The “Other Authority” Footnote

/3 Comments/in /by

For a variety of reasons, I want to track backward what appears to happen to a footnote in the phone dragnet that currently addresses dragnet records from other authorities, as it appears here in the July 18, 2013 Primary Order.

The Court understands that NSA receives certain call detail records pursuant to other authority, in addition to call records produced in response to this Court’s Orders. NSA shall store, handle, and disseminate call detail records produced in response to this Court’s Orders pursuant to this Order [3 lines redacted].

The footnote is currently the second footnote off of paragraph 3(c)(iii) about the timeline on RAS authorizations. The footnote was entirely redacted, but still 7 lines, in BR 13-80. It appears to be longer — perhaps 11 lines — in BR 11-107. It appears the same size, but split from the first of two footnotes, in BR 11-57 and BR 11-07; it appears a line or two longer in BR 10-70. The typeface is different but it appears equivalent in BR 10-49, and  BR 10-17.

The footnote in that position — now numbered footnote 7 — appears largely unredacted in BR 10-10. It reads:

The Court understands that call detail records of foreign-to-foreign communications provided by [redacted] pursuant to this Order will not be used to make chain summary records. Further, such records will be used solely for technical purposes, including use by NSA’s data integrity analysts to correctly interpret and extract contact information in [redacted] international records. In the event that an NSA analyst performs an authorized query that includes a search of the BR metadata, and the results of that query include information from [redacted] foreign-to-foreign call detail records, NSA shall handle and minimize the information in those records in accordance with the minimization procedures in this Order, regardless of the authority pursuant to which NSA obtained the record. In contrast, if the analyst’s query does not include a search of the BR metadata, and the results of that query include information from [redacted] foreign-to-foreign call detail records, then the minimization procedures in this Order shall not be applied to the information in those records.

Primary Orders BR 09-19 and 09-15 are two of three the government is withholding from that year. The footnote is entirely redacted in BR 09-13. BR 09-09 is the third Primary Order withheld from that year (that is the order that shuts down one provider’s production — presumed to be Verizon — because of the foreign-to-foreign inclusion). BR 09-06 doesn’t split out the custodian of the third provider, though includes foreign-to-foreign language; because the structure of this Order is different, it is impossible to tell whether the equivalent footnote appears. BR 09-01 doesn’t even include the foreign-to-foreign language.

Which is an elaborate way of surmising (though we can’t be sure with the redactions) that the footnote retains a related function between the time it maps out what to do with foreign-to-foreign data and the time it currently appears to say that BR FISA data must be treated according to BR FISA rules.

As I laid out here, that appears to stem from an issue dating to 2009 when Verizon turned over all its call records, including its foreign-to-foreign ones, under BR FISA (though the redactions in the BR 10-10 footnote are shorter — maybe 4-5 characters, so it’s possible this happened with a second provider as well). What appears to have happened is FISC shut down their production for a period, resumed it, then tried to deal with the problem with minimization procedures. Over time, the footnote dealing with that evolved into a more general footnote requiring that BR FISA data be treated with BR FISA rules, no matter what ever else happened. This would mean that if Verizon or another telecom provider made the same mistake, NSA would have access to its foreign data for a shorter period of time and subject to much narrower dissemination rules.

Sometime between 2009 and 2011, NSA started putting XML tags on each new piece of data, so it could track where the data came from, presumably to make this process easier, but also so it could run queries under whatever authority provided it with easier minimization rules. That XML system would permit the NSA to comply with the footnote in BR 10-10 easily, by tracking precisely where the data came from.

Share this entry

January 8, 2010: A Remarkably Busy Day in Telecom Law

/8 Comments/in /by

I Con the Record has just released a bunch of new documents, showing how (according to Ellen Nakashima) Sprint challenged a dragnet order, and in response got to see the FISA Court opinions authorizing the program. (Well, not really the telecom opinion; rather they mostly authorize the PRTT program.)

The official story goes like this:

In early 2009, Sprint received an order saying that all customer call records had to be turned over to the government, current and former officials said. Over the summer and fall, the company’s executives met several times with Justice Department officials to understand how Section 215, which compelled companies to turn over records relevant to investigations, could be used to mandate the transfer of all call records.

Dissatisfied with their answers, Sussmann, the Sprint attorney, wrote a detailed petition to challenge the order. In late 2009, shortly before the petition was to be filed, Robert S. Litt, the top intelligence official for the U.S. intelligence community, pressed officials to provide the legal rationale to the company, according to a former administration official.

Intelligence officials then furnished several court rulings, in particular, a 2004 opinion written by Colleen Kollar-Kotelly, then chief judge of the surveillance court, according to the documents released Wednesday. While the opinion related to the collection of e-mail addressing information, the legal rationale was identical.

But there are a few more details I find exceedingly interesting.

