In Advance of USA Freedom and CISA Fights, PCLOB Pretends Section 702 Doesn’t Have a Cyber Function

/2 Comments/in , /by

In a piece for Salon, I note some of the weird silences in yesterday’s PCLOB report, from things like the failure to give defendants notice (which I discussed yesterday) to the false claim that Targeting Procedures haven’t been released (they have been — by Edward Snowden). One of the most troubling silences, however, pertains to cybersecurity.

That’s especially true in one area where PCLOB inexplicably remained entirely silent. PCLOB noted in its report that, because Congress limited its mandate to counterterrorism programs, it focused primarily on those uses of Section 702. That meant a number of PCLOB’s discussions — particularly regarding “incidental collections” of Americans sucked up under Section 702 — minimized the degree to which Americans who corresponded with completely innocent foreigners could be in a government database. That said, PCLOB did admit there were other uses, and it discussed the government’s use of Section 702 to pursue weapons proliferators.

Yet PCLOB remained silent about a use of Section 702 that both Director of National Intelligence James Clapper’s office, in its very first information sheet on Section 702 released in June 2013, and multiple government witnesses at PCLOB’s own hearing on this topic in March, discussed: cybersecurity. Not only should that have been discussed because Congress is preparing to debate cybersecurity legislation that would be modeled on Section 702. But the use of Section 702 for cybersecurity presents a number of unique, and potentially more significant, privacy concerns.

And PCLOB just dodged that issue entirely, even though Section 702′s use for cybersecurity is unclassified.

In the transcript of the March PCLOB hearing on Section 702 uses, the word “cyber” shows up 12 times. Four of those references come from DOJ’s Deputy Assistant Attorney General Brad Wiegmann’s description of the kinds of foreign intelligence uses targeted under Section 702. (The other references came from Information Technology Industry Council President Dean Garfield.)

MR. WIEGMANN: You task a selector. So you’re identifying, that’s when you take that selector to the company and say this one’s been approved. You’ve concluded that it is, does belong to a non-U.S. person overseas, a terrorist, or a proliferator, or a cyber person, right, whoever it is, and then we go to the company and get the information.

[snip]

It’s aimed at only those people who are foreign intelligence targets and you have reason to believe that going up on that account that I mentioned, bad guy at Google.com is going to give you back information, information that is foreign intelligence, like on cyber threats, on terrorists, on proliferation, whatever it might be.

[snip]

So in other words, if I need to, if it’s Joe Smith and his name is necessary if I’m passing it to that foreign government and it’s key that they understand that it’s Joe Smith because that’s relevant to understanding what the threat is, or what the information is, let’s say he’s a cyber, malicious cyber hacker or whatever, and it was key to know the information, then you might pass Joe Smith’s name.

Yesterday’s report, however, doesn’t mention “cyber” a single time. Indeed, it seems to go out of its way to avoid mentioning it.

As discussed elsewhere in this Report, the Board believes that the Section 702 program significantly aids the government’s efforts to prevent terrorism, as well as to combat weapons proliferation and gather foreign intelligence for other purposes.

[snip]

The Section 702 program, for instance, is also used for surveillance aimed at countering the efforts of proliferators of weapons of mass destruction.473 Given that these other foreign intelligence purposes of the program are not strictly within the Board’s mandate, we have not scrutinized the effectiveness of Section 702 in contributing to those other purposes with the same rigor that we have applied in assessing the program’s contribution to counterterrorism. Nevertheless, we have come to learn how the program is used for these other purposes, including, for example, specific ways in which it has been used to combat weapons proliferation and the degree to which the program supports the government’s efforts to gather foreign intelligence for the benefit of policymakers.

Its footnote to that last section cites DOJ’s 2012 report to SSCI on the uses of Section 702 (which doesn’t mention cyber) rather than the information sheet released in June 2013, which does.

I find PCLOB’s silence about the use of Section 702 to pursue cyber targets particularly interesting for several reasons.

First, because cyber targets pose unique privacy threats — in part because cyberattackers are more likely to hide their location and exploit the communications of entirely innocent people, meaning Section 702’s claimed targeting limits offer no protection to Americans. Additionally, targeting (as Wiegmann describes it) a “malicious cyber hacker” goes beyond any traditional definition of foreign agent; it is telling he didn’t use a Chinese military hacker as his example instead! Indeed, while proliferation (along with foreign governments, the other presumed certification) is solidly within FISA Amendment Act’s definition of foreign intelligence, cybersecurity is not. In its discussion of back door searches, PCLOB admits there are concerns raised by back door searches that are heightened (or perhaps more sensitive, because they involve affluent white people) outside the counterterrorism context, that’s especially true for cybersecurity targeting.

