his wife) was acting as an agent of a foreign power for what are assumed to be the same underlying activities.

The government insists it still had adequate evidence Gartenlaub or his wife was an agent of a foreign power under FISA

The government’s response to Gartenlaub’s appeal predictably redacts much of the discussion to support its claim that it had sufficient probable cause, after months of reading his emails, to claim he or his wife was an agent of China. But the structure of it — with an unredacted paragraph addressing weaknesses with the criminal affidavit, followed by a redacted passage of unknown length, as well as a redacted footnote modifying the idea that the criminal affidavit “merely ‘recycled’ details that were found in the Harris affidavit” (see page 38-39) — suggests they raised evidence beyond what got included in the criminal affidavit. That’s surely true; it presumably explains what was so interesting about Yi’s family and associates in China as to sustain suspicion that they would be soliciting Boeing technology.

In any case, in a filing in which the government admits that “the [District] court expressed ‘some personal questions regarding the propriety of the FISA court proceeding even though that certainly seems to be legally authorized’,” the government pushed the Ninth Circuit to adopt a deferential standard on probable cause for FISA orders, in which only clear error can overturn the probable cause standard.

The Court has not previously articulated the standard of review applicable to an underlying finding of probable cause in a FISA case. In the analogous context of search warrants, this Court gives “great deference” to an issuing magistrate judge’s findings of probable cause, reviewing such findings only for “clear error.” Krupa, 658 F.3d at 1177; United States v. Hill, 459 F.3d 966, 970 (9th Cir. 2006) (same); United States v. Clark, 31 F.3d 831, 834 (9th Cir. 1994) (same). “In borderline cases, preference will be accorded to warrants and to the decision of the magistrate issuing it.” United States v. Terry, 911 F.2d 272, 275 (9th Cir. 1990). The same standard applies to this Court’s review of the findings in Title III wiretap applications. United States v. Brown, 761 F.2d 1272, 1275 (9th Cir. 2002).

Consistent with these standards and with FISA itself, the Second and Fifth Circuits have held that the “established standard of judicial review applicable to FISA warrants is deferential,” particularly given that “FISA warrant applications are subject to ‘minimal scrutiny by the courts,’ both upon initial presentation and subsequent challenge.” United States v. Abu-Jihaad, 630 F.3d 102, 130 (2d Cir. 2010); accord United States v. El-Mezain, 664 F.3d 467, 567 (5th Cir. 2011) (noting that representations and certifications in FISA application should be “presumed valid”). Other courts, reviewing district court orders de novo, have not discussed what deference applies to the FISC. See, e.g., Demeisi, 424 F.3d at 578; Squillacote, 221 F.3d at 553-54.

The government submits that the appropriate standard should be deferential. Consistent with findings of probable cause in other cases, the Court should review only for “clear error,” giving “great deference” to the initial conclusion that a FISA application established probable cause.

And, of course, the government argues that even if it didn’t meet the standards required under FISA, it still operated in good faith.

By using a FISA rather than a criminal search warrant, the FBI had more leeway to search for unrelated items

Nevertheless, having read Gartenlaub’s email for months and presumably having had the opportunity to obtain a warrant to search his computers for those specific crimes, the government instead obtained a FISA order that allowed the FBI to search his devices far more broadly, opening up decades old files named with sexually explicit names in the guise of finding intelligence on stealing Boeing’s secrets. Here’s how Gartenlaub’s lawyers describe the search in his appeal, a description the government largely endorses in their response:

The FISC can only authorize the government to search for and seize “foreign intelligence information.” 50 U.S.C. §§ 1822(b), 1823(a)(6)(A), 1824(a)(4). The order authorizing the January 2014 search of Gartenlaub’s home and computers presumably complied with this restriction. “Foreign intelligence information” (defined at 50 U.S.C. §§ 1801(e) and 1821(1)) does not include child pornography. Nonetheless, as detailed in the government’s application for the August 2014 search warrant, the agents imaged Gartenlaub’s computers in their entirety, reviewed every file, and–upon discovering that some of the files contained possible child pornography–subjected those and related files to detailed scrutiny, including sending them to the National Center for Exploited Children for analysis. ER248-56, 262-68. In an effort to establish that Gartenlaub had downloaded the child pornography, the agents also examined and analyzed a number of other files on the computers, none of which had anything to do with “foreign intelligence information.” ER255-62, 268-70.

As far as the record shows, the agents conducted this detailed, far-ranging analysis without obtaining any court authorization beyond the initial FISC order. In other words, after encountering suspected child pornography files, the agents did not stop their search and seek a warrant authorizing them to open and review those files and other potentially related files. Instead, they opened, examined, and analyzed the suspected child pornography files and a number of other files having nothing to do with foreign intelligence information. They then incorporated the results of that analysis into the August 2014 search warrant application. ER248- 49. That application, in turn, produced the warrant that gave the agents authority to search for and seize the very materials that they had already seized and searched under the purported authority of the January 2014 FISC order.