First, here’s what the government declassified in response to Sprint’s challenge:

  • Colleen Kollar-Kotelly’s July 24 [14], 2004 opinion (the government is only now admitting the date)
  • Response to Orders for Additional Briefing (it’s unclear whether this is PRTT or phone dragnet, but given the order, I’m guessing PRTT)
  • Opinion (again, it’s unclear whether this is PRTT or phone dragnet)
  • The original application for the dragnet, including all exhibits, and the original dragnet order (note, we’ve not seen all the exhibits)
  • The application, including all exhibits, the Primary Order, and Reggie Walton’s supplemental order finding the phone dragnet did not violate ECPA

That is, not only the opinions authorizing the “relevant to” bullshit used to justify the program, but also the opinion stating that the dragnet did not violate ECPA.

And here’s the other thing I find so interesting. The motion to unseal the records is dated January 7, 2010. The motion for more time, the order granting it, and the order approving the unsealing of the records were all dated January 8, 2010.

January 8, 2010, January 8, 2010, January 8, 2010.

On January 8, 2010, DOJ’s OLC issued an order finding that ECPA permitted telecoms to hand over toll records to the government voluntarily for certain kinds of investigations. OLC wrote that opinion because DOJ Inspector General Glenn Fine had been investigating National Security Letters (and, oh by the way, Section 215) for years, and found big problems, at least, with the paperwork FBI handed 3 telecoms who were living onsite at FBI. We found out about the order almost immediately, when Fine issued his report later that month.

I’ve long suspected that Reggie Walton only considered the ECPA question both because of Fine’s ongoing NSL investigation but, probably, also because of whatever conclusions Fine drew in his examination of the illegal wiretap program (I suspect FISC only considered financial records for the same reason, Fine’s 215 investigation in 2010) and potentially his ongoing investigations of Section 215.

And now we know that just as Fine was raising real questions about the legality of the incestuous record-sharing the government and the telecoms had been engaged in for years (one that’s about to start again with the new “reformed” dragnet), Sprint not only demanded the underlying records authorizing the dragnet, but even the supplemental opinion finding the dragnet didn’t violate ECPA.

Here’s what I wrote 4 years ago about that OLC opinion.

  • As I will explain at length later, this OLC opinion may not relate exclusively to the use of exigent letters, not least because Inspector General Glenn Fine appears worried the FBI will use it prospectively, not just to retroactively rationalize abuses from the past.
  • Fine appears to disagree whether the FBI has represented what it was doing with exigent letters honestly in its request for an opinion to the OLC. This is at least the second time they have done so, Fine alleges, in their attempts to justify these practices. In this case, the dispute may pertain to whose phone records they were, what was included among them, and whether they pertained to an ongoing investigation.
  • My guess is that the OLC opinion addresses whether section 2701 of the Stored Communications Act allows electronic communication providers to voluntarily provide data to someone above and beyond the narrow statutory permission to do so in 2702 and 2709 of the Act.
  • Whatever the loophole FBI is exploiting, it appears to be a use that would have no protections for First Amendment activity, no requirement that the data relate to open investigations, and no minimization or reporting requirements. That is, through its acquisition of this OLC opinion, the FBI appears to have opened up a giant, completely unlimited loophole to access phone data that it could use prospectively (though the FBI claims it doesn’t intend to). Much of Fine’s language here is an attempt to close this loophole.

In January, EFF lost its bid to obtain that memo in the DC Circuit.

Now, what are the chances that Sprint also didn’t get a looksee at the OLC memo authorizing not just what the FISC had approved, but also the violative Section 215 collection that had been in place until early 2009?

What are the chances that that OLC opinion, dated January 8, 2010 and pertaining to ECPA, is unrelated to the decision to declassify the FISC opinion assessing whether the phone dragnet violated ECPA?

Share this entry

Wyden and Udall Accuse DOJ of Misleading SCOTUS about Upstream Even as NSA Misleads NDCA about Upstream

/13 Comments/in /by

As Charlie Savage reported this morning, Senators Ron Wyden and Mark Udall continue their ceaseless efforts to get NSA and DOJ to tell the truth. They (along with Martin Heinrich) wrote a letter to DOJ in November complaining about representations made in the Amnesty v. Clapper case. DOJ responded. And now Wyden and Udall have just written another response.

In addition to complaining about the government’s notice to defendants, Wyden and Udall claim DOJ improperly hid Section 702 upstream collection from SCOTUS by claiming the Amnesty plaintiffs could only be swept up in the dragnet if they communicated with a target.

These statements — if taken at face value — appear to foreclose the possibility of collection under section 702 intercepting any communications that are not to or from particular targets. In other words, the Justice Department indicated that communications that are merely “about” a target would not be collected. But recently declassified court opinions make it clear that legitimate communications about particular targets can also be intercepted under this authority. Since this fact was classified at the time, the plaintiffs did not raise it, but in our view this does not make these misleading statements acceptable.