Consider, too, the likelihood that cyber collection is among the categories of about collection that PCLOB obliquely mentions but doesn’t describe due to classification.

Although we cannot discuss the details in an unclassified public report, the moniker “about” collection describes a number of distinct scenarios, which the government has in the past characterized as different “categories” of “about” collection. These categories are not predetermined limits that confine what the government acquires; rather, they are merely ways of describing the different forms of communications that are neither to nor from a tasked selector but nevertheless are collected because they contain the selector somewhere within them.

At the beginning of the report, PCLOB repeated the government’s claim this is primarily about emails; here in the guts of it, it obliquely references other categories of collection, without really considering whether these categories present different privacy concerns.

Remember, too, that the original, good version of USA Freedom Act remains before the Senate Judiciary Committee. That bill would disallow the use of upstream 702 for any use but counterterrorism and counterproliferation. Did PCLOB ignore this use of Section 702 just to avoid alerting Senators who haven’t been briefed on it that it exists?

Finally, I also find PCLOB’s silence about NSA’s admitted use of Section 702 to pursue cyberattackers curious given that, after Congress largely ditched ideas to involve PCLOB in various NSA oversight — such as providing it a role in the FISA Advocate position — Dianne Feinstein’s Cyber Information Sharing Act all of a sudden has found a use for PCLOB again (serving a function, I should add, that arguably replaces FISC review).

(1) BIENNIAL REPORT FROM PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD.—Not later than 1 year after the date of the enactment of this Act and not less frequently than once every 2 years thereafter, the Privacy and Civil Liberties Oversight Board shall submit to Congress and the President a report providing—

(A) an assessment of the privacy and civil liberties impact of the type of activities carried out under this Act; and

(B) an assessment of the sufficiency of the policies, procedures, and guidelines established pursuant to section 5 in addressing privacy and civil liberties concerns.

Feinstein introduced this bill on June 17, several weeks after PCLOB briefed her staffers on their report (they briefed Congressional committee aides on June 2, and the White House on June 17 — see just after 9:00).

A renewed openness to expanding PCLOB’s role may be entirely unmotivated, or it may stem from PCLOB’s chastened analysis of the legal issues surrounding Section 702.

But I do find it interesting that PCLOB uttered, literally, not one word about the topic that, if DiFi’s bill passes, would expand their mandate.

Share this entry

Working Thread, PCLOB Report

/7 Comments/in /by

The pre-release PCLOB report on Section 702 is here. This will be a working thread.

PDF 16: First recommendation is to include more enunciation of foreign intel purpose. This was actually a Snowden revelation the govt poo pooed.

PDF 17: Recommends new limits on non-FI criminal use of FBI back door searches, and some better tracking of it (surprised that’s not stronger!). Also recommends new documentation for NSA, CIA back door queries.  Must mean CIA is a problem.

PDF 17: Recommends FISC get the “rules” NSA uses. That suggests there may be some differences between what the govt does and what it tells FISC it does.

PDF 17: Recommends better assessment of filtering for upstream to leave out USP data. John Bates was skeptical there wasn’t better tech too.

PDF 18: Suggestion there are more types of upstream collection than there needs to be.

PDF 27 fn 56: Notes some room in the definition of Foreign Intelligence.

PDF 30: Note how PCLOB deals with issues of scope.

PDF 34: Note the discussion of due diligence. Due diligence problems amount for about 9% of NSA violations.

PDF 34-35: This must be a response to violations reported by Risen and Lichtblau, and is probably one of the things referred to in NSA’s review of its own COINTELPRO like problems.

In a still-classified 2009 opinion, the FISC held that the judicial review requirements regarding the targeting and minimization procedures required that the FISC be fully informed of every incident of noncompliance with those procedures. In the 2009 opinion, the court analyzed whether several errors in applying the targeting and minimization procedures that had been reported to the court undermined either the court’s statutory or constitutional analysis. (The court concluded that they did not.)