How did agents authorized to search for “foreign intelligence information” end up opening, examining, and analyzing suspected child pornography files and a number of other files that had nothing to do with the only authorized object of the search? The agents apparently relied on the following argument: To determine whether Gartenlaub’s computers contained foreign intelligence information, it was necessary to open and review every file; after all, a foreign spy might cleverly conceal such information in .jpg files with sex-themed names or in other non-obvious locations. And after opening the files, the child pornography and other information was in “plain view” and thus could be lawfully seized under the Fourth Amendment.

As a result of these broad standards, and of Gartenlaub’s habit of retaining disk drives from computers he no longer owned, the FBI found files dating back to 2005, from a computer Gartenlaub no longer owned.

Upon finding that those files included apparent child porn, the FBI sent them off to the National Center for Missing and Exploited Children, which confirmed some of the images included known victims. Almost two months later, FBI conducted further (criminal) searches, and arrested Gartenlaub for child porn.

In December 2015, Gartenlaub was found guilty on two counts of child porn, though one count was vacated by the judge after the verdict.

FBI changed standard minimization procedures to permit sharing with NCMEC

The timeline above is what would have been available to Gartenlaub’s defense team.

But in 2015 and 2017, two new details were added to the timeline.

First, on April 11, 2017, two months after Gartenlaub submitted his opening brief in the appeal on February 8, the government released an August 11, 2014 opinion approving the sharing of FISA-obtained data with NCMEC.

Congress established NCMEC in 1984 as a non-governmental organization and it is funded through grants administered by the Department of Justice. One of its purposes is to assist law enforcement in identifying victims of child pornography and other sexual crimes. Indeed, Congress has mandated Department of Justice coordination with NCMEC on these and related issues. See Mot. at 5-8. Furthermore, this Court has approved modifications to these SMPs in individual cases to permit the Government to disseminate information to NCMEC. See Docket Nos. [redacted]. Because of its unique role as a non-governmental organization with a law enforcement function, and because it will be receiving what reasonably appears to be evidence of specific types of crimes for law enforcement purposes, the Government’s amendment to the SMPs comply with FISA under Section 180l(h)(3).1

As noted, in the past the FISC had approved sharing FISA-collected data with NCMEC on a case-by-case basis. But in 2014, in the weeks while  it prepared to arrest Gartenlaub on child porn charges tied to a search that only found the child porn because it used the broader FISA search standard, the government finally made NCMEC sharing part of the standard minimization procedures.

Even on top of this coincidental timing, there are reasons to suspect DOJ codified the NCMEC sharing because of Gartenlaub’s case. For example, in the government’s response there’s a passage that clearly addresses how NCMEC got involved in the case that bridges the discussion of use of child porn evidence discovered in plain view in the criminal context and the discussion of its use here.

Non-FISA precedents also foreclose defendant’s claims. Analyzing a Rule 41 search warrant, this Court has held that using child pornography inadvertently discovered during a lawful search is consistent with the Fourth Amendment. Giberson, 527 F.3d at 889-90 (ruling that “the pornographic material [the agent] inadvertently discovered while searching for the documents enumerated in the warrant [related to document identification fraud] was properly used as a basis for the third warrant authorizing the search for child pornography”);

[additional precedents excluded]

[CLASSIFIED INFORMATION REMOVED] With the benefit of NCMEC’s assistance, the government then sought and obtained the August 2014 search warrants, authorizing the search of defendant’s residence and storage units for child pornography. (CR 73; GER 901-53). The fruits of this warrant were then used in defendant’s prosecution. The use of information discovered during the prior lawful January 2014 search in the subsequent search warrant application was proper. Giberson, 527 F.3d at 890.

The redacted discussion must include not only a description of how NCMEC was permitted to get involved, but in the approval approving this as part of the minimization procedures, which (after all) are designed to protect Americans under the Fourth Amendment.

Of particular interest, the government argued that one of the precedents Gartenlaub cited was not binding generally, and especially not binding on the FISC.

The concurring opinion in CDT, upon which defendant relies, does not aid him. That concurrence is not “binding circuit precedent” or a “constitutional requirement,” much less one binding on the FISC. Schesso, 730 F.3d at 1049 (the “search protocol” set forth in the CDT concurrence is not “binding circuit precedent,” not a[] constitutional requirement[],” and provides “no clear-cut rule”); see CDT, 621 F.3d at 1178 (observing that “[d]istrict and magistrate judges must exercise their independent judgment in every case”); Nessland, 601 Fed. Appx. at 576 (holding that “no special protocol was required” for a computer search). Defendant thus cannot demonstrate any error relating to any FISC-authorized search.

The FISC had, by the time of the search relying on the FISA-obtained child porn as evidence, already approved the use of child porn obtained in a FISA search. So the government could say the CDT case was not binding precedent, because it already had a precedent in hand from the FISC. Of course, it didn’t tell Gartenlaub that.