The Justice Department’s reply also states that the “about” collection “did not bear upon the legal issues in the case.” But in fact, these misleading statements about the limits of section 702 surveillance appear to have informed the Supreme Court’s analysis. In writing for the majority, Justice Alito echoed your statements by the Court by stating that the “respondents’ theory necessarily rests on their assertion that the Government will target other individuals — namely their foreign contacts.” This statement, like your statements, appears to foreclose the possibility of “about” collection.

[snip]

[W]hile the Justice Department may claim that the Amnesty plaintiffs’ arguments would have been “equally speculative” if they had referenced the “about” collection, that should be a determination for the courts, and not the Justice Department, to make.

After laying this out, they conclude by accusing the Executive of making “misleading statements to the public, Congress and the courts.”

They don’t name all the Courts, though.

They might want to start collecting a list of all the courts DOJ and NSA have lied to, though. Because even as the Senators and DOJ were having this squabble in DC, NSA was continuing to misinform courts on the other side of the country.

Consider how then Acting NSA Deputy Director Frances Fleisch described upstream collection — and the collection of entirely domestic communications that FISC deemed illegal — in a then-sealed declaration in the EFF Jewel case submitted 4 days before DOJ responded to the Senators.

Once a target has been approved, the NSA uses two means to acquire the target’s electronic communications. First, it acquires such communications directly from compelled U.S.-based providers. This has been publicly referred to as the NSA’s PRISM collection. Second, in addition to collection directly from providers, the NSA collects electronic communications with the compelled assistance of electronic communications service providers as they transit Internet “backbone” facilities within the United States.

[snip]

In an opinion issued on October 3, 2001, the FISC found the NSA’s proposed minimization procedures as applied to the NSA’s upstream collection of Internet transactions containing multiple communications, or “MCTs,” deficient. In response, the NSA modified its proposed procedures and the FISC subsequently determined that the NSA adequately remedied the deficiencies such that the procedures met the applicable statutory and constitutional requirements, and allowed the collection to continue.

That is, Fleisch doesn’t even hint that the problem on which Bates ruled — the MCTs — consisted of entirely domestic communications unrelated to those mentioning the “about” selector. She doesn’t even hint that in addition to those MCTs, upstream collection also includes over 4 times as many completely domestic communications — SCTs — as well. She doesn’t reveal that John Bates threatened NSA with sanctions over distributing illegally collected domestic person content. And all of these issues are central to the Jewel complaint, which has always focused on telecoms collecting US person content at circuits. (I believe earlier declarations to NDCA were even more incomplete or downright dishonest on this issue, though will need to show that in a later post.)

In fact, EFF complained about this omission its response to the government’s declarations, noting that upstream about collection is precisely what whistleblower Mark Klein revealed back in 2006.

Public disclosures over the past six months, however, provide substantially more information about these collection practices than the government’s passing references. In particular, the government has publicly released an opinion of the FISC confirming that “‘upstream collection’ refers to the acquisition of Internet communications as they transit the ‘internal backbone’ facilities” of telecommunications firms, such as AT&T. Mem. Op. at 26, Redacted, No. [Redacted] (FISC Sep. 25, 2012) (emphasis added) (Ex. 1).

[snip]

These descriptions of upstream Internet surveillance are functionally identical to the surveillance configuration described by the [Mark] Klein evidence: a system designed to acquire Internet communications as they flow between AT&T’s Common Backbone Internet network to the networks of other providers.

The FISA Court ruled that NSA had been breaking the law and violating the Constitution for at least 3 years leading up to the 2011 decision. And neither DOJ nor NSA have bothered telling courts ruling on the legality of the program about that fact.

It’s pretty impressive that the Executive can mislead courts about the same subject in so many places at once.

But I guess that’s just the flip side of an omnipresent spying agency, that it can also serve as an omnipresent lying agency.

Share this entry

The Phone Dragnet Adopted “Selection Term” by 2013

/3 Comments/in /by

As I laid out last week, I’m not convinced the term “specific selection term” is sufficiently narrowly defined to impose adequate limits to the “reformed” Section 215 (and NSL and PRTT) programs. Here’s how the House defined it:

SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.

That said, as I also noted, the motion to amend January’s primary order used the term to refer to the query term, which may suggest my concerns are unfounded.

I’ve looked further, and the amendment’s use of the term was not new in the phone dragnet.

In fact, the phrase used to refer to the query subject changed over the course of the dragnet. The first Primary Order authorized the search on “particular known phone numbers.” That usage continued until 2008, when Primary Order BR 08-08 introduced the term “particular known identifier.” A completely redacted footnote seems to have defined the term (and always has). Significantly, that was the first Primary Order after an August 20, 2008 opinion authorized some “specific intelligence method in the conduct of queries (term “searches”) of telephony metadata or call detail records obtained pursuant to the FISC’s orders under the BR FISA program.” I think it highly likely that opinion authorized the use of correlations between different identifiers believed to be associated with the same person. 