PDF 39: NSA gets all PRISM collection, and it goes from there to CIA and FBI. CIA and FBI get only PRISM data.

PDF 42: Another FISC opinion to be released.

In a still-classified September 2008 opinion, the FISC agreed with the government’s conclusion that the government’s target when it acquires an “about” communication is not the sender or recipients of the communication, regarding whom the government may know nothing, but instead the targeted user of the Section 702–tasked selector.

PDF 43: This sounds like a lot of about collection is of forwarded emails.

There are technical reasons why “about” collection is necessary to acquire even some communications that are “to” and “from” a tasked selector. In addition, some types of “about” communications actually involve Internet activity of the targeted person.138 The NSA cannot, however, distinguish in an automated fashion between “about” communications that involve the activity of the target from communications that, for instance, merely contain an email address in the body of an email between two non-targets.139 

PDF 45: I’ll have to check but some of these cites to Bates may be to still redacted sections.

[Headed to bed–will finish my read in the AM]

PDF 47: One thing PCLOB doesn’t explain is if the FBI and CIA targeting takes place at NSA or at those agencies. In the past, it had been the former.

PDF 49: .4% o f targeting ends up getting an American.

PDF 55: NSA shares technical data for collection avoidance purposes. This sounds like the defeat list in the phone dragnet, and like that, seems tailored not just for protecting USPs generally, but sensitive communications (like those of MoCs) more specifically.

PDF 57: This was implicit in some of the docs released by Snowden, but the govt now tags Section 702 data, as they do Section 215, so as to ensure it gets the heightened treatment provided by the law.

Read more

Share this entry

NSA Refused to Confirm Authenticity of Foreign Power Certification

/in /by

There’s an odd detail in yesterday’s WaPo confirmation that the US may target every country in the world that’s not a part of the Five Eyes partnership. After having suggested publicly and repeatedly that it has certifications for counterterrorism, counterproliferation and cyber, it refused to confirm that the certification for foreign powers was authentic.

NSA officials, who declined to comment on the certification or acknowledge its authenticity, stressed the constraints placed on foreign intelligence-gathering.

So it’s willing to confirm all those other uses, but not this one?

The section immediately reminded me of these two sections of Judge Garr King’s opinion refusing Mohamed Osman Mohuamud’s challenge to the use of Section 702 against him.

If I use defendant’s proffered standard in a facial challenge, that there would be a substantial risk the statute would be applied unconstitutionally, rather than the government’s proffered standard, that the statute would survive a facial challenge if there is any set of circumstances in which it could be constitutionally applied,2 I would be required to speculate about the other applications. Under the government’s standard, if the statute survives an as-applied challenge, it automatically survives a facial challenge because there is at least one constitutional application. I am unwilling to speculate on other applications with a statute this complex.

[snip]

Defendant is concerned the government could interpret the “conduct of the foreign affairs of the United States” broadly enough to cover such items as international trade, rather than just threats to national security.

I note the discovery in this case all concerned protecting the country from a terrorist threat and did not stray into the broader category of the conduct of foreign affairs.

The government has just survived a constitutional challenge to Section 702 by refusing to speculate that the government might do something like spy for advantage in international trade.

Which, we now have proof, it does.

Spying for advantage in international trade is a much higher reach for the special needs analysis King and the FISCR have used to deem Section 702 reasonable.

Given the government’s extensive efforts to hide this application of Section 702, you might even think they don’t believe it’s reasonable!

 

Share this entry

Were DiFi’s Aides Who Claimed “Only a Small Number” of Back Door Searches Ignorant or Lying?

/11 Comments/in /by

Yesterday, we learned:

  • NSA conducted unwarranted back door searches on 198 US persons’ content last year and 9,500 back door searches on US person metadata
  • CIA conducted around 1,900 unwarranted back door searches on US person content, and an uncounted number of back door searches on US person metadata
  • FBI conducted a substantial number of unwarranted back door searches on US person content and metadata — so much so it doesn’t count it

Back in November, when Dianne Feinstein was trying to codify these unwarranted back door searches explicitly into law, here’s what anonymous sources described as Senate Intelligence Committee aides told the WaPo:

They say that there have been only a “small number” of such queries each year. Such searches are useful, for instance, if a tip arises that a terrorist group is plotting to kill or kidnap an American, officials have said.

“Only a small number.”

Over 2,000 counted searches between the CIA and NSA. Uncounted, but substantial, number of searches by FBI. “Only a small number.”