Of course, that’s not proof that the government codified the NCMEC sharing just for the Gartenlaub case. But there’s a lot of circumstantial evidence that that’s what happened.

The government still has not formally noticed this change to Gartenlaub

As I noted above, the government released the FISC order approving the change in the standard minimization procedures too late to be of use for Gartenlaub’s opening brief. That’s a point EFF and ACLU made in their worthwhile amicus submitted in the appeal.

For example, in this case, the government apparently refused to disclose the relevant FBI minimization procedures to Gartenlaub’s counsel even though other versions of those minimization procedures are publicly available. See Standard Minimization Procedures for FBI Electronic Surveillance and Physical Search Conducted Under FISA (2008). 8

We can debate whether the standard approval for NCMEC sharing is a good thing or whether it invites abuse, offering the FBI an opportunity to use more expansive searches to “find” evidence of child porn that it can then use as leverage in a foreign intelligence context (which I’ll return to). I suspect it is wiser to approve such sharing on a case-by-case basis, as had been the case before Gartenlaub.

But from this point forward, I would assume the FBI will routinely use this provision as an excuse to conduct particularly thorough searches for child porn, on the logic that obtaining any would provide great leverage against an intelligence target.

The timing of the approval of NCMEC sharing under Section 702

I have said repeatedly, I think the government is withholding some details.

One reason I think that is because of another remarkable coincidence of timing.

As I first reported here, the first notice that the government had approved the sharing with NCMEC in standard minimization procedures came in September 2015, when the government released the 2014 Thomas Hogan Section 702 opinion that approved such sharing under Section 702. The opinion relied on the earlier approval (by Rosemary Collyer), but redacted all reference to the timing and context of it, as well as a footnote relating to it.

I find the timing of both the release and the opinion itself to be of immense interest.

First, the government had no problem releasing this opinion back in 2015, while Gartenlaub was still awaiting trial (though it waited until almost two months after the District judge in his case, Christina Snyder, rejected his FISA challenge on August 6, 2015). So it was fine revealing to potential intelligence targets that it had standardized the approval of using FISA information to pursue child porn cases, just not revealing the dates that might have made it useful for Gartenlaub.

I’m even more interested in the timing of the order: August 26. The day before the FBI got its complaint approved and arrested Gartenlaub.

The FBI had long ago submitted FISA information to NCMEC. But it waited until both the standard minimization procedures for traditional FISA and for Section 702 had approved the sharing of data with NCMEC before they arrested Gartenlaub.

That’s one of several pieces of data that suggests they may have used Section 702 against Gartenlaub, on top of the other mix of criminal and FISA authorizations.

To be continued.

Updated timeline

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

Unknown date: Harris obtains a FISA order

January 29, 2014: FBI searches Gartenlaub’s home, images three hard drives

June 3, 2014: Harris sends files to National Center for Missing and Exploited Children, which confirms some files display known victims

August 11, 2014: Rosemary Collyer approves NCMEC sharing for traditional FISA standard minimization procedures

August 22, 2014: Search warrant obtained for Gartenlaub’s premises

August 26, 2014: Thomas Hogan approves NCMEC sharing for FISA 702

August 27, 2014: FBI searches Gartenlaub’s properties, seizing computers used as evidence in trial, arrests him

August 29, 2014: Government reportedly says it will dismiss charges if Gartenlaub will cooperate on spying

October 23, 2014: Grand jury indicts

August 6, 2015: Christina Snyder rejects Gartenlaub FISA challenge

September 29, 2015: ODNI releases 702 NCMEC sharing opinion

December 10, 2015: Guilty verdict

February 8, 2017: Gartenlaub submits opening brief

April 11, 2017: Government releases traditional FISA NCMEC sharing opinion

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

FISA and the Space-Time Continuum

/8 Comments/in , /by

I’m going to do a series of FISA posts on both the Keith Gartenlaub case (he was convicted on child porn charges after the FBI found old images on his computers during a FISA search) and the reported Paul Manafort FISA orders.

But first I want to explain FISA and the space-time continuum.

The space part is easy: the FISA Amendments Act slightly changed the geographical rules on what authority the government could use to target various kinds of people. It legalized the government’s practice of collecting on foreigners from facilities in the United States under Section 702. And it also required a judge’s approval for any spying on Americans overseas. While FAA envisioned two kinds of authorities for spying overseas — 703 (collection in the US on an American overseas, as in calling up Google for someone’s email box) and 704/705(b) (collection overseas on an American overseas, which is using all methods covered by EO 12333, including hacking them and collecting off switches), in practice just the latter authority is used. Effectively, then, the change just codified the domestic collection on foreigners, while requiring a court order for the same EO 12333 collection that had already been going on.

The time part is trickier.

The short version is that FISA imposes some restrictions on whether you can collect data at rest to obtain data from outside the period of a FISA order. Thus, if you’re not supposed to collect on someone when they’re in the US (whether that person is a US person or a foreigner), there are classified restrictions about whether you can collect stored data from that period.