The September 3, 2009 Primary Order — the first one resuming some normality after the problems identified in 2009 — references a description of identifier in a declaration. And the redaction provides hints that the footnote describing the term lists several things that are included (though the footnote appears to be roughly the same size as others describing identifier).

Identifier Footnote

 

The Primary Orders revert back to the same footnote in all the orders that have been released (the government is still withholding 3 known Primary Orders from 2009). And that continued until at least June 22, 2011, the last Primary Order covered by the ACLU and EFF FOIAs.

But then in the first Primary Order after the 2011-2012 break (and all Primary Orders since), the language changes to “selection term,” which like its predecessor has a footnote apparently explaining the term — though the footnote is twice as long. Here’s what it looks like in the April 25, 2013 Primary Order:

Selection Term Footnote

 

The change in language is made not just to the subject of queries. There’s a paragraph in Primary Orders approving the use of individual FISA warrant targets for querying (see this post for an explanation) that reads,

[Identifiers/selection terms] that are currently the subject of electronic surveillance authorized by the Foreign Intelligence Surveillance Court (FISC) based on the FISC’s finding of probable cause to believe that they are used by agents of [redacted] including those used by U.S. persons, may be deemed approved for querying for the period of FISC-authorized electronic surveillance without review and approval by a designated approving official.

The change appears there too. That’s significant because it suggests a use that would be tied to targets about whom much more would be known, and in usages that would be primarily email addresses or other Internet identifiers, rather than just phone-based ones. I think that reflects a broader notion of correlation (and undermines the claim that a selection term is “unique,” as  it would tie the use of an identity authorized for Internet surveillance to a telephone metadata identifier used to query the dragnet).

Finally, the timing. While the big gap in released Primary Orders prevents us from figuring out when the NSA changed from “identifier” to “selection term,” it happened during the same time period when the automated query process was approved.

This may all seem like a really minor nit to pick.

But even after the language was changed to “selection term” on Primary Orders, top intelligence officials continued to use the term “identifier” to describe the process (see the PCLOB hearing on Section 215, for example). The common usage, it seems, remains “identifier,” though there must be some legal reason the NSA and DOJ use “selection term” with the FISC.

It also means there’s some meaning for selection term the FISA Court has already bought off on. It’s a description that takes 15 lines to explain, one the government maintains is still classified.

And we’re building an entire bill off a vague 17-word definition without first learning what that 15-line description entails.

 

Share this entry

Verizon Loves Dragnet Reform

/2 Comments/in /by

If there was any doubt that Verizon was the source of some of the difficulties behind the phone dragnet, this may address them.

Verizon supports the bipartisan USA Freedom Act because it will achieve the important goals of ending Section 215 bulk collection of communications data, heightening privacy protections and increasing transparency.  We thank the House Intelligence and Judiciary Committees for taking this bipartisan approach and look forward to working with the House and Senate leadership, along with the White House, to address remaining issues and enact the USA Freedom Act into law this year.

I’m curious what transparency Verizon thinks this adds — unless it means it can start reporting its real numbers?

Share this entry

Jim Sensenbrenner Seems to Endorse Two Times Two Hops

/2 Comments/in /by

I’m working on a larger post about a theory I have about the Internet dragnet. But while working on that, I noticed that in 2009 the government admitted that it had used the Internet dragnet, like the phone dragnet, to contact chain on US emails that were connected with suspect emails, but which had not themselves found to be suspicious (or tied to a foreign power).

This practice involved an analyst running  query using as a seed “a U.S.-based e-mail account” thta had been in direct contact with a properly validated seed account, but had not itself been properly validated under the RAS approval process. [redacted] Response at 2-3. When he granted renewed authorization for bulk PR/TT surveillance on [redacted], Judge Walton ordered the government not to resume this practice without proper Court approval. See Docket No. PR/TT [redacted] Primary Order issued [redacted] at 10.

In its response, the government also described an automated means of querying, which it regarded as consistent with the applicable PR/TT orders. This form of querying involved the determination that an e-mail address satisfied the RAS standard, but for the lack of a connection to one of the Foreign Powers (e.g., there were sufficient indicia that the user of the e-mail address was involved in terrorist activities, but the user’s affiliation with a particular group was unknown).

[snip]

In the event that such an e-mail address was in contact with a RAS-approved seed-account on an NSA “Alert List,” that e-mail address would itself be used as a seed for automatic querying, on the theory that the requisite nexus to one of the Foreign Powers had been established.

Up until 2009, the government was blithely extending the chaining process by declaring US person targets new seeds and chaining from there.

I raise this because the NSA has been struggling, unsuccessfully, since 2009  to resume it’s alert function(s). It may be that’s one reason why NSA embraced outsourcing data retention to the telecoms.