Were these anonymous sources ignorant — relying on false information from the Agencies? The actual number of unwarranted back door searches doesn’t appear in the unredacted portions of the one Semiannual Section 702 Compliance report we’ve seen (see page 13); there doesn’t appear to be a redacted section where they would end up.

So have the Agencies (CIA and NSA in this case; FBI’s back door searches get audited in a different way) simply hidden from their Congressional overseers how frequently they were doing these searches?

Or were these aides trying, once again, to pass legislation permitting the nation’s spy agencies to conduct intrusive searches on Americans by lying?

One way or another, it’s a damn good thing Ron Wyden asked for and insisted on getting an answer to his question of how common these back door searches are (even if the FBI still refuses to count them). Because the key people who are supposed to oversee them are either ignorant or lying about them.

Share this entry

In Advance of PCLOB, WaPo Busts ODNI’s Limited Hang Out on Certifications

/3 Comments/in , , /by

Earlier today, I got to tell the journalists who have long ignored that the FBI does back door searches — or even suggested I was guessing that they do, when it appeared in multiple public documents — that I had been telling them so for a long time.

But today I also have to admit I got suckered by a year-long Director of National Intelligence effort at a limited hangout. That effort was, I’m convinced, designed to hide that the Section 702 program is far broader than government witnesses wanted to publicly admit it was. Nevertheless, I was wrong about a supposition I had believed until about 2 months ago.

Since the first days after the Snowden leaks, the government has suggested it had 3 certificates under Section 702, covering counterterrorism, counterproliferation, and cybersecurity.  But — as the WaPo reports (as with the ODNI back door search numbers, in convenient timing that conveniently preempts the PCLOB report) — that’ s not the case. The NSA has a certificate that covers every foreign government except the other 4 members of the 5 Eyes (UK, Canada, New Zealand, and Australia), as well as various foreign organizations like OPEC, the European Central Bank, and various Bolivarist groups.

For an entire year, the government has been suggesting that is not the case. I even believed them, the one thing I know of where I got utterly suckered. I was wrong.

Frankly, this certification should not be a surprise. It is solidly within the letter of the law, which permits collection on any agent of a foreign power. From the very first PRISM revelations, which showed collection on Venezuela, it was clear NSA collected broadly, including on Bolivarist governments and energy organizations.

But consistently over the last year, the NSA has suggested it only had certifications for CT, CP, and cyber.

On June 8 of last year, for example, ODNI listed 3 Section 702 successes.

  • Communications collected under Section 702 have provided the Intelligence Community insight into terrorist networks and plans. For example, the Intelligence Community acquired information on a terrorist organization’s strategic planning efforts.
  • Communications collected under Section 702 have yielded intelligence regarding proliferation networks and have directly and significantly contributed to successful operations to impede the proliferation of weapons of mass destruction and related technologies.
  • Communications collected under Section 702 have provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks. This insight has led to successful efforts to mitigate these threats

The October 3, 2011 John Bates opinion, released in October, made it clear there were just 3 certificates at that point.

3 certificates

 

 

(Though note the Semiannual Compliance Review released last year looked to be consistent with at least one more certificate.)

The President’s Review Group emphasized the categorical nature of certificates, and in its second discussion thereof named those same three categories.

[S]ection 702 authorized the FISC to approve annual certifications submitted by the Attorney General and the Director of National Intelligence (DNI) that identify certain categories of foreign intelligence targets whose communications may be collected, subject to FISC-approved targeting and minimization procedures. The categories of targets specified by these certifications typically consist of, for example, international terrorists and individuals involved in the proliferation of weapons of mass destruction.

[snip]

Section 702 requires that NSA’s certifications attest that a “significant purpose” of any acquisition is to obtain foreign intelligence information (i.e. directed at international terrorism, nuclear proliferation, or hostile cyber activities), that it does not intentionally target a United States person, that it does not intentionally target any person known at the time of acquisition to be in the United States, that it does not target any person outside the United States for the purpose of targeting a person inside the United States, and that it meets the requirements of the Fourth Amendment.

And in March testimony before PCLOB, NSA General Counsel Raj De suggested those same three topics.

But beyond that there has to be a valid foreign intelligence reason within the ambit of one of those certifications that the FISC approves annually. Those are certifications on things like counterterrorism, encountering WMDs, for example, weapons of mass destruction.