None of these rules are (as far as I’m aware) public, but there are rules for all the various laws. In other words, you’re not supposed to be able to collect GMail on a foreigner while they’re in the US, but you’re also not supposed to be able to cheat and just get the same Gmail as soon as they leave the country.

This is even more complex for Americans. Domestically, there are two kinds of collection: 1805, which is the collection of data in motion — an old fashioned wiretap, and 1824, which is called a “physical search” order. The government likes to hide the fact that the collection of data at rest is accomplished with an 1824 physical search order, not 1805. So an 1824 order might be used to search a closet, or it might be used to image someone’s hard drive. Most often, 1805 and 1824 get combined, but not always (the FISC released a breakdown for these last year).

Of course (as the Gartenlaub case will show), if you image someone’s hard drive, you’re going to get data from well before the time they’ve been under a FISA order, quite possibly even from before you’ve owned your computer.

Then there’s travel overseas. If an American on whom there’s already an 1805 and/or 1824 order travels overseas, the Attorney General can automatically approve a 705(b) order for him (effectively replicating the old EO 12333 authority). But that collection is only supposed to cover the period when the person is overseas, and only for the period when they’ve had a FISA order against them. Using the kind of hacking they use overseas is going to get data in motion and stored communications and a whole lot more, meaning they may well get stuff sitting on the computer someone brings with them (yet another reason to bring travel laptops and phones overseas). And apparently, they only turn off an implant when a FISA order expires; they don’t entirely remove the implant. In addition, given the bulk collection the NSA conducts overseas, it would be child’s play (and from descriptions of violations, appears to have included) going back and accessing data that was collected in motion that had in the interim been sitting in NSA’s coffers.

Effectively, once someone leaves the country the NSA has access to time machines to collect data from the past, though there are supposed to be limits on doing this.

The FISA problems last year arose, first and foremost, from NSA collecting on Americans overseas outside the window of the orders covering them, which was a persistent problem that the NSA just never got around to fixing. That’s bad enough. But when you consider a 705(b) order only covers the period when an American normally targeted domestically is overseas, collecting outside the span of the order means you’re probably also using foreign collection to collect (including by hacking) in the US.

Which is all a way of saying that discussions of FISA almost always focus on the geographical limitations: Is someone inside the US or outside? Foreigner or American?

But because of the differing rules on data in motion and data at rest — and because of the truly awesome methods used as soon as someone goes overseas — there are actually a lot of ways that NSA can get around the legal limitations based on space by playing with the limitations on time.

Again, there are rules (which are not public) that are supposed to prevent this kind of thing from going on. But it does seem to be a problem NSA has long struggled with, even at the times it appeared to be operating in good faith rather than manipulating the space-time continuum to get what they want where they can get it.

Share this entry

How the FISC Takes Notice of Magistrate Decisions and DOJ Tries to Hide That

/3 Comments/in /by

Since it’s fashionable to debate whether the FISA Court is a rubber stamp or not, I wanted to point to this document, released to EFF under FOIA yesterday. Is is an August 7, 2006 order from Colleen Kollar-Kotelly for additional briefing on whether the government can retain the Post Cut Through Dialed Digits collected as part of a pen register. In this release, the government has redacted the date. We know the date — and the general circumstances of the request — from documents released in 2014 and another earlier EFF FOIA. I covered it here.

During this period, on August 7, 2006, Colleen Kollar-Kotelly ordered briefing in docket PRTT 06-102 on how FBI was fulfilling its obligation, apparently under the 2002 DOJ directive FBI maintained did not apply to FISA, not to affirmatively use PCTDD for any investigative purpose.  PDF 39-40

Judge Kotelly has ordered the FBI to submit a report no later than September 25 (2006). This report must contain:

(1) an explanation of how the FBI is implementing its obligation to make no affirmative investigative use, through pen register authorization, of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information, except in a rare case in order to prevent an immediate danger of death, serious physical injury or harm to the National Security, addressing in particular: a) whether post-cut-through digits obtained via FISA pen register surveillance are uploaded into TA, Proton, IDW, EDMS, TED, or any other FBI system; and b) if so what procedures are in place to ensure that no affirmative investigative use is made of postcut-through digits that do not constitute call dialing, routing, addressing or signaling information, including whether such procedures mandate that this information be deleted from the relevant system.

(2) an explanation of what procedures are in place to ensure that the Court is notified, as required pursuant to the Courts Order in the above captioned matter, whenever the government decides to make affirmative investigative use of post-cut-through digits that do not constitute call dialing, routing, addressing or signaling information in order to prevent an immediate danger of death, serious physical injury, or harm to the national security.

At the time, at least some of FBI’s lawyers believed that for FISA Pen Registers, FBI retained all the PCTDD. PDF 38

When DSC 3000 is used for a FISA collection, doesn’t the DCS 3000 pass all to the [redacted](DSC 5000) including the PCTDD–in other words for FISAs the DCS3000 does NOT use the default of not recoding [sic] the PCTTD???? [sic]

This report — dated September 25, 2006 — appears to be the report Kollar-Kotelly requested. It implores her not to follow [redacted], which appears to is a reference the EDNY court Texas decision.