And because, in effort to defeat a Zoe Lofgren amendment at least Wednesday’s markup of the Jim Sensenbrenner seemed to endorse this derivative hop process.

Lofgren’s amendment would have added language limiting upstream collection to that which involved the target of the acquisition.

Lofgren. Mr. Chairman, I believe that this amendment fixes a loophole that was created by the FISA court in its November 2011 decision that is now in the public arena. The amendment clarifies that the government can only use selectors to collect information to or from the target of an authorized investigation. Under the current law, as blessed by the FISA court, NSA is using 702 authority to collect communications that are to, from, or even about a foreign intelligence target so long as these communications are believed not to be wholly between U.S. persons. Now, the USA Freedom Act did not address this loophole, and actually the original PATRIOT Act did not either, this is a court-constructed document, but it allows false positives, and intentional use of vague about criteria could be used to lead to massive collection of U.S. persons’ communication. This amendment would prevent that adverse outcome by limiting the selectors to target and collect communications only when one of the parties to that communication is the target of an authorized investigation.

Sensenbrenner’s response was, at first, on point, claiming that the prohibition targeting that has reverse targeting as a purpose of the acquisition at all.

But then he went into this language about Section 215, a totally different part of FISA.

Sensenbrenner: Say there is a section 215 order that is aimed at a target, it goes two hops and on the second hop, there is a U.S. person who is not at the time of the second hop a target of an authorized investigation. What this amendment does is limits adding that person to a target of an authorized investigation and going the two hops from that. Now, a lot of these conspiracies are more than two hops. But I don’t think that if there is a reasonable suspicion that if it goes for more than two hops that we ought to preclude, finding out who those people are talking to in the furtherance of their plot.

In it, he seemed to say that NSA must be able to declare US person selection terms new RAS approved seeds without having enough evidence to declare them a target of an investigation. But in the process, he seemed to envision derivative seeds, the addition of new US person seeds off of existing contact chains.

Which sounds a lot like the old alert process that FISC ruled improper in 2009 (although this would presumably require a new FISC review).

My theory about the dragnet may explain a bit more about why Sensenbrenner seemed to offer such an inapt argument against Lofgren’s memo (and why Lofgren’s warnings that upstream collection can easily become the new dragnet).

But for the moment, note that Sensenbrenner at least seems to envision the 2 hops permitted by his bill could, in turn, become two more hops without any more reasonable basis for suspicion.

Share this entry

About HR 3361, the NSA Surveillance Efficiency Act, AKA USA Freedom Act

/9 Comments/in /by

The House Intelligence Committee passed a bill out of its committee Thursday, HR 3361, that will reportedly solve a problem (or problems) the NSA has been struggling with since 2009. The bill will now move to the full House for a vote.

The public — and surely a great majority of members of Congress — have no idea precisely what problem this bill will solve is: planted leaks suggest it has to do with difficulties dealing with cell phone records, perhaps because they include location data. If that is part of the problem, then it’s a fairly recent development, perhaps arising after US v. Jones raised new concerns about the legality of collecting location data without a warrant. There’s also the presumably-related issue of an automated query function; NSA has been struggling to resume that function since its alert function got shut down as a legal violation in 2009. The ability to tie multiple identities from the same person together as NSA runs those alerts may be a related issue.

The bill has not been reported as a fix for NSA’s long-term legal and technical struggles (though LAT’s Ken Dilanian has asked why civil liberties groups are so happy about this given that it will expose more data to NSA collection). Rather, it has been called the USA Freedom Act and reported as a reform of the phone dragnet program, a successful effort to “end” “bulk collection.”

The bill does have the critically important effect of ending the government’s practice of collecting and storing some significant portion of all US call records, beyond whatever US person call records it collects overseas. That, by itself, is the equivalent of defusing a nuclear bomb. It is a very important improvement on the status quo.

It remains entirely unclear — and unexamined, as far as I can tell — whether the bill will increase or decrease the number of entirely innocent Americans who will be subjected to the full range of NSA’s analytical tradecraft because they got swept up based on the guilt by association principle behind contact-chaining, or whether the bill will actually expose more kinds of US person records to the scrutiny of the NSA.

The bill the press is calling USA Freedom Act may also — though we don’t know this either — have the salutary benefit of changing the way the NSA currently collects data under other Section 215, Pen Register, and NSL collection efforts.  The bill requires that all Section 215 (both call record and otherwise), Pen Register, and NSL queries be based on a specific selection term that remains vaguely defined (a definition the House Intelligence Committee considered eliminating before Thursday’s hearing). But it remains unclear how much that rule — even ignoring questions about the definition — will limit any current practices. At Wednesday’s hearing Bob Goodlatte said the bill “preserves the individual use of Section 215 under the existing relevancy standard for all business records,” and at least for several NSL authorities, the new “restrictions” almost certainly present no change (and another NSL authority, the Right to Financial Privacy Act, uses the same “entity” language the bill definition does, suggesting it is unlikely to change either). Plus, at least according to DOJ’s public claims and court filings, it ended the bulk domestic collection under PRTT in 2011. So the language “ending” “bulk collection” may do no more than make it harder for FBI to construct its own phone books of phone company and ISP subscribers using NSLs, if it does even that.