Most recently, former DOJ official Carrie Cordero — who has been involved in this whole certification process — claimed in the CATO debate we’ve been engaged in “they are not so broad that they cover any and everything that might be foreign intelligence information.”

And yet, there’s a foreign intelligence certificate that covers any and everything that might be foreign intelligence information, a certificate that destroys the whole point of having certificates (though if there’s a cyber one, I suspect it has its own problems, in that it permits domestic collection).

Lots of people are claiming WaPo’s latest is no big deal, because of course the NSA spies on foreign government’s. They’re right, to a point. Except that the government has been strongly implying, since day one, that Section 702 was narrowly deployed, not available to use against all but our 4 closest spying allies.

PCLOB is surely about to make it clear that’s not the case. And voila! All of a sudden it becomes clear the government has been misleading when it claimed this was narrowly deployed.

Share this entry

Told You So, FBI Back Door Search Edition

/9 Comments/in /by

For a long time, I’ve been noting that the October 3, 2011 John Bates Opinion and last August’s Semiannual Report on FISA make it clear that the FBI, like the CIA and NSA, conducts back door searches off Section 702 collected data.

ODNI’s response to Ron Wyden’s request for actual numbers of how many back door searches the government conducts makes it clear that I was correct.

The report is even worse than I imagined. It shows the following:

FBI 

FBI does back door searches for both foreign intelligence and criminal purposes. This means NSA’s language about keeping data for evidence of a crime is fairly meaningless, because they’re handing chunks of data off to FBI that it can troll for evidence of crime.

And the FBI doesn’t count these queries. In fact, FBI doesn’t even distinguish between when it is searching foreign and US person identifiers.They say only that “the number of queries is substantial.”

CIA 

I expected all that from the FBI. What amazes me is that the CIA — an Agency that is not supposed to conduct domestic intelligence collection — does not count how many metadata-only queries of US person data it does. So all those fears of NSA identifying whether you’re visiting an AIDS clinic or a pregnancy counseling center? The NSA may not do that kind of analysis, but the CIA might be checking what foreigners you’re talking to.

The CIA also conducts a bunch of content queries — “fewer than 1900” — of which 40% are counterterrorism-related queries for other agencies. (Which leads me to wonder why neither NSA nor FBI are doing these queries, which would make more sense.) But that leaves 60% of 1900 — or around 1,100 queries a year of US person content that are for CIA’s own purposes and may not even be terrorism related.

NSA

The NSA conducts the fewest. It conducts 198 US person content queries (that is, not all that much fewer than the 248 US persons queried in the phone dragnet or collected on using another Section 215 order). It conducts 9,500 queries of metadata only queries, of which some are duplicative.

Compared to CIA’s uncountable number, that may not sound like a lot. But compare that to the phone dragnet, which also queried on fewer than 248 US person identifiers last year. That is, it is doing an order of magnitude more Internet metadata queries than it is phone queries.

One more thing: Last year’s FAA report revealed that CIA and NSA also sometimes accidentally query US person data. So the numbers of Americans sucked in via FAA may be significantly larger.

PCLOB

One more note about this report. PCLOB is due to release their Section 702 report on Wednesday. That is sure to have recommendations about how to protect US person privacy; Patricia Wald was quite clear in the most recent PCLOB hearing she believes the government should use a warrant to access this data. So Ron Wyden finally got a response, but it almost certain is only because PCLOB was about to make much of this public on their own.

(KS linked to this version of the Doors, thanks!)

Share this entry

Sadness in the NSA-Telecom Bromance

/in , /by

In his report on an interview with the new Director of NSA, Admiral Mike Rogers, David Sanger gets some operational details wrong, starting with his claim that the new phone dragnet would require an “individual warrant.”

The new phone dragnet neither requires “warrants” (the standard for an order is reasonable suspicion, not probable cause), nor does it require its orders to be tied to “individuals,” but instead requires “specific selection terms” that may target facilities or devices, which in the past have been very very broadly interpreted.

All that said, I am interested in Rogers’ claims Sanger repeats about NSA’s changing relationship with telecoms.

He also acknowledged that the quiet working relationships between the security agency and the nation’s telecommunications and high technology firms had been sharply changed by the Snowden disclosures — and might never return to what they once were in an era when the relationships were enveloped in secrecy.