That report is followed by this one — which was submitted on November 1, 2006 — which appears to propose new procedures to convince her to permit the FBI to continue to collect and retain PCTDD.

This new document, the briefing order, adds almost nothing to the discussion.

Except for this: it reveals that FISC — not DOJ — raised Stephen Smith’s opinion.

This is why I defend the FISC against claims it’s a rubber stamp. It has, on at least some occasions, done the work an adversary would normally do. And for at least 3 years, DOJ has tried to hide that FISC had to do so here.

Note what has happened in the interim? The government didn’t release this in FOIA in 2013-2014, though it was responsive to those earlier FOIA requests.

It did, however, release it now.

In the interim, DOJ gamed the new FISCR fast-track process, so as to be able to get an appellate decision approving the broader retention that Kollar-Kotelly first questioned back in 2006. Now, with that FISCR decision in pocket, DOJ has all of a sudden decided this order is no longer too classified to release (even while it still hides the timing of it).

The FISC is not perfect. But when weighing whether the FISC or DOJ (saddled, perhaps, with incomplete disclosure from NSA) has more often resulted in questionable decisions, I would almost always blame DOJ and NSA over the FISC.

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The NSA’s 5-Page Entirely Redacted Definition of Metadata

/3 Comments/in /by

In my post on Rosemary Collyer’s shitty upstream 702 opinion, I noted that the only known (but entirely redacted) discussions of what constituted metadata were part of the 2004 and 2010 authorizations for the Internet dragnet.

The documents liberated by Charlie Savage (starting at PDF 184) reveal the topic was actually discussed during the resolution of the 2011 upstream fight. In response to a Bates question to “fully describe what constitutes ‘metadata'” that can be extracted from Internet transactions, the government defined the term in a footnote that is substantially redacted.

That discussion is followed by five entirely redacted pages describing the three (also entirely redacted) categories of metadata.

So I apologize to the government for suggesting they’ve never defined the difference between content and metadata in the context of upstream content collection (the discussion probably closely follows the Internet dragnet discussion, which Bates had had with the government roughly 18 months earlier; that discussion allowed some dialing, routing, addressing, or signaling information that counted as content but didn’t convey the message of the communication to be treated as metadata).

That said, what the fuck are you thinking?!?!?

I mean, first of all, Congress is about to reauthorize 702, possibly trying to codify the prohibition on about searches. But most of Congress won’t go through the trouble to read this five page definition, much less consult with technical experts to understand if the definition is meaningful and how any draft bill would interact with this language. So it’s unclear how closely tested this has been.

As noted, even by the 2010 discussion, it was clear Bates was creating a middle ground for stuff that was technically content but which served a DRAS function — probably something akin to Steve Bellovin et al’s definition of architectural content. Given the way NSA asked to and did nuke the existing PRTT data at precisely this time (though without letting the Inspector General review their destruction of intake data) it’s highly likely they were violating those limits, at least through the processing stage. But legally, using this definition of metadata would all of a sudden be kosher, because the metadata would have been collected under a content standard, so the distinction of it being metadata would matter primarily for the privacy considerations (not least because Americans’ metadata collected off this upstream collection could and can be disseminated with a much lower standard than the one in place in the Internet dragnet, and can be disseminated for non-terrorism purposes), not legal ones. In other words, by collecting its domestic metadata using a content collection statute, the legal distinction between metadata and content would no longer matter, after 7 years of mattering.

Except now it does.

If the NSA’s five page definition of metadata includes stuff that is legally content, then the promise to avoid “about” collection is probably bogus, because it’d incorporate these definitions of metadata and thereby permit using metadata that actually counts as content as a selector.

Which is probably also why the government is so keen to avoid a prohibition on about searches — because what they’re doing, even today, amounts legally to about collection.

I’ll have to put some thought to the privacy implications of this (I suspect this explains the utility of upstream collection for cybersecurity purposes).

But if I’m right, there’s no way this should be classified, at least not entirely classified, not if the government has claimed to have gotten out of the business of searching for selectors in content.

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The NSA’s Purge Obfuscations

/2 Comments/in /by

One thing that the 2011 702 documents Charlie Savage liberated make clear is that the government is (and was) obtaining more domestic communications — but purging them — than it wants to let on (and the numbers have surely gotten worse since 2011).

In a hearing on September 7, 2011, the first question that John Bates asked (starting at PDF 35) about the sampling the NSA had done is how many communications had been purged before the agency started counting its sample, a sample that included both PRISM and upstream collection. As Bates noted, it would be one thing if the NSA were purging half its collection and then counting than if it only had to purge a small amount.

During this exchange, the government was careful to limit their discussion of purged communications to upstream MCT related collection.

When the government responded (starting at PDF 117), it provided numbers for just what had gotten purged from upstream collection.