What the bill doesn’t do — because this part of the bill was stripped as part of the compromise — is provide the Intelligence Community’s oversight committees detailed reports of what kind of records the government obtains under Section 215 (and for what agencies), and how many Americans are subject to all the FISA authorities, including Section 215. That is, the compromise eliminated the one thing that could measure whether the bill really did “end” “bulk collection” as you or I would understand it. In its stead, the bill largely codifies an existing reporting agreement that AT&T has already demonstrated to be completely deceptive. In Wednesday’s hearing, Zoe Lofgren called provider reporting “the canary in the coal mine” the committee would rely on to understand what collection occurred.

So this bill that “ends” “bulk collection” still prevents us, or even the oversight committees working in our name, from learning whether it does so.

It does, however, have some interesting features, given its other purpose of solving one or more challenges facing the NSA.

The first of those is immunity.

No cause of action shall lie in any court against a person who produces tangible things or provides information, facilities, or technical assistance pursuant to an  order issued or an emergency production required under this section. 

This is another part of the bill the underlying reasons for which the public, and probably much of Congress, doesn’t understand. At one level, it seems to immunize the process that may have telecoms playing a role the NSA previously did, analyzing the data; it may also pertain to providing NSA access to the telecoms’ physical facilities. But given the background to the move to telecoms — NSA’s legal-technical problems dealing with cell phone data because it ties to location — it is possible the immunity gives the telecoms protection if they use but don’t turn over data they have already, such as location data or even Internet metadata, to perform the interim analysis.

Consider how the bill describes the call record query process.

[T]he Government  may require the production of call detail records—

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using the results of the production under subclause (I) as the basis for production;

So a 2-hop query goes from a “specific selection term” to “the results of the production” to the “call detail record” handed over to the government. While the definition of call detail records clearly prohibits the final production to the government of either content or cell location, nothing in this process description prevents the telecoms from using such things (most Internet metadata is legally content to the telecoms) in that interim hop; indeed, the “results of the production under subclause (I)” available to the telecoms almost certainly would include some of this information, particularly for smart phones. We know the Hemisphere program (the AT&T-specific program for the DEA) uses cell location in its analysis. Remember, too, how NSA is gobbling up smart phone data (including things like address books) in overseas programs; this may permit analysis of similar data — if not collection of it — domestically.  So at the very least, this scheme seems to give the NSA access to cell location and possibly a whole lot more data for analysis they otherwise couldn’t get (which David Sanger’s sources confirm).

And consider two more details from Wednesday’s House Judiciary hearing. At it, Lofgren repeated a list of business records the government might obtain under Section 215 she got Deputy Attorney General James Cole to confirm at an earlier hearing. It includes:

  • ATM photos
  • location where phone calls made
  • credit card transactions
  • cookies
  • Internet searches
  • pictures captured by CCTV cameras

So long as the word “entity” in the definition of specific selection term remains undefined, so long as FISC precedents permit the tapping of entire circuits in the name of collecting on an entity, the government may still be able to collect massive amounts of this data, not actually targeted at a suspect but rather something defined as an entity (in both the existing 215 program and the new call records one the bill retains the “relevant to” language that has been blown up beyond meaning).

Finally, consider what happened with Lofgren’s last attempted amendment. After having submitted a number of other failed amendments, Lofgren submitted an amendment to fix what she called an inadvertent error in the manager’s amendment specifically prohibiting the collection of content under Section 215.

I believe this amendment fixes — at least I hope — an error that was created in the manager’s amendment that I cannot believe was intended. As you know we have specified that the content is not included in business records. This amendment clarifies that business records do not include the content of communication. We specify that in the new section about call detail records, but but the specification that content was not included somehow got dropped out of the business records section. It was included in your original bill but it didn’t make it into the manager’s amendment. I think this amendment clarifies the ambiguity that could be created and I hope it was not intentional.

This is a problem I pointed out here.

Almost without missing a beat after she introduced this, Jim Sensenbrenner recessed the hearing, citing votes. While there were, in fact, votes, Luis Pierluisi (who cast the decisive vote in favor of an amendment to redefine counterintelligence) and possibly Lofgren got a lecture at the break about how any such amendments might blow up the deal the Committee had with Mike Rogers and HPSCI. After the break, Lofgren withdrew the amendment, expressing hope it could be treated as a clerical fix.

That purported error was not fixed before HPSCI (which explicitly permitted the collection of content under its bill) voted out the bill.