Oh darn!

Sadly, here’s where Sanger’s unfamiliarity with the details makes the story less useful. Publicly, at least, AT&T and Verizon have had significantly different responses to the exposure of the dragnet (though that may only be because Verizon’s name has twice been made public in conjunction with NSA’s dragnet, whereas AT&T’s has not been), and it’d be nice if this passage probed some of those details.

Telecommunications businesses like AT&T and Verizon, and social media companies, now insist that “you are going to have to compel us,” Admiral Rogers said, to turn over data so that they can demonstrate to foreign customers that they do not voluntarily cooperate. And some are far more reluctant to help when asked to provide information about foreigners who are communicating on their networks abroad. It is a gray area in the law in which American courts have no jurisdiction; instead, the agency relied on the cooperation of American-based companies.

Last week, Verizon lost a longstanding contract to run many of the telecommunications services for the German government. Germany declared that the revelations of “ties revealed between foreign intelligence agencies and firms” showed that it needed to rely on domestic providers.

After all, under Hemisphere, AT&T wasn’t requiring legal process even for domestic call records. I think it possible they’ve demanded the government move Hemisphere under the new phone dragnet, though if they have, we haven’t heard about it (it would only work if they defined domestic drug dealer suspects as associated with foreign powers who have some tie to terrorism). Otherwise, though, AT&T has not made a peep to suggest they’ll alter their decades-long overenthusiastic cooperation with the government.

Whereas Verizon has been making more audible complaints about their plight, long before the Germans started ending their contracts. And Sprint — unmentioned by Sanger — even demanded to see legal support for turning over phone data, including, apparently, turning over foreign phone data under ECPA;s exception in 18 U.S.C. § 2511(2)(f)‘s permitting telecoms to voluntarily provide foreign intelligence data. 

Given that background — and the fact ODNI released the opinions revealing Sprint’s effort, if not its name — I am curious whether the telecoms are really demanding process. If courts really had no jurisdiction then it is unclear how the government could obligate production

Though that may be what the Microsoft’s challenge to a government request for email held in Ireland is about, and that may explain why AT&T and Verizon, along with Cisco and Apple — for the most part, companies that have been more reticent about the government obtaining records in the US — joined that suit. (In related news, EU Vice President Viviane Reding says the US request for the data may be a violation of international law.)

Well, if the Microsoft challenge and telecom participation in the request for data overseas is actually an effort to convince the Europeans these corporations are demanding legal process, Admiral Rogers just blew their cover.

Admiral Rogers said the majority of corporations that had long given the agency its technological edge and global reach were still working with it, though they had no interest in advertising the fact.

Dear Ireland and the rest of Europe: Microsoft — which has long been rather cooperative with NSA, up to and including finding a way to obtain Skype data — may be fighting this data request just for show. Love, Microsoft’s BFF, Mike Rogers.

Share this entry

NSA’s New-and-Improved Call Chaining Process, Now with No Calls Required

/2 Comments/in /by

As I noted, last night I Con the Record released the phone dragnet orders from last week and from March.

There are two significant changes (which may well be related).

First, perhaps in anticipation of shifting to production from the providers, perhaps because the Court has rethought its authorization granted in November 2012, the government appears to have given up its effort to introduce an automated query.

Queries of the BR metadata using RAS-approved selection terms for purposes of obtaining foreign intelligence information may occur by manual analyst query only.

PCLOB provided the only unclassified description of what the government had been trying to do with its automated query.

In 2012, the FISA court approved a new and automated method of performing queries, one that is associated with a new infrastructure implemented by the NSA to process its calling records.68 The essence of this new process is that, instead of waiting for individual analysts to perform manual queries of particular selection terms that have been RAS approved, the NSA’s database periodically performs queries on all RAS-approved seed terms, up to three hops away from the approved seeds. 

But, as I reported in February, NSA has never been able to pull off its automated alert, purportedly for technical reasons (which usually means it could not technically meet the requirements imposed by the court).

The Court understands that to date NSA has not implemented, and for the duration of this authorization will not as a technical matter be in a position to implement, the automated query process authorized by prior orders of this Court for analytical purposes. Accordingly, this amendment to the Primary Order authorizes the use of this automated query process for development and testing purposes only. No query results from such testing shall be made available for analytic purposes. Use of this automated query process for analytical purposes requires further order of this Court.