I’m not entirely sure their claim that none of this purged information was “upstream” collection — as opposed to MCT collection — is correct (as a post on the violations will explore). But they make it clear: the 18,446 purged communications were just Internet upstream. For every upstream  record purged because the target had roamed into the US, there might be correlated telephony collection that would get purged — some of the most commonly discussed purged communications. It might also include PRISM production that would have to get purged (if, for example, the target continued to use GMail while in the US). In addition, there might be targets discovered to be (perhaps by reading that PRISM production) Americans. So the 18,446 is just a portion of what got purged — but the government pointedly avoided telling Bates how much of the other kind there was.

Of the upstream Internet collection in 2011, .1% was getting purged.

The purge numbers for telephony and PRISM would not be the same as for upstream. The telephony numbers might be far far higher, given public reporting from the period. The NSA was working off some overcollection that was limited to upstream during this period, which would lead to more upstream communications being purged. But the rules on domestic collection of PRISM communications are different than they are for upstream.

In any case, the government’s careful dodge of providing Bates the full purge number suggests the telephony and PRISM purge numbers might be substantial, too. But we don’t get that number.

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Reclassification of Details on the 2011 Upstream Fight

/3 Comments/in /by

As I noted in this post, Charlie Savage recently liberated more details on the resolution of the 2011 upstream 702 problems.

With respect to some details, however, the newly liberated documents represent a reclassification of details that were made public when the October 3, 2011 John Bates opinion was released in 2013. The government has provided entirely classified documents that are probably the early exchanges on the problem, including language that was unclassified in Bates’ 2011 opinion. In addition, the government has redacted dates that were also made public in Bates’ opinion.

I laid out both the timeline and the language cited from those early exchanges in this post. As I noted in this post, that timeline makes it clear that at the same time John Bates was asking NSA to assess the impact of upstream collection on US persons by sampling real NSA collection, Ron Wyden and Mark Udall were asking for the same thing.

I’ve laid out the combined timeline below. What it — and the newly released documents — show is just how brazen James Clapper’s refusal to provide real numbers to Wyden and Udall was. Not only did their request exactly coincide with the government’s request for more time so they could get more data — the count of US persons — to Bates (though Clapper’s record quick response delivered his refusal before Bates got his first real numbers). But the 48-hour turnaround on analysis of SCTs in September shows how quickly NSA can get rough estimates of US person data when they need to.

There are more alarming things the reclassification of these details suggests, which I’ll address in a follow-up. But for now, know that in 2011, the Intelligence Community refused to treat Congress with the same respect due a co-equal branch of government as it was treating Bates (and that’s the deep background to James Clapper’s 2013 “not wittingly” response).

April 2011, unknown date: Wyden and Udall ask for estimate of US person collection verbally

 

April 19, 2011: Notice of two upstream overcollection violations [see PDF 144]

April 20, 2011: One recertification submission

April 22, 2011: Two more recertification submissions

May 2, 2011: Clarification letter first admits MCT problem

May 5, 2011: Government asks for extension until July 22, 2011

May 9, 2011: Court grants extension, issues briefing order

June 1, 2011: Government submits response to briefing order

June 17, 2011: Court presents follow-up questions

June 28, 2011: Government response to follow-up questions

July 8, 2011: Court (John Bates) meets with senior DOJ people, tells them he has serious concerns

July 14, 2011: Government files another extension; court grants extension to September 20, 2011

July 14, 2011: Wyden and Udall send letter to James Clapper asking (among other things):

  • In a December 2007 Statement of Administration Policy on the FISA Amendments Act, the Office of Management and Budget said that it would “likely be impossible” to count the number of people located in the United States whose communications were reviewed by the government pursuant to the FISA Amendments Act. Is this still the case? If so, is it possible to estimate this number with any accuracy?
  • Have any apparently law-abiding Americans had their communications collected by the government pursuant to the FISA Amendments Act?

July 26, 2011: Clapper responds to Wyden and Udall, refusing to give numbers or describe compliance incidents

August 16, 2011: Government files supplement, presenting results of “manual review of statistically representative sample” for 6 months

August 22, 2011: Meeting between Court and government

August 30, 2011: Government makes another submission

September 7, 2011: Court has hearing

September 9, 2011: Government files additional submission, submitting results of analysis of SCTs completed in just 48 hours

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

A Better Example of Article III FISA Oversight: Reaz Qadir Khan

/3 Comments/in /by

As debate over reauthorization of Section 702 heats up, both those in favor of reform and those asking for straight reauthorization are making their cases. As part of that, I wrote a summary of the most persistent NSA (and FBI) violations of FISA for Demand Progress, called “Institutional Lack of Candor.” I did a piece for Motherboard based off the report, which also looks at how Rosermary Collyer did not use the leverage of FISA’s exclusivity clause to force NSA to purge improperly accessed data this year.