Perhaps it will be “fixed” before it comes to the floor.

But if it doesn’t, it may expand (or, given Lofgren’s stated concerns about what records Section 215 might cover, sustain) the use of Section 215 to collect content, not just metadata. Imagine the possibility this gets yoked to expanded analysis at telecoms under the new CDR program?

We don’t know. This bill has gotten past two committees of Congress (we didn’t get to see any of the debate at HPSCI) without these details becoming clear. But the questions raised by this bill when you consider it as the fix to one or more problems the NSA has been struggling with, it does raise real questions.

Again, I don’t want to make light of the one thing we know this bill will do — take a database showing all phone-based relationships in the country out of NSA’s hands. That eliminates an intolerably risky program. That is an important fix.

But that shouldn’t lead us to ignore the potential expansion of spying that may come with this bill.

Share this entry

Will the Dragnet Reform Criminalize Ordering Pizza?

/8 Comments/in /by

There are two major problems with the phone dragnet, as it currently exists.

First, the government has a database of all the phone-based relationships in the United States, one they currently (as far as we know) do not abuse, but one that is ripe for unbelievable abuse.

But there is current abuse going on. The dragnet takes completely innocent people who are three (now two) degrees of separation from someone subjected to a digital stop-and-frisk, a very low standard, and puts them (by dint of at least one communication with someone who communicated with someone who might be suspicious) into the NSA’s analytical maw. Permanently. Those people can have their multiple IDs connected, including any online searches NSA happened to injest, they can be subjected to data mining, by dint of those conversations, they apparently can even have the content of their communications accessed without a warrant, they might even be targeted to become informants using the data available to NSA.

This may well be the digital equivalent of J Edgar Hoover’s subversives list, a collection of people who will always be subject to heightened scrutiny, including unbelievably invasive digital analysis, because of a three degree association years in the past.

According to PCLOB’s estimate, as many as 120 million people may have been — may still be! — subjected for this treatment.

Discussions of whether the House Judiciary and Intelligence Committee bills “reforming” the dragnet really fix it have almost entirely ignored this second abuse, the innocent people who will be subjected to the “full range of NSA’s analytical tradecraft” merely because of a potentially completely innocent association.

There are things that should be done — whether in the current dragnet or the “reformed” one — to mitigate this abuse. Those data ought to age off, which they currently don’t (and won’t, under the new program, as currently described). That analysis ought to be subject to audits, which they’re not currently. The FISC ought to get some sense of what happens in this corporate store, which it’s not clear it currently has. Criminal defendants ought to have some visibility into whether their prosecutions stemmed from such analysis.

But there are also things — as Congress crafts a dragnet replacement — that can affect the sheer number of new people who will be thrown into the corporate store, into NSA’s analytical pool. And those things have a lot to do with how this new scheme deals with what is called “data integrity.”

As I have written repeatedly, the number of results NSA (or the telecoms, under the new system) will get under a particular query depends on how many noisy numbers — things like telemarketers, voice mail numbers, and pizza joints — remain in the collection. As Jonathan Mayer showed, even in his 300 person dataset that included just 2 people who had ever called each other, 17% were connected at the second hop through T-Mobile’s voice mail number.

In spite of the fact that just 2 of its participants had called each other, the fact that so many people had called T-Mobile’s voicemail number connected 17% of participants at two hops.

Already 17.5% of participants are linked. That makes intuitive sense—many Americans use T-Mobile for mobile phone service, and many call into voicemail. Now think through the magnitude of the privacy impact: T-Mobile has over 45 million subscribers in the United States. That’s potentially tens of millions of Americans connected by just two phone hops, solely because of how their carrier happens to configure voicemail.

And from this, the piece concludes that NSA could get access to a huge number of numbers with just one seed.

But our measurements are highly suggestive that many previous estimates of the NSA’s three-hop authority were conservative. Under current FISA Court orders, the NSA may be able to analyze the phone records of a sizable proportion of the United States population with just one seed number.

We know NSA currently does significant work to pull those noisy numbers via a “data integrity” process both before new data is used for contact chaining and as new numbers are identified as “high volume numbers.” While we don’t get to assess the efficacy of that process, it can make the difference between hundreds of millions of Americans getting thrown into the NSA’s analytical pool, or just tens of thousands. But as the contact-chaining process gets outsourced to the telecoms, the question becomes more pressing.