The government revealed NSA’s failure to implement its automatic alert in its motion to amend this year’s first dragnet order.

In that same motion it implemented the change in standard dragnet language that has been retained in these more recent dragnet orders: the NSA is chaining on “connections” as well as actual calls.

14 The first “hop” from a seed returns results including all identifiers (and their associated metadata) with a contact and/or connection with the seed. The second “hop” returns results that include all identifiers (and their associated metadata) with a contact and/or connection with an identifier revealed by the first “hop.”

Now, it may be that the entire time one after another government witness has testified to Congress that this phone dragnet only returns on calls, they’ve been doing this connection-based chaining as well. As I noted in this post, connection-based chaining has been in a redacted section of phone dragnet orders describing their automated query. (They seem to have ditched the automation but retained the connection based chaining.) And Dianne Feinstein’s Fake FISA Fix also would have permitted connection chaining.

Whether Administration witnesses were being deliberately deceitful when testifying about call-based chaining (“not wittingly!”) or the NSA only recently resumed doing connection based chaining manually, having given up on doing it automatically, one thing is clear. The NSA has been doing connection based chaining since at least February, and very few people in Congress know what that means. Nevertheless, they’re about to authorize that formally.

Share this entry

USA Freedumber Weakens FISC’s Authority Over Abuse of Emergency Queries

/in /by

I Con the Record just released the most recent dragnet orders — I’ll have more comment on them later.

But for now, I wanted to show how HR 3361 — AKA the USA Freedumber Act — weakened FISA Court authority in yet another way.

I have repeatedly pointed to how pathetic the “prohibition” against using information, obtained via an Attorney General emergency order, but then ruled by the FISA Court to be an improper use of the Section 215 authority. It reads:

(5) If such application for approval is denied, or in any other case where the production of tangible things is terminated and no order is issued approving the production, no information obtained or evidence derived from such production shall be received in evidence or otherwise disclosed in any trial, hearing, or other proceeding in or before any court, grand jury, department, office, agency, regulatory body, legislative committee, or other authority of the United States, a State, or political subdivision thereof, and no information concerning any United States person acquired from such production shall subsequently be used or disclosed in any other manner by Federal officers or employees without the consent of such person, except with the approval of the Attorney General if the information indicates a threat of death or serious bodily harm to any person.

‘(6) The Attorney General shall assess compliance with the requirements of paragraph (5).

The bill would prohibit the government from using the improperly obtained information in trials and other proceedings. And the information is not supposed to be used in any manner — except if the Attorney General deems the information tin indicate a threat of death or bodily harm (which we know the government has secretly redefined to include threat to property).

But it’s the Attorney General — the same guy who approved the illegal production — who ensures the government follows that role.

Moreover, the bill does not require the government to destroy this data. They get to keep it.

Compare that with the status quo (see footnote 8).

In the event the Court denies such motion [retroactively seeking approval for emergency production], the government shall take appropriate remedial steps, including any steps the Court may direct.

Call me crazy, but I think the FISA Court judge who deemed the collection to be improper is a better person to determine what the remedy is to fix that improper collection.

I guess even that basic concept of separation of powers was too burdensome for Bob Litt.

Share this entry

I Con the Record Strikes Again

/1 Comment/in /by

In a show of transparency, I Con the Record just released annual statistics for certain programs. Here are my thoughts, in rolling updates.

These arent’t the Certificates you’re looking for

Here’s what I Con the Record tells us about Section 702:

Screen Shot 2014-06-27 at 11.57.35 AM

Just one order!!

Of course, we know from the 2011 John Bates opinion that one order likely includes several certificates. For a long time I wrongly bought off on ONDI propaganda that there were 3 certificates, covering counterterrorism, counterproliferation, and cybersecurity. But it appears the 3rd certificate is instead an unbelievably broad “foreign intelligence” one, which pretty much swallows the idea of specific certification.

I Con the Record even admits the proper unit is certificate.

Under Section 702, the Foreign Intelligence Surveillance Court (FISC) approves Certifications as opposed to individualized orders. 

Yet I Con the Record won’t even tell us whether there are just 3 certificates still or more. Instead, it gives us how many orders there were.

Note, in internal reports, ODNI tracks average tasked selectors, which last year provided a number in the range of 65,000 selectors. So either their spying on a lot more 702 targets, or that number was artificially low.