Meanwhile, NSA’s General Counsel, Glenn Gerstell, just did a speech at University of Texas laying out what he claimed is the judicial oversight over Section 702. There’s one line I find particularly interesting:

Among other things, Section 702 also enables collection of information on foreign weapons proliferators and informs our cybersecurity efforts.

Here, Gerstell appears to be laying out the three known certificates (counterterrorism, counterproliferation, and foreign government). But I wonder whether the “among other things” points to a new certificate, or to the more amorphous uses of the foreign government cert.

As for Gerstell’s argument that there’s sufficient judicial oversight, I find it laughable in several key points.

For example, here’s how Gerstell describes the amicus provision included with USA Freedom Act.

The FISC is entitled to call upon the assistance of amici when evaluating a novel or significant interpretation of the law or when it requires outside technical expertise. This amicus provision, which was added to FISA as part of the USA FREEDOM Act amendments in 2015, enables the court to draw upon additional expertise and outside perspectives when evaluating a proposed surveillance activity, thus ensuring that the FISC’s oversight remains both robust and knowledgeable. The court has designated a pool of experts in national security to serve as amicus curiae at the court’s request. Amici are specifically instructed to provide to the court “legal arguments that advance the protection of individual privacy and civil liberties,” “information related to intelligence collection or communications technology,” or any other legal arguments relevant to the issue before the court.

The FISC’s amicus provisions are more than a mere statutory wink and nod to strong judicial oversight. The court has in fact called upon its amici to assist in evaluating Section 702 activities. In 2015, the FISC appointed an amicus to analyze what the court felt were two novel or significant interpretations of law that arose as part of its review of the government’s annual application for 702 certifications. The first issue involved whether queries of 702 collection that are designed to return information concerning U.S. persons are consistent with statutory and constitutional requirements. The second question involved whether there were any statutory or constitutional concerns about preserving information collected under Section 702 for litigation purposes that would otherwise be subject to destruction under the government’s minimization procedures. On both issues, the FISC carefully considered the views of the amicus, ultimately concluding that both of the proposed procedures were reasonably tailored to protect the privacy of U.S. persons and thus permissible under both the FISA statute and the constitution. [my emphasis]

Gerstell speaks of the amicus provision as newly permitting — “entitled,” “enabled” — the FISC to consult with others. Yet the FISC always had the ability to call amici (in fact it did ask for outside help in the In Re Sealed Case provision and in a few issues in the wake of the Snowden leaks). What was new with the USAF amicus is an affirmative requirement to either use an amicus or explain why it chose not to in any matters that present a “novel or significant interpretation of the law.”

Authorization.–A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate; and

(B) may appoint an individual or organization to serve as amicus curiae, including to provide technical expertise, in any instance as such court deems appropriate or, upon motion, permit an individual or organization leave to file an amicus curiae brief.

It’s true that USAF permits the FISC to decide what counts as new, but in those cases, the law does require one or another action, not simply permit it.

Which is why it’s so funny that Gerstell harps on the inclusion of Amy Jeffress in the 2015 recertification process. Note his silence on the 2016 process, which addressed an issue that (as both my reports above make clear) is far more problematic than the ones Jeffress weighed in on? Collyer simply blew off the USAF requirement, and didn’t get the technical help she apparently badly needed. As I noted, she sort of threw up her hands and claimed there were simply no people with the technical expertise and clearance available to help.

I suspect the Intelligence Community — and possibly even the law enforcement community — will live to regret Collyer’s obstinance about asking for help, if for no other reason than we’re likely to see legal challenges because of the way she authorized back door searches on content she knows to include domestic communications.

Gerstell then goes on to hail Mohamed Mohamud’s challenge to 702 as an example of worthwhile Title III court oversight of the program.

In certain circumstances, challenges to surveillance programs can be brought in other federal courts across the country. One recent court case is particularly illustrative of the review of Section 702 outside of the FISC, and here is how it commenced:

A few years ago, a young man named Mohamed Mohamud was studying engineering at Oregon State University. He had emigrated to the U.S. from Somalia with his family when he was only three, and he later became a naturalized U.S. citizen. He grew up around Portland, Oregon, enjoying many typical American pursuits like music and the Los Angeles Lakers. In 2008, however, he was involved in an incident at Heathrow Airport in London during which he believed he was racially profiled by airport security. This incident set Mohamud on a path toward radicalization. He began reading jihadist literature and corresponding with other Al-Qaeda supporters. In 2010, he was arrested and indicted for his involvement in a plot to bomb the Christmas Tree Lighting Ceremony in Portland, which was scheduled to take place the day after Thanksgiving. He was eventually found guilty of attempted use of a weapon of mass destruction.