As I see it, there are three possible ways this function might be done going forward:

  1. The telecoms do an initial sort of high volume numbers, taking out voice mail box and telemarketer calls, then pass the data onto NSA, which does a secondary sort to pull out things like pizza joints (which NSA might want to keep in the data set, but suppress in contact chaining until they have evidence a pizza joint might be a key hub in a terrorist attack). This plays to existing telecom strengths (most likely do similar analysis on their own use of the data now), but doesn’t require they make what are analytical intelligence decisions. Even though this is likely the best solution, it still means many completely innocent Americans may be subject to NSA’s analysis because they ordered pizza.
  2. The telecom does all the data integrity analysis, identifying all the high volume numbers. This would result in the fewest number (but still intolerably too many) of innocent Americans being dumped into NSA’s pot. But it would also turn the telecoms into an arm of US intelligence (well, even more than they already are!), because they’d be in the position of making analytical judgments about what data is useful for NSA’s intelligence purposes. Which may be one of the reasons the telecoms seem to be demanding immunity, again.
  3. NSA does the data integrity analysis at the telecoms, as seems to be envisioned by the HPSCI bill. This might achieve the current status quo, borrowing on 8 years of experience to strike the right balance. But it would also present the intolerable condition of NSA employees or contractors accessing and analyzing the raw data of private communications providers at the providers’ locales.

Read more

Share this entry

“Specific Selection Term:” Still Not Convinced

/2 Comments/in /by

While I was squawking about how Jim Sensenbrenner issued a manager’s amendment (aka USA Freedumb) purporting to end bulk collection by tying everything to a “specific selection term” without defining what “specific selection term” meant, the House Judiciary Committee released an updated version of the bill defining the term.

(2) SPECIFIC SELECTION TERM.—The term ‘specific selection term’ means a term used to uniquely describe a person, entity, or account.’

All the relevant invocations of the term now refer back to this definition.

The language not only doesn’t convince me this bill works, I think it validates my concern about the bill.

That’s because the word “entity” is already too loosely defined. Is this like the definition of the entity that struck us on 9/11 that Presidents have expanded anachronistically? Al Qaeda = AQAP = al-Nusra?

And in just about every case imaginable — an entity’s phone numbers, its bank accounts, its email addresses (though perhaps not domain name and IP) — there is a necessary translation process between the entity and the selector(s) that would be used for a search.

That this translation happens shows up in some of the invocations of “specific selection term” where they say the “specific selection term” will be used as a “basis” for selecting what to actually search on, as with the Pen Register section.

(3) a specific selection term to be used as the basis for selecting the telephone line or other facility to which the pen register or trap and trace device is to be attached or applied; and’

Al Qaeda is not the name of the telephone line (or facility, which itself has been an invention used to conduct bulk collection in the name of a specific selector).

This “basis for” language shows up even with the NSL language.

COUNTERINTELLIGENCE ACCESS TO TELEPHONE TOLL AND TRANSACTIONAL RECORDS.—Section 2709(b)  of title 18, United States Code, is amended in the matter preceding paragraph (1) by striking ‘‘may’’ and inserting ‘‘may, using a specific selection term as the basis for a request’’.

If the bill just required account identifiers or eliminated that “as a basis for” language, it might work. But as it is, that “as a basis for” involves analysis that also involves the possibility of using far different — and far broader — terms for the actual queries. (And it’s not clear — at least not to me — where and whether judges would get to approve this translation process.)

But you don’t have to take my word for it. You can look at a program that relied on “specific selection terms” “as a basis for” unbelievably vast collection.

The phone dragnet program.

In every single phone dragnet order, there’s a section that says records may only be searched if they’ve been associated with particular entities. Here’s the first one:

Screen shot 2014-05-06 at 10.15.18 PM

Read more

Share this entry

NSA Destroyed Its Illegal Content-as-Metadata Data in 2011

/10 Comments/in /by

The government released a bunch more documents in its several legal battles with EFF today. One of those is the newly-declassified declaration SID Director Theresa Shea submitted back in March about how difficult it would be to retain the phone dragnet data relevant in EFF’s phone dragnet suit, First Unitarian.

There are a number of interesting things in the declaration (including probably outdated claims about NSA’s efforts to roll out a new architecture integrating Section 215 data in with the rest of the dragnets). But I find this revelation quite interesting.

The NSA’s collection of bulk Internet metadata transitioned to FISC authority under section 402 of FISA in July 2004. Until December 2009, these data were subject to the FISC’s orders to a 4.5-year retention limit, after which, pursuant to  a change in the FISC orders, these data could be retained for up to five years. In December 2011, the Government decided not to seek FISC reauthorization of the NSA’s bulk collection of Internet metadata because the program had not met operational expectations. Because the NSA did not intend thereafter to use the Internet metadata it had retained for purposes of producing or disseminating foreign intelligence information, in keeping with the principle underlying the destruction requirements by the FISC, the NSA destroyed the remaining bulk Internet metadata in December 2011.

Poof! Proof of at least 2.5 years (figuring 2007 to October 2009; there should be a gap after that, followed by what I assume is a period of legal but not very useful data) of illegal collection of US person content in the US, gone!

Mind you, I’m glad they’re not sitting on all our Internet content-as-metadata anymore, but I do find it interesting they’ve destroyed the evidence of their crime.

Share this entry