I Con the Record finally admits “target” doesn’t mean what we think it means — or what they mean, sometimes

This might be regarded by some as “transparency.”

Targets:  Within the Intelligence Community, the term “target” has multiple meanings. For example, “target” could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire by the above-referenced laws.

Some laws require that the government obtain a Court order specifying the communications facilities used by a “target” to be subject to intelligence collection. Although the government may have legal authority to conduct intelligence collection against multiple communications facilities used by the target, the user of the facilities – the “target” – is only counted once in the above figures.

Except that it doesn’t admit that, at least in the past, sometimes target means “the switch we know lots of al Qaeda calls to use.” Meaning the term “target” is a misnomer even within the context they lay out.

Hiding the “Government Agency Protocols” that the Founders did not start a Revolution for

For Section 215 (which, remember, includes the phone dragnet, more targeted 2 or 3-degree queries for communication records, and collections of things like acetone purchase records and URL searches), the government gives us this weird byzantine map.

Screen Shot 2014-06-27 at 12.34.41 PM

First, note that almost 150 more selectors were approved for querying the phone dragnet last year (423) than the year before (288). Plus, we can now put some of the queries in perspective. At the time of the Marathon attack, when the very wired Tsarnaev brothers (probably about 4 selectors between them) were queried, NSA permitted 3 hop chaining. That likely means just those 4 phone identifiers sucked in the better part of Cambridge, MA (if they went to that 3rd hop). All those people have had the NSA churning all their data (not just their phone number) for the last year.

Then there’s the general measure of how many “targets” of business records there are: 172. But note that some of these are “entities.” What if that includes anyone searching on a URL related to a particular entity, like AQAP or Wikileaks? That could suck in far more Americans. Note, the Tsarnaev brothers are probably one of those “entities” (or rather, two of the individuals) on whom there were multiple searches, potentially up to and including pressure cooker purchases or searches).

Finally, I Con the Record doesn’t talk about how many of 178 applications involved minimization procedures — what I shall now call “government agency protocols” after John Roberts’ observation that they don’t meet terms our Founders fought a Revolution for. The FISA report covering last year says they modified 141 applications. Most modified orders from the previous year involved government agency protocols, so last year’s probably were too (though there is still a February 2013 dragnet order they’re hiding). So that means about 137 of these orders were likely to be sufficiently large to require minimization, which means they likely implicate far more people, likely Americans, than the 137 reasons they were targeted.

I Con the Record’s National Security apples and oranges

I Con the Record did something rather … interesting with their NSL numbers.

To understand why, you need to understand that Congress only requires they report NSLs concerning US persons — except those asking for subscriber information. Presumably, that means there’s a whole bunch of bulky NSLs for subscriber information of Americans — basically FBI using NSLs to recreate phone books and email subscribers. Based on logic I lay out here, I think FBI issued about 5,500 of those phone book NSLs in 2012.

But today’s I Con the Record reports numbers somewhat differently. I Con the Record explains:

In addition to those figures, today we are reporting (1) the total number of NSLs issued for all persons, and (2) the total number of requests for information contained within those NSLs. For example, one NSL seeking subscriber information from one provider may identify three e-mail addresses, all of which are relevant to the same pending investigation and each is considered a “request.”

We are reporting the annual number of requests rather than “targets” for multiple reasons. First, the FBI’s systems are configured to comply with Congressional reporting requirements, which do not require the FBI to track the number of individuals or organizations that are the subject of an NSL.

Even if the FBI systems were configured differently, it would still be difficult to identify the number of specific individuals or organizations that are the subjects of NSLs. One reason for this is that the subscriber information returned to the FBI in response to an NSL may identify, for example, one subscriber for three accounts or it may identify different subscribers for each account.

Which gives us this:

Screen shot 2014-06-27 at 6.48.52 PM

So the FISA report says 14,219 requests total, which includes just domestic, but those requests are for 5,334 individual Americans.

This report says 38,832 requests total, including domestic, domestic subscriber (phone book), and foreign (assuming the phone book numbers are around 5,000 again, that works about to be half domestic, half foreign). But we don’t know — effectively the government has managed to bracket off bulky requests under both “transparency” measures.

Ultimately, though, they never ever tell how many American are affected by NSLs. It could be not much more than that 5,334. Or it could be far, far higher, because requests are not targets.

Share this entry