After the verdict but before his sentencing, the government provided Mohamud with a supplemental notice that it had offered into evidence or otherwise used or disclosed during the proceedings information derived from Section 702 collection. After receiving this notice, Mohamud petitioned the court for a new trial, arguing that any 702-derived information should be suppressed because, among other reasons, he claimed that Section 702 violated the Fourth Amendment. The federal district court considered Mohamud’s claims before ultimately holding that 702 was constitutional. In so holding, the court found that 702 surveillance does not trigger the Fourth Amendment’s warrant requirement because any collection of U.S. person information occurring as a result of constitutionally permissible 702 acquisitions occurs only incidentally and, even if it did trigger the warrant requirement, a foreign intelligence exception applies. The court also found that “the government’s compelling interest in protecting national security outweighed the intrusion of Section 702 surveillance on an individual’s privacy,” so the 702 collection at issue in that case was reasonable under the Fourth Amendment.

Mohamud appealed the district court’s ruling to the Ninth Circuit, where the Circuit Court again looked at the constitutionality of the 702 collection at issue, with particular scrutiny on incidental collection. The Ninth Circuit concluded that the government’s surveillance in this case was consistent with constitutional and statutory requirements; even if Mohamud had a Fourth Amendment right to privacy in any incidentally-collected communications, the government’s searches were held to be reasonable. [my emphasis]

Look carefully at what Gerstell has argued: he uses a case where DOJ introduced evidence derived from 702, but gave the legally required notice only after the entire trial was over! That is, he’s pointing to a case where DOJ broke the law as proof of how well judicial oversight works.

And that’s important because DOJ has stopped giving 702 notice again (and has never given notice in a non-terrorism case, even though it surely has used derivative information in those cases as well). Without that notice, no defendant will be able to challenge 702 in the designated manner.

Which is why I would point to a different case for what criminal court oversight of SIGINT should look like: that of Reaz Qadir Khan (whose own case was closely linked to that of Mohamud).

At first, Khan tried to force the judge in his case, Michael Mosman, to recuse because he was serving as a FISA judge at the time. Mosman stayed.

Khan then asked for notice from the government for every piece of evidence obtained by the defense, laying out the possible authorities. Things started getting squirrelly at that point, as I summarized here.

Last year, I described the effort by the Reaz Qadir Khan’s lawyers to make the government list all the surveillance it had used to catch him (which, significantly, would either be targeted off a dead man or go back to the period during with the government used Stellar Wind). In October the government wrote a letter dodging most notice. Earlier this year, Judge Michael Mosman (who happens to also be a FISA judge) deferred the notice issues until late in the CIPA process. Earlier this month, Khan plead guilty to accessory to material support for terrorism after the fact.

What I suspect happened is that Mosman, who knows more about FISA than almost all District judges because he was (and still is) serving on the court, recognized that the government had surveillance that deserved some kind of judicial scrutiny (in this case, it probably involved Stellar Wind collection, but also likely included other authorities). So he agreed to deal with it in CIPA.

And just weeks later, Khan got a plea deal.

That’s the way it should work: for a judge to be able to look at surveillance and figure out if something isn’t exactly right or, for exotic interpretations of the law that don’t pass a smell test, and in those cases provide some means for review. Here, the government appears to have gotten uninterested in subjecting its evidence for review and, as is built into CIPA, ended up making a deal instead.

Of course, that rare exception points to one of the problems with FISC.

Gerstell claims that a court that until the Snowden leaks had no Democratic appointees on it boasts a “diversity of backgrounds.”

Recognizing the importance of judicial accountability for foreign intelligence surveillance under FISA, Congress designed a specialized court authorized to operate in secret – the FISC – to encourage rigorous oversight of activities conducted under FISA. Even its structure is deliberately assembled to serve that purpose. FISC judges are selected by the Chief Justice to serve for up to seven years, on staggered terms, which guarantees continuity and subject matter expertise on critical issues. In addition, the FISC is required by statute to be composed of judges drawn from at least seven of the U.S. judicial circuits. This statutory makeup ensures that the FISC includes judges from a diversity of backgrounds and geographic regions, rather than a court that might tend toward unanimity of thought or particular judicial sympathies.

That’s poppycock. The judges tend to be conservative. Importantly, the presiding judges are always from the DC district, not even just the DC neighborhood, such as MD or EDVA.

And remarkably, almost none of the judges on the FISC have presided over terrorism cases (Mosman is from OR, which because of a mosque that the FBI has basically lived in since 9/11, has had more than its share of terrorism cases). Which means the men and women sitting in Prettyman overseeing FISA often have little to no experience on how that data might affect an American’s right to a fair trial two years down the road.

I, like Gerstell, contest the claim that the FISC is generally a rubber stamp. But I do believe it should include more of the judges who actually oversee the trials that may result, because that experience would vastly improve understanding of the import of the review. At the very least, it should include the judges from EDVA who oversee the cases that go through the CIA-Pentagon District, which also includes a great many of the country’s espionage cases.

And most of all, the practice of having one judge, always from DC, review programmatic spying programs by herself should stop. While it is absolutely the case that judges have often shown great diligence, when a judge doesn’t show adequate diligence — as I believe Collyer did not this year — it may create problems that will persist for years.

The FISC is not a rubber stamp. But neither is the judicial oversight of 702 the consistently diligent oversight Gerstell claims.

Share this entry